Condividi:        

Bagle, mai vista una cosa del genere!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Bagle, mai vista una cosa del genere!

Postdi antoniojr86 » 24/02/07 14:13

Salve, sarà 1 mese e mezzo che, dopo aver aperto un file scaricato da Bearshare, ho problemi con Bagle, il famigerato virus/spyware (non so cosa sia, ma è maledetto!!! :evil: )... Ho visto un sacco di guide per eliminarlo, ma visto che una volta usati Hijack e Gmer, non riesco ad aprire il regedit, credo che sia per questo motivo che non riesco a completare l'"opera" di eliminazione... Se qualcuno ha la pazienza di aiutarmi ne sarei grato, perchè ho paura a stare su Internet senza antivirus...

Ora incollo anche il "referto" di Gmer, se potesse essere utile...

Ciao!!
antoniojr86
Utente Junior
 
Post: 13
Iscritto il: 24/02/07 13:59

Sponsor
 

Postdi antoniojr86 » 24/02/07 18:23

GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-02-24 18:22:23
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ASWLSVC /*ASWLSVC*/@ = C:\WINDOWS\system32\ASWLSVC.exe
Automatic LiveUpdate Scheduler /*Automatic LiveUpdate Scheduler*/@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
Diskeeper /*Diskeeper*/@ = "C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe"
LightScribeService /*LightScribeService Direct Disc Labeling Service*/@ = "C:\Programmi\File comuni\LightScribe\LSSrvc.exe"
McDetect.exe /*McAfee WSC Integration*/@ = c:\programmi\mcafee.com\agent\mcdetect.exe
McTskshd.exe /*McAfee Task Scheduler*/@ = c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
MskService /*McAfee SpamKiller Server*/@ = C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
MSSQL$PINNACLESYS /*MSSQL$PINNACLESYS*/@ = "C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS
SLService /*SmartLinkService*/@ = slserv.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
spupdsvc /*Windows Service Pack Installer update service*/@ = C:\WINDOWS\system32\spupdsvc.exe
StarWindService /*StarWind iSCSI Service*/@ = C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
StyleXPService /*StyleXPService*/@ = "C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe" /*file not found*/
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@SiSUSBRGC:\WINDOWS\SiSUSBrg.exe = C:\WINDOWS\SiSUSBrg.exe
@ASUS Live Update"C:\Programmi\ASUS\ASUS Live Update\ALU.exe" = "C:\Programmi\ASUS\ASUS Live Update\ALU.exe"
@Power_Gear"C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe" 1 = "C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe" 1
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@Control Center"C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe" = "C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe"
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_02\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
@HcontrolC:\WINDOWS\Hcontrol.exe = C:\WINDOWS\Hcontrol.exe
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@MSKAGENTEXEC:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe = C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
@AnyDVDC:\Programmi\SlySoft\AnyDVD\AnyDVD.exe = C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
@MSKDetectorExe"C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup = "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
@MPFExeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
@PCSuiteTrayApplication"C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup = "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@DiskeeperSystray"C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe" = "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
@avast!"C:\Programmi\Alwil Software\Avast4\ashDisp.exe" = "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@drvsyskitC:\Documents and Settings\Deault\Dati applicazioni\hidires\hidr.exe = C:\Documents and Settings\Deault\Dati applicazioni\hidires\hidr.exe
@NBJ"C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" = "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
@Uniblue Registry BoosterC:\Programmi\Uniblue\Registry Booster\RegistryBooster.exe /S /*file not found*/ = C:\Programmi\Uniblue\Registry Booster\RegistryBooster.exe /S /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@UPnPMonitor = C:\WINDOWS\system32\upnpui.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} /*ZipGenius Shell Extension*/C:\PROGRA~1\ZIPGEN~1\contmenu.dll = C:\PROGRA~1\ZIPGEN~1\contmenu.dll
@{2E5AC2E0-406D-11D4-86B3-FA5861508E25} /*ZipGenius Zip InfoTip*/C:\PROGRA~1\ZIPGEN~1\zgtips.dll = C:\PROGRA~1\ZIPGEN~1\zgtips.dll
@{310A0C95-EA11-42AE-A8E4-53E69E650310} /*ZipGenius Drop handler*/C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL = C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL
@{FE8D01BF-610A-4261-9C6E-32D65A42C907} /*ZipGenius DnD Extract handler*/C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL = C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL
@{AF32DAFE-1358-4F35-A673-FB123BC6303F} /*Cutter 4.1 Shell Extension*/C:\PROGRA~1\CUTTER~1\cutt4cm.dll = C:\PROGRA~1\CUTTER~1\cutt4cm.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/C:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll
@{AB77609F-2178-4E6F-9C4B-44AC179D937A} /*a² Context Menu Shell Extension*/(null) =
@{79BC0345-1015-11D2-A299-006008312725} /*blue.shell*/(null) =
@{ABC70703-32AF-11d4-90C4-D483A70F4825} /*CMenuExtender*/C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll = C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\Alcohol Soft\Alcohol 120\axshlex.dll = C:\PROGRA~1\Alcohol Soft\Alcohol 120\axshlex.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} /*Webroot Spy Sweeper Context Menu Integration*/(null) =
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
Cutter4.1@{AF32DAFE-1358-4F35-A673-FB123BC6303F} = C:\PROGRA~1\CUTTER~1\cutt4cm.dll
ZipGenius 6@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\PROGRA~1\ZIPGEN~1\contmenu.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
CMenuExtender@{ABC70703-32AF-11d4-90C4-D483A70F4825} = C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll
ZipGenius 6@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\PROGRA~1\ZIPGEN~1\contmenu.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{83B80A9C-D91A-4F22-8DCF-EA7204039F79}C:\Programmi\Xi\NetXfer\NXIEHelper.dll = C:\Programmi\Xi\NetXfer\NXIEHelper.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar1.dll = c:\programmi\google\googletoolbar1.dll
@{CC59E0F9-7E43-44FA-9FAA-8377850BF205}C:\Programmi\Free Download Manager\iefdmcks.dll = C:\Programmi\Free Download Manager\iefdmcks.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.google.it/ig?hl=it

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\Deault\Menu Avvio\Programmi\Esecuzione automatica = Adobe Gamma.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
ASUS ChkMail.lnk = ASUS ChkMail.lnk
Bluetooth Manager.lnk = Bluetooth Manager.lnk
EPSON Status Monitor 3 Environment Check.lnk = EPSON Status Monitor 3 Environment Check.lnk
Utility Tray.lnk = Utility Tray.lnk

---- EOF - GMER 1.0.12 ----
antoniojr86
Utente Junior
 
Post: 13
Iscritto il: 24/02/07 13:59

Postdi antoniojr86 » 24/02/07 18:25

Se potete, aiutatemi, please :!:
antoniojr86
Utente Junior
 
Post: 13
Iscritto il: 24/02/07 13:59

Postdi Luke57 » 24/02/07 18:26

Ciao, esegui uno scan con Gmer anche dalla posizione Rootkit, dopo aver spuntato anche la casella ADS. Chiusdi tutte le applicazioni e programmi aperti. Posta il report dello scan.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi antoniojr86 » 26/02/07 18:16

Ciao Luke, ho fatto 2 volte come mi hai detto tu, e dopo 2 ore di scansione, mi ritrovo tutte le finestre allungate, e non mi da la possibilità di copiare ciò che ha scandito...

Io ti riporto l'inizio dfella scansione, se ti basta mi dici, altrim ci riprovo...


GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-26 18:12:51
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Documents and Settings\Deault\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT sptd.sys ZwCreateKey
SSDT \??\C:\Documents and Settings\Deault\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\Deault\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Documents and Settings\Deault\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\Deault\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\Deault\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 852C27C8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 852C27C8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C1CA142A-791A-4BC0-8C77-E74F2F7586AC} IRP_MJ_CREATE 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{C1CA142A-791A-4BC0-8C77-E74F2F7586AC} IRP_MJ_CLOSE 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{C1CA142A-791A-4BC0-8C77-E74F2F7586AC} IRP_MJ_DEVICE_CONTROL 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{C1CA142A-791A-4BC0-8C77-E74F2F7586AC} IRP_MJ_INTERNAL_DEVICE_CONTROL 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{C1CA142A-791A-4BC0-8C77-E74F2F7586AC} IRP_MJ_CLEANUP 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{C1CA142A-791A-4BC0-8C77-E74F2F7586AC} IRP_MJ_PNP 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{71556970-5B42-4868-BECA-4F905EE3DB43} IRP_MJ_CREATE 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{71556970-5B42-4868-BECA-4F905EE3DB43} IRP_MJ_CLOSE 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{71556970-5B42-4868-BECA-4F905EE3DB43} IRP_MJ_DEVICE_CONTROL 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{71556970-5B42-4868-BECA-4F905EE3DB43} IRP_MJ_INTERNAL_DEVICE_CONTROL 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{71556970-5B42-4868-BECA-4F905EE3DB43} IRP_MJ_CLEANUP 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{71556970-5B42-4868-BECA-4F905EE3DB43} IRP_MJ_PNP 84D53B20
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 852C44E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8511C7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8511C7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8511C7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8511C7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8511C7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8511C7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8511C7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8511C7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8511C7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8511C7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8511C7A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 84D40900
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 84D40900
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8511C7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8511C7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8511C7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8511C7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8511C7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8511C7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8511C7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8511C7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8511C7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8511C7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8511C7A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL [F7857F80] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F785818A] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL [F7857F80] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F785818A] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL [F7857F80] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F785818A] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL [F7857F80] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL [F785818A] AnyDVD.sys
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 852C44E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 852C44E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 84D53B20
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 84D53B20
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 84D53B20
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 84D53B20
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 84D53B20
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 84D53B20
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 84D53B20
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 84D53B20
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 84D53B20
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 84D53B20
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 84D53B20
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{9835B8E7-3443-4073-9B62-B810A5C97037} IRP_MJ_CREATE 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{9835B8E7-3443-4073-9B62-B810A5C97037} IRP_MJ_CLOSE 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{9835B8E7-3443-4073-9B62-B810A5C97037} IRP_MJ_DEVICE_CONTROL 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{9835B8E7-3443-4073-9B62-B810A5C97037} IRP_MJ_INTERNAL_DEVICE_CONTROL 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{9835B8E7-3443-4073-9B62-B810A5C97037} IRP_MJ_CLEANUP 84D53B20
Device \Driver\NetBT \Device\NetBT_Tcpip_{9835B8E7-3443-4073-9B62-B810A5C97037} IRP_MJ_PNP 84D53B20
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 852C2A00
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 852C2A00
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 852C2A00
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 852C2A00
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 852C2A00
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 852C2A00
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 852C2A00
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 852C2A00
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 852C2A00
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 852C2A00
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 852C2A00
Device \Driver\00000134 \Device\0000005f IRP_MJ_POWER [F73A1F68] sptd.sys
Device \Driver\00000134 \Device\0000005f IRP_MJ_SYSTEM_CONTROL [F73B6A70] sptd.sys
Device \Driver\00000134 \Device\0000005f IRP_MJ_PNP [F73AF728] sptd.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 84D3A900
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 84D3A900
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 84ECBB20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 84ECBB20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 84ECBB20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 84ECBB20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 84ECBB20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 84ECBB20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 84ECBB20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 84ECBB20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 84ECBB20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 84ECBB20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 84ECBB20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 84ECBB20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 84ECBB20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 84ECBB20
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 852C44E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 852C44E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 852C44E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 852C44E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 852C44E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 852C44E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 852C44E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 852C44E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 852C44E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 852C44E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 852C44E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 84ECCC50
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 84ECCC50
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 84ECCC50
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 84ECCC50
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 84ECCC50
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 84ECCC50
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 84ECCC50
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 84ECCC50
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 84ECCC50
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 84ECCC50
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 84ECCC50
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 84ECCC50
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 84ECCC50
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CREATE 850CA9A0
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CLOSE 850CA9A0
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_DEVICE_CONTROL [F7857F80] AnyDVD.sys
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F785818A] AnyDVD.sys
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_POWER 850CA9A0
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_SYSTEM_CONTROL 850CA9A0
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_PNP 850CA9A0
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 850CA9A0
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 850CA9A0
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL [F7857F80] AnyDVD.sys
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F785818A] AnyDVD.sys
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 850CA9A0
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 850CA9A0
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 850CA9A0
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 84D220E8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 84D220E8
Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible F08361F9
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 84D24978
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 84D24978
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 84D24978
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 84D24978
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 84D24978
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 84D24978
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 84D24978
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 84D24978
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 84D24978
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 84D24978
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 84D24978
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 84D24978
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 84D24978

---- Processes - GMER 1.0.12 ----

Process C:\Documents and Settings\Deault\Dati applicazioni\hidires\hidr.exe (*** hidden *** ) 3204

---- EOF - GMER 1.0.12 ----
antoniojr86
Utente Junior
 
Post: 13
Iscritto il: 24/02/07 13:59

Postdi Luke57 » 26/02/07 18:44

Ciao, esegui questa procedura
scarica avenger da qui:
http://swandog46.geekstogo.com/avenger.zip
estrai lo zip dove vuoi

Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK

Folders to delete:
C:\Documents and Settings\Deault\Dati applicazioni\hidires
C:\WINDOWS\exefld


Files to delete:
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\wintems.exe



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Il programma rilascia un log con le operazioni eseguite.

Al riavvio, apri il registro di sistema:
start>esegui>regedit (lo copi nello spazio)>OK
Aperto l’editor del registro ,per prima cosa fai una copia del registro stesso, da File>Esporta, nella finestra Intervallo di esportazione che si apre spunti l’opzione Tutto, dai un nome al file .reg, tipo Salvataggio registro e lo salvi in una cartella permanente del disco fisso (in caso di problemi, speriamo di no, potrai ripristinare la copia del registro con un doppio click su tale file che avrai cura di conservare per qualche giorno)

Fatto ciò, cliccando sul segno + accanto alle singole voci segui questo percorso:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run, click sulla cartella Run, dovresti trovare sulla parte destra questa voce:
drvsyskit
click tasto dx e scegli Elimina.

Cerca anche questi:
HKCU\Software\FirstRRRun
HKEY_CURRENT_USER\Software\DateTime4

Se presenti, click tasto dx e scegli Elimina

Posta poi il log di Avenger che troverai in C:/avenger.txt con l´esito dello script
Per la dei Riattivazione dei Servizi terminati
"Aprite la lista dei Servizi (Start --> Esegui --> digitate SERVICES.MSC --> Ok) ed abilitate, ove necessario, questi servizi disabilitati: Avvisi, Centro sicurezza PC, Aggiornamenti automatici, Connessioni di rete, Zero Configuration reti senza fili e Windows Firewall/ Condivisione connessione Internet (ICS). (Per avviare un servizio, dovete cliccare con il tasto destro su Proprietà --> Automatico --> Ok --> Avvia --> Ok).

Poi a questo link
http://www.megalab.it/download.php?id=349
trovi il file .reg per ripristinare la modalità provvisoria, ma prima di usarlo posta il report di Avenger (il pc deve esssere ripulito).
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi antoniojr86 » 26/02/07 19:06

Allora... ho fatto quello ke mi hai detto, ma regedit mi dice ke è un'applicazione win32 non valida.

Ora ti posto Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\oymdidkd

*******************

Script file located at: \??\C:\Documents and Settings\unpbdxqh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK deleted successfully.
Folder C:\Documents and Settings\Deault\Dati applicazioni\hidires deleted successfully.
Folder C:\WINDOWS\exefld deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\wintems.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.




Mi pare ci siano errori... Ti posto anke hijackthis, in caso dovesse servire:


Logfile of HijackThis v1.99.1
Scan saved at 18.59.47, on 26/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ASWLSVC.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\Hcontrol.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\ATKOSD.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\slrundll.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Deault\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programmi\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdmcks.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programmi\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ASUS Live Update] "C:\Programmi\ASUS\ASUS Live Update\ALU.exe"
O4 - HKLM\..\Run: [Power_Gear] "C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe" 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] "C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [avast!] "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Deault\Dati applicazioni\hidires\hidr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Salva oggetto con NetXfer - C:\Programmi\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con NetXfer - C:\Programmi\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica selezionati da Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tim.it
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_0.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmi\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe (file missing)


Grazie per la pazienza!! ;)
antoniojr86
Utente Junior
 
Post: 13
Iscritto il: 24/02/07 13:59

Postdi antoniojr86 » 26/02/07 19:36

Scusa Luke, colpo di scena!!! Ho aperto "a mano" Regedit!!!

Faccio cio ke mi hai detto prima, ora...
antoniojr86
Utente Junior
 
Post: 13
Iscritto il: 24/02/07 13:59

Postdi Luke57 » 26/02/07 19:48

antoniojr86 ha scritto:Scusa Luke, colpo di scena!!! Ho aperto "a mano" Regedit!!!

Faccio cio ke mi hai detto prima, ora...

Ciao, gli errori ci sono perchè non ha rilevato i file che, per sicurezza, avevo invece messo nello script.
Elimina con hijackthis queste voci, senza intervenire sul registro.
Apri hijackthis, premi "do a system scan only", metti la spunta a:
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Deault\Dati applicazioni\hidires\hidr.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
premi fix checked
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi antoniojr86 » 26/02/07 19:53

Sono gia intervenuto sul registro, ma la scansione di hijack ha rilevato il maledetto wintems.. Lo... fixo?!?
antoniojr86
Utente Junior
 
Post: 13
Iscritto il: 24/02/07 13:59

Postdi Luke57 » 26/02/07 21:26

Ciao, sì, nel log di Gmer non era apparso, il file comunque è stato eliminato da Avenger.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi antoniojr86 » 26/02/07 22:47

Luke, se passi da Firenze, ti pago una pizza!!!!!!!!!!!! :lol: :D :)

Grazie 1000000000000000000!!
antoniojr86
Utente Junior
 
Post: 13
Iscritto il: 24/02/07 13:59


Torna a Sicurezza e Privacy


Topic correlati a "Bagle, mai vista una cosa del genere!":


Chi c’è in linea

Visitano il forum: Nessuno e 32 ospiti