Qualcosa mi ha disinstallato avast e spybot....

di **gufo** » 09/01/07 12:30

Salve!
Da stamattina ho avast e spybot fuori uso!
Ho provato a reinstallare avast, finita la procedura e riavviato il pc, cerco di farlo partire da start/programmi ma mi dice "ricerca di ashAvast.exe in corso....successivamente...il colegamento a cui fa riferimento è stato modificato o spostato. Il collegamento non funzionerà più correttamente. Elemento più vicino in base a dimensioni, data e tipo: C:\lo516534966.exe. Correggere il collegamento in modo che faccia riferimento a questo elemento oppure eliminarlo?"
Se scelgo elimina non parte, se scelgo correggi mi dà errore....
Non so che fare!
Tra l'altro mi pare strano, visto che io ho il S.O. in D che mi dice che l'elemento più vicino è in C.....

Vi posto il log di hijackthis per vedere se c'è qcosa che nn va....

Grazie in anticipo a chi vorrà consigliarmi!

Logfile of HijackThis v1.99.1
Scan saved at 12.29.06, on 09/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
D:\Programmi\MSN Messenger\MsnMsgr.Exe
D:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\WinRAR\WinRAR.exe
D:\DOCUME~1\orli\IMPOST~1\Temp\Rar$EX00.953\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infojobs.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OpwareSE2] "D:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = D:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://D:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://D:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://D:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://D:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B61A87A0-5BB9-4F4A-AF36-D3DADC96DB47}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

di **(b)ananartista** » 09/01/07 12:55

ma sbaglio o stai avendo il mio stesso problema?

finalmente credo che siamo riusciti a risolverlo,
luke ha detto che si trattava di un malefico rootkit.

ma cos'è una nuova epidemia?

di **gufo** » 09/01/07 16:13

Ciao (b)ananartista!!!
Non so se il tuo problema e il mio siano gli stessi....le voci che luke ti diceva di fixare sul mio nn le trovo...
Cmq credo sia qcosa di simile!

Spero che Luke o Andorra (che mi ha già risolto due problemi....sia beata) riescano a dirmi qcosa di più preciso....

Un saluto, gufo

di **Luke57** » 09/01/07 16:31

Ciao, scarica Gmer da qui: http://www.majorgeeks.com/GMER_d5198.html
scompatta il file .zip e avvia gmer.exe.
Per entrare in Avanzate premi il tab>>>>. Poi scegli il tab Rootkit, lascia le impostazioni di default, metti la spunta alla casella ADS, fai uno Scan completo. Chiudi, prima dello scan, tutti i programmi e le applicazioni aperti.
Al termine, premi il tasto Copy e incolla il report in un foglio di testo.
Sempre con Gmer ti sposti sul tab Autostart (non spuntare la casella show all), premi Scan. Al termine dello scan, premi Copy. Incolli il report nel foglio precedentemente salvato e poi incolli i due report in un post nel forum.

di **gufo** » 09/01/07 17:06

Ciao Luke,
innanzitutto grazie per la risposta e l'interesse.....
In secondo luogo una precisazione: ho fatto ciò che mi hai detto salvando i report e mi sono accorto (dall'alto della mia ignoranza in materia) che mi dà qcosa anche riguardo al disco C che è una partizione dove avevo il SO prima che un bel giorno nn mi partisse più il pc e fossi costretto a reinstallare Xp sulla partizione D! Non ho formattato iol disco C qdi c'è ancora il residuo SO che tuttavia nn mi parte più.
Tutto ciò solo per maggior chiarezza!

Incollo l'enorme quantità di roba che mi ha tirato fuori Gmer...
Grazie ancora,gufo..

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-09 16:56:57
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \??\D:\Documents and Settings\orli\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT \??\D:\Documents and Settings\orli\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\D:\Documents and Settings\orli\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT kl1.sys ZwOpenFile
SSDT \??\D:\Documents and Settings\orli\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\D:\Documents and Settings\orli\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\D:\Documents and Settings\orli\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation

SYSENTER \??\D:\WINDOWS\system32:lzx32.sys F6D3CB83

Code \??\D:\WINDOWS\system32:lzx32.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!Kei386EoiHelper + 4F5 804DFDF0 3 Bytes [ 51, 8D, 6D ]
.text tcpip.sys!IPTransmit + 10B7 F6C90CFA 6 Bytes CALL F6D3E94C \??\D:\WINDOWS\system32:lzx32.sys
.text tcpip.sys!IPTransmit + 24D9 F6C9211C 6 Bytes CALL F6D3E94C \??\D:\WINDOWS\system32:lzx32.sys
.text tcpip.sys!IPTransmit + 4662 F6C942A5 6 Bytes CALL F6D3E94C \??\D:\WINDOWS\system32:lzx32.sys
.text wanarp.sys F863A3FD 7 Bytes CALL F6D3E956 \??\D:\WINDOWS\system32:lzx32.sys

---- Processes - GMER 1.0.12 ----

Process D:\WINDOWS\system32\wintems.exe (*** hidden *** ) 196
Process D:\WINDOWS\system32\hldrrr.exe (*** hidden *** ) 1824

---- Services - GMER 1.0.12 ----

Service D:\WINDOWS\system32:lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\da.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\de.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\en.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\es.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\fi.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\fr.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\it.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\ja.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\ko.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\nb.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\nl.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\ru.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\sv.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\zh_CN.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\zh_TW.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\da.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\de.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\en.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\fi.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\fr.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\it.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\ja.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\ko.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\nb.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\nl.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\ru.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\zh_CN.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\zh_TW.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\plugins\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\WINDOWS\Installer\{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\iTunes\SC Info\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\iTunes\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Config.Msi\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@hldrrr D:\WINDOWS\system32\hldrrr.exe
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@hldrrr D:\WINDOWS\system32\hldrrr.exe
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386\Security
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386\Enum
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386\Security
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386\Security
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386\Enum
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Checked 1
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Uine Fhaaluine freivmv ?abyrttvb nhgb.hey 0x13 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\RhebZRGRB - Cerivfvbav zrgrb Uine, Pebnmvn.hey 0x13 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_HVGBBYONE:0k1,2000 0x98 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_HVGBBYONE:0k4,2000 0x98 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\qvtvgnyr greerfger obk - Qrpbqre - Xryxbb - cermmv, bssregr, bppnfvbav r fpbagv.hey 0x3E 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\FXL Yvsr.hey 0x48 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Ivehfyvfg.pbz - Gebwna-Pyvpxre.Jva32.Fznyy.xw.hey 0x45 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Jvaqbjf Yvir Zrffratre.hey 0xB9 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Fcrrqgrfg - Nyxra.ay Grfg lbhe vagrearg pbaarpgvba fcrrq, cnegvphyneyl hfrshy sbe grfgvat Yrnfrq Yvar, NQFY naq Pnoyr yvar fcrr.hey 0x58 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Xngnjro Ynibeb.hey 0x95 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Qverggn - Pbccn Qnivf - Eboerqb G.-Ibynaqev S. - Graavf - Fcbegvgnyvn.hey 0x51 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Ubzr Cntr qryyn INETNENTR.hey 0x56 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Vzcbffvovyr gebiner vy freire.hey

di **gufo** » 09/01/07 17:27

Se può servirti, questo è il log con la spunta al solo disco D:

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-09 17:24:32
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \??\D:\Documents and Settings\orli\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT \??\D:\Documents and Settings\orli\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\D:\Documents and Settings\orli\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT kl1.sys ZwOpenFile
SSDT \??\D:\Documents and Settings\orli\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\D:\Documents and Settings\orli\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\D:\Documents and Settings\orli\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation

SYSENTER \??\D:\WINDOWS\system32:lzx32.sys F6D3CB83

Code \??\D:\WINDOWS\system32:lzx32.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!Kei386EoiHelper + 4F5 804DFDF0 3 Bytes [ 51, 8D, 6D ]
.text tcpip.sys!IPTransmit + 10B7 F6C90CFA 6 Bytes CALL F6D3E94C \??\D:\WINDOWS\system32:lzx32.sys
.text tcpip.sys!IPTransmit + 24D9 F6C9211C 6 Bytes CALL F6D3E94C \??\D:\WINDOWS\system32:lzx32.sys
.text tcpip.sys!IPTransmit + 4662 F6C942A5 6 Bytes CALL F6D3E94C \??\D:\WINDOWS\system32:lzx32.sys
.text wanarp.sys F863A3FD 7 Bytes CALL F6D3E956 \??\D:\WINDOWS\system32:lzx32.sys

---- Processes - GMER 1.0.12 ----

Process D:\WINDOWS\system32\wintems.exe (*** hidden *** ) 196
Process D:\WINDOWS\system32\hldrrr.exe (*** hidden *** ) 1824

---- Services - GMER 1.0.12 ----

Service D:\WINDOWS\system32:lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\da.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\de.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\en.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\es.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\fi.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\fr.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\it.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\ja.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\ko.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\nb.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\nl.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\ru.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\sv.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\zh_CN.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdate.Resources\zh_TW.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\da.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\de.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\en.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\fi.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\fr.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\it.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\ja.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\ko.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\nb.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\nl.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\ru.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\zh_CN.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\SoftwareUpdateFiles.Resources\zh_TW.lproj\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Programmi\Apple Software Update\plugins\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\WINDOWS\Installer\{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\iTunes\SC Info\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\iTunes\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@D:\Config.Msi\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@hldrrr D:\WINDOWS\system32\hldrrr.exe
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@hldrrr D:\WINDOWS\system32\hldrrr.exe
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386\Security
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386\Enum
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386\Security
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386\Security
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Checked 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386\Enum
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Start 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ErrorControl 0
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ImagePath \??\D:\WINDOWS\system32:lzx32.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@DisplayName Win23 lzx files loader
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Group Base
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@ExtParam 0x7F 0xCB 0x3D 0xAD ...
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\pe386@Checked 1
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Uine Fhaaluine freivmv ?abyrttvb nhgb.hey 0x13 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\RhebZRGRB - Cerivfvbav zrgrb Uine, Pebnmvn.hey 0x13 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_HVGBBYONE:0k1,2000 0x98 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_HVGBBYONE:0k4,2000 0x98 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\qvtvgnyr greerfger obk - Qrpbqre - Xryxbb - cermmv, bssregr, bppnfvbav r fpbagv.hey 0x3E 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\FXL Yvsr.hey 0x48 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Ivehfyvfg.pbz - Gebwna-Pyvpxre.Jva32.Fznyy.xw.hey 0x45 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Jvaqbjf Yvir Zrffratre.hey 0xB9 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Fcrrqgrfg - Nyxra.ay Grfg lbhe vagrearg pbaarpgvba fcrrq, cnegvphyneyl hfrshy sbe grfgvat Yrnfrq Yvar, NQFY naq Pnoyr yvar fcrr.hey 0x58 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Xngnjro Ynibeb.hey 0x95 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Qverggn - Pbccn Qnivf - Eboerqb G.-Ibynaqev S. - Graavf - Fcbegvgnyvn.hey 0x51 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Ubzr Cntr qryyn INETNENTR.hey 0x56 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_EHACVQY:%pfvqy6%\Vzcbffvovyr gebiner vy freire.hey 0x56 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1085031214-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count@HRZR_HVGBBYONE:0k1,123 0xD9 0x00 0x00 0x00 ...
Reg \

di **gufo** » 09/01/07 17:44

scusa luke ma ho notato che sul forum potrebbe nn passarti tutto perchè il documento word sul quale ho salvato i report contiene parecchie altre stringhe che qui non compaiono! Forse è troppo lungo!!
Che faccio? Devo passartelo spezzettato o cosa?

Saluti, gufo

di **Luke57** » 09/01/07 17:57

Ciao, per adesso scarica questo tool, avvialo e segui le istruzioni:
http://www.suspectfile.com/upload/fi...s/Rustbfix.exe
posta il report del programma.

Fatto ciò, posta anche il log di Gmer dalla posizione autostart (non spuntare la casella show all), sei infetto da due rootkit, addirittura.

di **gufo** » 09/01/07 18:51

Luke nn mi carica la pagina...mi dice "errore 404" ind. nn trovato....vado alla home ma poi non so cosa devo scaricare nella fattispecie...

di **gufo** » 09/01/07 19:01

Ho provato anche ad immettere solo questo http://www.suspectfile.com/upload/ ma mi dà una pagina completamente bianca!

Ps mi consola il fatto che non sia uno ma siano due i rootkit....così si fanno compagnia!!!! scherzi a parte.....Aiutoooooo!!!!

di **gufo** » 09/01/07 19:53

Ok...ho scaricato rustbfix.exe da un altro sito e ho fatto il log.
Copio e incollo sia quello sia quello di avenger che mi ha fatto insieme e alla fine quello di gmer dalla posizione autostart.

Grazie ancora per la pazienza!

************************ Rustock.b-fix -- By ejvindh *************************
09/01/2007 19.44.34,89

******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....

Rustock.b-ADS attached to the System32-folder:
:lzx32.sys 68944
Total size: 68944 bytes.
Attempting to remove ADS...
system32: deleted 68944 bytes in 1 streams.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32

******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32

******************************* End of Logfile ********************************

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nuqiofhd

*******************

Script file located at: \??\D:\WINDOWS\igyxhkfx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program D:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-09 19:49:19
Windows 5.1.2600 Service Pack 2

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = D:\WINDOWS\SYSTEM32\Userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
MDM /*Machine Debug Manager*/@ = "D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@OpwareSE2"D:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" = "D:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
@NeroFilterCheckD:\WINDOWS\system32\NeroCheck.exe = D:\WINDOWS\system32\NeroCheck.exe
@2kadiras2kadiras.exe = 2kadiras.exe
@9xadiras9xadiras.exe /*file not found*/ = 9xadiras.exe /*file not found*/
@avast!D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/ = D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/
@hldrrrD:\WINDOWS\system32\hldrrr.exe = D:\WINDOWS\system32\hldrrr.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MsnMsgr"D:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "D:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@hldrrrD:\WINDOWS\system32\hldrrr.exe = D:\WINDOWS\system32\hldrrr.exe
@drvsyskitD:\Documents and Settings\orli\Dati applicazioni\hidires\hidr.exe = D:\Documents and Settings\orli\Dati applicazioni\hidires\hidr.exe
@german.exeD:\WINDOWS\system32\wintems.exe = D:\WINDOWS\system32\wintems.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/D:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = D:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/D:\Programmi\Microsoft Office\OFFICE11\msohev.dll = D:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\Programmi\WinRAR\rarext.dll = D:\Programmi\WinRAR\rarext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/D:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = D:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/D:\Programmi\Alwil Software\Avast4\ashShell.dll = D:\Programmi\Alwil Software\Avast4\ashShell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = D:\Programmi\Alwil Software\Avast4\ashShell.dll
moveonboot_delete@{12B23346-6BD8-4812-BF8C-75E7C386ACB8} = D:\Programmi\GiPo@Utilities\GiPo@MoveOnBoot\mboot.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = D:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}D:\PROGRA~1\SPYBOT~1\SDHelper.dll = D:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = D:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.msn.com = http://www.msn.com
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.infojobs.it/ = http://www.infojobs.it/
@Local PageD:\WINDOWS\system32\blank.htm = D:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = D:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = D:\WINDOWS\system32\msvidctl.dll
its@CLSID = D:\WINDOWS\system32\itss.dll
livecall@CLSID = D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = D:\WINDOWS\system32\itss.dll
ms-itss@CLSID = D:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = D:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = D:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = D:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = D:\WINDOWS\system32\wiascr.dll

D:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
DSLMON.lnk = DSLMON.lnk

---- EOF - GMER 1.0.12 ----

di **Luke57** » 09/01/07 21:32

Ciao, scusa per il link errato, di solito verifico prima di postare,fino ad oggi ovviamente

scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr

folders to delete:
D:\Documents and Settings\orli\Dati applicazioni\hidires

files to delete:
D:\WINDOWS\system32\wintems.exe
D:\WINDOWS\system32\hldrrr.exe

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Al riavvio, apri il registro di sistema:
start>esegui>regedit (lo copi nello spazio)>OK
Aperto l’editor del registro ,per prima cosa fai una copia del registro stesso, da File>Esporta, nella finestra Intervallo di esportazione che si apre spunti l’opzione Tutto, dai un nome al file .reg, tipo Salvataggio registro e lo salvi in una cartella permanente del disco fisso (in caso di problemi, speriamo di no, potrai ripristinare la copia del registro con un doppio click su tale file che avrai cura di conservare per qualche giorno)

Fatto ciò, cliccando sul segno + accanto alle singole voci segui questo percorso:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run, click sulla cartella Run, dovresti trovare sulla parte destra queste voci:
hldrrr D:\WINDOWS\system32\hldrrr.exe
drvsyskit D:\Documents and Settings\orli\Dati applicazioni\hidires\hidr.exe
german.exe D:\WINDOWS\system32\wintems.exe
Click tasto dx su ognuna di esse e scegli Elimina.
Se non trovi queste voci , sempre nell’editor del registro, le cerchi da Modifica>Trova; nello spazio della finestrella che si apre scrivi
Hldrr.exe e se trovi la voce la elimini con la solita procedura (tasto dx sulla voce e scegli Elimina).
Continua la ricerca premendo il tasto f3, fino a che un messaggio non ti avvisa che la ricerca è finita.
Fatto ciò, ricerchi
german.exe
e poi ancora
drvsyskit
ogni voce trovata la elimini con la solita procedura.

Posta poi il log di Avenger che troverai in C:/avenger.txt) con l´esito dello script
e fai una nuocva scansione con Gmer dalla posizione Rootkit, postando il relativo report.

di **gufo** » 09/01/07 22:34

Ho fatto...ecco i risultati!

Nn preoccuparti per il link...ci mancherebbe!!!

Ps è tutto a posto o devo fare altro?? Pps ma come diavolo si prendono questi rootkit?
Un saluto e ancora grazie, gufo

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dlfuoydo

*******************

Script file located at: \??\D:\WINDOWS\clnmpcge.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

Folder D:\Documents and Settings\orli\Dati applicazioni\hidires deleted successfully.
File D:\WINDOWS\system32\wintems.exe deleted successfully.
File D:\WINDOWS\system32\hldrrr.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-09 22:27:03
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT kl1.sys ZwOpenFile

---- User code sections - GMER 1.0.12 ----

.text D:\Programmi\MSN Messenger\msnmsgr.exe[1756] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004E12D0 D:\Programmi\MSN Messenger\MsnMsgr.Exe

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Dr Watson\user.dmp:KAVICHS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\01\10-{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}-v1-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\11\306-{A71328A5-8D2D-45CD-881B-2261207623A3}-v11-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v306-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\11\306-{A71328A5-8D2D-45CD-881B-2261207623A3}-v11-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v306-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\15\42-{F9AF9917-FD0C-4A8B-BCE5-C464AE349354}-v15-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\15\42-{F9AF9917-FD0C-4A8B-BCE5-C464AE349354}-v15-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\16\40-{F9AF9917-FD0C-4A8B-BCE5-C464AE349354}-v16-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\16\40-{F9AF9917-FD0C-4A8B-BCE5-C464AE349354}-v16-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\17\41-{F9AF9917-FD0C-4A8B-BCE5-C464AE349354}-v17-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\17\41-{F9AF9917-FD0C-4A8B-BCE5-C464AE349354}-v17-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\19\249-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v119-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v249-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\19\249-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v119-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v249-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\23\38-{F9AF9917-FD0C-4A8B-BCE5-C464AE349354}-v23-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\23\38-{F9AF9917-FD0C-4A8B-BCE5-C464AE349354}-v23-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\25\36-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v25-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\25\36-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v25-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\29\43-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v29-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\29\43-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v29-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\31\46-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v31-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\31\46-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v31-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\34\52-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v34-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\34\52-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v34-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\34\52-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v34-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\34\52-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v34-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\34\53-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v34-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\34\53-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v34-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\34\53-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v34-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\34\53-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v34-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\36\65-{F9AF9917-FD0C-4A8B-BCE5-C464AE349354}-v36-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\36\65-{F9AF9917-FD0C-4A8B-BCE5-C464AE349354}-v36-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\47\49-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v47-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\47\49-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v47-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\47\49-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v47-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\59\307-{F9AF9917-FD0C-4A8B-BCE5-C464AE349354}-v59-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\59\307-{F9AF9917-FD0C-4A8B-BCE5-C464AE349354}-v59-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\67\239-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v67-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v239-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\67\239-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v67-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v239-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\72\241-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v72-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v241-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\72\241-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v72-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v241-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\74\244-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v74-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v244-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\74\244-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v74-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v244-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\74\244-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v74-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v244-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\74\280-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v74-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v280-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\74\280-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v74-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v280-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\76\240-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v76-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v240-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\76\240-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v76-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v240-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\76\240-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v76-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v240-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\76\261-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v76-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v261-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\76\261-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v76-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v261-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\79\242-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v79-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v242-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\79\242-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v79-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v242-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\79\242-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v79-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v242-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\79\262-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v79-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v262-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\79\262-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v79-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v262-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\81\246-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v81-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v246-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\81\246-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v81-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v246-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\83\247-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v83-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v247-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\83\247-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v83-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v247-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\83\247-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v83-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v247-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\83\281-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v83-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v281-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\83\281-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v83-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v281-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\87\245-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v87-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v245-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\87\245-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v87-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v245-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\90\282-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v90-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v282-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\90\282-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v90-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v282-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\90\282-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v90-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v282-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\90\295-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v90-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v295-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\90\295-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v90-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v295-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\95\301-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v95-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v301-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\win xp\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\camelia_h@msn.com\DFSR\Staging\CS{2F8AF08E-92DD-A9DB-A994-5F58C2675C9D}\95\301-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v95-{F5D2E0D8-C15D-41C0-8C03-D85E6AE6F721}-v301-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\orli\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\cambise.gianni@tiscali.it\DFSR\Staging\CS{AABF2B6A-3210-647C-D4A2-5C32F9857F6E}\01\10-{AABF2B6A-3210-647C-D4A2-5C32F9857F6E}-v1-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\orli\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\cambise.gianni@tiscali.it\DFSR\Staging\CS{AABF2B6A-3210-647C-D4A2-5C32F9857F6E}\12\12-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v12-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\orli\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\cambise.gianni@tiscali.it\DFSR\Staging\CS{AABF2B6A-3210-647C-D4A2-5C32F9857F6E}\12\12-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v12-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\orli\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\giannicroce_78@yahoo.it\DFSR\Staging\CS{8B393BBC-EDA1-B2DD-F262-44A5028665F1}\01\13-{8B393BBC-EDA1-B2DD-F262-44A5028665F1}-v1-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\orli\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\giannicroce_78@yahoo.it\DFSR\Staging\CS{8B393BBC-EDA1-B2DD-F262-44A5028665F1}\14\14-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v14-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\orli\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\giannicroce_78@yahoo.it\DFSR\Staging\CS{8B393BBC-EDA1-B2DD-F262-44A5028665F1}\14\14-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v14-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS D:\Documents and Settings\orli\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\giannicroce_78@yahoo.it\DFSR\Staging\CS{8B393BBC-EDA1-B2DD-F262-44A5028665F1}\14\14-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v14-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\orli\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\giannicroce_78@yahoo.it\DFSR\Staging\CS{8B393BBC-EDA1-B2DD-F262-44A5028665F1}\15\15-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v15-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS D:\Documents and Settings\orli\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\irrazionale@katamail.com\SharingMetadata\giannicroce_78@yahoo.it\DFSR\Staging\CS{8B393BBC-EDA1-B2DD-F262-44A5028665F1}\15\15-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v15-{2B20624F-446C-4128-BFB5-CE37769F1AD6}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.12 ----

di **Luke57** » 10/01/07 09:36

Ciao, Avenger è andato a buon fine. Dovresti aver risolto, almeno spero

di **gufo** » 10/01/07 10:36

Bdì Luke e grazie 1000!
Credo di aver risolto in effetti, anche perchè finalmente sono riuscito a reinstallare Avast!

Ancora grazie,
Gufo

Qualcosa mi ha disinstallato avast e spybot....

Qualcosa mi ha disinstallato avast e spybot....

Topic correlati a "Qualcosa mi ha disinstallato avast e spybot....":

Chi c’è in linea