[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
vi posto il log di gmer sperando che possiate aiutarmi.. ho provato + volte a seguire la procedura ma non è servito, inoltre nel task manager ho un sacco di voci strane ma non hldrr.exe.
sono certa di avere il virus perché antivir me lo rileva. ho anche un trojan.
GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-03-05 21:09:07
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory
SSDT d347bus.sys ZwClose
SSDT \??\C:\Documents and Settings\marica\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT \??\C:\Documents and Settings\marica\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\marica\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT d347bus.sys ZwOpenKey
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory
SSDT \??\C:\Documents and Settings\marica\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\marica\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\marica\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.12 ----
.text tcpip.sys!IPTransmit + 10BC F0441CFA 6 Bytes CALL F96C0C20 Teefer.sys
.text tcpip.sys!IPTransmit + 2810 F044344E 6 Bytes CALL F96C0C20 Teefer.sys
.text tcpip.sys!ARPRcv + 506D F04484E0 6 Bytes CALL F96C0C20 Teefer.sys
.text wanarp.sys F99BE3FD 4 Bytes CALL F96C0D70 Teefer.sys
.text wanarp.sys F99BE402 2 Bytes [ 90, 90 ]
---- User code sections - GMER 1.0.12 ----
.text C:\Programmi\MSN Messenger\msnmsgr.exe[132] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Programmi\MSN Messenger\MsnMsgr.Exe
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 812A48E0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ FF9D8B00
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F997A220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F997A480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F997A5A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F997A5D0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F997A220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F997A480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F997A5A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F997A5D0] wpsdrvnt.sys
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA FF973CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP FF973CF0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ FFA998A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA FF973CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP FF973CF0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA FF97DBA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA FF97DBA8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP