trojan.agent.wf

**Laplaciano** · 11-07-2006, 15:57

---- Modules - GMER 1.0.10 ----

Module _________ F73A0000

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\WINDOWS\khrvd1.dll
File C:\WINDOWS\system32\lpt7.wfv

---- EOF - GMER 1.0.10 ----

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-07-11 15:39:05
Windows 5.1.2600 Service Pack 2

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
ckpNotify@DLLName = ckpNotify.dll
IntelWireless@DLLName = C:\Programmi\Intel\Wireless\Bin\LgNotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\system32\lpt7.wfv

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ANSYS FLEXlm license manager /*ANSYS FLEXlm license manager*/@ = C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd .exe
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ccEvtMgr /*Symantec Event Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
ccProxy /*Symantec Network Proxy*/@ = "C:\Programmi\File comuni\Symantec Shared\ccProxy.exe"
ccSetMgr /*Symantec Settings Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
DataHistorian /*Data Historian*/@ = C:\PROGRA~1\GECONT~1\DATAHI~1\DataHistorian.exe
EvtEng /*EvtEng*/@ = C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Programmi\ewido anti-spyware 4.0\guard.exe
InCDsrv /*InCD Helper*/@ = C:\Programmi\Ahead\InCD\InCDsrv.exe
InCDsrvR /*InCD Helper (read only)*/@ = C:\Programmi\Ahead\InCD\InCDsrv.exe -r
ISSVC /*ISSvc*/@ = "C:\Programmi\Norton Internet Security\ISSVC.exe"
LexBceS /*LexBce Server*/@ = C:\WINDOWS\system32\LEXBCES.EXE
LkCitadelServer /*Lookout Citadel Server*/@ = C:\WINDOWS\system32\lkcitdl.exe
lkClassAds /*National Instruments PSP Server Locator*/@ = C:\WINDOWS\system32\lkads.exe
lkTimeSync /*National Instruments Time Synchronization*/@ = C:\WINDOWS\system32\lktsrv.exe
navapsvc /*Servizio Auto-Protect di Norton AntiVirus*/@ = "C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
NICCONFIGSVC /*NICCONFIGSVC*/@ = C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
NIDomainService /*National Instruments Domain Service*/@ = "C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe"
RegSrvc /*RegSrvc*/@ = C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
S24EventMonitor /*Spectrum24 Event Monitor*/@ = C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
SBService /*ScriptBlocking Service*/@ = C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
SNDSrvc /*Symantec Network Drivers Service*/@ = "C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe"
SPBBCSvc /*Symantec SPBBCSvc*/@ = "C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
SR_WatchDog /*Check Point SecuRemote WatchDog*/@ = C:\Programmi\CheckPoint\SecuRemote\bin\SR_WatchDog .exe
Symantec Core LC /*Symantec Core LC*/@ = C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
SymWSC /*SymWMI Service*/@ = "C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe"
SysEit /*SysEit*/@ = "C:\:ssv.exe"
TabletService /*TabletService*/@ = C:\WINDOWS\system32\Tablet.exe
WLANKEEPER /*WLANKEEPER*/@ = C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
wltrysvc /*Dell Wireless WLAN Tray Service*/@ = %SystemRoot%\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
@IntelZeroConfigC:\Programmi\Intel\Wireless\bin\ZC fgSvc.exe = C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
@IntelWirelessC:\Programmi\Intel\Wireless\Bin\ifrm ewrk.exe /tf Intel PROSet/Wireless = C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
@UnlockerAssistant"C:\Programmi\Unlocker\UnlockerA ssistant.exe" = "C:\Programmi\Unlocker\UnlockerAssistant.exe"
@!ewido"C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized = "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
@DLBTCATSrundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtim e.dll,_RunDLLEntry@16 = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtim e.dll,_RunDLLEntry@16

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
@Everyday Auto BackupC:\Programmi\Everyday Auto Backup\AutoBackup.exe /1 /*file not found*/ = C:\Programmi\Everyday Auto Backup\AutoBackup.exe /1 /*file not found*/
@BySoft FreeRAMC:\Programmi\BySoft FreeRAM\FreeRAM.exe = C:\Programmi\BySoft FreeRAM\FreeRAM.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run@WinUpdate.exe = C:\Programmi\Windows\WinUpdate.exe /*file not found*/

HKLM\Software\Classes\.scr@ = C:\WINDOWS\NOTEPAD.EXE "%1"

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/(null) =
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\Office\OFFICE11\MLSHEXT.DLL = C:\Office\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\Office\OFFICE11\OLKFSTUB.DLL = C:\Office\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Office\OFFICE11\msohev.dll = C:\Office\OFFICE11\msohev.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*AutoCAD Digital Signatures Icon Overlay Handler*/C:\WINDOWS\system32\AcSignIcon.dll = C:\WINDOWS\system32\AcSignIcon.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{6DEA92E9-8682-4b6a-97DE-354772FE5727} /*Autodesk DWF Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{950FF917-7A57-46BC-8017-59D9BF474000} /*Shell Extension for CDRW*/C:\Programmi\Ahead\InCD\incdshx.dll = C:\Programmi\Ahead\InCD\incdshx.dll
@{506F4668-F13E-4AA1-BB04-B43203AB3CC0} /*{506F4668-F13E-4AA1-BB04-B43203AB3CC0}*/C:\Office\Visio11\VISSHE.DLL = C:\Office\Visio11\VISSHE.DLL
@{D66DC78C-4F61-447F-942B-3FB6980118CF} /*{D66DC78C-4F61-447F-942B-3FB6980118CF}*/C:\Office\Visio11\VISSHE.DLL = C:\Office\Visio11\VISSHE.DLL
@{40950107-FEA6-4d53-A65F-B2DCBA57DD58} /*Nokia Phone Browser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{FBFE7864-D495-41f0-B7DC-4BB601CC295E} /*Contact View*/C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll
@{C0C4375A-5B72-4efe-929D-3B848C3A1E91} /*Message View*/C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll
@{EF479680-EA35-4EA9-B093-7114F3E3E0DA} /*Directory Lister*/C:\Programmi\Directory Lister\DirListerExt.dll = C:\Programmi\Directory Lister\DirListerExt.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll

Discussione: trojan.agent.wf

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio