scrigz.exe

Nicflames · 27-10-2007, 17:16

Ciao a tutti..per abaglio ho aperto un file exe e mi ha installato un virus..si chiama scrigz.exe e continua ad avviarsi, meno male che spyware terminator lo blocca..come posso eliminarlo definitivamente?
grazie

Gle89 · 27-10-2007, 17:29

Intanto scarica HIJACKTHIS dalla mia firma (qua sotto) mettilo in una cartella in C: o in C:\Programmi. Aprilo e premi la prima opzione "do a system scan and save log" aspetta che ti dia il file .txt (blocco note) e copia e incolla INTERAMENTE qui e aspetta nuove istruzioni.

Nicflames · 27-10-2007, 20:49

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.48.07, on 27/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\scrigz.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.collegiorotondi.it/Object...ione%20d´esame
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51D67A88-5014-47E7-96FC-1DC191DE2F8D}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7681 bytes

**Chill-Out** · 27-10-2007, 21:18

Da fixare:
C:\WINDOWS\system32\scrigz.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Disabilita ripristino configurazione sistema

Fai una scansione completa spyware con SpywareTerminator

Scarica Norman Malware Cleaner http://download.norman.no/public/Nor...re_Cleaner.exe fallo girare in modalità provvisoria F8, in alcuni casi Norman Malware Cleaner può richiedere il riavvio del computer per rimuovere completamente un’infezione

Aggiorna Acrobat Reader sei alla versione 7 è già disponibile la 8

Ciao

N.B: ho editato il post

Nicflames · 28-10-2007, 17:59

scansione con norman fatta..ecco il risultato

Norman Malware Cleaner
Copyright © 1990 - 2007, Norman ASA. Built 2007/10/16 20:20:41

Norman Scanner Engine Version: 5.91.08
Nvcbin.def Version: 5.90.00, Date: 2007/10/16 20:20:41, Variants: 1
Nvcmacro.def Version: 5.90.00, Date: 2007/10/16 20:20:41, Variants: 12
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: NICO\JNico

Scan started: 28/10/2007 12:39:53

Scanning running processes and process memory...

Number of processes/threads found: 511
Number of processes/threads scanned: 510
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 0
Total scanning time: 16s

Scanning file system...

Scanning: C:\*.*

C:\WINDOWS\system32\scrigz.exe (Infected with SDBot.gen8)
Deleted file

Scanning: D:\*.*

secondo voi adesso è tutto a posto?

juninho85 · 28-10-2007, 18:27

no,pare non abbia fatto nemmeno un tentativo di rimozione

lancetta · 28-10-2007, 18:37

sembrerebbe...per sicurezza nuovo log di hijackthis

Nicflames · 28-10-2007, 19:12

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.11.22, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svehost.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.collegiorotondi.it/Object...ione%20d´esame
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51D67A88-5014-47E7-96FC-1DC191DE2F8D}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7316 bytes

juninho85 · 28-10-2007, 19:15

Quote:

svehost.exe

ora ci sarebbe(anche?)quest'altro
posta un log di gmer

xcdegasp · 28-10-2007, 19:27

Quote:

Originariamente inviato da Nicflames

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.11.22, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:

Codice:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svehost.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.collegiorotondi.it/Object...ione%20d´esame
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51D67A88-5014-47E7-96FC-1DC191DE2F8D}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7316 bytes

Codice:

Nicflames · 28-10-2007, 20:07

eccolo con gmer:

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-10-28 20:06:54
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!_abnormal_termination + 107 804E2DD8 12 Bytes [ 70, 72, 39, F4, 20, D5, 39, ... ]
? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
? srescan.sys Impossibile trovare il file specificato.
.text USBPORT.SYS!DllUnload F688F62C 5 Bytes JMP 87249970
? System32\Drivers\azjtl0cl.SYS Impossibile trovare il file specificato.
? C:\WINDOWS\System32\DRIVERS\update.sys

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8737A1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86F42990
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F43A8CC0] vsdatant.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{51D67A88-5014-47E7-96FC-1DC191DE2F8D} IRP_MJ_CREATE 86F3C700
Device \Driver\NetBT \Device\NetBT_Tcpip_{51D67A88-5014-47E7-96FC-1DC191DE2F8D} IRP_MJ_CLOSE 86F3C700
Device \Driver\NetBT \Device\NetBT_Tcpip_{51D67A88-5014-47E7-96FC-1DC191DE2F8D} IRP_MJ_DEVICE_CONTROL 86F3C700
Device \Driver\NetBT \Device\NetBT_Tcpip_{51D67A88-5014-47E7-96FC-1DC191DE2F8D} IRP_MJ_INTERNAL_DEVICE_CONTROL 86F3C700
Device \Driver\NetBT \Device\NetBT_Tcpip_{51D67A88-5014-47E7-96FC-1DC191DE2F8D} IRP_MJ_CLEANUP 86F3C700
Device \Driver\NetBT \Device\NetBT_Tcpip_{51D67A88-5014-47E7-96FC-1DC191DE2F8D} IRP_MJ_PNP 86F3C700
Device \Driver\00000047 \Device\00000041 IRP_MJ_POWER [F7753DB6] sptd.sys
Device \Driver\00000047 \Device\00000041 IRP_MJ_SYSTEM_CONTROL [F776973C] sptd.sys
Device \Driver\00000047 \Device\00000041 IRP_MJ_PNP [F776277E] sptd.sys
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 8723A990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 8723A990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 8723A990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 8723A990
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8737D1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 8723A990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 8723A990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 8723A990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 8723A990
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F43A8CC0] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8737E1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 871011D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8737E1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 871011D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 8737C1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 871011D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86F3C700
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 86F3C700
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 86F3C700
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 86F3C700
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 86F3C700
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 86F3C700
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86F3C700
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 86F3C700
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 86F3C700
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 86F3C700
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 86F3C700
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 86F3C700
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F43A8CC0] vsdatant.sys
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 8723A990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 8723A990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 8723A990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 8723A990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 8723A990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 8723A990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 8723A990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 8723A990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 87037990
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F43A8CC0] vsdatant.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 87037990
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8737E1D8
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1Port2Path0Target0Lun0 IRP_MJ_CREATE 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1Port2Path0Target0Lun0 IRP_MJ_CLOSE 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1Port2Path0Target0Lun0 IRP_MJ_POWER 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1Port2Path0Target0Lun0 IRP_MJ_PNP 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1 IRP_MJ_CREATE 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1 IRP_MJ_CLOSE 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1 IRP_MJ_DEVICE_CONTROL 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1 IRP_MJ_INTERNAL_DEVICE_CONTROL 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1 IRP_MJ_POWER 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1 IRP_MJ_SYSTEM_CONTROL 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1 IRP_MJ_PNP 870A4900
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 86F42990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8706B990
---- Processes - GMER 1.0.12 ----

Library C:\Programmi\Adobe\Acrobat (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1156] 0x00A70000

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1229272821-113007714-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4178605D-26E3-2572-3080-BCF5A1DFFF39}@ianfldplbbdemgmgkc 0x69 0x61 0x62 0x66 ...
Reg \Registry\USER\S-1-5-21-1229272821-113007714-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4178605D-26E3-2572-3080-BCF5A1DFFF39}@hadefnfllaihpgoj 0x69 0x61 0x62 0x66 ...

---- EOF - GMER 1.0.12 ----

**Chill-Out** · 28-10-2007, 22:02

Quote:

Originariamente inviato da Nicflames

scansione con norman fatta..ecco il risultato

Norman Malware Cleaner
Copyright © 1990 - 2007, Norman ASA. Built 2007/10/16 20:20:41

Norman Scanner Engine Version: 5.91.08
Nvcbin.def Version: 5.90.00, Date: 2007/10/16 20:20:41, Variants: 1
Nvcmacro.def Version: 5.90.00, Date: 2007/10/16 20:20:41, Variants: 12
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: NICO\JNico

Scan started: 28/10/2007 12:39:53

Scanning running processes and process memory...

Number of processes/threads found: 511
Number of processes/threads scanned: 510
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 0
Total scanning time: 16s

Scanning file system...

Scanning: C:\*.*

C:\WINDOWS\system32\scrigz.exe (Infected with SDBot.gen8)
Deleted file

Scanning: D:\*.*

secondo voi adesso è tutto a posto?

16 secondi per scansionare la partizione con installato il sistema operativo, impossibile.

Nicflames · 28-10-2007, 22:38

li c'è scritto 16 secondi ma ti assicuro che è durato molto di più..nn ti so spiegare il motivo di ciò..

juninho85 · 28-10-2007, 22:42

è stato già rimosso,almeno parzialmente.
hai già provato a scansionare file e ads,sempre con gmer?

Riverside · 28-10-2007, 22:52

Quote:

Originariamente inviato da Nicflames

li c'è scritto 16 secondi ma ti assicuro che è durato molto di più..nn ti so spiegare il motivo di ciò..

Disattiva il ripristino configurazione di sistema
poi:
CCLEANER: clicca qui per il download
una volta installato, lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
● Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi su:
● Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
● alla voce Pulizia, spunta tutte le voci comprese nella sezione Avanzate
● nel menu a sinistra, clicca sulla voce Pulizia, clicca su tasto Avvia Pulizia per eseguire la scansione
● sempre nel menu a sinistra, clicca sulla voce Registro, spunta tutte le voci comprese nella sezione, clicca sul tasto Trova problemi ed avvia una scansione
● al termine della scansione clicca sulla voce Ripara selezionati e prosegui

ASQUARED FREE: clicca qui per il download
una volta installato, scarica gli aggiornamenti e poi, esegui una scansione del sistema in modalità Deep Scan e rimuovi tutto ciò che viene rilevato con esclusione dei riferimenti a Software, MIrc, fotocamere digitali e/o scanner eventualmente installati.

PANDA ANTIROOTKIT: clicca qui per il download
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, si aggiorna in automatico ed esegue la scansione (ovviamente rimuove tutti gli eventuali rootkit che rileva)

ELISTARTA TOOL: clicca qui per il download
per scaricare il tool scorri, fino in fondo, la pagina Web che si aprirà e clicca su Descargar ELISTARTA
● per comodità, posizionalo su Desktop
Esegui ELISTARTA TOOL:
● alla prima domanda, rispondi SI
● alla seconda, rispondi SI
● alla terza rispondi NO
● si apre la finestra di scansione, clicca su Explorar
● terminata la scansione, chiudi il Tool e provvedi a riavviare il sistema
● verrà rilasciato un log dal nome infosat.txt
● clicca su Risorse del Computer, poi su Disco Locale C:
●trovi il log e lo alleghi alla discussione
Annotazione
dopo aver rilanciato Internet Explorer, potrebbe rendersi necessario reimpostare la propria pagina Web predefinita

SYSCLEAN TRENDMICRO: clicca qui per il download
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, individua e rimuove gli eventuali virus worm e malware presenti nella memoria del P.C., nel file di registro di Windows, nelle cartelle di sistema e in qualsiasi altra ubicazione del disco locale.
● devi creare, una apposita cartella sul Desktop e, al suo interno, inserisci Sysclean
● scarica le definizioni dei virus (vengono aggiornate, quotidianamente): clicca qui per il download
● scompatta, all’interno della cartella creata, il file zippato contenente le definizioni
● lascia disabilitato il Ripristino configurazione di sistema
● riavvia il P.C., in modalità provvisoria
● esegui Sysclean attendi il responso finale
● pubblica, il log che verrà rilasciato

Al termine, pubblica un nuovo log di Hthis

Nicflames · 29-10-2007, 20:08

Riverside ho fatto tutto e ti posto tutti i risultati, fammi sapere..grazie!

CCLEANER: fatto, mi ha cancellato un po di roba.

ASQUARED FREE: fatto, e anche se non lo hai richiesto ti posto il log.

a-squared Free - Version 3.0
Last update: 29/10/2007 0.16.41

Impostazioni scansione:

Oggetti: Memoria, Tracce, Cookies, C:\, D:\
Archivio scansioni: On
Scientifico: On
ADS Scan: On

Scansione avviata: 29/10/2007 14.07.07

D:\System Volume Information\_restore{968A0A0F-ACF5-4FBB-91DA-95863140ACE4}\RP31\A0002398.exe/JackSMS.exe rilevati: Backdoor.Win32.mIRC-based

Scansionati

Files: 155149
Tracce: 339265
Cookies: 4
Processi: 42

Rilevato

Files: 1
Tracce: 0
Cookies: 0
Processi: 0
Chiavi registro: 0

Fine scansione: 29/10/2007 17.36.11
Tempo scansione: 3.29.04

PANDA ANTIROOTKIT: fatto, non mi ha trovato niente.

ELISTARTA TOOL: fatto, ti posto il log.

Mon Oct 29 17:42:54 2007
EliStartPage v14.92 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
No detectado Parche MS06-001 de Microsoft instalado. (WMF)
No detectado Parche MS06-070 de Microsoft instalado. (SServidor)
ALERTA. WindowsUpdate Incompleto.
Eliminadas las Paginas de Inicio y de Busqueda del IE
Detectado AUTORUN.INF en la Unidad (G)
open=autorun.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "[email protected]". Gracias.

Mon Oct 29 17:43:41 2007
EliStartPage v14.92 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Programmi\Spyware Terminator\SPTCONTMENU.DLL --> Acceso Denegado, KeyLogger.FL

Nº Total de Directorios: 3249
Nº Total de Ficheros: 44392
Nº de Ficheros Analizados: 13812
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0

Mon Oct 29 17:52:49 2007
EliStartPage v14.92 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
No detectado Parche MS06-001 de Microsoft instalado. (WMF)
No detectado Parche MS06-070 de Microsoft instalado. (SServidor)
ALERTA. WindowsUpdate Incompleto.
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Detectado AUTORUN.INF en la Unidad (G)
open=autorun.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "[email protected]". Gracias.

SYSCLEAN TRENDMICRO: fatto, ti posto il log.

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2007-10-29, 18:46:51, Auto-clean mode specified.
2007-10-29, 18:46:51, Running scanner "C:\Documents and Settings\JNico\Desktop\Nuova cartella\TSC.BIN"...
2007-10-29, 18:50:42, Scanner "C:\Documents and Settings\JNico\Desktop\Nuova cartella\TSC.BIN" has finished running.
2007-10-29, 18:50:42, TSC Log:

2007-10-29, 18:51:50, An error was detected on "C:\System Volume Information\*.*": Accesso negato.
2007-10-29, 18:52:42, An error was detected on "D:\System Volume Information\*.*": Accesso negato.
2007-10-29, 19:47:13, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/29/2007 18:52:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella

C:\Programmi\ScanSoft\OmniPageSE\opware32.exe [PE_RESOURCER.A]
C:\WINDOWS\CTRegRun.EXE [PE_RESOURCER.A]
C:\WINDOWS\system32\NeroCheck.exe [PE_RESOURCER.A]
44468 files have been read.
44468 files have been checked.
41625 files have been scanned.
148313 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/29/2007 19:47:12
---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-29, 19:47:13, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/29/2007 18:52:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella

Success Clean [ PE_RESOURCER.A]( 8382) from C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
Success Clean [ PE_RESOURCER.A]( 8382) from C:\WINDOWS\CTRegRun.EXE
Success Clean [ PE_RESOURCER.A]( 8382) from C:\WINDOWS\system32\NeroCheck.exe
44468 files have been read.
44468 files have been checked.
41625 files have been scanned.
148313 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/29/2007 19:47:12 54 minutes 28 seconds (3268.78 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-29, 19:47:13, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/29/2007 18:52:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella

44468 files have been read.
44468 files have been checked.
41625 files have been scanned.
148313 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/29/2007 19:47:12 54 minutes 28 seconds (3268.78 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-29, 19:47:13, Scanner "C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN" has finished running.
2007-10-29, 19:54:51, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/29/2007 19:47:13
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella

8189 files have been read.
8189 files have been checked.
8161 files have been scanned.
8270 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/29/2007 19:54:51
---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-29, 19:54:51, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/29/2007 19:47:13
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella

8189 files have been read.
8189 files have been checked.
8161 files have been scanned.
8270 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/29/2007 19:54:51 7 minutes 26 seconds (445.70 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-29, 19:54:51, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/29/2007 19:47:13
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella

8189 files have been read.
8189 files have been checked.
8161 files have been scanned.
8270 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/29/2007 19:54:51 7 minutes 26 seconds (445.70 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-29, 19:54:51, Scanner "C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN" has finished running.

Al termine, pubblica un nuovo log di Hthis: fatto, ti posto il log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.01.02, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svehost.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51D67A88-5014-47E7-96FC-1DC191DE2F8D}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7542 bytes

Mar1o · 29-10-2007, 20:40

mi associo ho preso pure io sto cavolo di virus

Riverside · 29-10-2007, 21:26

Quote:

Originariamente inviato da Nicflames

Ciao a tutti..per abaglio ho aperto un file exe e mi ha installato un virus ...... si chiama scrigz.exe .......

intanto TUTTI I LOG E/O REPORT RICHIESTI DEVONO ESSERE:

● se il relativo txt generato è max 20 kb, deve essere allegato alla discussione, utilizzando l'apposita funzione GESTISCI ALLEGATI;
● se superiore a 20 kb, hostati su Zshare clicca qui per raggiungere ZShare, pubblicando, nella discussione, il link che verrà rilasciato per il download.

Ora, procedi in questo modo: disattiva il ripristino Configurazione di sistema, rilancia Hthis e fixa queste voci:

C:\WINDOWS\system32\svehost.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE

O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe

O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe

O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"

aggiorna INTERNET EXPLORER:
clicca qui per il download

Scarica e fai girare questi software:

PREVX CSI: clicca qui per il download
● una volta installato, esegui una scansione
● al termine della scansione, clicca su:
● Options
● Save Log
● pubblica il log salvato, per farlo analizzare

PANDA ANTIROOTKIT: clicca qui per il download
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, si aggiorna in automatico ed esegue la scansione (ovviamente rimuove tutti gli eventuali rootkit che rileva)

SYSCLEAN TRENDMICRO: clicca qui per il download
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, individua e rimuove gli eventuali virus worm e malware presenti nella memoria del P.C., nel file di registro di Windows, nelle cartelle di sistema e in qualsiasi altra ubicazione del disco locale.
● devi creare, una apposita cartella sul Desktop e, al suo interno, inserisci Sysclean
● scarica le definizioni dei virus (vengono aggiornate, quotidianamente): clicca qui per il download
● scompatta, all’interno della cartella creata, il file zippato contenente le definizioni
● disabilita in Ripristino configurazione di sistema
● riavvia il P.C., in modalità provvisoria
● esegui Sysclean attendi il responso finale
● pubblica, il log che verrà rilasciato

Al termine riavvia il sistema ed alleghi un nuovo log di Hthis.

Riverside · 29-10-2007, 21:32

Quote:

Originariamente inviato da Mar1o

mi associo ho preso pure io sto cavolo di virus

Installa HIJACKTHIS: clicca qui per il download
● crea una apposta nuova Cartella in C:/Programmi (chiamala HThis)
● scompatta, all'interno della cartella creata, il file Zip (verrà creata una icona)
● lancialo, clicca su Do a system scan and save a logfile ed una volta che è stata creata la list, clicca su Save Log
Pubblica, nella discussione (leggi sotto), il log di HijackThis per farlo controllare

Tutti i log e/o report che ti verrano richiesti devono essere:
● se il relativo txt generato è max 20 kb, deve essere allegato alla discussione, utilizzando l'apposita funzione GESTISCI ALLEGATI;
● se superiore a 20 kb, hostati su Zshare clicca qui per raggiungere ZShare, pubblicando, nella discussione, il link che verrà rilasciato per il download.

Fatto questo, valuteremo come procedere.

Nicflames · 29-10-2007, 21:35

uhm scusami la prossima volta allego.
Cmq è inutile che aggiorno internet explorer, io uso Firefox..lo aggiorno lo stesso x sicurezza?

poi il panda atirootkit e sysclean li avevo già fatti prima..li devo rifare?

27-10-2007, 17:16	#1
Nicflames Senior Member Iscritto dal: Oct 2006 Messaggi: 304	scrigz.exe Ciao a tutti..per abaglio ho aperto un file exe e mi ha installato un virus..si chiama scrigz.exe e continua ad avviarsi, meno male che spyware terminator lo blocca..come posso eliminarlo definitivamente? grazie

27-10-2007, 17:29	#2
Gle89 Senior Member Iscritto dal: Aug 2007 Città: Lucca Sesso: FEMMINA Messaggi: 2495	Intanto scarica HIJACKTHIS dalla mia firma (qua sotto) mettilo in una cartella in C: o in C:\Programmi. Aprilo e premi la prima opzione "do a system scan and save log" aspetta che ti dia il file .txt (blocco note) e copia e incolla INTERAMENTE qui e aspetta nuove istruzioni. __________________ Disinfettare da disk knight.exe / Icone desktop sparite? / Guida Rimozione Virus MSN Guida "Impossibile installare alcuni aggiornamenti XP /

27-10-2007, 21:18	#4
Chill-Out Moderatore Iscritto dal: Jun 2007 Città: 127.0.0.1 Messaggi: 25885	Da fixare: C:\WINDOWS\system32\scrigz.exe O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Disabilita ripristino configurazione sistema Fai una scansione completa spyware con SpywareTerminator Scarica Norman Malware Cleaner http://download.norman.no/public/Nor...re_Cleaner.exe fallo girare in modalità provvisoria F8, in alcuni casi Norman Malware Cleaner può richiedere il riavvio del computer per rimuovere completamente un’infezione Aggiorna Acrobat Reader sei alla versione 7 è già disponibile la 8 Ciao N.B: ho editato il post __________________ Regole di Sezione ▪ Guida alla Disinfezione ▪ Attenzione: Thread importanti Try again and you will be luckier. Ultima modifica di Chill-Out : 27-10-2007 alle 21:58.

28-10-2007, 18:37	#7
lancetta Senior Member Iscritto dal: Feb 2007 Città: Salerno...... Messaggi: 3259	sembrerebbe...per sicurezza nuovo log di hijackthis __________________ Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA \| GUIDA:ShutdownTimer (Spegnimento auto pc) \| Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...

29-10-2007, 20:08	#16
Nicflames Senior Member Iscritto dal: Oct 2006 Messaggi: 304	Riverside ho fatto tutto e ti posto tutti i risultati, fammi sapere..grazie! CCLEANER: fatto, mi ha cancellato un po di roba. ASQUARED FREE: fatto, e anche se non lo hai richiesto ti posto il log. a-squared Free - Version 3.0 Last update: 29/10/2007 0.16.41 Impostazioni scansione: Oggetti: Memoria, Tracce, Cookies, C:\, D:\ Archivio scansioni: On Scientifico: On ADS Scan: On Scansione avviata: 29/10/2007 14.07.07 D:\System Volume Information\_restore{968A0A0F-ACF5-4FBB-91DA-95863140ACE4}\RP31\A0002398.exe/JackSMS.exe rilevati: Backdoor.Win32.mIRC-based Scansionati Files: 155149 Tracce: 339265 Cookies: 4 Processi: 42 Rilevato Files: 1 Tracce: 0 Cookies: 0 Processi: 0 Chiavi registro: 0 Fine scansione: 29/10/2007 17.36.11 Tempo scansione: 3.29.04 PANDA ANTIROOTKIT: fatto, non mi ha trovato niente. ELISTARTA TOOL: fatto, ti posto il log. Mon Oct 29 17:42:54 2007 EliStartPage v14.92 (c)2007 S.G.H. / Satinfo S.L. -------------------------------------------------- Lista de Acciones (por Acción Directa): No detectado Parche MS06-001 de Microsoft instalado. (WMF) No detectado Parche MS06-070 de Microsoft instalado. (SServidor) ALERTA. WindowsUpdate Incompleto. Eliminadas las Paginas de Inicio y de Busqueda del IE Detectado AUTORUN.INF en la Unidad (G) open=autorun.exe Si Desconoce la Aplicación, por favor envienosla acompañada del AUTORUN.INF a "[email protected]". Gracias. Mon Oct 29 17:43:41 2007 EliStartPage v14.92 (c)2007 S.G.H. / Satinfo S.L. -------------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Programmi\Spyware Terminator\SPTCONTMENU.DLL --> Acceso Denegado, KeyLogger.FL Nº Total de Directorios: 3249 Nº Total de Ficheros: 44392 Nº de Ficheros Analizados: 13812 Nº de Ficheros Infectados: 1 Nº de Ficheros Limpiados: 0 Mon Oct 29 17:52:49 2007 EliStartPage v14.92 (c)2007 S.G.H. / Satinfo S.L. -------------------------------------------------- Lista de Acciones (por Acción Directa): No detectado Parche MS06-001 de Microsoft instalado. (WMF) No detectado Parche MS06-070 de Microsoft instalado. (SServidor) ALERTA. WindowsUpdate Incompleto. Eliminadas las Paginas de Inicio y de Busqueda del IE Eliminados Ficheros Temporales del IE Detectado AUTORUN.INF en la Unidad (G) open=autorun.exe Si Desconoce la Aplicación, por favor envienosla acompañada del AUTORUN.INF a "[email protected]". Gracias. SYSCLEAN TRENDMICRO: fatto, ti posto il log. /--------------------------------------------------------------\ \| Trend Micro System Cleaner \| \| Copyright 2006, Trend Micro, Inc. \| \| http://www.antivirus.com \| \--------------------------------------------------------------/ 2007-10-29, 18:46:51, Auto-clean mode specified. 2007-10-29, 18:46:51, Running scanner "C:\Documents and Settings\JNico\Desktop\Nuova cartella\TSC.BIN"... 2007-10-29, 18:50:42, Scanner "C:\Documents and Settings\JNico\Desktop\Nuova cartella\TSC.BIN" has finished running. 2007-10-29, 18:50:42, TSC Log: 2007-10-29, 18:51:50, An error was detected on "C:\System Volume Information\.": Accesso negato. 2007-10-29, 18:52:42, An error was detected on "D:\System Volume Information\.": Accesso negato. 2007-10-29, 19:47:13, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/29/2007 18:52:43 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100) Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\. /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella C:\Programmi\ScanSoft\OmniPageSE\opware32.exe [PE_RESOURCER.A] C:\WINDOWS\CTRegRun.EXE [PE_RESOURCER.A] C:\WINDOWS\system32\NeroCheck.exe [PE_RESOURCER.A] 44468 files have been read. 44468 files have been checked. 41625 files have been scanned. 148313 files have been scanned. (including files in archived) 3 files containing viruses. Found 3 viruses totally. Maybe 0 viruses totally. Stop At : 10/29/2007 19:47:12 ------------------------------------------------------------------------ 2007-10-29, 19:47:13, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/29/2007 18:52:43 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100) Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\. /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella Success Clean [ PE_RESOURCER.A]( 8382) from C:\Programmi\ScanSoft\OmniPageSE\opware32.exe Success Clean [ PE_RESOURCER.A]( 8382) from C:\WINDOWS\CTRegRun.EXE Success Clean [ PE_RESOURCER.A]( 8382) from C:\WINDOWS\system32\NeroCheck.exe 44468 files have been read. 44468 files have been checked. 41625 files have been scanned. 148313 files have been scanned. (including files in archived) 3 files containing viruses. Found 3 viruses totally. Maybe 0 viruses totally. Stop At : 10/29/2007 19:47:12 54 minutes 28 seconds (3268.78 seconds) has elapsed. ------------------------------------------------------------------------ 2007-10-29, 19:47:13, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/29/2007 18:52:43 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100) Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\. /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella 44468 files have been read. 44468 files have been checked. 41625 files have been scanned. 148313 files have been scanned. (including files in archived) 3 files containing viruses. Found 3 viruses totally. Maybe 0 viruses totally. Stop At : 10/29/2007 19:47:12 54 minutes 28 seconds (3268.78 seconds) has elapsed. ------------------------------------------------------------------------ 2007-10-29, 19:47:13, Scanner "C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN" has finished running. 2007-10-29, 19:54:51, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/29/2007 19:47:13 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100) Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\. /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella 8189 files have been read. 8189 files have been checked. 8161 files have been scanned. 8270 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/29/2007 19:54:51 ------------------------------------------------------------------------ 2007-10-29, 19:54:51, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/29/2007 19:47:13 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100) Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\. /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella 8189 files have been read. 8189 files have been checked. 8161 files have been scanned. 8270 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/29/2007 19:54:51 7 minutes 26 seconds (445.70 seconds) has elapsed. ------------------------------------------------------------------------ 2007-10-29, 19:54:51, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/29/2007 19:47:13 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100) Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\. /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella 8189 files have been read. 8189 files have been checked. 8161 files have been scanned. 8270 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/29/2007 19:54:51 7 minutes 26 seconds (445.70 seconds) has elapsed. ------------------------------------------------------------------------ 2007-10-29, 19:54:51, Scanner "C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN" has finished running. Al termine, pubblica un nuovo log di Hthis: fatto, ti posto il log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20.01.02, on 29/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\a-squared Free\a2service.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\DAEMON Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Programmi\ScanSoft\OmniPageSE\opware32.exe C:\Programmi\TomTom HOME\TomTomHOME.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\svehost.exe C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe C:\Programmi\Creative\Shared Files\CamTray.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{51D67A88-5014-47E7-96FC-1DC191DE2F8D}: NameServer = 193.12.150.2 212.247.152.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7542 bytes Ultima modifica di Nicflames : 29-10-2007 alle 20:12.

27-10-2007, 20:49	#3
Nicflames Senior Member Iscritto dal: Oct 2006 Messaggi: 304	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20.48.07, on 27/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\scrigz.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\DAEMON Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Programmi\ScanSoft\OmniPageSE\opware32.exe C:\Programmi\TomTom HOME\TomTomHOME.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\VEXPLITE\MONLITE.EXE C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe C:\Programmi\Creative\Shared Files\CamTray.exe C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\VEXPLITE\viritsvc.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Alwil Software\Avast4\setup\avast.setup C:\Programmi\Trend Micro\HijackThis\HijackThis.exe C:\Programmi\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.collegiorotondi.it/Object...ione%20d´esame R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{51D67A88-5014-47E7-96FC-1DC191DE2F8D}: NameServer = 193.12.150.2 212.247.152.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7681 bytes

28-10-2007, 17:59	#5
Nicflames Senior Member Iscritto dal: Oct 2006 Messaggi: 304	scansione con norman fatta..ecco il risultato Norman Malware Cleaner Copyright © 1990 - 2007, Norman ASA. Built 2007/10/16 20:20:41 Norman Scanner Engine Version: 5.91.08 Nvcbin.def Version: 5.90.00, Date: 2007/10/16 20:20:41, Variants: 1 Nvcmacro.def Version: 5.90.00, Date: 2007/10/16 20:20:41, Variants: 12 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2 Logged on user: NICO\JNico Scan started: 28/10/2007 12:39:53 Scanning running processes and process memory... Number of processes/threads found: 511 Number of processes/threads scanned: 510 Number of processes/threads not scanned: 1 Number of infected processes/threads terminated: 0 Total scanning time: 16s Scanning file system... Scanning: C:\. C:\WINDOWS\system32\scrigz.exe (Infected with SDBot.gen8) Deleted file Scanning: D:\. secondo voi adesso è tutto a posto?

28-10-2007, 18:27	#6
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 28983	no,pare non abbia fatto nemmeno un tentativo di rimozione

28-10-2007, 19:12	#8
Nicflames Senior Member Iscritto dal: Oct 2006 Messaggi: 304	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19.11.22, on 28/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\DAEMON Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Programmi\ScanSoft\OmniPageSE\opware32.exe C:\Programmi\TomTom HOME\TomTomHOME.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\svehost.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\msiexec.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.collegiorotondi.it/Object...ione%20d´esame R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{51D67A88-5014-47E7-96FC-1DC191DE2F8D}: NameServer = 193.12.150.2 212.247.152.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7316 bytes

28-10-2007, 22:38	#13
Nicflames Senior Member Iscritto dal: Oct 2006 Messaggi: 304	li c'è scritto 16 secondi ma ti assicuro che è durato molto di più..nn ti so spiegare il motivo di ciò..

28-10-2007, 22:42	#14
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 28983	è stato già rimosso,almeno parzialmente. hai già provato a scansionare file e ads,sempre con gmer?

29-10-2007, 20:40	#17
Mar1o Senior Member Iscritto dal: Oct 2006 Città: Southampton, Hampshire UK Messaggi: 4676	mi associo ho preso pure io sto cavolo di virus

29-10-2007, 21:35	#20
Nicflames Senior Member Iscritto dal: Oct 2006 Messaggi: 304	uhm scusami la prossima volta allego. Cmq è inutile che aggiorno internet explorer, io uso Firefox..lo aggiorno lo stesso x sicurezza? poi il panda atirootkit e sysclean li avevo già fatti prima..li devo rifare?

Strumenti
Mostra una versione stampabile Invia questa pagina per email