*** Removal Tool LinkOptimizer / Gromozon ***

[bReAkDoWn]

Quote:

Originariamente inviato da schumy2006

Grazie 1000 bReAkDoWn !!!
Mi hai davvero chiarito molti dubbi e sono molto + tranquillo...

Volevo solo dire che sulla porta 1026 ricevo gli attacchi con messenger disattivato e senza alcun web browser aperto....

Per le porte 4662 e 4672 e' chiarissimo, ma per gli attacchi ricevuti da circa 40 IP differenti sulla stessa porta 27673 UDP e TCP ? Come e' possibile che tutti questi 40 e passa indirizzi IP puntassero sulla mia porta UDP 27673 e TCP 27673 ? Potrebbe essere anche che qualcuno abbia utilizzato il mio IP con emule con la porta UDP e/o TCP 27673 anziche' la classica 4662 ?

E' possibile che ci sia qualche processo che comunica il mio IP ed eventualmente una determinata porta da attaccare ?

Ciao e grazie ancora !!

Per messenger non intendo il programma messenger per chattare e comunicare, ma intendo un servizio interno di windows che mostra dei messaggi direttamente sul desktop. Chi lancia questi messaggi lo fa su grandi intervalli di indirizzi ip, fra cui quelli del tuo provider. Così tu ricevi il tentativo di recapitare il messaggio indipendentemente dalle applicazioni che puoi avere aperte sul pc. Poi se non hai firewall che lo bloccano e se il servizio messenger è attivo, vedrai il messaggio vero e proprio comparire sul desktop. Altrimenti non vedrai niente, ma il tentativo di connessione al tuo pc arriverà comunque e verrà intercettato dal firewall.

Come ti diceva anche groot, è possibile che qualcuno abbia usato emule con porte non standard, questo potrebbe spiegare il così alto numero di connessioni.

Quello che dici tu, cioè che un trojan apra delle porte a cui connettersi, è possibile, ma nel tuo caso mi pare molto improbabile. Non ci sono sintomi evidenti.

Ciao!

[schumy2006]

Grazie bReAkDoWn, Grazie Groot ! Allora dovrebbe essere tutto OK ! Perfetto !
L'unico problema rimane Prevx1 che non si attiva dopo l'installazione e la patch di Microsoft che non si installa. Spero che il supporto di Prevx mi risponda presto..
Per Microsoft ci rinuncio, non credo mi risponderanno...

Ciao !!

[FiorDiLatte]

Quote:

Originariamente inviato da schumy2006

In minima parte veniva attaccata anche la porta 1026 UDP e la 1027 UDP.
La 1026 e' guardacaso proprio quella su cui svchost rimaneva in ascolto quando abilitavo zone alarm a farlo agire come server...
Intanto scrivo a Prevx x capire come mai Prevx1 non puo' essere attivato dopo l'installazione... Ciao

Hai fatto un po' di casino, dal log di Hijackthis si evince che tu abbia installato nel tuo pc il Nod32, il Norton Internet Security e pure Zone alarm o sbaglio? Mai installare piu' versioni di un antivirus su un'installazione del sistema operativo, il sistema si puo' piantare. Poi, se non applichi tutti gli aggiornamenti (ma anche se li applichi, questo e' il bello della microsoft) di protezione, tutti i firewall del mondo (a parte quelli hardware) non ti serviranno a nulla, se il sistema non e' patchato, virus come il sasser ecc. entrano al volo.

Vai qui:

http://it.trendmicro-europe.com/glob...opr/lpt811.zip

scaricalo e scompattalo in una cartella e poi nella cartella creata, scaricaci quest'altro file:

http://it.trendmicro-europe.com/file...c/sysclean.com

vai in modalita' provvisoria e fai una scansione completa, i virus che hai dovrebbe toglierli, prima pero' disabilita il "ripristino configurazione di sistema", scarica pure il Gmer e Icesword che ti consentono di rimuovere file (o solo identificarli) che normalmente Windows ed altri applicativi specifici non riescono a cancellare, come i servizi fittizi che crea il link optimizer/Gromozon.

byezzz

[groot]

Quote:

Originariamente inviato da schumy2006

Ciao groot, ti ringrazio. La penna usb che ho a disposizione e' troppo piccola per contenere windows e non posso passare a win SP2 in quanto si tratta di un vecchio PC che mi e' stato venduto con licenza del sistema operativo di qualche mese... Ora e' scaduta e non mi conviene rinnovarla per l'uso che ne faccio..... Sul PC con Win XP Service pack 2 in effetti non ho mai avuto problemi... Ciao e grazie ancora !!! ;-)

Questo cosa significa??

[beppe68]

CIOE?

[Tassadar]

Ciao raga, ho usato il programmino però ho ancora il file _cleaned.tmp e non riesco a rimuoverlo... come faccio?

[Tassadar]

I miei log:

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-04 13:53:40
Windows 5.0.2195 Service Pack 4


---- System - GMER 1.0.11 ----

SSDT a347bus.sys ZwClose
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwConnectPort
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreatePort
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreateSection
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwDeleteKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwDeleteValueKey
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenSection
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenThread
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwSetContextThread
SSDT a347bus.sys ZwSetSystemPowerState
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwSetValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwTerminateProcess

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 85D97770
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 84E9D950
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 85AFE848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 85AFE848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_CREATE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_CREATE_NAMED_PIPE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_CLOSE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_READ 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_WRITE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_QUERY_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_SET_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_QUERY_EA 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_SET_EA 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_FLUSH_BUFFERS 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_QUERY_VOLUME_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_SET_VOLUME_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_DIRECTORY_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_FILE_SYSTEM_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_DEVICE_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_SHUTDOWN 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_LOCK_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_CLEANUP 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_CREATE_MAILSLOT 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_QUERY_SECURITY 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_SET_SECURITY 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_POWER 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_SYSTEM_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_DEVICE_CHANGE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_QUERY_QUOTA 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_SET_QUOTA 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_PNP 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 85AFF568
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 85AFF568
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_CREATE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_CREATE_NAMED_PIPE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_CLOSE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_READ 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_WRITE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_QUERY_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_SET_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_QUERY_EA 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_SET_EA 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_FLUSH_BUFFERS 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_SET_VOLUME_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_DIRECTORY_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_FILE_SYSTEM_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_DEVICE_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_SHUTDOWN 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_LOCK_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_CLEANUP 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_CREATE_MAILSLOT 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_QUERY_SECURITY 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_SET_SECURITY 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_POWER 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_SYSTEM_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_DEVICE_CHANGE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_QUERY_QUOTA 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_SET_QUOTA 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_PNP 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_CREATE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_CREATE_NAMED_PIPE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_CLOSE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_READ 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_WRITE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_QUERY_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_SET_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_QUERY_EA 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_SET_EA 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_FLUSH_BUFFERS 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_QUERY_VOLUME_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_SET_VOLUME_INFORMATION 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_DIRECTORY_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_FILE_SYSTEM_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_DEVICE_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_INTERNAL_DEVICE_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_SHUTDOWN 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_LOCK_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_CLEANUP 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_CREATE_MAILSLOT 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_QUERY_SECURITY 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_SET_SECURITY 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_POWER 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_SYSTEM_CONTROL 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_DEVICE_CHANGE 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_QUERY_QUOTA 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_SET_QUOTA 85AFF568
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_PNP 85AFF568
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 85AFE848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 85AFE848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 85AFE848
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 84C7ADF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 84D9FFB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 84D9FFB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 84E65770
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 84E68790
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSE 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_READ 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_READ 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_POWER 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 85A3F3C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_PNP 85A3F3C8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 85CB4130
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 84E9D710
Device \FileSystem\Fs_Rec \FileSystem\FatRecognizer IRP_MJ_READ 84E9D710
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 84E9D710
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 84E9D710
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 848CDC70

---- Modules - GMER 1.0.11 ----

Module _________ BFF5B000

---- Files - GMER 1.0.11 ----

ADS H:\Documenti\Immagini\Alboz.bmp:Q30lsldxJoudresxAaaqpcawXc
ADS H:\Documenti\Immagini\Alboz.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS H:\Documenti\Immagini\dolittle.bmp:Q30lsldxJoudresxAaaqpcawXc
ADS H:\Documenti\Immagini\dolittle.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS H:\Documenti\Immagini\dolittle_1.bmp:Q30lsldxJoudresxAaaqpcawXc
ADS H:\Documenti\Immagini\dolittle_1.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS H:\Documenti\Immagini\dolittle_1t.bmp:Q30lsldxJoudresxAaaqpcawXc
ADS H:\Documenti\Immagini\dolittle_1t.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS H:\Documenti\Immagini\dolittle_2t.bmp:Q30lsldxJoudresxAaaqpcawXc
ADS H:\Documenti\Immagini\dolittle_2t.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS H:\Documenti\Immagini\Esempio.jpg:Q30lsldxJoudresxAaaqpcawXc
ADS ...

---- EOF - GMER 1.0.11 ----

[Tassadar]

GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2006-10-04 13:54:16
Windows 5.0.2195 Service Pack 4


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = D:\WINNT\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
wzcnotif@DLLName = wzcdlg.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir Scheduler*/@ = D:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Service*/@ = D:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = D:\WINNT\system32\ati2sgag.exe
btwdins /*Bluetooth Service*/@ = D:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
CmdAgent /*Comodo Application Agent*/@ = D:\Programmi\Comodo\Firewall\cmdagent.exe
Diskeeper /*Diskeeper*/@ = D:\Programmi\Executive Software\Diskeeper\DkService.exe
GhostStartService /*GhostStartService*/@ = D:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
PREVXAgent /*Prevx Agent*/@ = "D:\Programmi\Prevx1\PXAgent.exe" -f
RemoteRegistry /*Servizio Registro di sistema remoto*/@ = %SystemRoot%\system32\regsvc.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\system32\MSTask.exe
SiSWLSvc /*SiS WirelessLan Service*/@ = D:\Programmi\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StiSvc /*Still Image Service*/@ = %systemroot%\system32\stisvc.exe
SymWSC /*SymWMI Service*/@ = D:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
UpdNwo /*UpdNwo*/@ = "D:\Programmi\File comuni\System\yLSpTG.exe" /*file not found*/
WinMgmt /*Strumentazione gestione Windows*/@ = %SystemRoot%\System32\WBEM\WinMgmt.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Synchronization Managermobsync.exe /logon = mobsync.exe /logon
@QuickTime Task"D:\Programmi\QuickTime\qttask.exe" -atboottime = "D:\Programmi\QuickTime\qttask.exe" -atboottime
@GhostStartTrayAppD:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe = D:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
@NeroFilterCheckD:\WINNT\system32\NeroCheck.exe = D:\WINNT\system32\NeroCheck.exe
@HGTXPEID:\WINNT\system32\FirstReboot.exe = D:\WINNT\system32\FirstReboot.exe
@SoundFusionRunDll32 hercplgs.cpl,BootEntryPoint = RunDll32 hercplgs.cpl,BootEntryPoint
@SSC_UserPromptD:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe = D:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
@hppwrsavD:\PROGRAMMI\SCANJET\PrecisionScanLT\hppwrsav.exe = D:\PROGRAMMI\SCANJET\PrecisionScanLT\hppwrsav.exe
@SunJavaUpdateSchedD:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = D:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@PCSuiteTrayApplicationD:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray /*file not found*/ = D:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray /*file not found*/
@DataLayerD:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe = D:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
@MessengerPlus3"D:\Programmi\MessengerPlus! 3\MsgPlus.exe" = "D:\Programmi\MessengerPlus! 3\MsgPlus.exe"
@avgnt"D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@ATICCC"D:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay = "D:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
@EEventManagerD:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe = D:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
@Comodo Firewall"D:\Programmi\Comodo\Firewall\CPF.exe" /background = "D:\Programmi\Comodo\Firewall\CPF.exe" /background
@PrevxOne"D:\Programmi\Prevx1\PXConsole.exe" = "D:\Programmi\Prevx1\PXConsole.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@internat.exeinternat.exe = internat.exe
@NBJ"D:\Programmi\Ahead\Nero BackItUp\nbj.exe" = "D:\Programmi\Ahead\Nero BackItUp\nbj.exe"
@MessengerPlus3"D:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart = "D:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
@Skype"D:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized = "D:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
@msnmsgr"D:\Programmi\MSN Messenger\msnmsgr.exe" /background = "D:\Programmi\MSN Messenger\msnmsgr.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{41E300E0-78B6-11ce-849B-444553540000} /*Estensione CPL PlusPack*/plustab.dll = plustab.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{8BEBB290-52D0-11D0-B7F4-00C04FD706EC} /*Anteprima*/D:\WINNT\System32\thumbvw.dll = D:\WINNT\System32\thumbvw.dll
@{EAB841A0-9550-11CF-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/D:\WINNT\System32\thumbvw.dll = D:\WINNT\System32\thumbvw.dll
@{1AEB1360-5AFC-11D0-B806-00C04FD706EC} /*Programma di estrazione filtri grafici di Office in anteprima*/D:\WINNT\System32\thumbvw.dll = D:\WINNT\System32\thumbvw.dll
@{9DBD2C50-62AD-11D0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/D:\WINNT\System32\thumbvw.dll = D:\WINNT\System32\thumbvw.dll
@{500202A0-731E-11D0-B829-00C04FD706EC} /*LNK file thumbnail interface delegator*/D:\WINNT\System32\thumbvw.dll = D:\WINNT\System32\thumbvw.dll
@{fe1290f0-cfbd-11cf-a330-00aa00c16e65} /*Directory Namespace*/dsfolder.dll = dsfolder.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/dsfolder.dll = dsfolder.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{57C51AF9-DEF7-11D3-A801-00C04F163490} /*Ghost Shell Extension*/D:\Programmi\Symantec\Norton Ghost 2003\GhoShExt.dll = D:\Programmi\Symantec\Norton Ghost 2003\GhoShExt.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\Programmi\WinRAR\rarext.dll = D:\Programmi\WinRAR\rarext.dll
@{40950107-FEA6-4d53-A65F-B2DCBA57DD58} /*Nokia Phone Browser*/D:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = D:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{FBFE7864-D495-41f0-B7DC-4BB601CC295E} /*Contact View*/D:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll = D:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll
@{C0C4375A-5B72-4efe-929D-3B848C3A1E91} /*Message View*/D:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll = D:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/D:\WINNT\system32\btneighborhood.dll = D:\WINNT\system32\btneighborhood.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"D:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "D:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"D:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "D:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"D:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "D:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"D:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "D:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{E2E223C0-5EE1-11D3-8528-FF3E959B4437} /*GSplit Context Menu Shell Extension.*/D:\WINNT\system\GSplitExt.dll = D:\WINNT\system\GSplitExt.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/D:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = D:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
@{B8323370-FF27-11D2-97B6-204C4F4F5020} /*SmartFTP Shell Extension DLL*/D:\Programmi\SmartFTP Client 2.0\smarthook.dll = D:\Programmi\SmartFTP Client 2.0\smarthook.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/D:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll = D:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/D:\WINNT\system32\dfshim.dll = D:\WINNT\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/D:\WINNT\system32\dfshim.dll = D:\WINNT\system32\dfshim.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
GSplitMenu@{E2E223C0-5EE1-11D3-8528-FF3E959B4437} = D:\WINNT\system\GSplitExt.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = D:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = D:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}D:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = D:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}D:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll = D:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}d:\programmi\google\googletoolbar2.dll = d:\programmi\google\googletoolbar2.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.pcw.it = http://www.pcw.it
@Start Pageabout:blank = about:blank
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageD:\WINNT\system32\blank.htm = D:\WINNT\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
its@CLSID = D:\WINNT\System32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = D:\WINNT\System32\itss.dll
vnd.ms.radio@CLSID = D:\WINNT\system32\msdxm.ocx
widimg@CLSID = D:\WINNT\system32\btxppanel.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5CF70C82-59F6-43DC-812D-F4C09F28A4C8} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.128.2 = 192.168.128.2
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001@LibraryPath = %SystemRoot%\System32\rnr20.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\msafd.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022@PackedCatalogItem = %SystemRoot%\system32\msafd.dll

D:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
BTTray.lnk = BTTray.lnk
Wireless Configuration Utility HW.32.lnk = Wireless Configuration Utility HW.32.lnk

---- EOF - GMER 1.0.11 ----

[groot]

Quote:

Originariamente inviato da Tassadar

Ciao raga, ho usato il programmino però ho ancora il file _cleaned.tmp e non riesco a rimuoverlo... come faccio?

utilizza questo se sai già qual'è il file.

http://www.nod32.it/tools/AGVPFIX.ZIP

[groot]

poi dai quei log, pare tu debba rimuovere qualcosa..... usato il tool di rimozione di gromozon?
http://www.prevx.com/gromozon.asp

e questo?

http://www.f-secure.com/blacklight

[Tassadar]

Quote:

Originariamente inviato da groot

poi dai quei log, pare tu debba rimuovere qualcosa..... usato il tool di rimozione di gromozon?
http://www.prevx.com/gromozon.asp

e questo?

http://www.f-secure.com/blacklight

Il primo l'ho già utilizzato...

[EDIT]
Ho provato anche il secondo e mi dice che non può ottenere i privilegi e che questo potrebbe essere causato da un malware...

[GmG]

Prova ad usare il tool della Symantec contro LinkOptimizer
http://securityresponse.symantec.com...FixLinkopt.exe

[Tassadar]

Il tool della symantec non ha rilevato nulla....

[groot]

Quote:

Originariamente inviato da Tassadar

Il primo l'ho già utilizzato...

[EDIT]
Ho provato anche il secondo e mi dice che non può ottenere i privilegi e che questo potrebbe essere causato da un malware...

chiaro sei infetto.

http://www.hwupgrade.it/forum/showpo...&postcount=169

[groot]

Quote:

Originariamente inviato da Tassadar

Il tool della symantec non ha rilevato nulla....

sei troppo pieno, dovresti rimuovere i servizi nocivi e tutto quello che non va in autostart, sei capace?

[Tassadar]

Quote:

Originariamente inviato da groot

sei troppo pieno, dovresti rimuovere i servizi nocivi e tutto quello che non va in autostart, sei capace?

ehm no....

[groot]

Quote:

Originariamente inviato da Tassadar

ehm no....

start -> esegui -> sc query > c:\servizi.txt [invio]

poi prendi il file e postalo!


Prova a scaricare look2me removal:

http://www.atribune.org/content/view/28/%20target=
o
http://www.softpedia.com/get/Interne...-Remover.shtml
o
http://www.softpedia.com/get/Interne...s/Killme.shtml

[groot]

Quote:

Originariamente inviato da Tassadar

ehm no....

Scarica The Avenger da qua http://swandog46.geekstogo.com/avenger.zip

e inserisci lo script:

Quote:

Originariamente inviato da The Avenger

Files to delete:
H:\Documenti\Immagini\Alboz.bmp
H:\Documenti\Immagini\Alboz.bmp
H:\Documenti\Immagini\dolittle.bmp
H:\Documenti\Immagini\dolittle.bmp
H:\Documenti\Immagini\dolittle_1.bmp
H:\Documenti\Immagini\dolittle_1.bmp
H:\Documenti\Immagini\dolittle_1t.bmp
H:\Documenti\Immagini\dolittle_1t.bmp
H:\Documenti\Immagini\dolittle_2t.bmp
H:\Documenti\Immagini\dolittle_2t.bmp
H:\Documenti\Immagini\Esempio.jpg

[groot]

Prova anche questo tool http://www.sophos.com/products/free-...i-rootkit.html


e leggi questo mio post:
http://www.hwupgrade.it/forum/showpo...&postcount=133

[chry80]

scusate se interrompo il discorso........ma volevo sapere se questo removed tool oltre a togliere gromozon toglie anche il linkoptimizer se uno è in infetto.........

per adesso non lo sono ma un domani...........