MegaLab.it


http://www.megalab.it/forum/

problema windows...forse virus

./viewtopic.php?f=33&t=65065&start=0

Pagina 1 di 1

problema windows...forse virus

MessaggioInviato: ven giu 11, 2010 9:41 pm
da ivan92
sta sera stavo cercando in streaming la partita di calcio (che la rai non fa vedere) e alla fine ho trovato un sito...finita la partita vedendo che l'utilizzo del processore ara elecìvato sono andato sul task manager e ho cliccato sul bottone per visualizzare tutti i processi, il quale richiede le autorizzazioni da amministratore...ho riavviato ma il problema non si è risolto...ho provato anche con altri "link" che hanno bisogno delle autorizzazioni ma nulla...
ora quindi sono un po sospettoso...anche se l'antivirus non mi ha rilevato alcun virus..
grazie in anticipo per la disponibilità.

Re: problema windows...forse virus

MessaggioInviato: ven giu 11, 2010 10:13 pm
da farbix89
ivan92 ha scritto:sta sera stavo cercando in streaming la partita di calcio (che la rai non fa vedere)


Meglio stendere un velo pietoso [:p]

Tornando al reale problema,molto dipende da che tipo di streaming hai utilizzato.

direttamente nel browser o con programmi p2p appositi?

Il rischio malware o software non desiderati in autoavvio è molto elevato sui siti di streaming.

Un scansione in modalità provvisoria con l'antivirus è consigliabile(che antivirus usi?)

Re: problema windows...forse virus

MessaggioInviato: ven giu 11, 2010 11:27 pm
da markinson
In coda:
  • utilizzi programmi anti-malware con o senza protezione residente (tipo: SpywareTerminator, Malwarebytes, SpyBot)?
  • prova a fare una scansione con HijackThis - QUI un articolo di crazy.cat - e posta poi il log.

Re: problema windows...forse virus

MessaggioInviato: sab giu 12, 2010 12:21 pm
da ivan92
utilizzo kaspersky e ho anche malwarebytes,e non so perche ma non mi fa il log di hijackthis

Re: problema windows...forse virus

MessaggioInviato: sab giu 12, 2010 3:07 pm
da markinson
Guarda Ivan, la "sicurezza" non è proprio il mio forte (chissà qual è il mio forte ... [uhm] ... [bleh] ), comunque temo che tu ti sia beccato una variante di Bagle.
I sintomi sono quelli.
Leggi questo articolo (eccellente ... come al solito) di crazy.cat e ste_95: Il worm Bagle: nuova infezione e metodi di rimozione.
Perché penso che tu abbia Bagle?
Per questi motivi:
  • eri probabilmente in un ambito P2P --> dall'articolo citato --> "spargendo periodicamente la sua infezione attraverso le reti del P2P";
  • non riesci a far partire HijackThis --> sempre dall'articolo --> "i creatori del virus si sono fatti sempre più furbi arrivando a disabilitare, o danneggiare, tutti i software di protezione (firewall, antivirus, antispyware) e i vari tool utilizzati per scoprire e rimuovere il virus (come Hijackthis, Gmer, The avenger)".

Ora, il consiglio è quello di seguire tutto l'articolo, sebbene le parti più operative, nel tuo caso, credo siano queste:
  • Lo rimuovo con Findykill;
  • Gli altri tool --> "Come tool alternativi, se non funziona niente di quelli visti in precedenza, c'è l'Avira rescue CD oppure il MegaLabcd utility e la rimozione manuale dei file infetti e delle chiavi di registro create dal virus."

Re: problema windows...forse virus

MessaggioInviato: sab giu 12, 2010 8:26 pm
da ivan92
ho fatto come scritto nell'articolo ma il problema non si è ancora risolto...grazie comunque per l'ottima spiegazione.

Re: problema windows...forse virus

MessaggioInviato: sab giu 12, 2010 11:40 pm
da markinson
Mi dispiace che tu non abbia risolto.

Hai provato anche con un live CD antivirus?
Qualche possibilità:

Re: problema windows...forse virus

MessaggioInviato: dom giu 13, 2010 9:12 am
da ivan92
si ho provato, ma nulla...il problema del log ce l'avevo anche con findkill.. praticamente i apre un file .txt e mi dice che il file findkill.log non esiste e mi chiede di crearlo...clicco su si ma non cambia assolutamente nulla

Re: problema windows...forse virus

MessaggioInviato: dom giu 13, 2010 10:19 am
da markinson
ivan92 ha scritto:si ho provato, ma nulla...

Nulla nel senso che non viene rilevato niente?

Prova a fixare il Task Manager:

In questo post, ti ho anche caricato Findykill, però in una versione rinominata (mutuando da un trucchetto suggerito in circostanze simili da crazy.cat [;)] ).
Il file è zippato, devi decomprimerlo, poi procedere.

Re: problema windows...forse virus

MessaggioInviato: lun giu 14, 2010 1:06 pm
da ivan92
ho provato con la versione che mi hai dato tu ma non cambia nulla...
poi ho provato task manager fix ma mi dice : task manarger enabled succesfully

Re: problema windows...forse virus

MessaggioInviato: lun giu 21, 2010 6:58 pm
da markinson
Fintantoché non interviene qualche esperto in sicurezza, qualche operazione che, se fossi io, metterei in campo:

Tanto per escludere una certa casistica di possibili malware.

Le cose non tornano al loro posto?
Non è ancora possibile usare HijackThis?
... farei tabula rasa e ricomincerei da zero con un nuovo ambiente ... [sh]

Re: problema windows...forse virus

MessaggioInviato: lun giu 21, 2010 9:31 pm
da ivan92
gmer ha trovato un rootkit...adesso ti mando il log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-21 22:31:57
Windows 6.1.7600
Running: 83im0sge.exe; Driver: C:\Users\Ivan\AppData\Local\Temp\kxldrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8CC52BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8CC5452C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8CC54782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8CC549FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8CC53450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8CC53B32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8CC53F3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8CC535F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8CC53E14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8CC527D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8CC53CD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8CC52992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8CC5406E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8CC55CB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8CC530EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8CC531EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8CC53D72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8CC556A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8CC56672]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8CC53752]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8CC55734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8CC55D64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8CC53FDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8CC534D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8CC53EAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8CC52DD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8CC55CDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8CC54110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8CC52CFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8CC54C3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8CC5607C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8CC559CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8CC5449A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8CC54360]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8CC55442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8CC56554]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8CC5386C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8CC5330C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8CC54CF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8CC5582E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8CC561BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8CC562A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8CC563C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8CC555CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8CC52F4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8CC52EA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8CC55F32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8CC5302E]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E47AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E47104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E473F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2F634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2F898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E471DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E47958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E476F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E47F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E481A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A60599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A84F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 82A8C730 4 Bytes [D0, 2B, C5, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82A8C758 8 Bytes [2C, 45, C5, 8C, 82, 47, C5, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 82A8C79C 4 Bytes [FC, 49, C5, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82A8C7C8 4 Bytes [50, 34, C5, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82A8C7EC 4 Bytes [32, 3B, C5, 8C]
.text ...
.text peauth.sys 9EA33C9D 28 Bytes [C4, A7, 73, F8, B0, 75, 04, ...]
.text peauth.sys 9EA33CC1 28 Bytes [C4, A7, 73, F8, B0, 75, 04, ...]

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] USER32.dll!NotifyWinEvent + 48B 7619F724 4 Bytes [70, 11, 33, 6D]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2000] ntdll.dll!LdrLoadDll 77D8F585 5 Bytes JMP 00B413F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] USER32.dll!NotifyWinEvent + 48B 7619F724 4 Bytes [70, 11, 33, 6D]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 002F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 002F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 002F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 002F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 002F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 002F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 002F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 002F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 002F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 002F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00670DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 002F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00670E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00670E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 00670EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00670F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 76330860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 763308D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 76330940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 763309B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 002F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 002F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76330A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 76330A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 76330B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 76330B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 76330BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 76330C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77E70940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77E709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77E70A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77E70B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00680400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00680470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 006804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00680550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 006805C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00680630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 006806A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77E70CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 00680710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00680780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003006A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 006902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00690320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00690390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00300710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 003007F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00690400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00690470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 006904E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00690550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 006905C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00690630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 006906A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00690710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00690780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00300860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 003008D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00300940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00690B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00690BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 77E701D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 76330470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 76330400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 77E702B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 763304E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 76330390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 76330240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 763302B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 763300F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW] 763301D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1936] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 76330160
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74572494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74555624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745556E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7457250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74568573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74564D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745650CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745651A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [745666D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745682CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74568819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7456907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7456E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74564C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 002A0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 002A0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 002A0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 002A0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 002A0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 76330860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 763308D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 76330940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 763309B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76330A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 76330A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 76330B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 76330B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 76330BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 76330C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77E70940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77E709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77E70A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77E70B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 002B0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 002B0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 002B04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 002B0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 002B05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 002B0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 002B06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77E70CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 002B0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 002B0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 002006A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 003C02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 003C0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 003C0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00200710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002007F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 003C0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 003C0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 003C04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 003C0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 003C05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 003C0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 003C06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 003C0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003C0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00200860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002008D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00200940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 003C0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2744] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 003C0BE0
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [6D569832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [6D56A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [6D5694D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [6D5694E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [6D5692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [6D569E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [6D5694B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [6D5694A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [6D56AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [6D569E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [6D5692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [6D569832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DD5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [6D569E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [6D5692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [6D5692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [6D569E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DD5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [6D56A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [6D569832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [6D5692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [6D569E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DD5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [6D569E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [6D5692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] [6D5692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] [6D569E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [6D569E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DD5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [6D569E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [6D5692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [6D569832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [6D569E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [6D5692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75DD5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75DD5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] [6D569E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] [6D5692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [6D5692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] [6D569E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3500] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75DD5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)

Re: problema windows...forse virus

MessaggioInviato: lun giu 21, 2010 9:32 pm
da ivan92
continua...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Runtime framework driver modalità kernel/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Processes - GMER 1.0.15 ----

Library C:\ProgramData\Kaspersky (*** hidden *** ) @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [1936] 0x0DFD0000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0xB6 0x27 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x96 0xA6 0xB0 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x77 0xE2 0x2D 0xE2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0xB6 0x27 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x96 0xA6 0xB0 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x77 0xE2 0x2D 0xE2 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices@AliveDeviceCount 0
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00@Alive 0
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers@AliveDeviceCount 0
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers\9E3F21A8-7DAF-4C19-AA72-49B8C0B27A78@Alive 0

---- EOF - GMER 1.0.15 ----

Re: problema windows...forse virus

MessaggioInviato: gio giu 24, 2010 6:30 pm
da niko95omejo
in questi casi ti consiglierei di utilizzare hitman pro attivando la licenza trial...lo considero molo buono come programma antivirale! avevo preso il rootkit alureon, uno dei piu ostili e l ha rimosso , segnalandolo nei primi secondi della scansione...scaricalo da qui...http://www.surfright.nl/en/hitmanpro dopo averlo fatto partire, setta tra le opzioni una scansione normale in modo da esaminare l'intero sistema operativo

Re: problema windows...forse virus

MessaggioInviato: ven giu 25, 2010 5:51 pm
da markinson
Ho dato una occhiata al log di GMER.
Non vorrei che il rootkit che ti dice di aver rilevato sia solo un file della suite di Kaspersky che hai installata.
Voglio dire, nel tuo log (a video, intendo), era evidenziata con colore rosso solo la seguente voce?

Library C:\ProgramData\Kaspersky (*** hidden *** ) @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [1936] 0x0DFD0000


Riepilogando, perché mi sono un po' perso lungo il cammino, quali sono gli attuali problemi del tuo elaboratore?

In particolare, riprendendo le tue affermazioni:
(1)
ivan92 ha scritto:... sono andato sul task manager e ho cliccato sul bottone per visualizzare tutti i processi, il quale richiede le autorizzazioni da amministratore...

--> E' ancora così?

(2)
ivan92 ha scritto:... ho provato anche con altri "link" che hanno bisogno delle autorizzazioni ma nulla ...

--> E' ancora così? Quali sarebbero gli altri link che hanno bisogno delle autorizzazioni?

Non vorrei che si sia corrotto il sistema operativo e l'unica strada rimanga la formattazione.

Re: problema windows...forse virus

MessaggioInviato: ven giu 25, 2010 7:07 pm
da ivan92
si il problema persiste..anche se devo ancora fare la scansione hitman, comunque per altri link intendo quelli che richiedono le autorizzazioni, tipo "impostezioni avanzate di sistema".

Re: problema windows...forse virus

MessaggioInviato: ven giu 25, 2010 8:44 pm
da markinson
[nomi] ... mannaggia alla miseria ...
Hai controllato che il tuo utente abbia in effetti pieni diritti?
Per essere più chiaro: potrebbe essere intervenuto qualcosa che ha modificato, per esempio, i criteri di protezione locali oppure ha ridotto i tuoi privilegi. In alcuni casi basta portare a 0 piuttosto che 1 il valore di una chiave di registro.
Tanto ormai le abbiamo provate di tutti i colori ...

Insomma, controlla che il tuo utente sia nel gruppo Administrators.
Inoltre: non puoi creare un altro account (amministratore) per vedere se l'inconveniente si ripete?

Intanto provo a cercare tra i criteri di protezione locali (Start --> Esegui --> secpol.msc) e i criteri di gruppo locali (Start --> Esegui --> gpedit.msc) qualche voce che possa fare al caso nostro ... [uhm]

Re: problema windows...forse virus

MessaggioInviato: ven giu 25, 2010 9:08 pm
da markinson
Allora ... mi sto ciecando (= sto perdendo la vista) per trovare qualche voce adatta.

Cerca che ti cerca, per ora ho rintracciato questa: Esegui solo applicazioni Windows specificate.
Più precisamente:
  • Start --> Esegui --> gpedit.msc
  • segui questo percorso per rintracciare, nel pannello di destra, la voce che ho citato sopra (Esegui solo applicazioni Windows specificate): Configurazione utente --> Modelli amministrativi --> Sistema
  • dovresti trovarti in una situazione tipo quella riportata nella figura qui sotto
    Immagine
  • fai clic destro sulla voce "Esegui solo applicazioni Windows specificate", scegli "Proprietà" e vedi cosa ti compare ... da me l'esito è quello riportato nella screenshot che segue.
    Immagine

A maggior ragione, stessa indagine da fare per la voce: Non eseguire le applicazioni Windows specificate.

Detto tra noi, io avrei già formattato.
C'è pure il rischio che il tuo S.O. non consenta di accedere, per qualche astruso motivo, ai criteri di gruppo ... se non ricordo male, alcune edizioni "home" non offrono tale opportunità ... speriamo che non sia il nostro caso.

Re: problema windows...forse virus

MessaggioInviato: sab giu 26, 2010 9:11 am
da ivan92
ho controllato quello che hai detto tu e combacia tutto con i tuoi screenshoot.
non mi andrebbe tanto di formattare perche ho formattato un mese fa, comunque grazie dell'impegno che ci stai mettendo per aiutarmi.

Re: problema windows...forse virus

MessaggioInviato: sab giu 26, 2010 10:18 am
da markinson
ivan92 ha scritto:... non mi andrebbe tanto di formattare perche ho formattato un mese fa ...

Preparati, perché temo che, a mio giudizio, l'unica strada rimasta sia quella.

Comunque, chiariscimi quest'altro aspetto: hai creato un nuovo utente amministratore e verificato se il problema si ripete anche con questo?

ivan92 ha scritto:... comunque grazie dell'impegno che ci stai mettendo per aiutarmi.

Mi dispiace solo non essere in grado di trovare una soluzione che sia tale ... personalmente, più di così, da remoto, mi risulta proprio impossibile.
Tutti gli orari sono UTC + 1 ora [ ora legale ]
Pagina 1 di 1
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/