Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

spero nel vostro aiuto

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

spero nel vostro aiuto

Postdi Wine&food » 04/02/07 18:25

Ciao a tutti sono novello ed ho gia bisogno di aiuto! credo, sono certo di avere il PC infetto da "BAGLE" (HIDR.exe,HIDIRES,HIDDEN)qualcuno di voi può consigliarmi la procedura per eliminarlo manualmente visto che non partono più AV e firewall e spy&boot etc. VI prego aiuto!
:cry:
Non tutto quel che sembra è quello che appare!
Wine&food
Utente Junior
 
Post: 22
Iscritto il: 04/02/07 18:15

Sponsor
 

Re: spero nel vostro aiuto

Postdi Luke57 » 04/02/07 18:59

Wine&food ha scritto:Ciao a tutti sono novello ed ho gia bisogno di aiuto! credo, sono certo di avere il PC infetto da "BAGLE" (HIDR.exe,HIDIRES,HIDDEN)qualcuno di voi può consigliarmi la procedura per eliminarlo manualmente visto che non partono più AV e firewall e spy&boot etc. VI prego aiuto!
:cry:

Ciao, scarica Gmer da qui: http://www.majorgeeks.com/GMER_d5198.html
scompatta il file .zip e avvia gmer.exe, con tutte le altre applicazioni chiuse.
Per entrare in Avanzate premi il tab>>>>. Poi scegli il tab Rootkit, spunta anche la casella ADS , fai uno Scan completo. Al termine clicca Copy e incolla il report in un file di testo.
Ritorna su Gmer, premi il tab Autostart (non spuntare la casella show all) e premi Scan. Al termine click su Copy e incolla il report nel medesimo foglio di testo.
Poi, copia e incolla i due report in un post nel forum.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Grazie!

Postdi Wine&food » 04/02/07 19:08

mi metto all'opera
Non tutto quel che sembra è quello che appare!
Wine&food
Utente Junior
 
Post: 22
Iscritto il: 04/02/07 18:15

Postdi Wine&food » 04/02/07 19:59

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-02-04 19:50:18
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = D:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
MDM /*Machine Debug Manager*/@ = "D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@UpdRegD:\WINDOWS\Updreg.exe = D:\WINDOWS\Updreg.exe
@AHQInitD:\Programmi\Creative\SBLive\Program\AHQInit.exe = D:\Programmi\Creative\SBLive\Program\AHQInit.exe
@NeroFilterCheckD:\WINDOWS\system32\NeroCheck.exe = D:\WINDOWS\system32\NeroCheck.exe
@TkBellExe"D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@nwiznwiz.exe /install = nwiz.exe /install
@AVG7_CCD:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP /*file not found*/ = D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXED:\WINDOWS\system32\ctfmon.exe = D:\WINDOWS\system32\ctfmon.exe
@drvsyskitD:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe = D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" /*file not found*/ = "D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" /*file not found*/
@Windows Registry Repair ProD:\Programmi\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 /*file not found*/ = D:\Programmi\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/(null) =
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/D:\WINDOWS\System32\twext.dll = D:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/D:\WINDOWS\System32\twext.dll = D:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/D:\WINDOWS\System32\extmgr.dll = D:\WINDOWS\System32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/D:\WINDOWS\system32\nvcpl.dll = D:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/D:\WINDOWS\system32\nvcpl.dll = D:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/D:\WINDOWS\system32\nvshell.dll = D:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/D:\WINDOWS\system32\nvshell.dll = D:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/D:\WINDOWS\system32\nvshell.dll = D:\WINDOWS\system32\nvshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/D:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = D:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/D:\Programmi\Microsoft Office\OFFICE11\msohev.dll = D:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/D:\Programmi\Real\RealPlayer\rpshell.dll = D:\Programmi\Real\RealPlayer\rpshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\Programmi\WinRAR\rarext.dll = D:\Programmi\WinRAR\rarext.dll
@{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37} /*iolo Context Defrag*/(null) =
@{46E22146-59C0-4136-9233-FB7720E777B2} /*EzCddax extension*/D:\Programmi\Easy CD-DA Extractor 10\ezcddax10.dll = D:\Programmi\Easy CD-DA Extractor 10\ezcddax10.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/D:\Programmi\iTunes\iTunesMiniPlayer.dll = D:\Programmi\iTunes\iTunesMiniPlayer.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2F860D81-AF3C-11D4-BDB3-00E0987D8540} /*UltimateZip Shell Extension*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
DCShell@{28A5BD64-8D1F-4893-AC13-DC300D242848} = D:\Programmi\DriveCleaner 2006\DCShell.dll
EzCddax@{46E22146-59C0-4136-9233-FB7720E777B2} = D:\Programmi\Easy CD-DA Extractor 10\ezcddax10.dll
SM_ContextDefrag@{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = D:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
DCShell@{28A5BD64-8D1F-4893-AC13-DC300D242848} = D:\Programmi\DriveCleaner 2006\DCShell.dll
SM_ContextDefrag@{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = D:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}D:\Documents and Settings\utente\Desktop\Spybot - Search & Destroy\SDHelper.dll /*file not found*/ = D:\Documents and Settings\utente\Desktop\Spybot - Search & Destroy\SDHelper.dll /*file not found*/
@{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}D:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll = D:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll = D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageD:\WINDOWS\SYSTEM32\blank.htm = D:\WINDOWS\SYSTEM32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = D:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = D:\WINDOWS\system32\msvidctl.dll
its@CLSID = D:\WINDOWS\System32\itss.dll
lid@CLSID = D:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = D:\WINDOWS\System32\itss.dll
ms-itss@CLSID = D:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = D:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = D:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = D:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = D:\WINDOWS\System32\wiascr.dll

---- EOF - GMER 1.0.12 ----
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-02-04 19:48:06
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT vax347b.sys ZwClose
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT vax347b.sys ZwCreateKey
SSDT vax347b.sys ZwCreatePagingFile
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT vax347b.sys ZwOpenKey
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation
SSDT vax347b.sys ZwQueryValueKey
SSDT vax347b.sys ZwSetSystemPowerState

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 81B8E520
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 81664030
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 818F0EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 812B1830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 818F0EB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL
Non tutto quel che sembra è quello che appare!
Wine&food
Utente Junior
 
Post: 22
Iscritto il: 04/02/07 18:15

Postdi Wine&food » 04/02/07 20:00

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-02-04 19:50:18
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = D:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
MDM /*Machine Debug Manager*/@ = "D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@UpdRegD:\WINDOWS\Updreg.exe = D:\WINDOWS\Updreg.exe
@AHQInitD:\Programmi\Creative\SBLive\Program\AHQInit.exe = D:\Programmi\Creative\SBLive\Program\AHQInit.exe
@NeroFilterCheckD:\WINDOWS\system32\NeroCheck.exe = D:\WINDOWS\system32\NeroCheck.exe
@TkBellExe"D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@nwiznwiz.exe /install = nwiz.exe /install
@AVG7_CCD:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP /*file not found*/ = D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXED:\WINDOWS\system32\ctfmon.exe = D:\WINDOWS\system32\ctfmon.exe
@drvsyskitD:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe = D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" /*file not found*/ = "D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" /*file not found*/
@Windows Registry Repair ProD:\Programmi\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 /*file not found*/ = D:\Programmi\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/(null) =
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/D:\WINDOWS\System32\twext.dll = D:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/D:\WINDOWS\System32\twext.dll = D:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/D:\WINDOWS\System32\extmgr.dll = D:\WINDOWS\System32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/D:\WINDOWS\system32\nvcpl.dll = D:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/D:\WINDOWS\system32\nvcpl.dll = D:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/D:\WINDOWS\system32\nvshell.dll = D:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/D:\WINDOWS\system32\nvshell.dll = D:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/D:\WINDOWS\system32\nvshell.dll = D:\WINDOWS\system32\nvshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/D:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = D:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/D:\Programmi\Microsoft Office\OFFICE11\msohev.dll = D:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/D:\Programmi\Real\RealPlayer\rpshell.dll = D:\Programmi\Real\RealPlayer\rpshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\Programmi\WinRAR\rarext.dll = D:\Programmi\WinRAR\rarext.dll
@{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37} /*iolo Context Defrag*/(null) =
@{46E22146-59C0-4136-9233-FB7720E777B2} /*EzCddax extension*/D:\Programmi\Easy CD-DA Extractor 10\ezcddax10.dll = D:\Programmi\Easy CD-DA Extractor 10\ezcddax10.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/D:\Programmi\iTunes\iTunesMiniPlayer.dll = D:\Programmi\iTunes\iTunesMiniPlayer.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2F860D81-AF3C-11D4-BDB3-00E0987D8540} /*UltimateZip Shell Extension*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
DCShell@{28A5BD64-8D1F-4893-AC13-DC300D242848} = D:\Programmi\DriveCleaner 2006\DCShell.dll
EzCddax@{46E22146-59C0-4136-9233-FB7720E777B2} = D:\Programmi\Easy CD-DA Extractor 10\ezcddax10.dll
SM_ContextDefrag@{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = D:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
DCShell@{28A5BD64-8D1F-4893-AC13-DC300D242848} = D:\Programmi\DriveCleaner 2006\DCShell.dll
SM_ContextDefrag@{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = D:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}D:\Documents and Settings\utente\Desktop\Spybot - Search & Destroy\SDHelper.dll /*file not found*/ = D:\Documents and Settings\utente\Desktop\Spybot - Search & Destroy\SDHelper.dll /*file not found*/
@{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}D:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll = D:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll = D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageD:\WINDOWS\SYSTEM32\blank.htm = D:\WINDOWS\SYSTEM32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = D:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = D:\WINDOWS\system32\msvidctl.dll
its@CLSID = D:\WINDOWS\System32\itss.dll
lid@CLSID = D:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = D:\WINDOWS\System32\itss.dll
ms-itss@CLSID = D:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = D:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = D:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = D:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = D:\WINDOWS\System32\wiascr.dll

---- EOF - GMER 1.0.12 ----
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-02-04 19:48:06
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT vax347b.sys ZwClose
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT vax347b.sys ZwCreateKey
SSDT vax347b.sys ZwCreatePagingFile
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT vax347b.sys ZwOpenKey
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation
SSDT vax347b.sys ZwQueryValueKey
SSDT vax347b.sys ZwSetSystemPowerState

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 81B8E520
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 81664030
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 818F0EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 812B1830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 818F0EB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL
Non tutto quel che sembra è quello che appare!
Wine&food
Utente Junior
 
Post: 22
Iscritto il: 04/02/07 18:15

spero di non aver sbagliato

Postdi Wine&food » 04/02/07 23:08

ho iserito lo script di gmer è gusto?aspetto tue notizie ciao
Non tutto quel che sembra è quello che appare!
Wine&food
Utente Junior
 
Post: 22
Iscritto il: 04/02/07 18:15

Re: spero di non aver sbagliato

Postdi Luke57 » 05/02/07 10:11

Wine&food ha scritto:ho iserito lo script di gmer è gusto?aspetto tue notizie ciao

Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK

Folders to delete:
D:\Documents and Settings\utente\Dati applicazioni\hidires
D:\WINDOWS\exefld

Files to delete:
D:\WINDOWS\system32\wintems.exe
D:\WINDOWS\system32\hldrrr.exe



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.

Inoltre apri il registro di sistema:
start>esegui>regedit (lo digiti nello spazio)>OK
Nella finestra che si apre, Cliccando sul segno + accanto alle singole voci segui questo percorso:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, click su quest’ultima cartella, nella parte destra della finestra dovresti trovare il seguente valore:
drvsyskit D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe
click tasto dx sulla voce e scegli elimina.
(Non ci dovrebbero essere, ma se se trovi anche queste voci hldrrr e german.exe. solito trattamento)

Controlla anche queste chiavi di registro, con il solito metodo:
HKEY_CURRENT_USER\Software\DateTime4
HKEY_CURRENT_USER\Software\FirstRRRun
Se le hai, eliminale.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

piccolo problema

Postdi Wine&food » 05/02/07 15:37

quando clicco sul semaforo e do l'ok per cancellare i file, avenger da questo errore Error:selected files does not appear to be a valid script.
Che faccio!
Non tutto quel che sembra è quello che appare!
Wine&food
Utente Junior
 
Post: 22
Iscritto il: 04/02/07 18:15

Postdi Luke57 » 05/02/07 15:52

Ciao, boh, lo script è valido. Prova con questo (copialo e incollalo con Ctrl+V):

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Folders to delete:
D:\Documents and Settings\utente\Dati applicazioni\hidires
D:\WINDOWS\exefld

Files to delete:
D:\WINDOWS\system32\wintems.exe
D:\WINDOWS\system32\hldrrr.exe


P.S. Se non riesce, provalo ancora
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

guaio

Postdi Wine&food » 05/02/07 16:03

avenger mi da un altro errore Fatal error: could not create new script file.
Non tutto quel che sembra è quello che appare!
Wine&food
Utente Junior
 
Post: 22
Iscritto il: 04/02/07 18:15

Postdi Luke57 » 05/02/07 16:07

Ciao, non so che dire, lo script è corretto. Riprova a eseguirlo.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

ciao forse

Postdi Wine&food » 05/02/07 16:20

nelle chivi di registro ho notato di avere Controlset001 controlset002 e 003.seguendo le indicazioni dello script ho notato che alcune da cancellare non sono al posto giuso. poi nelle cartelle windows system32 non ho trovato alcuni file menzionati dallo script. potrebbe essere usto il problema?
Non tutto quel che sembra è quello che appare!
Wine&food
Utente Junior
 
Post: 22
Iscritto il: 04/02/07 18:15

Postdi Luke57 » 05/02/07 16:33

Ciao, può darsi ma lo script per le voci giuste sarebbe eseguito ugualmente.
Ricapitolando, scarica Avgpfix da qui:
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP

Rendi visibili file e cartelle nascosti:
da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema (consigliato)
Premi OK

Cerca questi due file:
D:\WINDOWS\system32\wintems.exe
D:\WINDOWS\system32\hldrrr.exe
Se li trovi
Avvii AVgpfix e li elimini, uno alla volta:
(basta lanciarlo, premere Start, individuare il file e premere OK)

Inoltre, cerchi questa cartella:
D:\Documents and Settings\utente\Dati applicazioni\hidires
E con avgpfix elimini tutti i file al suo interno.

Lo stesso fai con questa cartella, se c’è:
D:\WINDOWS\exefld
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

bene di questi..

Postdi Wine&food » 05/02/07 17:56

file da cancellare ho trovato solo D:Windows\exfeld e l'ho eliminato e adesso che si fa (scusa se sono imbranato).
Non tutto quel che sembra è quello che appare!
Wine&food
Utente Junior
 
Post: 22
Iscritto il: 04/02/07 18:15

Postdi Luke57 » 05/02/07 18:04

Ciao, rifai le scansioni con Gmer. Nella posizione Rootkit, spunti solo le caselle files e ADS; nella posizione Autostart non spunti la casella "show all"; incolla i due report in un post.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

ecco i report di gmer

Postdi Wine&food » 05/02/07 18:19

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-02-05 18:18:21
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = D:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
MDM /*Machine Debug Manager*/@ = "D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@UpdRegD:\WINDOWS\Updreg.exe = D:\WINDOWS\Updreg.exe
@AHQInitD:\Programmi\Creative\SBLive\Program\AHQInit.exe = D:\Programmi\Creative\SBLive\Program\AHQInit.exe
@NeroFilterCheckD:\WINDOWS\system32\NeroCheck.exe = D:\WINDOWS\system32\NeroCheck.exe
@TkBellExe"D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@nwiznwiz.exe /install = nwiz.exe /install
@AVG7_CCD:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP /*file not found*/ = D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXED:\WINDOWS\system32\ctfmon.exe = D:\WINDOWS\system32\ctfmon.exe
@drvsyskitD:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe = D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" /*file not found*/ = "D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" /*file not found*/
@Windows Registry Repair ProD:\Programmi\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 /*file not found*/ = D:\Programmi\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/(null) =
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/D:\WINDOWS\System32\twext.dll = D:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/D:\WINDOWS\System32\twext.dll = D:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/D:\WINDOWS\System32\extmgr.dll = D:\WINDOWS\System32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/D:\WINDOWS\system32\nvcpl.dll = D:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/D:\WINDOWS\system32\nvcpl.dll = D:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/D:\WINDOWS\system32\nvshell.dll = D:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/D:\WINDOWS\system32\nvshell.dll = D:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/D:\WINDOWS\system32\nvshell.dll = D:\WINDOWS\system32\nvshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/D:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = D:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/D:\Programmi\Microsoft Office\OFFICE11\msohev.dll = D:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/D:\Programmi\Real\RealPlayer\rpshell.dll = D:\Programmi\Real\RealPlayer\rpshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\Programmi\WinRAR\rarext.dll = D:\Programmi\WinRAR\rarext.dll
@{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37} /*iolo Context Defrag*/(null) =
@{46E22146-59C0-4136-9233-FB7720E777B2} /*EzCddax extension*/D:\Programmi\Easy CD-DA Extractor 10\ezcddax10.dll = D:\Programmi\Easy CD-DA Extractor 10\ezcddax10.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/D:\Programmi\iTunes\iTunesMiniPlayer.dll = D:\Programmi\iTunes\iTunesMiniPlayer.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2F860D81-AF3C-11D4-BDB3-00E0987D8540} /*UltimateZip Shell Extension*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
DCShell@{28A5BD64-8D1F-4893-AC13-DC300D242848} = D:\Programmi\DriveCleaner 2006\DCShell.dll
EzCddax@{46E22146-59C0-4136-9233-FB7720E777B2} = D:\Programmi\Easy CD-DA Extractor 10\ezcddax10.dll
SM_ContextDefrag@{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = D:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
DCShell@{28A5BD64-8D1F-4893-AC13-DC300D242848} = D:\Programmi\DriveCleaner 2006\DCShell.dll
SM_ContextDefrag@{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = D:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}D:\Documents and Settings\utente\Desktop\Spybot - Search & Destroy\SDHelper.dll /*file not found*/ = D:\Documents and Settings\utente\Desktop\Spybot - Search & Destroy\SDHelper.dll /*file not found*/
@{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}D:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll = D:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll = D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageD:\WINDOWS\SYSTEM32\blank.htm = D:\WINDOWS\SYSTEM32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = D:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = D:\WINDOWS\system32\msvidctl.dll
its@CLSID = D:\WINDOWS\System32\itss.dll
lid@CLSID = D:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = D:\WINDOWS\System32\itss.dll
ms-itss@CLSID = D:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = D:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = D:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = D:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = D:\WINDOWS\System32\wiascr.dll

---- EOF - GMER 1.0.12 ----
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-02-05 18:17:09
Windows 5.1.2600 Service Pack 2


---- Files - GMER 1.0.12 ----

File D:\Documents and Settings\utente\Dati applicazioni\hidires
File D:\Documents and Settings\utente\Dati applicazioni\hidires\flec003.exe
File D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe
File D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys <-- ROOTKIT !!!
File D:\Programmi\Movie Maker\shared
File D:\Programmi\Movie Maker\shared\empty.txt
File D:\Programmi\Movie Maker\shared\filters.xml
File D:\Programmi\Movie Maker\shared\news.png
File D:\Programmi\Movie Maker\shared\paint.png
File D:\Programmi\Movie Maker\shared\profiles
File D:\Programmi\Movie Maker\shared\profiles\blank.txt
File D:\Programmi\Movie Maker\shared\sample1.jpg
File D:\Programmi\Movie Maker\shared\sample2.jpg
File D:\WINDOWS\ime\shared
File D:\WINDOWS\ime\shared\res

---- Services - GMER 1.0.12 ----

Service D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys [MANUAL] m_hook <-- ROOTKIT !!!

---- EOF - GMER 1.0.12 ----
Non tutto quel che sembra è quello che appare!
Wine&food
Utente Junior
 
Post: 22
Iscritto il: 04/02/07 18:15

Postdi Luke57 » 05/02/07 19:11

Ciao, il malware è più vivo e vegeto che mai.
Prova con gmer.
Con le applicazioni e programmi chiusi, lo apri, premi>>>>, poi il tab Services, poi Scan, tra i servizi individui questo:
Service D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys [MANUAL] m_hook
clik tasto dx sulla voce e scegli Delete (non far caso a eventuali messaggi di errore)
Poi ti sposti sul tab Rootkit, spunti le caselle files e ADS,
premi Scan.
Al termine, individui le seguenti voci:
File D:\Documents and Settings\utente\Dati applicazioni\hidires
File D:\Documents and Settings\utente\Dati applicazioni\hidires\flec003.exe
File D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe
File D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys
click tasto dx su ognuna di esse e scegli Delete file
Poi rifai questa procedura:
apri il registro di sistema:
start>esegui>regedit (lo digiti nello spazio)>OK
Nella finestra che si apre, Cliccando sul segno + accanto alle singole voci segui questo percorso:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, click su quest’ultima cartella, nella parte destra della finestra dovresti trovare il seguente valore:
drvsyskit D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe
click tasto dx sulla voce e scegli elimina.

Comunica eventuali difficoltà riscontrate.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

ho cancellato

Postdi Wine&food » 05/02/07 19:35

piu o meno tutto alcune stringhe non c'erano e poi hidre exe era in :current version\shellnoroam\muicache e l'ho eliminato. a questo punto che si fa?
Non tutto quel che sembra è quello che appare!
Wine&food
Utente Junior
 
Post: 22
Iscritto il: 04/02/07 18:15

Postdi Luke57 » 05/02/07 19:43

Ciao, non so più che cosa dire, devi riferirmi se hai eliminato o no le voci con Gmer.
Poi elimina avenger dal computer e riscaricalo nuovamente. Eseguilo con la procedura indicata, inserendo questo script:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Folders to delete:
D:\Documents and Settings\utente\Dati applicazioni\hidires
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Wine&food » 05/02/07 19:47

Avenger ha funzionato,tutto lo script che hai preparato è stato cancellato. Il computer si è riavviato.Qual'è il passo successivo?Purtroppo ora devo andare al lavoro, tornerò qui per le 23:30. Grazie
Non tutto quel che sembra è quello che appare!
Wine&food
Utente Junior
 
Post: 22
Iscritto il: 04/02/07 18:15

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "spero nel vostro aiuto":


Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti