Mi becco Gromozon un giorno sì e l'altro pure!

[Methis]

Premessa: ho già postato nel thread in rilievo, però , per non appesantirlo troppo con i log di gmer ho ritenuto opportuno aprire un nuovo thread.

Ecco la sintesi:

Quote:

Originariamente inviato da Methis

Salve...ho da poco scoperto che l'errore del plugin flash con Firefox era dovuto a questo simpaticone

Lo elimino ormai ogni giorno da 1 sett. con Prevx1 ed il tool Symnatec eppure continuo a riprenderlo navigando rigorosamente con Firefox 2.0 su siti che reputo attendibili

Fortunatamente (o sfortunatamente visto che non me ne ha fatto accorgere prima) sembra una variante soft nel senso che non mi ha mai impedito di visitare nessun sito nè di avviare i tool di rimozione....con una simpatica dll di nome stoqa.dll!!!
La questione è che sta lì e sembra non esserci verso di farlo sloggiare!

Ora, posto che probabilmente formatterò perchè non mi fido più dei tool di rimozione (ad es mi si crea a prescindere un account in maniera sistematica, anche cancellandolo dall'altro sistema operativo, ogni volta che avvio il pc), cosa fare per non "impastare" anche il sistema operativo fresco di installazione? Da sottolineare che non amo gli antivirus e credevo di potermi fidare del firewall hardware del router...

Quote:

Originariamente inviato da bReAkDoWn

Se vuoi rimuoverlo in maniera manuale posta due log di gmer, magari in un nuovo thread, così vediamo cos'è.. le istruzioni sono queste:

Scaricare gmer (www.gmer.net) e fare due scansioni: rootkit e autostart, copiare i risultati (gmer ha direttamente il pulsante copy) e incollarli in un messaggio qua sul forum. Assicurarsi che in entrambe le scansioni NON sia selezionata l'opzione show all e lasciare tutte le altre opzioni così come sono. Infine, durante la scansione rootkit non utilizzare il pc e chiudere tutte le applicazioni aperte.

Grazie per la disponibilità....ecco i log:

Quote:

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-11-30 10:37:06
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 25AD 805012B1 3 Bytes [ D1, 44, F7 ]
.text USBPORT.SYS!DllUnload F6F5162C 5 Bytes JMP 863DD970

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 865791D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 865791D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 8630F990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 8630F990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8630F990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8630F990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 8630F990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8630F990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 8630F990
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8657C1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8657C1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8657C1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8657C1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8657C1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8657C1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8657C1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8657C1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8657C1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8657C1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8657C1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8657C1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8657C1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8657C1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8657C1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8657C1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8657C1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8657C1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8657C1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8657C1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8657C1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8657C1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8657C1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8657C1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8657C1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8657C1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8657C1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8657C1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8657C1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8657C1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8657C1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8657C1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8657C1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8657C1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8657C1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8657C1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8657C1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8657C1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8657C1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8657C1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8657C1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8657C1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8657C1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8657C1D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 8630F990
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 8630F990
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8630F990
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8630F990
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 8630F990
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8630F990
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 8630F990
Device \Driver\00000033 \Device\00000045 IRP_MJ_POWER [F7454DB6] sptd.sys
Device \Driver\00000033 \Device\00000045 IRP_MJ_SYSTEM_CONTROL [F746A73C] sptd.sys
Device \Driver\00000033 \Device\00000045 IRP_MJ_PNP [F746377E] sptd.sys
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 863B3990
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 863B3990
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 863B3990
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 863B3990
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 863B3990
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 863B3990
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 863B3990
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8657D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{15028DC5-B542-4DCB-A43E-442AD28E870D} IRP_MJ_CREATE 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{15028DC5-B542-4DCB-A43E-442AD28E870D} IRP_MJ_CLOSE 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{15028DC5-B542-4DCB-A43E-442AD28E870D} IRP_MJ_DEVICE_CONTROL 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{15028DC5-B542-4DCB-A43E-442AD28E870D} IRP_MJ_INTERNAL_DEVICE_CONTROL 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{15028DC5-B542-4DCB-A43E-442AD28E870D} IRP_MJ_CLEANUP 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{15028DC5-B542-4DCB-A43E-442AD28E870D} IRP_MJ_PNP 862581D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 862E4580
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 862E4580
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 862E4580
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 862E4580
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 862E4580
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 862E4580
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862E4580
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 862E4580
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 862E4580
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 862E4580
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 862E4580
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8657D1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 862E4580
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 862E4580
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 862E4580
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 862E4580
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 862E4580
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 862E4580
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 862E4580
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 862E4580
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 862E4580
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 862E4580
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 862E4580
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 8657D1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 8657B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 8657B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 8657B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8657B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 8657B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 8657B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 8657B1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8657B1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8657B1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8657B1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8657B1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8657B1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8657B1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8657B1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8657B1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8657B1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8657B1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8657B1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8657B1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8657B1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8657B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 8657B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 8657B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 8657B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 8657B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 8657B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 8657B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 8657B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_PNP 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CREATE 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_READ 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_WRITE 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CLEANUP 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_POWER 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SYSTEM_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_PNP 8657D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CD7F7918-14D9-4210-9529-1981164C5C49} IRP_MJ_CREATE 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CD7F7918-14D9-4210-9529-1981164C5C49} IRP_MJ_CLOSE 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CD7F7918-14D9-4210-9529-1981164C5C49} IRP_MJ_DEVICE_CONTROL 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CD7F7918-14D9-4210-9529-1981164C5C49} IRP_MJ_INTERNAL_DEVICE_CONTROL 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CD7F7918-14D9-4210-9529-1981164C5C49} IRP_MJ_CLEANUP 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CD7F7918-14D9-4210-9529-1981164C5C49} IRP_MJ_PNP 862581D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 862581D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 862581D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 862581D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 862581D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 862581D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{719E190F-96CA-4B57-9152-2180E37F471B} IRP_MJ_CREATE 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{719E190F-96CA-4B57-9152-2180E37F471B} IRP_MJ_CLOSE 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{719E190F-96CA-4B57-9152-2180E37F471B} IRP_MJ_DEVICE_CONTROL 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{719E190F-96CA-4B57-9152-2180E37F471B} IRP_MJ_INTERNAL_DEVICE_CONTROL 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{719E190F-96CA-4B57-9152-2180E37F471B} IRP_MJ_CLEANUP 862581D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{719E190F-96CA-4B57-9152-2180E37F471B} IRP_MJ_PNP 862581D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 862581D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 862581D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 862581D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 862581D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 862581D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 862581D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 8630F990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 8630F990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 8630F990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8630F990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 8630F990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 8630F990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 8630F990
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 8630F990
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 8630F990
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 8630F990
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8630F990
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 8630F990
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 8630F990
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP 8630F990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85FD51D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE 863B3990
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLOSE 863B3990
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 863B3990
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 863B3990
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_POWER 863B3990
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 863B3990
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_PNP 863B3990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85FD51D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85FD51D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8657D1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8657D1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8657D1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8657D1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8657D1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8657D1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8657D1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8657D1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8657D1D8
Device \Driver\a93ap985 \Device\Scsi\a93ap9851Port2Path0Target0Lun0 IRP_MJ_CREATE 86371990
Device \Driver\a93ap985 \Device\Scsi\a93ap9851Port2Path0Target0Lun0 IRP_MJ_CLOSE 86371990
Device \Driver\a93ap985 \Device\Scsi\a93ap9851Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86371990
Device \Driver\a93ap985 \Device\Scsi\a93ap9851Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86371990
Device \Driver\a93ap985 \Device\Scsi\a93ap9851Port2Path0Target0Lun0 IRP_MJ_POWER 86371990
Device \Driver\a93ap985 \Device\Scsi\a93ap9851Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86371990
Device \Driver\a93ap985 \Device\Scsi\a93ap9851Port2Path0Target0Lun0 IRP_MJ_PNP 86371990
Device \Driver\a93ap985 \Device\Scsi\a93ap9851 IRP_MJ_CREATE 86371990
Device \Driver\a93ap985 \Device\Scsi\a93ap9851 IRP_MJ_CLOSE 86371990
Device \Driver\a93ap985 \Device\Scsi\a93ap9851 IRP_MJ_DEVICE_CONTROL 86371990
Device \Driver\a93ap985 \Device\Scsi\a93ap9851 IRP_MJ_INTERNAL_DEVICE_CONTROL 86371990
Device \Driver\a93ap985 \Device\Scsi\a93ap9851 IRP_MJ_POWER 86371990
Device \Driver\a93ap985 \Device\Scsi\a93ap9851 IRP_MJ_SYSTEM_CONTROL 86371990
Device \Driver\a93ap985 \Device\Scsi\a93ap9851 IRP_MJ_PNP 86371990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 85996990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 85996990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 85996990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 85996990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 85996990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 85996990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 85996990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 85996990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 85996990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 85996990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 85996990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 85996990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 85996990

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE

---- EOF - GMER 1.0.12 ----

Quote:

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2006-11-30 10:38:19
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = c:\windows\system32\userinit.exe,"c:\windows\siemenspad.exe",

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AcrSch2Svc /*Acronis Scheduler2 Service*/@ = "C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
btwdins /*Bluetooth Service*/@ = C:\Programmi\Bluetooth Software\bin\btwdins.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run@QuickTime Task = "C:\Programmi\QuickTime\qttask.exe" -atboottime

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RMClockC:\Programmi\RMClock\RMClock.exe = C:\Programmi\RMClock\RMClock.exe
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{23170F69-40C1-278A-1000-000100020000} /*7-Zip Shell Extension*/C:\Programmi\7-Zip\7-zip.dll = C:\Programmi\7-Zip\7-zip.dll
@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} /*ZipGenius Shell Extension*/C:\PROGRA~1\ZIPGEN~1\contmenu.dll = C:\PROGRA~1\ZIPGEN~1\contmenu.dll
@{2E5AC2E0-406D-11D4-86B3-FA5861508E25} /*ZipGenius Zip InfoTip*/C:\PROGRA~1\ZIPGEN~1\zgtips.dll = C:\PROGRA~1\ZIPGEN~1\zgtips.dll
@{310A0C95-EA11-42AE-A8E4-53E69E650310} /*ZipGenius Drop handler*/C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL = C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL
@{FE8D01BF-610A-4261-9C6E-32D65A42C907} /*ZipGenius DnD Extract handler*/C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL = C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\system32\btneighborhood.dll = C:\WINDOWS\system32\btneighborhood.dll
@{8903F6C9-25E3-40AC-A98F-E6D35CD0469C} /*PSPad*/C:\PROGRA~1\PSPADE~1\PSPADS~1.DLL = C:\PROGRA~1\PSPADE~1\PSPADS~1.DLL
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{D3796116-94D3-4009-96D7-51578411CC7D} /*Outpost Shell Extension*/C:\PROGRA~1\Agnitum\OUTPOS~1.0\oshdlr.dll /*file not found*/ = C:\PROGRA~1\Agnitum\OUTPOS~1.0\oshdlr.dll /*file not found*/
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{506F4668-F13E-4AA1-BB04-B43203AB3CC0} /*{506F4668-F13E-4AA1-BB04-B43203AB3CC0}*/C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL = C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL
@{D66DC78C-4F61-447F-942B-3FB6980118CF} /*{D66DC78C-4F61-447F-942B-3FB6980118CF}*/C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL = C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Programmi\7-Zip\7-zip.dll
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
BCShellEx@{B22A40F0-BD69-11D3-8D28-006097C82E57} = C:\Programmi\Beyond Compare 2\BCShellEx.dll
PSPad@{8903F6C9-25E3-40AC-A98F-E6D35CD0469C} = C:\PROGRA~1\PSPADE~1\PSPADS~1.DLL
ZipGenius 6@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\PROGRA~1\ZIPGEN~1\contmenu.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Programmi\7-Zip\7-zip.dll
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
BCShellEx@{B22A40F0-BD69-11D3-8D28-006097C82E57} = C:\Programmi\Beyond Compare 2\BCShellEx.dll
ZipGenius 6@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\PROGRA~1\ZIPGEN~1\contmenu.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\BCShellEx@{B22A40F0-BD69-11D3-8D28-006097C82E57} = C:\Programmi\Beyond Compare 2\BCShellEx.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15028DC5-B542-4DCB-A43E-442AD28E870D} /*Connessione alla rete locale (LAN) 2*/ >>>
@IPAddress10.0.0.5 = 10.0.0.5
@NameServer212.216.112.112,212.216.172.62 = 212.216.112.112,212.216.172.62
@DefaultGateway10.0.0.2 = 10.0.0.2
@Domain =

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = BTTray.lnk

---- EOF - GMER 1.0.12 ----

C'è da aggiungere che usando Hijackthis ho già cancellato un paio di voci definite sospette ma ad esempio l'account dalla cartella Documents and settings non ne vuol sapere di scomparire

[bReAkDoWn]

Intanto questo mi suona un pò strano:
c:\windows\siemenspad.exe
Puoi provare a farlo esaminare su www.virustotal.com
E nel caso provare a rimuoverlo con un tool tipo killbox e simili
Inoltre facendo esegui -> services.msc hai dei servizi che nel campo connessione presentano i nomi degli utenti casuali creati dal malware?
Se sì guarda nelle loro proprietà il nome del file ed eliminalo con:
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP

Fammi sapere come procede la cosa.

[Methis]

Dunque ho eliminato fisicamente il file siemenspad.exe, poi nei servizi ne ho trovato uno richiamato giusto dall'utente carogna: disabilitato, ho cancellato il relativo file e l'account e relative cartelle in documents and settings che ora non si ricrea più all'avvio...rimane solo la voce nei servizi ancora presente..come elimino anche quella?

Cmq grazie....mi hai risparmiato un format...almeno spero!

[bReAkDoWn]

Quote:

Originariamente inviato da Methis

Dunque ho eliminato fisicamente il file siemenspad.exe, poi nei servizi ne ho trovato uno richiamato giusto dall'utente carogna: disabilitato, ho cancellato il relativo file e l'account e relative cartelle in documents and settings che ora non si ricrea più all'avvio...rimane solo la voce nei servizi ancora presente..come elimino anche quella?

Cmq grazie....mi hai risparmiato un format...almeno spero!

da prompt dei comandi (start -> esegui -> cmd) digita sc delete nomeservizio
Prova in questo modo.

[Methis]

Fatto...grazie...solo che ora Ewido mi trova un altro trojan (avevo fatto la scansione giusto 2 giorni fa!)....comincio a dubitare seriamente di firefox poichè sull'altro pc connesso al router, e con le stesse impostazioni firewall quindi, mia sorella che usa IE non si è presa un bel niente!

Dite che sia il caso di aggiungere un firewall software.....e soprattutto, visto che ho convissuto un bel pò di tempo con Gromozon ed il servizio di memorizzazione password fallato di Firefox, di cambiare le password sensibili?

[bReAkDoWn]

Quote:

Originariamente inviato da Methis

Fatto...grazie...solo che ora Ewido mi trova un altro trojan (avevo fatto la scansione giusto 2 giorni fa!)....comincio a dubitare seriamente di firefox poichè sull'altro pc connesso al router, e con le stesse impostazioni firewall quindi, mia sorella che usa IE non si è presa un bel niente!

Dite che sia il caso di aggiungere un firewall software.....e soprattutto, visto che ho convissuto un bel pò di tempo con Gromozon ed il servizio di memorizzazione password fallato di Firefox, di cambiare le password sensibili?

Che trojan è e dove lo ha trovato?
Per quanto riguarda Grom, almeno per ora, le pw non le ha mai rubate, e sinceramente non conosco i dettagli della vulnerabilità di firefox. Comunque cambiare le pw sensibili male non può fare, a parte la scocciatura di doverlo fare
Infine, il firewall software, essendo dietro a router non ti servirebbe per evitare di prendere infezioni, quanto piuttosto per scovarne qualcuna eventualmente presa che stesse cercando di comunicare con l'esterno.

[Methis]

Quote:

Originariamente inviato da bReAkDoWn

Che trojan è e dove lo ha trovato?

Beh ho dimenticato il nome e la directory!

Ho installato Ashampoo e mi sembra carino e non molto invadente (10-11mb...ce ne sono di più leggeri?), anche perchè sul router imposto le porte e gli IP della LAN ma non le singole applicazioni di in e out, cosa che mi consente di fare un firewall software.

Grazie cmq....sembrerebbe risolto

[bReAkDoWn]

Quote:

Originariamente inviato da Methis

Beh ho dimenticato il nome e la directory!

Ho installato Ashampoo e mi sembra carino e non molto invadente (10-11mb...ce ne sono di più leggeri?), anche perchè sul router imposto le porte e gli IP della LAN ma non le singole applicazioni di in e out, cosa che mi consente di fare un firewall software.

Grazie cmq....sembrerebbe risolto

Non pretendevo lo ricordassi a memoria Magari guardando nel log o registro del programma che hai usato per rimuoverlo..
Comunque non dovrebbe essere importante, perchè i log che ho visto, a parte siemenspad e i servizi che hai rimosso, erano puliti, quindi suppongo che quel trojan fosse perlomeno inattivo. Non credo tu lo abbia beccato nell'intervallo fra i log che hai fatto e la scansione con ewido..
Ashampoo non l'ho mai provato, bisognerebbe guardare qualche thread sui firewall.. ciao!