Condividi:        

e1xplorer / adult xxx /

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

e1xplorer / adult xxx /

Postdi Carlj » 16/08/06 13:16

Salve a tutti,

sono nuovo del forum e quindi vi faccio i complimenti per quello che fate :)

ma veniamo al mio problema....

...sono incappato anche io nel virus oppure come lo vogliamo chiamare dialer ecc... e quando accendo il pc mi compare una finestra con scritto XXX ADULT KEY - complimenti ti sei aggiudicato la possibilità di visitare l'area privata per un ora... eccetera eccetera e non mi fa collegare ad internet.....

Adesso da quanto ho letto negli altri post ogni caso è differente quindi ho scaricato hijackthis ed ho fatto un log del mio pc....

adesso cosa devo fare per eliminare questo maledetto worm????

Ecco il mio log file:
Logfile of HijackThis v1.99.1
Scan saved at 14.18.34, on 16/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\khooker.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programmi\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programmi\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\programmi\zango\zango.exe
C:\WINDOWS\System32\spoolsvc.exe
C:\Documents and Settings\COVERLINEMARINE\Dati applicazioni\ratorefaci\sysrtmvs.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\carlj\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1987324.com?301
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - http://www.tecnoassistance.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Progra~1\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Duplex - {4D8603D1-E19F-4DB9-B841-CF0B3AECF967} - C:\WINDOWS\System32\apparat.dll
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D67D547B43283EC2 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\programmi\zango\zangohook.dll
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\System32\comcap16.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pccguide.exe] "c:\Programmi\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "c:\Programmi\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "c:\Programmi\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [CXMon] "C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [zango] "c:\programmi\zango\zango.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Programmi\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\COVERLINEMARINE\Dati applicazioni\ratorefaci\sysrtmvs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O15 - Trusted Zone: http://www.1987324.com
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: *.aflashcounter.com
O15 - Trusted Zone: http://www.sgrunt.biz
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.softlab.name/closer/close.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{83A33DCD-6AE9-423E-B72F-4A21917033A7}: NameServer = 151.99.0.100,151.99.125.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - c:\Programmi\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - c:\Programmi\Trend Micro\PC-cillin 2002\Tmntsrv.exe


Spero possiate aiutarmi... Grazie in Anticipo :)
Carlj
Utente Junior
 
Post: 15
Iscritto il: 13/08/06 00:49
Località: SICILIA TUTTO IL RESTO E' IN OMBRA!

Sponsor
 

Postdi andorra24 » 16/08/06 13:37

Ciao, come prima cosa lancia questo tool di rimozione. Scarica SmitFraudfix e decomprimilo in una cartella a tua scelta estraendo tutti i file:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Riavvia in modalità provvisoria

Apri la cartella che contiene SmitfraudFix avvia smitfraudfix.cmd
Seleziona opzione #2 - Clean cliccando sul 2 e premi Invio.
Riceverai questo messaggio: Registry cleaning - Do you want to clean the registry ?
Rispondi Sì cliccando Y e premi invio.
Rispondi Sì (Y) ad eventuali altre domande

esegui la scansione e poi riavvia il pc normalmente.
---------------------------------------------------------------------------------------

Vai nel Pannello di controllo/installazione applicazioni e controlla se hai una voce zango e una voce MyGlobalSearch e disinstallali immediatamente.

Adesso veniamo al log di hijackthis. Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\programmi\zango\zango.exe
C:\WINDOWS\System32\spoolsvc.exe (da non confondere con il legittimo spoolsv.exe)
C:\Documents and Settings\COVERLINEMARINE\Dati applicazioni\ratorefaci\sysrtmvs.exe
C:\WINDOWS\System32\dcomcfg.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1987324.com?301
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Duplex - {4D8603D1-E19F-4DB9-B841-CF0B3AECF967} - C:\WINDOWS\System32\apparat.dll
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D67D547B43283EC2 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\programmi\zango\zangohook.dll
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\System32\comcap16.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [zango] "c:\programmi\zango\zango.exe"
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\COVERLINEMARINE\Dati applicazioni\ratorefaci\sysrtmvs.exe
O15 - Trusted Zone: http://www.1987324.com
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: *.aflashcounter.com
O15 - Trusted Zone: http://www.sgrunt.biz
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.softlab.name/closer/close.exe

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su ''visualizza cartelle e file nascosti'' e togli la spunta da ''nascondi i file protetti di sistema (consigliato)''.

Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php
con killbox assicurati di eliminare i seguenti files (se presenti) :
C:\programmi\zango\zango.exe
c:\programmi\zango\zangohook.dll (dopo aver eliminato i files elimina anche la cartella zango)
C:\WINDOWS\System32\spoolsvc.exe (da non confondere con il legittimo spoolsv.exe)
C:\Documents and Settings\COVERLINEMARINE\Dati applicazioni\ratorefaci\sysrtmvs.exe (dopo aver eliminato il file exe elimina anche la cartella ratorefaci)
C:\WINDOWS\System32\dcomcfg.exe
C:\WINDOWS\System32\apparat.dll
C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (dopo aver eliminato il file MGSBAR.DLL elimina l'intera cartella MyGlobalSearch)
C:\WINDOWS\System32\comcap16.dll

Poi ti consiglierei anche di disinstallare la toolbar di SweetIM Macrogaming perche' c'e' chi non la considera molto affidabile.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Carlj » 16/08/06 14:42

Ciao e grazie per avermi risposto così in poco tempo :)

Ho fatto come mi hai detto tu ed ora il pc va! :)

CMq per sicurezza ti posto il nuovo log di hijackthis così mi dici se ho fato tutto bene!

Ecco il log come va adesso?????

Logfile of HijackThis v1.99.1
Scan saved at 15.53.24, on 16/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\khooker.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programmi\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programmi\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\carlj\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.tiscali.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - http://www.tecnoassistance.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Progra~1\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pccguide.exe] "c:\Programmi\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "c:\Programmi\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "c:\Programmi\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [CXMon] "C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{83A33DCD-6AE9-423E-B72F-4A21917033A7}: NameServer = 151.99.0.100,151.99.125.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - c:\Programmi\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - c:\Programmi\Trend Micro\PC-cillin 2002\Tmntsrv.exe


Carlj
Utente Junior
 
Post: 15
Iscritto il: 13/08/06 00:49
Località: SICILIA TUTTO IL RESTO E' IN OMBRA!

Postdi andorra24 » 16/08/06 14:52

Ottimo lavoro, il log adesso e' pulito. ;)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Carlj » 16/08/06 22:48

Grazie mille :D
Carlj
Utente Junior
 
Post: 15
Iscritto il: 13/08/06 00:49
Località: SICILIA TUTTO IL RESTO E' IN OMBRA!

Postdi andorra24 » 16/08/06 22:55

Carlj ha scritto:Grazie mille :D

Prego. :)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi lupos3 » 20/08/06 14:20

andorra24 ha scritto:
Carlj ha scritto:Grazie mille :D

Prego. :)



ciao andorra ho piu o meno lo stesso problema anche io e non ne riesco a venire a capo
ti posto il mio log , ti chiedo la cortesia di dirmi cosa fare grazie ancora in anticipo.

Logfile of HijackThis v1.99.1
Scan saved at 14.41.22, on 20/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 205.238.40.2 http://www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3313.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3314.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3316.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3317.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {6F27B670-F0CE-A282-B9B2-B653694F900D} - C:\WINDOWS\cfjdh1.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FamilyKeyLogger] C:\Programmi\FamilyKeyLogger\cisvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [PhilipsDM] "C:\Programmi\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [foov1.exe] C:\WINDOWS\TEMP\foov1.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] "C:\PROGRA~1\INCRED~1\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.1987324.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5521523516
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://axis.securestore.it/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DB0EE55-91E5-4E3F-823B-10E951FA5701}: NameServer = 193.70.192.25,193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sistema Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Postdi Luke57 » 20/08/06 14:35

@ lupos2
Ciao, sospetto un'infezione da linkoptimizer; allora scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi lupos3 » 20/08/06 14:54

grazie, lo faccio in modalita ' provvisoria=?
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Postdi Luke57 » 20/08/06 14:57

Ciao, in modalità nromale (tutti e due i log)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi lupos3 » 20/08/06 15:00

ok , sto facendo una scansione in mod provvisoria con virit (mi ha trovato anche e1xplorer) finisco quella riavvio in mod normale e faccio quello che mi hai detto, poi ti posto il log
grazie tante sei gentilissimo
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Postdi lupos3 » 20/08/06 17:19

Luke57 ha scritto:@ lupos2
Ciao, sospetto un'infezione da linkoptimizer; allora scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.



ECCO FATTO POSTO IL LOG


GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-20 18:15:35
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT 82F7F570 ZwAllocateVirtualMemory
SSDT \SystemRoot\System32\drivers\klif.sys ZwClose
SSDT 82FE43D8 ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcess
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateSection
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateThread
SSDT 82FE4890 ZwDeleteKey
SSDT 82F9A1E8 ZwDeleteValueKey
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT kl1.sys ZwOpenFile
SSDT d347bus.sys ZwOpenKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwOpenProcess
SSDT \SystemRoot\System32\drivers\klif.sys ZwQueryInformationFile
SSDT d347bus.sys ZwQueryKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwQuerySystemInformation
SSDT d347bus.sys ZwQueryValueKey
SSDT 82F7F5E8 ZwQueueApcThread
SSDT 82F58990 ZwReadVirtualMemory
SSDT 82F99C50 ZwRenameKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwResumeThread
SSDT 82F7FC50 ZwSetContextThread
SSDT 82F58180 ZwSetInformationKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwSetInformationProcess
SSDT 82FEB8E0 ZwSetInformationThread
SSDT d347bus.sys ZwSetSystemPowerState
SSDT 82F88228 ZwSetValueKey
SSDT 82FAD100 ZwSuspendProcess
SSDT \SystemRoot\System32\drivers\klif.sys ZwSuspendThread
SSDT \SystemRoot\System32\drivers\klif.sys ZwTerminateProcess
SSDT 82FEB958 ZwTerminateThread
SSDT 82F58A08 ZwWriteVirtualMemory
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[284]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[285]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[286]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[287]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[288]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[289]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[290]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[291]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[292]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[293]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[294]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[295]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[296]

---- Devices - GMER 1.0.10 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 82C0E5C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 82C0CC38
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ 82D93198
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 82C67020
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 82C0BF68
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 82C17020
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 82C0C568
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 82C0DD30
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 82C0D538
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 82C0CF40
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 82C0E150
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 82C0F1F0
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 82C0EA20
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 82C0FAB0
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 82C0F678
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F727DBF6] klmc.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 829C40C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 82A400C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 82DF5810
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 82918220
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 82A460C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 82A8A0C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 82A8D0C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 82AB40C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 82AA50C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 82A9B0C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 82AC00C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP_POWER 82AC0210
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 82C0E5C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 82C0CC38
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ 82D93198
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 82C67020
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 82C0BF68
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 82C17020
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 82C0C568
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 82C0DD30
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 82C0D538
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 82C0CF40
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 82C0E150
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 82C0F1F0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 82C0EA20
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 82C0FAB0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 82C0F678
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F727DBF6] klmc.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 829C40C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 82A400C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 82DF5810
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 82918220
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 82A460C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 82A8A0C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 82A8D0C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 82AB40C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 82AA50C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 82A9B0C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 82AC00C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP_POWER 82AC0210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 82A32008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE_NAMED_PIPE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CLOSEIRP_MJ_READ 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_WRITE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_EA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_EA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_FLUSH_BUFFERS 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_VOLUME_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DIRECTORY_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DEVICE_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SHUTDOWN 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_LOCK_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CLEANUP 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE_MAILSLOT 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_SECURITY 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_SECURITY 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_POWER 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SYSTEM_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DEVICE_CHANGE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_QUOTA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_QUOTA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_PNP 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_PNP_POWER 82B1C0B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Postdi lupos3 » 20/08/06 17:22

lupos3 ha scritto:
Luke57 ha scritto:@ lupos2
Ciao, sospetto un'infezione da linkoptimizer; allora scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.



seconbda parte del log

---- Registry - GMER 1.0.10 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{107E6D21-54ED-32EA-89EBEFDD29F12B2C}\{B975045C-7EA8-ADE1-408732B9E3F99960}\{A296A331-83C2-2419-70104A7C6B45B24D}@SE4K5INHHR1EDZYY15BVZC6TKG1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{18E09523-0BB1-0E75-6B141AE958ABE9E7}\{8E8BA3D9-389B-9F43-3B5B6490B54F898E}\{0E0922CC-9ECE-C3AB-5B05A5FA1997F2CA}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{60778762-8BE2-5BE8-74B1F534DECE7DD7}\{033814D8-F5F0-69C3-B63A6822FA3F97AC}\{BB1878CD-9C66-F7AC-793F8981AF2E0354}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{6283EF60-5306-646F-3E2A60A6F3147012}\{EC258BE5-E5B0-C834-EB7A48F96467BF3F}\{829C9D27-3E4A-4D61-8C18630CF0B6A85C}@SE4K5INHHR1EDZYY15BVZC6TKG1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{089CB069-B16F-490A-A43E-018DC2F6F949}
File C:\WINDOWS\cfjdh1.dll

---- EOF - GMER 1.0.10 ----




GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-20 18:16:16
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier@DLLName = WRLogonNTF.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = C:\:zapotmc.bmp

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINDOWS\System32\CTSvcCDA.exe
kavsvc /*kavsvc*/@ = "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\System32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SecCrm /*SecCrm*/@ = "C:\Programmi\File comuni\Microsoft Shared\gRa.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe
WebrootSpySweeperService /*Sistema Webroot Spy Sweeper*/@ = "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe"
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINDOWS\System32\MsPMSPSv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemon"RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup = "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
@nwiz"nwiz.exe" /install = "nwiz.exe" /install
@NvMediaCenter"RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit = "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
@FamilyKeyLoggerC:\Programmi\FamilyKeyLogger\cisvc.exe = C:\Programmi\FamilyKeyLogger\cisvc.exe
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@DAEMON Tools-1033"C:\Programmi\D-Tools\daemon.exe" -lang 1033 = "C:\Programmi\D-Tools\daemon.exe" -lang 1033
@Disc DetectorC:\Programmi\Creative\ShareDLL\CtNotify.exe p ? X ? ? ? ? ? C ??? Disc Detector B ??A ? ??A ` ? ??B ??@ $?@ ? C ??? U?@ ? ??? @?B ??A ? ??A ? ? ??B ??@ P $?@ p ? ? k??w @ ? " ? ? ? ?? ??B ? ? ?????? ??B = C:\Programmi\Creative\ShareDLL\CtNotify.exe p ? X ? ? ? ? ? C ??? Disc Detector B ??A ? ??A ` ? ??B ??@ $?@ ? C ??? U?@ ? ??? @?B ??A ? ??A ? ? ??B ??@ P $?@ p ? ? k??w @ ? " ? ? ? ?? ??B ? ? ?????? ??B
@PhilipsDM"C:\Programmi\Philips\Philips Device Manager\Bin\DeviceManager.exe" = "C:\Programmi\Philips\Philips Device Manager\Bin\DeviceManager.exe"
@PinnacleDriverCheck"C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg = "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
@EPSON Stylus C64 Series"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
@KAVPersonal50"C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize = "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\svchost.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@IncrediMail"C:\PROGRA~1\INCRED~1\bin\IncMail.exe" /c = "C:\PROGRA~1\INCRED~1\bin\IncMail.exe" /c
@H/PC Connection Agent"C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE" = "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{FED7043D-346A-414D-ACD7-550D052499A7} /*dBpowerAMP Music Converter 1*/C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpowerAMP Music Converter*/C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll
@{73B24247-042E-4EF5-ADC2-42F62E6FD654} /*ICQ Lite Shell Extension*/C:\Programmi\ICQLite\ICQLiteShell.dll = C:\Programmi\ICQLite\ICQLiteShell.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} /*Webroot Spy Sweeper Context Menu Integration*/C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programmi\ICQLite\ICQLiteShell.dll
IMMenuShellExt@{F8984111-38B6-11D5-8725-0050DA2761C4} = C:\Programmi\IncrediMail\bin\IMShExt.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WS_FTP@{797F3885-5429-11D4-8823-0050DA59922B} = C:\Programmi\Ipswitch\WS_FTP Professional\wsftpsi.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programmi\ICQLite\ICQLiteShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll
SpySweeper@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WS_FTP@{797F3885-5429-11D4-8823-0050DA59922B} = C:\Programmi\Ipswitch\WS_FTP Professional\wsftpsi.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{6F27B670-F0CE-A282-B9B2-B653694F900D}C:\WINDOWS\cfjdh1.dll = C:\WINDOWS\cfjdh1.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mctp@CLSID = C:\Programmi\Microsoft ActiveSync\aatp.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9DB0EE55-91E5-4E3F-823B-10E951FA5701} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.2.141 = 192.168.2.141
@NameServer193.70.192.25,193.70.152.25 = 193.70.192.25,193.70.152.25
@DefaultGateway192.168.2.1 = 192.168.2.1
@Domain =

---- EOF - GMER 1.0.10 ----


GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-20 18:15:35
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT 82F7F570 ZwAllocateVirtualMemory
SSDT \SystemRoot\System32\drivers\klif.sys ZwClose
SSDT 82FE43D8 ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcess
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateSection
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateThread
SSDT 82FE4890 ZwDeleteKey
SSDT 82F9A1E8 ZwDeleteValueKey
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT kl1.sys ZwOpenFile
SSDT d347bus.sys ZwOpenKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwOpenProcess
SSDT \SystemRoot\System32\drivers\klif.sys ZwQueryInformationFile
SSDT d347bus.sys ZwQueryKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwQuerySystemInformation
SSDT d347bus.sys ZwQueryValueKey
SSDT 82F7F5E8 ZwQueueApcThread
SSDT 82F58990 ZwReadVirtualMemory
SSDT 82F99C50 ZwRenameKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwResumeThread
SSDT 82F7FC50 ZwSetContextThread
SSDT 82F58180 ZwSetInformationKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwSetInformationProcess
SSDT 82FEB8E0 ZwSetInformationThread
SSDT d347bus.sys ZwSetSystemPowerState
SSDT 82F88228 ZwSetValueKey
SSDT 82FAD100 ZwSuspendProcess
SSDT \SystemRoot\System32\drivers\klif.sys ZwSuspendThread
SSDT \SystemRoot\System32\drivers\klif.sys ZwTerminateProcess
SSDT 82FEB958 ZwTerminateThread
SSDT 82F58A08 ZwWriteVirtualMemory
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[284]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[285]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[286]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[287]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[288]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[289]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[290]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[291]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[292]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[293]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[294]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[295]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[296]

---- Devices - GMER 1.0.10 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 82C0E5C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 82C0CC38
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ 82D93198
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 82C67020
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 82C0BF68
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 82C17020
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 82C0C568
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 82C0DD30
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 82C0D538
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 82C0CF40
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 82C0E150
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 82C0F1F0
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 82C0EA20
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 82C0FAB0
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 82C0F678
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F727DBF6] klmc.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 829C40C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 82A400C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 82DF5810
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 82918220
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 82A460C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 82A8A0C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 82A8D0C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 82AB40C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 82AA50C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 82A9B0C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 82AC00C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP_POWER 82AC0210
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 82C0E5C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 82C0CC38
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ 82D93198
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 82C67020
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 82C0BF68
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 82C17020
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 82C0C568
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 82C0DD30
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 82C0D538
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 82C0CF40
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 82C0E150
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 82C0F1F0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 82C0EA20
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 82C0FAB0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 82C0F678
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F727DBF6] klmc.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 829C40C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 82A400C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 82DF5810
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 82918220
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 82A460C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 82A8A0C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 82A8D0C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 82AB40C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 82AA50C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 82A9B0C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 82AC00C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP_POWER 82AC0210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82A32008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82A32008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 82A32008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82B1C0B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 82B1C0B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Postdi lupos3 » 20/08/06 17:25

aspetto le tue direttive
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Postdi lupos3 » 20/08/06 17:43

sto facendo anche una scansione online con panda
e mi ha gia' trovato
391 spyware
18 strum di hacking
47 dialer

mai successa una cosa del genere

aiuto
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

e1xplorer

Postdi ringhio71 » 20/08/06 18:43

mi sa che l'ho preso anch'io.
questo è il log di hijackt

Logfile of HijackThis v1.99.1
Scan saved at 19.23.26, on 20/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
E:\Programmi\Alwil Software\Avast4\ashServ.exe
E:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
E:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
E:\Programmi\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
E:\Programmi\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
E:\Programmi\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
E:\Programmi\File comuni\Real\Update_OB\realsched.exe
E:\Programmi\Ahead\NeroNET\NNServiceCtrl.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Programmi\QuickTime\qttask.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Programmi\Executive Software\Diskeeper\DkService.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programmi\Creative\MediaSource\RemoteControl\RcMan.exe
E:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
E:\Programmi\Messenger\msmsgs.exe
D:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\pctspk.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\MsPMSPSv.exe
e:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe
E:\PROGRA~1\INCRED~1\bin\IMApp.exe
E:\Programmi\Alwil Software\Avast4\ashWebSv.exe
E:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\rundll32.exe
E:\Programmi\Copernic Agent\CopernicAgent.exe
E:\DOCUME~1\kid\IMPOST~1\Temp\Directory temporanea 1 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - E:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CTSysVol] E:\Programmi\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] E:\Programmi\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "E:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [Ulead AutoDetector] E:\Programmi\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroNETTrayIcon] E:\Programmi\Ahead\NeroNET\NNServiceCtrl.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] E:\Programmi\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [IncrediMail] E:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [NBJ] "E:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = E:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &eBay Search - res://E:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesu ... .0.5.1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBA89D86-5C87-4D3B-B37C-B9302A8F7915}: NameServer = 85.37.17.13 85.38.28.81
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NeroNET - Ahead Software AG - E:\Programmi\Ahead\NeroNET\NeroNET.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - e:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - E:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe (file missing)

mi dite che ne pensate
grazie
ringhio
in blues we trust
ringhio71
Newbie
 
Post: 3
Iscritto il: 20/08/06 18:31

Postdi andorra24 » 20/08/06 19:06

ringhio71 dal tuo log non emerge nessuna infezione. Se non conosci la seguente voce eliminala:

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesu ... .0.5.1.cab

Se vuoi per sicurezza fatti una scansione completa con superantispyware:

http://www.superantispyware.com/downloa ... PYWAREFREE
Ultima modifica di andorra24 su 20/08/06 19:14, modificato 1 volte in totale.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Luke57 » 20/08/06 19:10

@lupo3
Ciao, per oggi non posso controllare i tuoi log di Gmer . Ti risponderò domani.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi ringhio71 » 20/08/06 19:13

grazie mille
speriamo benne... ;)
in blues we trust
ringhio71
Newbie
 
Post: 3
Iscritto il: 20/08/06 18:31

Postdi lupos3 » 20/08/06 20:22

Luke57 ha scritto:@lupo3
Ciao, per oggi non posso controllare i tuoi log di Gmer . Ti risponderò domani.


ok attendo tue news domani
grazie
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "e1xplorer / adult xxx /":

e1xplorer
Autore: Zaba
Forum: Sicurezza e Privacy
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 74 ospiti