Home News Guide Hardware Download Forum Glossario

Condividi:        

Dialer Diaboliko . Vi chiedo una mano .

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

Dialer Diaboliko . Vi chiedo una mano .

Postdi Jeri » 16/01/07 17:19

Ciao a tutti , ieri sera mi e' capitato che da un link su un motore di ricerca mentre cercavo alcuni titoli di film , sono andato a finire in un sito porno scaricando ovviamente il dialer annesso . Da subito questo si e' comportato a modo :

1 ha creato una connessione remota 0202 che si creava ad ogni avvio e cercava di connettersi con la 56K .

2 ha creato stranamente un account Administrator con password che ad ogni avvio si ricreava ..

3 ad ogni avvio questo dialer che mi sta facendo ammalare fa comparire una schermata di connessione a numeri 899 a 15 euro ogni 6 minuti ..

4 Il processo del dialer si chiama rdpslip.exe ed e' impossibile trovarlo perche una volta chiuso scompare nel nulla e si ricrea ad ogni avvio .

5 Con l'entrata di questo maledetto sono entrati altri tipi di trojan che da un accurata scansione con AVG ne ho trovato ben in numero di 40 ... e questi trojan presumo che si riciclino considerato il fatto che nn riesco assolutamnte a debellarli vi dico alcuni nomi :


system32\drivers\vissv.sys
WINDOWS\new_drv.sys
system32\drivers\lxx32.sys

piu' altri Backdoor.agent e PSW gerneric2 compresi anche molti trojana che mi pare siano di reciclo.

5 Il computer si riavviava quando chiudevo la finestra del dialer per ora credo di aver contenuto questo problema .. ma ogni tanto compare una finestra che parla di uno shotdown del sistema e terminato il conto alla rovescia mi si riavvia il pc.

ragazzi aiutatemi perche davvero nn so come fare ...

questo e' il log con hijacks

Logfile of HijackThis v1.99.1
Scan saved at 16.50.44, on 16/01/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
D:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
D:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\WINDOWS\System32\RunDll32.exe
D:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
D:\Programmi\Winamp\winampa.exe
D:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
D:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
D:\Programmi\File comuni\Real\Update_OB\realsched.exe
D:\WINDOWS\System32\sescmgr.exe
D:\Programmi\File comuni\Symantec Shared\ccApp.exe
D:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
D:\Programmi\Belkin\Software Bluetooth\BTTray.exe
D:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
D:\WINDOWS\System32\rdpslip.exe
D:\Programmi\WinRAR\WinRAR.exe
D:\DOCUME~1\Frankie\IMPOST~1\Temp\Rar$EX00.469\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {03CDE378-75EF-4EB7-9231-804F1406737C} - D:\WINDOWS\System32\msltut40.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [DataLayer] D:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sctrlmgr] D:\WINDOWS\System32\sescmgr.exe
O4 - HKLM\..\Run: [ccApp] "D:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [swg] D:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Reset.lnk = D:\WINDOWS\repair\reset.bat
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - D:\Programmi\Belkin\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmi\Belkin\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmi\Belkin\Software Bluetooth\btsendto_ie.htm
O15 - Trusted Zone: *.realsearch.cc
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jerikho1.spaces.msn.com//PhotoUp ... nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b47946.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2621059A-A1DD-44A5-B2B2-3ED7087CC027}: NameServer = 195.130.224.18,195.130.225.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{349C5F64-E4C4-49ED-B949-CFAAFF1ECE65}: NameServer = 192.168.1.1,213.205.32.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - D:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe


cm potete vedere fra i processi in esecuzione c'e questo rdpslip.exe che e' il dialer in questione ...


vi ringrazio enormente .
Jeri
Newbie
 
Post: 6
Iscritto il: 16/01/07 16:59
Top
Sponsor
 

Postdi Jeri » 18/01/07 14:41

vi prego aiutatemi ... tralaltro lo shotdown viene applicato da un interruzione di un service.exe ...


vi prego datemi una mano .. mi sta veramnte facendo arrabbiare..
Jeri
Newbie
 
Post: 6
Iscritto il: 16/01/07 16:59
Top

Postdi Luke57 » 18/01/07 15:26

Jeri ha scritto:vi prego aiutatemi ... tralaltro lo shotdown viene applicato da un interruzione di un service.exe ...


vi prego datemi una mano .. mi sta veramnte facendo arrabbiare..

Ciao, scarica questo tool:
http://www.suspectfile.com/upload/files ... stbfix.exe
scaricalo, avvialo e segui le istruzioni.

Poi scarica Gmer da qui:
http://www.majorgeeks.com/GMER_d5198.html
scompatta il file .zip e avvia gmer.exe.
Per entrare in Avanzate premi il tab>>>>. Poi scegli il tab Rootkit, lascia le impostazioni di default, metti la spunta alla casella ADS, fai uno Scan completo. Chiudi, prima dello scan, tutti i programmi e le applicazioni aperti.
Al termine, premi il tasto Copy e incolla il report in un foglio di testo.
Sempre con Gmer ti sposti sul tab Autostart (non spuntare la casella show all), premi Scan. Al termine dello scan, premi Copy. Incolli il report nel foglio precedentemente salvato e poi incolli i due report in un post nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Postdi Jeri » 18/01/07 21:59

Allora ti ringrazio innanzitutto per avermi risposto ...
Ho scaricato rustbfix ma nn lo avvia mi dice che e' un applicazione di Win32 non valida ... :(


questa e' la prima scansione con gmer la rootkit ... questo D:\WINDOWS\System32:lzx32.sys e' un trojan che avevo gia trovato con avg ma nn capisco come abbia fatto a ricomparire...

-GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-18 16:01:16
Windows 5.1.2600


---- System - GMER 1.0.12 ----

SSDT 81C78B50 ZwConnectPort
SSDT 81C7D7F0 ZwOpenProcess
SSDT 81C55290 ZwOpenThread

SYSENTER \??\D:\WINDOWS\System32:lzx32.sys B2F52BAF

Code \??\D:\WINDOWS\System32:lzx32.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!FsRtlLegalAnsiCharacterArray + 108 804F2070 4 Bytes [ 50, 8B, C7, 81 ]
.text ntoskrnl.exe!FsRtlLegalAnsiCharacterArray + 274 804F21DC 4 Bytes [ F0, D7, C7, 81 ]
.text ntoskrnl.exe!FsRtlLegalAnsiCharacterArray + 28C 804F21F4 4 Bytes [ 90, 52, C5, 81 ]
.text ntoskrnl.exe!Kei386EoiHelper + 14A5 804FC00B 3 Bytes [ D1, 43, 6A ]
.text tcpip.sys!IPTransmit + 1881 B2EE16AF 6 Bytes CALL B2F5494C \??\D:\WINDOWS\System32:lzx32.sys
.text tcpip.sys!IPTransmit + 6E81 B2EE6CAF 6 Bytes CALL B2F5494C \??\D:\WINDOWS\System32:lzx32.sys
.text tcpip.sys!IPTransmit + 70FF B2EE6F2D 6 Bytes CALL B2F5494C \??\D:\WINDOWS\System32:lzx32.sys
.text wanarp.sys F876A0C1 7 Bytes CALL B2F54956 \??\D:\WINDOWS\System32:lzx32.sys
.text ntdll.dll!NtClose 77F4B458 5 Bytes JMP 72033FAA
.text ntdll.dll!NtCreateProcess 77F4B5B8 5 Bytes JMP 72034135
.text ntdll.dll!NtCreateProcessEx 77F4B5C8 5 Bytes JMP 72034019
.text ntdll.dll!NtCreateSection 77F4B5E8 5 Bytes JMP 72033FC8

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8AA585A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8AA585A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8AA585A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8AA585A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F8AA585A] avgtdi.sys
Device \Driver\USB_RNDIS \Device\{90D3A699-B9D8-4620-A194-FC99D1CEA4C9} IRP_MJ_PNP [F88F24B6] RNDISMP.SYS

---- Services - GMER 1.0.12 ----

Service D:\WINDOWS\System32:lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ImagePath \??\D:\WINDOWS\System32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ExtParam 0x6A 0x50 0x2B 0xB0 ...
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ImagePath \??\D:\WINDOWS\System32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ExtParam 0x6A 0x50 0x2B 0xB0 ...
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386\Security
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ImagePath \??\D:\WINDOWS\System32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ExtParam 0x6A 0x50 0x2B 0xB0 ...
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386\Enum
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ImagePath \??\D:\WINDOWS\System32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ExtParam 0x6A 0x50 0x2B 0xB0 ...
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ImagePath \??\D:\WINDOWS\System32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ExtParam 0x6A 0x50 0x2B 0xB0 ...
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ImagePath \??\D:\WINDOWS\System32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ExtParam 0x6A 0x50 0x2B 0xB0 ...
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386\Security
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ImagePath \??\D:\WINDOWS\System32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ExtParam 0x6A 0x50 0x2B 0xB0 ...
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ImagePath \??\D:\WINDOWS\System32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ExtParam 0x6A 0x50 0x2B 0xB0 ...
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ImagePath \??\D:\WINDOWS\System32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ExtParam 0x6A 0x50 0x2B 0xB0 ...
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386\Security
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ImagePath \??\D:\WINDOWS\System32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ExtParam 0x6A 0x50 0x2B 0xB0 ...
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386\Enum
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ImagePath \??\D:\WINDOWS\System32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ExtParam 0x6A 0x50 0x2B 0xB0 ...
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Checked 1

---- Files - GMER 1.0.12 ----

ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\02\302-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v302-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v302-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\02\302-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v302-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v302-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\02\302-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v302-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v302-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\03\303-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v303-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v303-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\03\303-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v303-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v303-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\03\303-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v303-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v303-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\04\304-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v304-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v304-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\04\304-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v304-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v304-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\04\304-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v304-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v304-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\05\305-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v305-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v305-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\05\305-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v305-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v305-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\06\306-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v306-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v306-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\06\306-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v306-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v306-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\07\307-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v307-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\07\307-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v307-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\08\308-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v308-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v308-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\08\308-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v308-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v308-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\09\309-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v309-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v309-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\09\309-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v309-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v309-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\10\310-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v310-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v310-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\10\310-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v310-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v310-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\11\11-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v11-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\11\11-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v11-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\11\11-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v11-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\11\311-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v311-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v311-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\11\311-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v311-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v311-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\12\312-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v312-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v312-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\12\312-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v312-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v312-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\13\313-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v313-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v313-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\13\313-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v313-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v313-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\14\314-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v314-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\14\314-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v314-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\15\315-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v315-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v315-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\15\315-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v315-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v315-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\15\33-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v15-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\15\33-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v15-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\15\33-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v15-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\16\17-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v16-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v17-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\16\316-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v316-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v316-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\16\316-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v316-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v316-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\17\317-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v317-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v317-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\17\317-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v317-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v317-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\18\19-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v18-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\18\19-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v18-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\18\19-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v18-{11B1692B-14AB-40CE-ADA1-DE59F0623534}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\18\318-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v318-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v318-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\18\318-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v318-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v318-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hotmail.it\SharingMetadata\rinas_world@hotmail.com\DFSR\Staging\CS{8644E20B-A667-97A5-1D09-645F17E43059}\19\319-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v319-{53797176-DFAD-4F1F-ABAA-3A8D72CCF4E0}-v319-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\jerikho1@hot
Jeri
Newbie
 
Post: 6
Iscritto il: 16/01/07 16:59
Top

Postdi Jeri » 18/01/07 22:02

ADS D:\WINDOWS\system32:lzx32.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.12 ----




questo e' l'altro log chje mi hai chiesto ...


GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-18 16:04:16
Windows 5.1.2600


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = D:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = D:\WINDOWS\system32\ati2sgag.exe
Avg7Alrt /*AVG7 Alert Manager Server*/@ = D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
btwdins /*Bluetooth Service*/@ = D:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
C-DillaCdaC11BA /*C-DillaCdaC11BA*/@ = D:\WINDOWS\System32\drivers\CDAC11BA.EXE
ccEvtMgr /*Symantec Event Manager*/@ = "D:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
ccSetMgr /*Symantec Settings Manager*/@ = "D:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
SNDSrvc /*Symantec Network Drivers Service*/@ = D:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
SPBBCSvc /*Symantec SPBBCSvc*/@ = D:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
Symantec Core LC /*Symantec Core LC*/@ = D:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
UMWdf /*Windows User Mode Driver Framework*/@ = D:\WINDOWS\System32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AVG7_CCD:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
@QuickTime Task"D:\Programmi\QuickTime\qttask.exe" -atboottime /*file not found*/ = "D:\Programmi\QuickTime\qttask.exe" -atboottime /*file not found*/
@CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd = RunDll32 cmicnfg.cpl,CMICtrlWnd
@SunJavaUpdateSched"D:\Programmi\Java\jre1.5.0_09\bin\jusched.exe" = "D:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
@WinampAgentD:\Programmi\Winamp\winampa.exe = D:\Programmi\Winamp\winampa.exe
@DataLayerD:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE = D:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
@PCSuiteTrayApplicationD:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE = D:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
@TkBellExe"D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@sctrlmgrD:\WINDOWS\System32\sescmgr.exe = D:\WINDOWS\System32\sescmgr.exe
@ccApp"D:\Programmi\File comuni\Symantec Shared\ccApp.exe" = "D:\Programmi\File comuni\Symantec Shared\ccApp.exe"
@Symantec NetDriver MonitorD:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer = D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = D:\WINDOWS\winsys.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@swg = D:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\Programmi\WinRAR\rarext.dll = D:\Programmi\WinRAR\rarext.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/D:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = D:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*Gestore icona firma digitale di AutoCAD*/D:\WINDOWS\System32\AcSignIcon.dll = D:\WINDOWS\System32\AcSignIcon.dll
@{00020000-0000-1011-8004-0000C06B5161} /*WIBU-SYSTEMS Shell Extension*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/D:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = D:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/D:\Programmi\Microsoft Office\OFFICE11\msohev.dll = D:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/D:\WINDOWS\System32\btneighborhood.dll = D:\WINDOWS\System32\btneighborhood.dll
@{40950107-FEA6-4d53-A65F-B2DCBA57DD58} /*Nokia Phone Browser*/D:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = D:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{FBFE7864-D495-41f0-B7DC-4BB601CC295E} /*Contact View*/D:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll = D:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll
@{C0C4375A-5B72-4efe-929D-3B848C3A1E91} /*Message View*/D:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll = D:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/D:\Programmi\Real\RealPlayer\rpshell.dll = D:\Programmi\Real\RealPlayer\rpshell.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/D:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = D:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/D:\Programmi\Grisoft\AVG Free\avgse.dll = D:\Programmi\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/D:\Programmi\Grisoft\AVG Free\avgse.dll = D:\Programmi\Grisoft\AVG Free\avgse.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = D:\Programmi\Grisoft\AVG Free\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = D:\Programmi\Grisoft\AVG Free\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}D:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = D:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{53707962-6F74-2D53-2644-206D7942484F}D:\PROGRA~1\SPYBOT~1\SDHelper.dll = D:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}D:\Programmi\Java\jre1.5.0_09\bin\ssv.dll = D:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}d:\programmi\google\googletoolbar2.dll = d:\programmi\google\googletoolbar2.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = D:\WINDOWS\System32\LOGON.SCR

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageD:\WINDOWS\System32\blank.htm = D:\WINDOWS\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = D:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = D:\WINDOWS\System32\msvidctl.dll
its@CLSID = D:\WINDOWS\System32\itss.dll
lid@CLSID = D:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = D:\WINDOWS\System32\itss.dll
msnim@CLSID = D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = D:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = D:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = D:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = D:\WINDOWS\System32\msdxm.ocx
wia@CLSID = D:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2621059A-A1DD-44A5-B2B2-3ED7087CC027} /*Connessione alla rete locale (LAN) 2*/ >>>
@IPAddress192.168.1.2 = 192.168.1.2
@NameServer195.130.224.18,195.130.225.129 = 195.130.224.18,195.130.225.129
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{349C5F64-E4C4-49ED-B949-CFAAFF1ECE65} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.0.7 = 192.168.0.7
@NameServer192.168.1.1,213.205.32.70 = 192.168.1.1,213.205.32.70
@DefaultGateway192.168.0.2 = 192.168.0.2
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90D3A699-B9D8-4620-A194-FC99D1CEA4C9} /*Connessione alla rete locale (LAN) 4*/ >>>
@IPAddress192.168.1.2 = 192.168.1.2
@NameServer213.205.32.70,213.205.36.70 = 213.205.32.70,213.205.36.70
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

D:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
BTTray.lnk = BTTray.lnk
Reset.lnk = Reset.lnk

---- EOF - GMER 1.0.12 ----



Ti ringrazio della disponibilita' ...


ps: visto che sei un mod ti chiederei gentilmente di cancellare l'ultima parte di quel log dopo averla letta poiche compare sia la mia email ceh quella di terzi ...
Jeri
Newbie
 
Post: 6
Iscritto il: 16/01/07 16:59
Top

Postdi Luke57 » 19/01/07 09:35

Ciao, non so perché non funziona Rustofix.
Prova questa procedura:
riavvia Gmer.exe, premi il tasto >>>>>, poi il tab.Services, individui il servizio
Service D:\WINDOWS\System32:lzx32.sys (*** hidden *** ) [SYSTEM] pe386
lo evidenzi con il tasto dx del mouse e scegli “delete service”. Dare OK nei messaggi successivi. Verrà mostrato un errore nella rimozione del file, mentre il servizio verrà rimosso tranquillamente.
Poi , sempre con Gmer, ti sposti sul tab. Rootkit, spunti solo le caselle files e ADS, premi Scan.
Verrà trovato un file nascosto
ADS D:\WINDOWS\system32:lzx32.sys
click con il tasto destro e scegli Delete File.

Poi scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\5T29L1D34B
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03CDE378-75EF-4EB7-9231-804F1406737C}

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | sctrlmgr

Files to delete:
D:\WINDOWS\winsys.exe
D:\WINDOWS\ svhost.dll
D:\WINDOWS\System32\sescmgr.exe
D:\WINDOWS\System32\rdpslip.exe
D:\WINDOWS\System32\msltut40.dll

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.

Comunica eventuali difficoltà o problemi riscontrati.
P.S. Sono mod, ma non in questa sezione, non posso quindi intervenire.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Postdi Jeri » 19/01/07 15:28

ecco ho fatto cio che mi hai detto ...


questo e' il log di avenger


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\aosdldsf

*******************

Script file located at: \??\D:\Documents and Settings\mdmpeyfk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:



File D:\WINDOWS\winsys.exe not found!
Deletion of file D:\WINDOWS\winsys.exe failed!

Could not process line:
D:\WINDOWS\winsys.exe
Status: 0xc0000034



File D:\WINDOWS\ svhost.dll not found!
Deletion of file D:\WINDOWS\ svhost.dll failed!

Could not process line:
D:\WINDOWS\ svhost.dll
Status: 0xc0000034

File D:\WINDOWS\System32\sescmgr.exe deleted successfully.


File D:\WINDOWS\System32\rdpslip.exe not found!
Deletion of file D:\WINDOWS\System32\rdpslip.exe failed!

Could not process line:
D:\WINDOWS\System32\rdpslip.exe
Status: 0xc0000034



File D:\WINDOWS\System32\msltut40.dll not found!
Deletion of file D:\WINDOWS\System32\msltut40.dll failed!

Could not process line:
D:\WINDOWS\System32\msltut40.dll
Status: 0xc0000034


Warning --- HKLM\Software did not load within MAX_WAIT_ITERATIONS


Base registry key for value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs not found!
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\5T29L1D34B not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\5T29L1D34B failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03CDE378-75EF-4EB7-9231-804F1406737C} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03CDE378-75EF-4EB7-9231-804F1406737C} failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|1
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|1 failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|sctrlmgr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|sctrlmgr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


ti ringrazio..
Jeri
Newbie
 
Post: 6
Iscritto il: 16/01/07 16:59
Top

Postdi Luke57 » 19/01/07 22:22

Ciao, non è riuscita del tutto l'operazione con Avenger, ti ho dato uno script non scritto correttamente.
Apri il registro di sistema:
start>esegui>regedit (lo digiti nello spazio)>OK
Una volta aperto l'editor del registro, cliccando sul segno + accanto alle singole voci segui questo percorso:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, doppio click sulla cartella Run
nella parte destra dovresti trovare
1 = D:\WINDOWS\winsys.exe
click tasto dx e scegli elimina
Chiudi e riapri il registro, segui questo percorso:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run,doppio click sulla cartella Run, nella patrte destra dovresti trovare:
sctrlmgr = D:\WINDOWS\System32\sescmgr.exe
click tasto dx e scegli elimina
Infine ti porti su questo percorso:
HKEY_LOCAL_MACHINE\SOFTWARE\5T29L1D34B, se trovi quest'ultima voce click tasto dx e scegli elimina.
Chiudi il registro e posta ul log di hiajckthis per controllo.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "Dialer Diaboliko . Vi chiedo una mano .":

Vi chiedo un'aiuto per una Macro Excel
Autore: djenrick89 		Forum: Applicazioni Office Windows
Risposte: 16
Anch'io chiedo consigli per acquisto nuovo pc desktop
Autore: taiale 		Forum: Consigli per gli acquisti
Risposte: 1
Chiedo cosiglio x Pc assemblato
Autore: chiara.a 		Forum: Consigli per gli acquisti
Risposte: 4
Ho un problema con l'audio. Mi date una mano per cortesia?!
Autore: mario.fg 		Forum: Audio/Video e masterizzazione
Risposte: 2
Voglio fare un disegno con Forme>Disegno a mano libera ma qu
Autore: Giovannino60 		Forum: Software Windows
Risposte: 0

Chi c’è in linea

Visitano il forum: Nessuno e 32 ospiti