MegaLab.it


http://www.megalab.it/forum/

Non accedo al pc in modalità provvisoria

./viewtopic.php?f=33&t=37468&start=0

Pagina 1 di 1

Non accedo al pc in modalità provvisoria

MessaggioInviato: dom dic 02, 2007 5:47 pm
da Mauretto37
Innanzitutto buonasera. Credo dopo attenta lettura, di avere preso Beagle durante il P2P su emule. Attualmente il pc si accende, ma non con consente l'avvio di windows xp neanche in modalità provvisoria. Ho letto varie soluzioni ma sul pc in uso e col quale sto scrivendo(diverso da quello infetto) non è montato il floppy per un eventuale boot. Come posso accedere al pc infetto?? Specifico che ho preventivamente effettuato una partizione sul pc infetto dove ho inserito un file immagine che però ghost non riesce a caricare. Help me please.... [cry+] [cry+] [cry+]

MessaggioInviato: dom dic 02, 2007 5:53 pm
da ste_95
Ciao,

Scarica Elibagla da qui e fai la scansione, quindi posta il contenuto del file C:\InfoSat.txt

MessaggioInviato: dom dic 02, 2007 5:58 pm
da crazy.cat
ste_95 ha scritto:Scarica Elibagla da qui e fai la scansione, quindi posta il contenuto del file C:\InfoSat.txt


dubito che possa farlo.
"ma non con consente l'avvio di windows xp neanche in modalità provvisoria"

Se riesci a prepararti questo cd, puoi lanciare la scansione con antivir pe e poi andare ad aprire il registro di configurazione di windows per rimuovere le chiavi infette.
http://www.MegaLab.it/2726

A quel punto dovresti poter recuperare il pc, male che vada recuperi almeno i tuoi dati.

MessaggioInviato: dom dic 02, 2007 6:10 pm
da Mauretto37
per ora grazie vedo cosa riesco a fare e vi faccio sapere.. [8)] Che voi sappiate non esiste un disco di boot al cui interno sia presente anche un remove beagle???

MessaggioInviato: dom dic 02, 2007 6:44 pm
da crazy.cat
direi di no.
Bagle è molto complesso e parecchio rognoso.
Con quel cd che ti ho suggerito ho avuto dei buoni risultati.

MessaggioInviato: lun dic 03, 2007 11:44 am
da Mauretto37
Scusami di nuovo, una volta avviato pebuilder, lo stesso comincia a copiare file nella cartella c:\megalabcd\bartpe. Conclusa l'operazione mi crea un file immagine pebuilder nella cartella c:\megalabcd. Potresti cortesemente spiegarmi cosa devo andare a masterizzare nel cd rom??? Grazie.. [cry] [cry] [cry]

MessaggioInviato: lun dic 03, 2007 1:09 pm
da crazy.cat
Avevi abilitato e aggiornato gli antivirus presenti (leggi l'articolo su come farlo)?

Devi masterizzare l'immagine iso, ma non come cd di dati ma deve venire un cd di boot?

che programma di masterizzazione hai?

MessaggioInviato: mar dic 04, 2007 8:03 pm
da Mauretto37
disco masterizzato. [^] Vediamo che succede.... [8)].Hai qualche dritta da darmi???

MessaggioInviato: mer dic 05, 2007 8:35 am
da crazy.cat
Lancia la scansione con antivir pe.
Già quello dovrebbe rimuovere parecchi problemi.

In questo post http://www.MegaLab.it/forum/viewtopic.php?t=34966
trovi le chiavi di registro
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
da andare a rimuovere con gli editor del registro che trovi sempre sul cd.

MessaggioInviato: sab dic 08, 2007 11:04 am
da Mauretto37
ho utilizzato l'utility ntfs, ora sono in modalità provvisoria, ho lanciato elibagle e non mi rileva nulla .[^] [^]. Cosa consigliate????
[boh] [boh] [boh]

MessaggioInviato: sab dic 08, 2007 12:20 pm
da crazy.cat
Che utility?
Mauretto37 ha scritto:ho utilizzato l'utility ntfs,


Hai usato il cd?

MessaggioInviato: sab dic 08, 2007 1:28 pm
da tecnico24
scarica il file Safeboot.zip dall indirizzo WEB http://www.didierstevens.com/files/data/SafeBoot.zip

estrai/scompatta l'archivio in una cartella a tua scelta ed esegui safeboot.reg

poi dai la conferma alla sua installazione nella schermata che apparira a video.

vedi se riesci a far partire la modalita' provvisoria e tienici informati;)

MessaggioInviato: sab dic 08, 2007 2:10 pm
da Mauretto37
sono entrato in modalità provvisoria, ho avviato elibagle e non mi ha dato file infetti, ho avviato search boot & destroy e mi ha rilevato file infetti, ho avviato gmer e mi ha trovato 2 file " rossi". Ho avviato anche hijacts. Di seguito i log di tutto. Ora ho un altro impiccio. [boh] L'hard disk è fisicamente composto da 250 Gb ma me ne riconosce solo 120?? Help help help [uhm] [uhm]


Sun Oct 07 12:51:21 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Sun Oct 07 12:51:32 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\m\m da eliminare come\FLEC006.EXE --> Eliminado Bagle.dldr

Sun Oct 07 13:13:03 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Oct 07 13:13:06 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad F:\

Sun Oct 07 13:13:51 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Oct 07 13:13:53 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Sun Oct 07 13:14:07 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Sun Oct 07 13:15:19 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Sun Oct 07 13:15:31 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Sun Oct 07 13:18:23 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Oct 07 13:18:37 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Sun Oct 07 13:21:47 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado

Sun Oct 07 13:22:22 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Oct 08 07:09:48 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Mon Oct 08 07:09:53 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Exploración Detenida por el Usuario.

Mon Oct 08 20:13:08 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Mon Oct 08 20:13:11 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Exploración Detenida por el Usuario.

Mon Oct 08 20:30:47 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Mon Oct 08 20:30:52 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Oct 08 21:08:43 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad F:\

Mon Oct 08 22:37:42 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Mon Oct 08 22:37:45 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Fri Oct 12 17:37:37 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Fri Oct 12 17:37:39 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Exploración Detenida por el Usuario.

Tue Oct 30 22:01:04 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\FLEC006.EXE.Muestra EliBagle v10.65
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\USER\DATI APPLICAZIONI\M\FLEC006.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\USER\DATI APPLICAZIONI\M\LIST.OCT --> Eliminado Bagle
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Tue Oct 30 22:01:41 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 1018
Nº Total de Ficheros: 9957
Nº de Ficheros Analizados: 504
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Tue Oct 30 22:02:17 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%AppData%\M"

Tue Oct 30 22:02:23 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 2757
Nº Total de Ficheros: 32061
Nº de Ficheros Analizados: 7202
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0

Tue Oct 30 22:06:33 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad F:\

Nº Total de Directorios: 705
Nº Total de Ficheros: 20928
Nº de Ficheros Analizados: 802
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Tue Oct 30 22:07:04 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 2757
Nº Total de Ficheros: 32061
Nº de Ficheros Analizados: 7202
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0

Tue Oct 30 22:07:25 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 2757
Nº Total de Ficheros: 32061
Nº de Ficheros Analizados: 7202
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0

Tue Oct 30 22:12:19 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado

Tue Oct 30 22:12:26 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 2745
Nº Total de Ficheros: 31909
Nº de Ficheros Analizados: 7187
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Oct 31 19:54:21 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Wed Oct 31 19:54:29 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad F:\

Nº Total de Directorios: 705
Nº Total de Ficheros: 20928
Nº de Ficheros Analizados: 802
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Nov 01 10:26:31 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Thu Nov 01 10:26:33 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 2747
Nº Total de Ficheros: 31342
Nº de Ficheros Analizados: 7185
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Nov 04 08:05:18 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Nov 04 08:05:21 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 2349
Nº Total de Ficheros: 21583
Nº de Ficheros Analizados: 2905
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Sun Nov 04 17:29:16 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Nov 04 17:29:24 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 2918
Nº Total de Ficheros: 32690
Nº de Ficheros Analizados: 7395
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Nov 04 17:31:07 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad F:\

Nº Total de Directorios: 921
Nº Total de Ficheros: 26425
Nº de Ficheros Analizados: 923
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Nov 07 21:01:30 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Wed Nov 07 21:01:33 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 2933
Nº Total de Ficheros: 33877
Nº de Ficheros Analizados: 7394
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Nov 07 21:03:18 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad F:\

Nº Total de Directorios: 924
Nº Total de Ficheros: 26467
Nº de Ficheros Analizados: 925
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Nov 16 18:56:44 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Fri Nov 16 18:56:47 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad F:\

Nº Total de Directorios: 838
Nº Total de Ficheros: 24405
Nº de Ficheros Analizados: 858
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Nov 16 18:57:18 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Fri Nov 16 18:57:19 2007
EliBagle v10.65 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 2840
Nº Total de Ficheros: 34095
Nº de Ficheros Analizados: 7315
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sat Dec 08 10:50:06 2007
EliBagle v10.77 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sat Dec 08 10:50:09 2007
EliBagle v10.77 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 2928
Nº Total de Ficheros: 35972
Nº de Ficheros Analizados: 7275
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sat Dec 08 10:51:19 2007
EliBagle v10.77 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 0
Nº Total de Ficheros: 0
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sat Dec 08 11:08:05 2007
EliBagle v10.77 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sat Dec 08 11:08:09 2007
EliBagle v10.77 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad F:\

Nº Total de Directorios: 924
Nº Total de Ficheros: 24680
Nº de Ficheros Analizados: 1061
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sat Dec 08 11:09:08 2007
EliBagle v10.77 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 2929
Nº Total de Ficheros: 35977
Nº de Ficheros Analizados: 7276
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0


Logfile of HijackThis v1.99.1
Scan saved at 11.31.04, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\antispy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O5 "LPT1:" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copia 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

ora provo a collegarmi col pc infetto [boh]

MessaggioInviato: sab dic 08, 2007 2:24 pm
da Mauretto37
eccomi qui
[applauso+]

MessaggioInviato: sab dic 08, 2007 2:28 pm
da Mauretto37
ripovato con gmer vi posto il log:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-08 14:29:31
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.13 ----

.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4968 12 Bytes [ F0, A1, DC, F1, 80, 04, DD, ... ]
? srescan.sys Impossibile trovare il file specificato.
.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4968 12 Bytes [ F0, A1, DC, F1, 80, 04, DD, ... ]

---- User code sections - GMER 1.0.13 ----

.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[472] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[472] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[472] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[472] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[656] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[656] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[656] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[656] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\csrss.exe[676] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\csrss.exe[676] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\csrss.exe[676] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\csrss.exe[676] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[804] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[804] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[804] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[804] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\RunDll32.exe[1232] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00A4200E
.text C:\WINDOWS\system32\RunDll32.exe[1232] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00A41DAF
.text C:\WINDOWS\system32\RunDll32.exe[1232] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00A41CF2
.text C:\WINDOWS\system32\RunDll32.exe[1232] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00A4191B
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[1380] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[1380] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[1380] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[1380] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[1400] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0113200E
.text C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[1400] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01131DAF
.text C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[1400] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01131CF2
.text C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[1400] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0113191B
.text C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1408] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00A1200E
.text C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1408] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00A11DAF
.text C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1408] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00A11CF2
.text C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1408] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00A1191B
.text C:\WINDOWS\explorer.exe[1412] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\explorer.exe[1412] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\explorer.exe[1412] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\explorer.exe[1412] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1584] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1584] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1584] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1584] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1644] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1644] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1644] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1644] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1948] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1948] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1948] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1948] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\ctfmon.exe[2168] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\ctfmon.exe[2168] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\ctfmon.exe[2168] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\ctfmon.exe[2168] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[2224] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 01C5200E
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[2224] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01C51DAF
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[2224] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01C51CF2
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[2224] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 01C5191B
.text C:\documents and settings\user\impostazioni locali\dati applicazioni\tlzynn.exe[2244] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\documents and settings\user\impostazioni locali\dati applicazioni\tlzynn.exe[2244] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\documents and settings\user\impostazioni locali\dati applicazioni\tlzynn.exe[2244] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\documents and settings\user\impostazioni locali\dati applicazioni\tlzynn.exe[2244] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text E:\Programs\nu2menu\nu2menu.exe[2260] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text E:\Programs\nu2menu\nu2menu.exe[2260] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text E:\Programs\nu2menu\nu2menu.exe[2260] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text E:\Programs\nu2menu\nu2menu.exe[2260] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe[2276] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0090200E
.text C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe[2276] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00901DAF
.text C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe[2276] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00901CF2
.text C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe[2276] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0090191B
.text C:\Programmi\VIA\RAID\raid_tool.exe[2336] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00B5200E
.text C:\Programmi\VIA\RAID\raid_tool.exe[2336] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00B51DAF
.text C:\Programmi\VIA\RAID\raid_tool.exe[2336] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00B51CF2
.text C:\Programmi\VIA\RAID\raid_tool.exe[2336] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00B5191B
.text C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe[2464] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe[2464] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe[2464] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe[2464] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Mozilla Firefox\firefox.exe[3192] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Mozilla Firefox\firefox.exe[3192] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Mozilla Firefox\firefox.exe[3192] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Mozilla Firefox\firefox.exe[3192] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Mozilla Firefox\firefox.exe[3192] WS2_32.dll!send 71A3428A 5 Bytes JMP 100030E6
.text C:\Programmi\Mozilla Firefox\firefox.exe[3192] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 100032CC
.text C:\Programmi\Mozilla Firefox\firefox.exe[3192] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 100035BC
.text C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe[3572] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe[3572] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe[3572] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe[3572] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text E:\Programs\nu2menu\nu2menu.exe[3608] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text E:\Programs\nu2menu\nu2menu.exe[3608] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text E:\Programs\nu2menu\nu2menu.exe[3608] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text E:\Programs\nu2menu\nu2menu.exe[3608] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text E:\Programs\nu2menu\nu2menu.exe[3620] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text E:\Programs\nu2menu\nu2menu.exe[3620] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text E:\Programs\nu2menu\nu2menu.exe[3620] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text E:\Programs\nu2menu\nu2menu.exe[3620] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text E:\Programs\nu2menu\nu2menu.exe[3660] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text E:\Programs\nu2menu\nu2menu.exe[3660] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text E:\Programs\nu2menu\nu2menu.exe[3660] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text E:\Programs\nu2menu\nu2menu.exe[3660] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3680] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3680] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3680] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3680] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F1DCE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F1DCEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F1DCEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F1DCEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F1DCEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F1DCE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F1DCEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F1DCEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F1DCE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F1DCEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F1DCEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F1DCEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F1DCEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F1DCEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F1DCE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F1DCEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F1DCE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F1DCEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F1DCEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F1DDBFB0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [F1DCEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [F1DCE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [F1DCEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [F1DCEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F1DC7570] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F1DC74C0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F1DC7670] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F1DC71D0] \SystemRoot\System32\vsdatant.sys

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [EFC77F76] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [EFC76812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [EFC76812] aswMon2.SYS

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F1DDB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F1DDB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F1DDB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F1DDB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F1DDB8A0] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F78FE2C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F78FE8E6] aswTdi.SYS

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F1DDB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F1DDB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F1DDB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F1DDB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F1DDB8A0] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F78FE2C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F78FE8E6] aswTdi.SYS

Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F1DDB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F1DDB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F1DDB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F1DDB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F1DDB8A0] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F78FE8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION

MessaggioInviato: sab dic 08, 2007 2:30 pm
da Mauretto37
---- Processes - GMER 1.0.13 ----

Process C:\documents and settings\user\impostazioni locali\dati applicazioni\tlzynn.exe (*** hidden *** ) 2244
Library C:\documents and settings\user\impostazioni locali\dati applicazioni\tlzynn.exe (*** hidden *** ) @ C:\documents and settings\user\impostazioni locali\dati applicazioni\tlzynn.exe [2244] 0x00400000

MessaggioInviato: sab dic 08, 2007 4:37 pm
da crazy.cat
Si continua qui
http://www.MegaLab.it/forum/viewtopic.php?t=37703
Tutti gli orari sono UTC + 1 ora [ ora legale ]
Pagina 1 di 1
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/