|
| Precedente :: Successivo |
| Autore |
Messaggio |
Cripoint
Mortale adepto
Registrato: 02/01/08 12:27
Messaggi: 33
|
 Inviato: 02 Gen 2008 12:54 Oggetto: Aiuto vi prego :( |
 |
|
Ho trovato voi che bello! Sono disperata sarà un mese che combatto con il redirect non riesco piu a navigare che mi ritrovo davanti tettone e bambolone!! Aiutoooo
Ho fatto gia quel che ho letto prima quindi vi posto il log.. c'è un casino di roba giochi strani e cavolate che non so dove li ho presi  (((
Mi aiutate??  Grazie.. vi prego uccidetelo
Logfile of HijackThis v1.99.1
Scan saved at 11.12.46, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
D:\Documenti\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.virgilio.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: (no name) - {604E02EF-DBC8-49F9-B998-B8BA72D751E6} - C:\WINDOWS\system32\kbdcat.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F018C942-EB0C-401D-BFEB-6C06429E5384} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Mostra Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://download.playfirst.com/play/game/chocolatier/ChocolatierWeb.1.0.0.13.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://download.playfirst.com/play/game/zenerchi/ZenerchiWeb.1.0.0.10.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.playfirst.com/play/game/feedingfrenzy/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bookwormadventures/sis/popcaploader_v10_en.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.44.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{312C1AA3-F507-4FEB-9733-71F032E5B0D6}: NameServer = 212.17.192.56,212.17.192.216
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Sonic Solutions - (no file)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmi\SPAMfighter\sfus.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: SymantecAntiBotAgent - Unknown owner - C:\Programmi\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe" SymantecAntiBotAgent (file missing)
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Programmi\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe |
|
| Top |
|
 |
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 02 Gen 2008 14:46 Oggetto: |
|
|
Ciao Cripoint 
Esegui queste operazioni:
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria
Avvia Hijackthis e seleziona a sinistra queste righe:
| Citazione: | R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,
O2 - BHO: (no name) - {604E02EF-DBC8-49F9-B998-B8BA72D751E6} - C:\WINDOWS\system32\kbdcat.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
BHO: (no name) - {F018C942-EB0C-401D-BFEB-6C06429E5384} - (no file)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://download.playfirst.com/play/game/chocolatier/ChocolatierWeb.1.0.0.13.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://download.playfirst.com/play/game/zenerchi/ZenerchiWeb.1.0.0.10.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.playfirst.com/play/game/feedingfrenzy/SproutLauncher.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.44.cab |
Clicca fix Checked e rispondi si. Guarda anche questa discussione relativa a Combofix e fai la scansione del pc postanto il risultato come indicato. Riavvia Il PC e posta un nuovo log di Hijackthis. Fai la scansione anche con Virit
Aggiornalo mediante l'icona della parabola posta nella barra in alto e fagli fare la scansione completa del PC.
Fai in modo che rimuova automaticamente i file infetti trovati.
Non dimenticare di disattivare momentaneamente il tuo antivirus.
Incolla poi quì il risultato. Installati anche un antivirus e un firewall tramite questa discussione |
|
| Top |
|
|
Cripoint
Mortale adepto
Registrato: 02/01/08 12:27
Messaggi: 33
|
| Inviato: 02 Gen 2008 16:10 Oggetto: |
|
|
Benissimo, sarà fatto sperando di riuscirci.
Per ora ho fatto mille scansioni con diversi antispy (windows defender - spywarebot - superantispy - spyware doctor ) e mi trovano tutti la stessa cosa e non la eliminano mai...ad esempioun boh - kbdcat.dll...
Ora provo a fare quel che mi hai detto poi riposto tutto
Grazie mille
Ps. comunque ho il norton2008 istallato originale come antivirus |
|
| Top |
|
|
Cripoint
Mortale adepto
Registrato: 02/01/08 12:27
Messaggi: 33
|
| Inviato: 02 Gen 2008 17:56 Oggetto: |
|
|
ok ho fatto tutto ecco i risultati. Ho fatto anche la scansione con virit ha trovato un file di antispywarebot infetto da spy ma l'ha rimosso...
Aspetto notizie grazie
Logfile of HijackThis v1.99.1
Scan saved at 16.01.18, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Documenti\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.virgilio.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: (no name) - {604E02EF-DBC8-49F9-B998-B8BA72D751E6} - C:\WINDOWS\system32\kbdcat.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Mostra Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{312C1AA3-F507-4FEB-9733-71F032E5B0D6}: NameServer = 212.17.192.56,212.17.192.216
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Sonic Solutions - (no file)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmi\SPAMfighter\sfus.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: SymantecAntiBotAgent - Unknown owner - C:\Programmi\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe" SymantecAntiBotAgent (file missing)
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Programmi\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
ComboFix 08-01-02.1 - Cri 2008-01-02 15.49.37.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1561 [GMT 1:00]
Eseguito da: D:\Documenti\ComboFix.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Desktop\AntiSpywareBot.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi.\AntiSpywareBot
C:\Documents and Settings\All Users\Menu Avvio\Programmi.\AntiSpywareBot\AntiSpywareBot on the Web.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi.\AntiSpywareBot\AntiSpywareBot.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi.\AntiSpywareBot\Uninstall AntiSpywareBot.lnk
C:\Programmi\AntiSpywareBot
C:\Programmi\AntiSpywareBot\AntiSpywareBot.exe
C:\Programmi\AntiSpywareBot\AntiSpywareBot.url
C:\Programmi\AntiSpywareBot\Launcher.exe
C:\Programmi\AntiSpywareBot\unins000.dat
C:\Programmi\AntiSpywareBot\unins000.exe
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job
.
((((((((((((((((((((((((( Files Creati Da 2007-12-02 al 2008-01-02 )))))))))))))))))))))))))))))))))))
.
2008-01-02 15:49 . 2008-01-02 15:49 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-01-02 15:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 11:04 . 2008-01-02 11:04 <DIR> d-------- C:\Programmi\CCleaner
2008-01-01 14:15 . 2008-01-01 14:15 <DIR> d--hs---- C:\FOUND.000
2007-12-31 13:56 . 2007-12-31 13:56 <DIR> d-------- C:\Programmi\XoftSpySE
2007-12-31 13:47 . 2007-12-31 13:47 <DIR> d-------- C:\Programmi\NoAdware5.0
2007-12-29 12:23 . 2007-12-29 12:23 <DIR> d-------- C:\Programmi\Windows Sidebar
2007-12-29 12:20 . 2007-12-29 13:45 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-29 12:20 . 2007-12-29 13:45 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-29 12:20 . 2007-12-29 13:45 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-29 12:20 . 2007-12-29 13:45 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-29 11:41 . 2007-12-29 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2007-12-28 15:24 . 2007-12-28 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2007-12-25 16:04 . 19,456 C:\WINDOWS\system32\drivers\thlpaixx.dat
2007-12-25 16:03 . 2004-09-07 20:00 84,992 --a------ C:\WINDOWS\system32\kbdcat.dll
2007-12-23 14:52 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl
2007-12-20 11:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-20 11:14 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-20 11:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-19 15:49 . 2007-12-19 15:49 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2007-12-19 13:33 . 2007-12-19 13:33 <DIR> d-------- C:\Programmi\Windows Live
2007-12-19 13:33 . 2007-12-19 13:33 <DIR> d--hs---- C:\Programmi\File comuni\WindowsLiveInstaller
2007-12-19 13:33 . 2007-12-19 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-17 18:28 . 2007-12-17 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SimCity Societies
2007-12-17 18:02 . 2007-12-17 18:02 <DIR> d-------- C:\Programmi\Electronic Arts
2007-12-17 18:01 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-12-16 23:42 . 2007-12-16 23:42 <DIR> d-------- C:\Programmi\File comuni\DirectX
2007-12-16 23:36 . 2007-12-16 23:36 <DIR> d-------- C:\Programmi\Trymedia
2007-12-14 23:35 . 2007-12-14 23:35 <DIR> d-------- C:\Programmi\Global Star Software
2007-12-14 23:24 . 2007-12-14 23:24 <DIR> d-------- C:\Downloads
2007-12-14 22:30 . 2007-12-14 22:30 <DIR> d-------- C:\Programmi\Prima Games
2007-12-14 21:51 . 2007-12-25 16:02 77,369 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2007-12-06 19:54 . 2007-12-07 13:50 3,532 --a------ C:\drmHeader.bin
2007-12-03 13:29 . 2007-12-03 13:29 <DIR> d-------- C:\Programmi\Flickr Uploadr
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 10:10 --------- d-----w C:\Programmi\File comuni\Skype
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,292,800 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:42 8,489,472 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-15 16:11 37,027 ----a-w C:\WINDOWS\atmoUn.exe
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:01 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:01 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-05-23 14:39 908,106 --sh--w C:\WINDOWS\system32\ilkkj.ini2
2007-05-23 16:26 905,795 --sh--w C:\WINDOWS\system32\gjkmp.ini2
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{604E02EF-DBC8-49F9-B998-B8BA72D751E6}]
2004-09-07 20:00 84992 --a------ C:\WINDOWS\system32\kbdcat.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-29 12:22 116088 --a------ C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 20:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-13 15:21 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 05:58 7581696]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]
"DSLAGENTEXE"="dslagent.exe" [2001-08-21 16:50 16384 C:\WINDOWS\system32\dslagent.exe]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"ntiMUI"="C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
"osCheck"="C:\Programmi\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 20:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DSLMON.lnk - C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-04-10 13:29:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2007-01-23 21:29 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL 2007-05-21 15:18 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
"LaunchApp"=Alaunch
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe
"SynTPEnh"=C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
"LogitechVideo[inspector]"=C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"GSICONEXE"=GSICON.EXE
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
"LogitechCameraAssistant"=C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"SkyTel"=SkyTel.EXE
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" -hide
"nwiz"=nwiz.exe /install
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"RTHDCPL"=RTHDCPL.EXE
"Lexmark 2200 Series"="C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe"
"SpyHunter"=C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter.exe
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe"
R0 qodvfhjc;qodvfhjc;C:\WINDOWS\system32\drivers\thlpaixx.dat []
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R2 SymantecAntiBotAgent;SymantecAntiBotAgent;"C:\Programmi\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe" SymantecAntiBotAgent []
R2 SymantecAntiBotWatcher;SymantecAntiBotWatcher;C:\Programmi\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe [2007-11-12 22:59]
R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-06-16 19:17]
R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-06-16 19:17]
R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-06-16 19:17]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 SymantecAntiBotDriver;SymantecAntiBotDriver;C:\Programmi\Symantec\Norton AntiBot\agent\driver\AntiBotDriver.sys [2007-11-12 23:00]
R3 SymantecAntiBotFilter;SymantecAntiBotFilter;C:\Programmi\Symantec\Norton AntiBot\agent\driver\AntiBotFilter.sys [2007-11-12 23:00]
R3 SymantecAntiBotShim;SymantecAntiBotShim;C:\Programmi\Symantec\Norton AntiBot\agent\driver\AntiBotShim.sys [2007-11-12 23:00]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
S2 gafwload;IPM Datacom USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2001-08-21 17:04]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-08-31 11:49]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 14:10]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
S3 SPAMfighter Update Service;SPAMfighter Update Service;C:\Programmi\SPAMfighter\sfus.exe [2007-10-25 15:29]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-09-07 20:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b92fbee-c75c-11db-aa8f-00024f300101}]
\Shell\Auto\command - F:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{414f73b0-d6f1-11db-aabd-0016d4555734}]
\Shell\Auto\command - F:\sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b443f828-6846-11dc-abc0-0016d4555734}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3dda998-b3b1-11dc-ac58-0016d4555734}]
\Shell\Auto\command - F:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee386f3c-aae6-11db-aa41-0016d4555734}]
\Shell\Auto\command - G:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f864b5d6-ee72-11db-aaec-4d6564696130}]
\Shell\Auto\command - F:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-02 14:57:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2008-01-01 13:16:10 C:\WINDOWS\Tasks\Norton Internet Security - Scansione completa sistema - Cri.job"
- C:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exei/TASK:
"2007-11-27 09:31:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2007-12-31 13:44:08 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Programmi\XoftSpySE\XoftSpy.exe
"2008-01-02 14:54:40 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Programmi\XoftSpySE\XoftSpy.exe
"2007-05-23 13:46:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-29 13:46:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 15:55:25
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-01-02 15:57:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-02 14:57:46
.
2007-12-28 12:16:15 --- E O F --- |
|
| Top |
|
|
Cripoint
Mortale adepto
Registrato: 02/01/08 12:27
Messaggi: 33
|
| Inviato: 02 Gen 2008 18:50 Oggetto: |
|
|
Aiuto!! dopo tutto ciò il redirect lo fa ancora!
Aiuto!!!!!!!!  |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 02 Gen 2008 18:54 Oggetto: |
|
|
| Cripoint ha scritto: | ok ho fatto tutto ecco i risultati. Ho fatto anche la scansione con virit ha trovato un file di antispywarebot infetto da spy ma l'ha rimosso...
Aspetto notizie grazie
|
Puoi postare il log di Virit anche?
Adesso fai questi passi:
Scansione con GMER |
|
| Top |
|
|
Cripoint
Mortale adepto
Registrato: 02/01/08 12:27
Messaggi: 33
|
| Inviato: 02 Gen 2008 18:56 Oggetto: ecco |
|
|
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
02/01/2008 - 16:05:59
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Documents and Settings\Cri\Dati applicazioni\AntiSpywareBot\Quarantine\26-12-2007-18-10-47\10152.qit Infetto da Spyware.ViewPoint.A
* * * RIMOSSO * * *
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 114775.
Files Totali: 114775.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1. |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 02 Gen 2008 19:01 Oggetto: |
|
|
Nel frattempo scarica The Avenger
Scompattalo in una sua cartella in c:\
Avvialo
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
| Citazione: | files to delete:
C:\WINDOWS\system32\dllcache\ie4uinit.exe
C:\WINDOWS\system32\dllcache\iexplore.exe
C:\WINDOWS\system32\dllcache\ieudinit.exe
C:\WINDOWS\system32\dllcache\ieakui.dll
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\gjkmp.ini2 |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato con un log aggiornato di hijackthis. |
|
| Top |
|
|
Cripoint
Mortale adepto
Registrato: 02/01/08 12:27
Messaggi: 33
|
| Inviato: 02 Gen 2008 19:29 Oggetto: |
|
|
ok ho aperto the avanger...ora continuo intanto ti posto il log di gmer
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-02 18:27:00
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT 89C7A108 ZwAlertResumeThread
SSDT 89C8A9D8 ZwAlertThread
SSDT 89C90120 ZwAllocateVirtualMemory
SSDT \??\C:\Programmi\Symantec\Norton AntiBot\agent\driver\AntiBotShim.sys ZwClose
SSDT 89CB6420 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 89C7D008 ZwCreateMutant
SSDT 89C910A8 ZwCreateThread
SSDT 89786098 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT 89C8D160 ZwFreeVirtualMemory
SSDT 89C9F058 ZwImpersonateAnonymousToken
SSDT 89DF8058 ZwImpersonateThread
SSDT 89C8D080 ZwMapViewOfSection
SSDT 89C8B3C0 ZwOpenEvent
SSDT \??\C:\Programmi\Symantec\Norton AntiBot\agent\driver\AntiBotShim.sys ZwOpenProcess
SSDT 89C5F2F0 ZwOpenProcessToken
SSDT 89786178 ZwOpenSection
SSDT 89790008 ZwOpenThreadToken
SSDT 89C97498 ZwResumeThread
SSDT 89C812F0 ZwSetContextThread
SSDT 89C820E0 ZwSetInformationProcess
SSDT 89790098 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 89C7D0A8 ZwSuspendProcess
SSDT 89C90820 ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\CO_Mon.sys ZwTerminateProcess
SSDT \??\C:\Programmi\Symantec\Norton AntiBot\agent\driver\AntiBotShim.sys ZwTerminateThread
SSDT 89C822F0 ZwUnmapViewOfSection
SSDT \??\C:\Programmi\Symantec\Norton AntiBot\agent\driver\AntiBotShim.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.13 ----
PAGE ntkrnlpa.exe!ObReferenceObjectByHandle + 44F 805BA49F 7 Bytes JMP BAB292C6 thlpaixx.dat
? thlpaixx.dat Impossibile trovare il file specificato.
---- User code sections - GMER 1.0.13 ----
.text C:\Programmi\Internet Explorer\iexplore.exe[3400] kernel32.dll!VirtualProtect + 1C 7C801AEC 7 Bytes JMP 048F0034
.text C:\Programmi\Internet Explorer\iexplore.exe[3400] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF2C1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3400] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4379166F C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3400] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 437915F0 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3400] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 43791634 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3400] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4379157C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3400] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 437915B6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3400] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 437916AA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3400] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 43621676 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3400] ole32.dll!CoCreateInstanceEx 774CFA6B 5 Bytes JMP 048F00B8
.text C:\Programmi\Internet Explorer\iexplore.exe[3400] ole32.dll!CoGetClassObject 774E5DB2 5 Bytes JMP 048F013F
---- Devices - GMER 1.0.13 ----
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_NAMED_PIPE [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLOSE [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_WRITE [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_INFORMATION [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_INFORMATION [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_EA [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_EA [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FLUSH_BUFFERS [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_VOLUME_INFORMATION [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_VOLUME_INFORMATION [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DIRECTORY_CONTROL [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FILE_SYSTEM_CONTROL [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CONTROL [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_INTERNAL_DEVICE_CONTROL [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SHUTDOWN [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_LOCK_CONTROL [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLEANUP [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_MAILSLOT [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_SECURITY [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_SECURITY [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_POWER [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SYSTEM_CONTROL [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CHANGE [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_QUOTA [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_QUOTA [B9F0BA30] SynTP.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [B7608DF0] SYMTDI.SYS
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE [BA115012] OsaFsLoc.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [B7608DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [B7608DF0] SYMTDI.SYS
Device \Device\LanmanRedirector IRP_MJ_CREATE [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_CLOSE [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_READ [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_WRITE [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_INFORMATION [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_EA [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_EA [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SHUTDOWN [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_CLEANUP [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_SECURITY [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_POWER [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_QUOTA [B7021189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_PNP [B7021189] mrxsmb.sys
Device \Fat IRP_MJ_CREATE [BA642C8A] Fastfat.sys
Device \Fat IRP_MJ_CLOSE [BA63F7C8] Fastfat.sys
Device \Fat IRP_MJ_READ [BA63B60A] Fastfat.sys
Device \Fat IRP_MJ_WRITE [BA63BAED] Fastfat.sys
Device \Fat IRP_MJ_QUERY_INFORMATION [BA646958] Fastfat.sys
Device \Fat IRP_MJ_SET_INFORMATION [BA649821] Fastfat.sys
Device \Fat IRP_MJ_QUERY_EA [BA65238A] Fastfat.sys
Device \Fat IRP_MJ_SET_EA [BA651D49] Fastfat.sys
Device \Fat IRP_MJ_FLUSH_BUFFERS [BA64BBBE] Fastfat.sys
Device \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [BA64C331] Fastfat.sys
Device \Fat IRP_MJ_SET_VOLUME_INFORMATION [BA65A4F4] Fastfat.sys
Device \Fat IRP_MJ_DIRECTORY_CONTROL [BA642B37] Fastfat.sys
Device \Fat IRP_MJ_FILE_SYSTEM_CONTROL [BA63E948] Fastfat.sys
Device \Fat IRP_MJ_DEVICE_CONTROL [BA64846B] Fastfat.sys
Device \Fat IRP_MJ_SHUTDOWN [BA65979D] Fastfat.sys
Device \Fat IRP_MJ_LOCK_CONTROL [BA658C4A] Fastfat.sys
Device \Fat IRP_MJ_CLEANUP [BA63F2FD] Fastfat.sys
Device \Fat IRP_MJ_PNP [BA6591DB] Fastfat.sys
Device \Fat FastIoCheckIfPossible [BA6541F9] Fastfat.sys
Device \Fat FastIoQueryBasicInfo [BA643646] Fastfat.sys
Device \Fat FastIoQueryStandardInfo [BA643405] Fastfat.sys
Device \Fat FastIoLock [BA6499F3] Fastfat.sys
Device \Fat FastIoUnlockSingle [BA64C518] Fastfat.sys
Device \Fat FastIoUnlockAll [BA658929] Fastfat.sys
Device \Fat FastIoUnlockAllByKey [BA658A21] Fastfat.sys
Device \Fat FastIoQueryNetworkOpenInfo [BA65428E] Fastfat.sys
Device \Fat AcquireForCcFlush [BA6594A6] Fastfat.sys
Device \Fat ReleaseForCcFlush [BA65951F] Fastfat.sys
AttachedDevice \Fat IRP_MJ_CREATE [BA6801DE] fltMgr.sys
AttachedDevice \Fat IRP_MJ_CREATE_NAMED_PIPE [BA6801DE] fltMgr.sys
AttachedDevice \Fat IRP_MJ_CLOSE [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_READ [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_WRITE [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_QUERY_INFORMATION [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_SET_INFORMATION [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_QUERY_EA [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_SET_EA [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_FLUSH_BUFFERS [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_SET_VOLUME_INFORMATION [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_DIRECTORY_CONTROL [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_FILE_SYSTEM_CONTROL [BA680454] fltMgr.sys
AttachedDevice \Fat IRP_MJ_DEVICE_CONTROL [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_SHUTDOWN [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_LOCK_CONTROL [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_CLEANUP [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_CREATE_MAILSLOT [BA6801DE] fltMgr.sys
AttachedDevice \Fat IRP_MJ_QUERY_SECURITY [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_SET_SECURITY [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_POWER [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_SYSTEM_CONTROL [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_DEVICE_CHANGE [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_QUERY_QUOTA [BA673F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_SET_QUOTA [BA673F4C] fltMgr.sys
---- EOF - GMER 1.0.13 ---- |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 02 Gen 2008 19:36 Oggetto: |
|
|
| Scusa, i log di GMER non vanno postati qui ma caricati su www.freefilehosting.net... |
|
| Top |
|
|
Cripoint
Mortale adepto
Registrato: 02/01/08 12:27
Messaggi: 33
|
| Inviato: 02 Gen 2008 19:42 Oggetto: |
|
|
ok...che casino..
Al riavvio del pc, virit mi ha segnalato in automatico questo:
File Sospetti LITE - Key: 33 Valore: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\DSLMON.lnk Dato: C:\PROGRAMMI\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
questo invece il log di hijackthis appena fatto dopo aver avviato avenger.
Se serve ti posto il log di avenger..
Logfile of HijackThis v1.99.1
Scan saved at 18.36.52, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\VEXPLITE\viritsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\notepad.exe
D:\Documenti\hijackthis\HijackThis.exe
C:\VEXPLITE\VIRITEXP.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.virgilio.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: (no name) - {604E02EF-DBC8-49F9-B998-B8BA72D751E6} - C:\WINDOWS\system32\kbdcat.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Mostra Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{312C1AA3-F507-4FEB-9733-71F032E5B0D6}: NameServer = 212.17.192.56,212.17.192.216
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Sonic Solutions - (no file)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmi\SPAMfighter\sfus.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: SymantecAntiBotAgent - Unknown owner - C:\Programmi\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe" SymantecAntiBotAgent (file missing)
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Programmi\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 02 Gen 2008 19:51 Oggetto: |
|
|
Si, posta il log di Avenger, mentre do un'occhiata alle altre cose...
Non dimenticare questo...
| Sante62 ha scritto: | | Scusa, i log di GMER non vanno postati qui ma caricati su www.freefilehosting.net... |
|
|
| Top |
|
|
Cripoint
Mortale adepto
Registrato: 02/01/08 12:27
Messaggi: 33
|
| Inviato: 02 Gen 2008 20:00 Oggetto: |
|
|
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hipnmoih
*******************
Script file located at: \??\C:\xujxafcf.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\dllcache\ie4uinit.exe deleted successfully.
File C:\WINDOWS\system32\dllcache\iexplore.exe deleted successfully.
File C:\WINDOWS\system32\dllcache\ieudinit.exe deleted successfully.
File C:\WINDOWS\system32\dllcache\ieakui.dll deleted successfully.
File C:\WINDOWS\system32\ilkkj.ini2 deleted successfully.
File C:\WINDOWS\system32\gjkmp.ini2 deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Per Gmer ho fatto l' upload ma poi non so cosa farne..
|
|
| Top |
|
|
Cripoint
Mortale adepto
Registrato: 02/01/08 12:27
Messaggi: 33
|
| Inviato: 02 Gen 2008 20:29 Oggetto: |
|
|
Aiuto non riesco piu a fare niente in internet!!!!!!!!!!!!!!!!!  |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 02 Gen 2008 21:26 Oggetto: |
|
|
E' strano....alcuni file che abbiamo eliminato, non dovrebbero essere lì. Probabilmente c'è un errore nello script di Avenger. Per adesso portati in C:\Avenger e trovi il file C:\Avenger\Backup.zip.
Cliccaci sopra e ripristina i file contenuti. Riavvia il PC e vedi come va. Probabilmente noterai gli stessi problemi di prima. Nel frattempo io controllo i file.... |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 02 Gen 2008 21:32 Oggetto: |
|
|
Lo script mi sembra corretto comunque....Ma che problemi riscontri?
Cerca di fare le scansioni con GMER come indicato quì
Ricorda che i log di GMER sono due: Autostart e Rootkit |
|
| Top |
|
|
Cripoint
Mortale adepto
Registrato: 02/01/08 12:27
Messaggi: 33
|
| Inviato: 02 Gen 2008 22:16 Oggetto: |
|
|
Il problema è che quando faccio una ricerca con qualsiasi motore di ricerca, invece di mandarmi al sito che voglio visitare mi manda ad un sito (simil motore di ricerca perche ha un elenco di siti attinenti la mia ricerca) pieno di donnine nude oppure cose che non c' entrano niente..non devia sempre sulla stessa pagina.
Cmq, va a momenti. A volte non riesco a fare neanche un click, a volte sembra tutto scomparso (come ora). Per questo fin ora ho pensato fosse solo questione di scansione antispy..perche a volte il problema scompare e poi ritorna.
Riprovo Gmer e prendo i due log come nelle istruzioni. |
|
| Top |
|
|
Cripoint
Mortale adepto
Registrato: 02/01/08 12:27
Messaggi: 33
|
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 02 Gen 2008 23:31 Oggetto: |
|
|
Utilizza vuovamente Avenger con questo script:
| Citazione: | files to delete:
C:\WINDOWS\system32\drivers\imshetee.sys
C:\WINDOWS\system32\drivers\thlpaixx.dat
F:\UFO.exe
F:\sxs.exe
G:\UFO.exe
Registry keys to delete:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b92fbee-c75c-11db-aa8f-00024f300101}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{414f73b0-d6f1-11db-aabd-0016d4555734}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3dda998-b3b1-11dc-ac58-0016d4555734}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee386f3c-aae6-11db-aa41-0016d4555734}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f864b5d6-ee72-11db-aaec-4d6564696130}
|
Adesso fai una scansione con Systemscan e posta il log come indicato quì |
|
| Top |
|
|
Cripoint
Mortale adepto
Registrato: 02/01/08 12:27
Messaggi: 33
|
| Inviato: 03 Gen 2008 00:03 Oggetto: |
 |
|
ha funzionato tutto tranne questo:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1114
Line: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b92fbee-c75c-11db-aa8f-00024f300101}
Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1114
Line: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{414f73b0-d6f1-11db-aabd-0016d4555734} |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
