Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Explorer Bloccato

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Explorer Bloccato

Messaggioda mafeder » dom feb 08, 2009 6:52 pm

Ciao!
sono nuova iscritta, ed poco abile col pc.
Da qualche giorno internet explorer non funziona, la finestra neanche si carica con la pagina iniziale. Ho provato a installare un antivirus, ma non mi lascia neppure scaricarlo ho la versione trial di eset nod 32 e prima ancora la versione free di avg, In questo momento sto faccendo la scanzione online con karpensky, credo di aver preso cualcosa perché da oggi anche firefox fa fatica ad aprire le pagine tre o quattro volte mi dice che è impossibile, torno indietro e ogni tanto la carica,
Cosa posso fare? aiuttttttooooooooooooo!!!!!!
Avatar utente
mafeder
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: dom feb 08, 2009 6:39 pm
Top

Re: Explorer Bloccato

Messaggioda ste_95 » dom feb 08, 2009 7:12 pm

Scarica GMER, poi segui i seguenti passaggi:

--- 1° passaggio ---
Avviamo gmer
clicchiamo su > > >
Clicchiamo su Autostart
mettiamo il segno di spunta a Show All
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.

--- 2° passaggio ---
Sempre nel programma appena scaricato (gmer),
clicchiamo su Rootkit
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Re: Explorer Bloccato

Messaggioda crazy.cat » dom feb 08, 2009 7:24 pm

mafeder ha scritto:sto faccendo la scanzione online con karpensky!

Quando hai finito salvati il report della scansione così vediamo quanti virus ci sono.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top
Top

Re: Explorer Bloccato

Messaggioda mafeder » lun feb 09, 2009 12:07 am

mafeder ha scritto:Ciao!
sono nuova iscritta, ed poco abile col pc.
Da qualche giorno internet explorer non funziona, la finestra neanche si carica con la pagina iniziale. Ho provato a installare un antivirus, ma non mi lascia neppure scaricarlo ho la versione trial di eset nod 32 e prima ancora la versione free di avg, In questo momento sto faccendo la scanzione online con karpensky, credo di aver preso cualcosa perché da oggi anche firefox fa fatica ad aprire le pagine tre o quattro volte mi dice che è impossibile, torno indietro e ogni tanto la carica,
Cosa posso fare? aiuttttttooooooooooooo!!!!!!

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-09 00:03:45
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF729D0D0]
SSDT sptd.sys ZwEnumerateKey [0xF72A2FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF72A3340]
SSDT sptd.sys ZwOpenKey [0xF729D0B0]
SSDT sptd.sys ZwQueryKey [0xF72A3418]
SSDT sptd.sys ZwQueryValueKey [0xF72A3298]
SSDT sptd.sys ZwSetValueKey [0xF72A34AA]

Code 8620D18F pIofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
PAGE CLASSPNP.SYS!ClassInitialize + F4 F754E42C 4 Bytes [ 94, 96, 46, 86 ]
PAGE CLASSPNP.SYS!ClassInitialize + FF F754E437 4 Bytes [ DE, 51, 46, 86 ]
PAGE CLASSPNP.SYS!ClassInitialize + 10A F754E442 4 Bytes [ A6, 96, 46, 86 ]
PAGE CLASSPNP.SYS!ClassInitialize + 111 F754E449 4 Bytes [ 9A, 96, 46, 86 ]
PAGE CLASSPNP.SYS!ClassInitialize + 118 F754E450 4 Bytes [ A0, 96, 46, 86 ]
PAGE ...
.text USBPORT.SYS!DllUnload F5B4E8AC 5 Bytes JMP 86D221C8
.text tcpip.sys!IPTransmit + 10FC F2E21D3A 6 Bytes CALL 8620D172
.text tcpip.sys!IPTransmit + 2A52 F2E23690 6 Bytes CALL 8620D172
.text tcpip.sys!IPRegisterProtocol + 930 F2E39454 6 Bytes CALL 8620D172
.text wanarp.sys F76CC3FD 7 Bytes CALL 8620D17F

---- User code sections - GMER 1.0.14 ----

.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] ADVAPI32.dll!CryptDestroyKey 77F59E9C 7 Bytes JMP 01DB2DFD
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] ADVAPI32.dll!CryptDecrypt 77F5A109 7 Bytes JMP 01DB2DBA
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] ADVAPI32.dll!CryptEncrypt 77F5E340 7 Bytes JMP 01DB2D7E
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 435FF301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 4379179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 43791720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 43791764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 437916AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 437916E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 437917DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 436216B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] WININET.dll!InternetCloseHandle 4330DA59 5 Bytes JMP 01DB3352
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] WININET.dll!HttpOpenRequestA 43314341 5 Bytes JMP 01DB3055
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] WININET.dll!InternetConnectA 4331499A 5 Bytes JMP 01DB2E18
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] WININET.dll!InternetReadFile 4331ABB4 5 Bytes JMP 01DB32FD
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] WININET.dll!HttpSendRequestA 4331CD40 5 Bytes JMP 01DB31B4
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] WININET.dll!HttpSendRequestW 43330825 5 Bytes JMP 01DB3CB1
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] CRYPT32.dll!CertGetCertificateChain 77A62F67 5 Bytes JMP 01DB3832
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A6B76F 5 Bytes JMP 01DB383B
.text C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe[744] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!LoadResource 7C80A045 7 Bytes JMP 28001CD0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!FindResourceExW 7C80AD18 7 Bytes JMP 28001B10 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!FindResourceW 7C80BC5E 7 Bytes JMP 28001A90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!SizeofResource 7C80BCF9 7 Bytes JMP 28001D90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!FindResourceA 7C80BF19 7 Bytes JMP 28001BA0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!LockResource 7C80CD27 5 Bytes JMP 28001E00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!CreateEventA 7C83089D 5 Bytes JMP 28001850 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!FindResourceExA 7C835F90 7 Bytes JMP 28001C30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] ADVAPI32.dll!CryptDeriveKey 77F59FDD 7 Bytes JMP 28001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] ADVAPI32.dll!CryptDecrypt 77F5A109 7 Bytes JMP 28001060 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 28004430 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!SetWindowPlacement 7E39DE46 5 Bytes JMP 28005C10 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 28005E90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!LoadImageW 7E3A7B97 5 Bytes JMP 280064E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 28003AF0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!SetWindowRgn 7E3AE528 7 Bytes JMP 28005D50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!LoadIconW 7E3AE8BC 5 Bytes JMP 280066D0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 28006080 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 28004D10 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 2800B920 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WS2_32.dll!send 71A34C27 5 Bytes JMP 2800B500 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 2800B2E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WS2_32.dll!recv 71A3676F 5 Bytes JMP 2800B140 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 2800B6E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] SHELL32.dll!Shell_NotifyIconW 7CA3A52F 5 Bytes JMP 280032B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] ole32.dll!CoInitializeEx 774CEF7B 5 Bytes JMP 28002110 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 280024B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] ole32.dll!CoRegisterClassObject 774E7E90 5 Bytes JMP 28002210 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WININET.dll!InternetCloseHandle 4330DA59 5 Bytes JMP 2800A2A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WININET.dll!HttpOpenRequestA 43314341 5 Bytes JMP 28009F60 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WININET.dll!InternetReadFile 4331ABB4 5 Bytes JMP 2800A0F0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WININET.dll!HttpSendRequestA 4331CD40 5 Bytes JMP 2800A1D0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\WINDOWS\explorer.exe[4048] ADVAPI32.dll!CryptDestroyKey 77F59E9C 7 Bytes JMP 01842DFD
.text C:\WINDOWS\explorer.exe[4048] ADVAPI32.dll!CryptDecrypt 77F5A109 7 Bytes JMP 01842DBA
.text C:\WINDOWS\explorer.exe[4048] ADVAPI32.dll!CryptEncrypt 77F5E340 7 Bytes JMP 01842D7E
.text C:\WINDOWS\explorer.exe[4048] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01842D63
.text C:\WINDOWS\explorer.exe[4048] WS2_32.dll!send 71A34C27 5 Bytes JMP 01842BEF
.text C:\WINDOWS\explorer.exe[4048] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01842CE1
.text C:\WINDOWS\explorer.exe[4048] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01842C27
.text C:\WINDOWS\explorer.exe[4048] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01842C5F
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] ADVAPI32.dll!CryptDestroyKey 77F59E9C 7 Bytes JMP 03402DFD
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] ADVAPI32.dll!CryptDecrypt 77F5A109 7 Bytes JMP 03402DBA
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] ADVAPI32.dll!CryptEncrypt 77F5E340 7 Bytes JMP 03402D7E
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 03402D63
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] WS2_32.dll!send 71A34C27 5 Bytes JMP 03402BEF
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 03402CE1
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] WS2_32.dll!recv 71A3676F 5 Bytes JMP 03402C27
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 03402C5F

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F729DAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729DC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F729DB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F729E748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F729E61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72B329A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] 8620C4DB
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] 8620C4D1

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 011306A0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 01130390
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01128E80
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 0112A3C0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0112D530
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 0112B110
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 0112A6F0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0112C870
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0112F870
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0112F8B0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 011309F0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0112F460
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0112D490
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 0112BC30
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 0112ADC0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 0112B6B0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 01130F70
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0112CBC0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0112D2F0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0112DF20
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0112DA00
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0112DEA0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0112E9C0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0112E090
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 0112AA70
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 0112BAE0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0112F990
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0112DB40
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0112D430
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 0112CFF0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 0112D640
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 01130A10
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 0112D940
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 01130CB0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 01130C50
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 01130EA0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 01130F40
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 01130D70

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 86F111E8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \FatCdrom 85EAD790
Device \Driver\usbuhci \Device\USBPDO-0 86D21538
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F2B1E8
Device \Driver\dmio \Device\DmControl\DmConfig 86F2B1E8
Device \Driver\dmio \Device\DmControl\DmPnP 86F2B1E8
Device \Driver\dmio \Device\DmControl\DmInfo 86F2B1E8
Device \Driver\usbuhci \Device\USBPDO-1 86D21538
Device \Driver\usbuhci \Device\USBPDO-2 86D21538
Device \Driver\usbehci \Device\USBPDO-3 86CF1768
Device \Driver\usbuhci \Device\USBPDO-4 86D21538

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

Device \Driver\prodrv06 \Device\ProDrv06 E216F008
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F9E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F9E1E8
Device \Driver\Cdrom \Device\CdRom0 86D6D790
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E19C9D48
Device \Driver\Disk \Device\Harddisk0\DR0 86469694
Device \Driver\usbuhci \Device\USBFDO-0 86D21538
Device \Driver\usbuhci \Device\USBFDO-1 86D21538
Device \Driver\usbuhci \Device\USBFDO-2 86D21538
Device \Driver\usbuhci \Device\USBFDO-3 86D21538
Device \Driver\Ftdisk \Device\FtControl 86F9E1E8
Device \Driver\usbehci \Device\USBFDO-4 86CF1768
Device \FileSystem\Fastfat \Fat 85EAD790

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs 868F8698

---- Threads - GMER 1.0.14 ----

Thread 4:784 864A0190
Thread 4:788 8648E1B0
Thread 4:792 864D35F0
Thread 4:796 86471540
Thread 4:3504 864A0190
Thread 4:3508 8648E1B0
Thread 4:3512 864D35F0
Thread 4:3516 86471540

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b1309db
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b1309db
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior; MBR rootkit code detected <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 14: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 15: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 16: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 17: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 18: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 22: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; malicious code @ sector 0x1d1c06c0 size 0x1be
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR

[LOG][LOG]
[/LOG][/LOG]
Avatar utente
mafeder
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: dom feb 08, 2009 6:39 pm
Top

Re: Explorer Bloccato

Messaggioda mafeder » lun feb 09, 2009 12:16 am

ho scaricato gmer però di default fa la selezione di tutti e poi non so come fare per passare al secondo passo (rootkit)

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-09 00:03:45
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF729D0D0]
SSDT sptd.sys ZwEnumerateKey [0xF72A2FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF72A3340]
SSDT sptd.sys ZwOpenKey [0xF729D0B0]
SSDT sptd.sys ZwQueryKey [0xF72A3418]
SSDT sptd.sys ZwQueryValueKey [0xF72A3298]
SSDT sptd.sys ZwSetValueKey [0xF72A34AA]

Code 8620D18F pIofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
PAGE CLASSPNP.SYS!ClassInitialize + F4 F754E42C 4 Bytes [ 94, 96, 46, 86 ]
PAGE CLASSPNP.SYS!ClassInitialize + FF F754E437 4 Bytes [ DE, 51, 46, 86 ]
PAGE CLASSPNP.SYS!ClassInitialize + 10A F754E442 4 Bytes [ A6, 96, 46, 86 ]
PAGE CLASSPNP.SYS!ClassInitialize + 111 F754E449 4 Bytes [ 9A, 96, 46, 86 ]
PAGE CLASSPNP.SYS!ClassInitialize + 118 F754E450 4 Bytes [ A0, 96, 46, 86 ]
PAGE ...
.text USBPORT.SYS!DllUnload F5B4E8AC 5 Bytes JMP 86D221C8
.text tcpip.sys!IPTransmit + 10FC F2E21D3A 6 Bytes CALL 8620D172
.text tcpip.sys!IPTransmit + 2A52 F2E23690 6 Bytes CALL 8620D172
.text tcpip.sys!IPRegisterProtocol + 930 F2E39454 6 Bytes CALL 8620D172
.text wanarp.sys F76CC3FD 7 Bytes CALL 8620D17F

---- User code sections - GMER 1.0.14 ----

.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] ADVAPI32.dll!CryptDestroyKey 77F59E9C 7 Bytes JMP 01DB2DFD
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] ADVAPI32.dll!CryptDecrypt 77F5A109 7 Bytes JMP 01DB2DBA
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] ADVAPI32.dll!CryptEncrypt 77F5E340 7 Bytes JMP 01DB2D7E
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 435FF301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 4379179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 43791720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 43791764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 437916AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 437916E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 437917DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 436216B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] WININET.dll!InternetCloseHandle 4330DA59 5 Bytes JMP 01DB3352
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] WININET.dll!HttpOpenRequestA 43314341 5 Bytes JMP 01DB3055
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] WININET.dll!InternetConnectA 4331499A 5 Bytes JMP 01DB2E18
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] WININET.dll!InternetReadFile 4331ABB4 5 Bytes JMP 01DB32FD
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] WININET.dll!HttpSendRequestA 4331CD40 5 Bytes JMP 01DB31B4
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] WININET.dll!HttpSendRequestW 43330825 5 Bytes JMP 01DB3CB1
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] CRYPT32.dll!CertGetCertificateChain 77A62F67 5 Bytes JMP 01DB3832
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[424] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A6B76F 5 Bytes JMP 01DB383B
.text C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe[744] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!LoadResource 7C80A045 7 Bytes JMP 28001CD0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!FindResourceExW 7C80AD18 7 Bytes JMP 28001B10 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!FindResourceW 7C80BC5E 7 Bytes JMP 28001A90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!SizeofResource 7C80BCF9 7 Bytes JMP 28001D90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!FindResourceA 7C80BF19 7 Bytes JMP 28001BA0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!LockResource 7C80CD27 5 Bytes JMP 28001E00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!CreateEventA 7C83089D 5 Bytes JMP 28001850 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] kernel32.dll!FindResourceExA 7C835F90 7 Bytes JMP 28001C30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] ADVAPI32.dll!CryptDeriveKey 77F59FDD 7 Bytes JMP 28001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] ADVAPI32.dll!CryptDecrypt 77F5A109 7 Bytes JMP 28001060 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 28004430 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!SetWindowPlacement 7E39DE46 5 Bytes JMP 28005C10 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 28005E90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!LoadImageW 7E3A7B97 5 Bytes JMP 280064E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 28003AF0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!SetWindowRgn 7E3AE528 7 Bytes JMP 28005D50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!LoadIconW 7E3AE8BC 5 Bytes JMP 280066D0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 28006080 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 28004D10 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 2800B920 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WS2_32.dll!send 71A34C27 5 Bytes JMP 2800B500 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 2800B2E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WS2_32.dll!recv 71A3676F 5 Bytes JMP 2800B140 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 2800B6E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] SHELL32.dll!Shell_NotifyIconW 7CA3A52F 5 Bytes JMP 280032B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] ole32.dll!CoInitializeEx 774CEF7B 5 Bytes JMP 28002110 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 280024B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] ole32.dll!CoRegisterClassObject 774E7E90 5 Bytes JMP 28002210 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WININET.dll!InternetCloseHandle 4330DA59 5 Bytes JMP 2800A2A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WININET.dll!HttpOpenRequestA 43314341 5 Bytes JMP 28009F60 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WININET.dll!InternetReadFile 4331ABB4 5 Bytes JMP 2800A0F0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[988] WININET.dll!HttpSendRequestA 4331CD40 5 Bytes JMP 2800A1D0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\WINDOWS\explorer.exe[4048] ADVAPI32.dll!CryptDestroyKey 77F59E9C 7 Bytes JMP 01842DFD
.text C:\WINDOWS\explorer.exe[4048] ADVAPI32.dll!CryptDecrypt 77F5A109 7 Bytes JMP 01842DBA
.text C:\WINDOWS\explorer.exe[4048] ADVAPI32.dll!CryptEncrypt 77F5E340 7 Bytes JMP 01842D7E
.text C:\WINDOWS\explorer.exe[4048] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01842D63
.text C:\WINDOWS\explorer.exe[4048] WS2_32.dll!send 71A34C27 5 Bytes JMP 01842BEF
.text C:\WINDOWS\explorer.exe[4048] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01842CE1
.text C:\WINDOWS\explorer.exe[4048] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01842C27
.text C:\WINDOWS\explorer.exe[4048] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01842C5F
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] ADVAPI32.dll!CryptDestroyKey 77F59E9C 7 Bytes JMP 03402DFD
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] ADVAPI32.dll!CryptDecrypt 77F5A109 7 Bytes JMP 03402DBA
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] ADVAPI32.dll!CryptEncrypt 77F5E340 7 Bytes JMP 03402D7E
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 03402D63
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] WS2_32.dll!send 71A34C27 5 Bytes JMP 03402BEF
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 03402CE1
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] WS2_32.dll!recv 71A3676F 5 Bytes JMP 03402C27
.text C:\Programmi\Mozilla Firefox 3 Beta 4\firefox.exe[4812] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 03402C5F

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F729DAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729DC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F729DB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F729E748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F729E61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72B329A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] 8620C4DB
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] 8620C4D1

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 011306A0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 01130390
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01128E80
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 0112A3C0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0112D530
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 0112B110
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 0112A6F0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0112C870
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0112F870
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0112F8B0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 011309F0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0112F460
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0112D490
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 0112BC30
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 0112ADC0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 0112B6B0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 01130F70
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0112CBC0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0112D2F0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0112DF20
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0112DA00
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0112DEA0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0112E9C0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0112E090
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 0112AA70
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 0112BAE0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0112F990
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0112DB40
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0112D430
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 0112CFF0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 0112D640
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 01130A10
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 0112D940
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 01130CB0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 01130C50
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 01130EA0
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 01130F40
IAT C:\Programmi\DAP\DAP.EXE[2748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 01130D70

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 86F111E8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \FatCdrom 85EAD790
Device \Driver\usbuhci \Device\USBPDO-0 86D21538
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F2B1E8
Device \Driver\dmio \Device\DmControl\DmConfig 86F2B1E8
Device \Driver\dmio \Device\DmControl\DmPnP 86F2B1E8
Device \Driver\dmio \Device\DmControl\DmInfo 86F2B1E8
Device \Driver\usbuhci \Device\USBPDO-1 86D21538
Device \Driver\usbuhci \Device\USBPDO-2 86D21538
Device \Driver\usbehci \Device\USBPDO-3 86CF1768
Device \Driver\usbuhci \Device\USBPDO-4 86D21538

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

Device \Driver\prodrv06 \Device\ProDrv06 E216F008
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F9E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F9E1E8
Device \Driver\Cdrom \Device\CdRom0 86D6D790
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E19C9D48
Device \Driver\Disk \Device\Harddisk0\DR0 86469694
Device \Driver\usbuhci \Device\USBFDO-0 86D21538
Device \Driver\usbuhci \Device\USBFDO-1 86D21538
Device \Driver\usbuhci \Device\USBFDO-2 86D21538
Device \Driver\usbuhci \Device\USBFDO-3 86D21538
Device \Driver\Ftdisk \Device\FtControl 86F9E1E8
Device \Driver\usbehci \Device\USBFDO-4 86CF1768
Device \FileSystem\Fastfat \Fat 85EAD790

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs 868F8698

---- Threads - GMER 1.0.14 ----

Thread 4:784 864A0190
Thread 4:788 8648E1B0
Thread 4:792 864D35F0
Thread 4:796 86471540
Thread 4:3504 864A0190
Thread 4:3508 8648E1B0
Thread 4:3512 864D35F0
Thread 4:3516 86471540

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b1309db
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b1309db
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior; MBR rootkit code detected <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 14: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 15: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 16: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 17: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 18: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 22: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; malicious code @ sector 0x1d1c06c0 size 0x1be
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR


aparte, il risultato della scansione con kaspersky è questo

KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, February 8, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, February 08, 2009 17:50:58
Records in database: 1769753
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 196393
Threat name: 8
Infected objects: 19
Suspicious objects: 0
Duration of the scan: 04:01:55


File name / Threat name / Threats count
C:\Documents and Settings\Ferrari\Dati applicazioni\Microsoft\MSN Messenger\3564572893\CustomEmoticons\TFR18E.dat Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Documents and Settings\Ferrari\Dati applicazioni\Microsoft\MSN Messenger\3564572893\CustomEmoticons\TFR190.dat Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Documents and Settings\Ferrari\Dati applicazioni\Microsoft\MSN Messenger\3564572893\CustomEmoticons\TFR192.dat Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Documents and Settings\Ferrari\Dati applicazioni\Microsoft\MSN Messenger\3564572893\CustomEmoticons\TFR196.dat Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Documents and Settings\Ferrari\Documenti\Immagini\gif animate\Gestos11.gif Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Documents and Settings\Ferrari\Documenti\Immagini\gif animate\Gestos14.gif Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Documents and Settings\Ferrari\Documenti\Immagini\gif animate\Gestos15.gif Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Documents and Settings\Ferrari\Documenti\Immagini\gif animate\Gestos9.gif Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Documents and Settings\Ferrari\Documenti\My Completed Downloads\BurnAwareHomeEdition.zip Infected: Trojan-Banker.Win32.Banker.yft 1
C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\magdy_92@hotmail.it\ObjectStore\CustomEmoticons\criD3sjfAqYOLT5LaB0L2ly3J7o=.dt2 Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\magdy_92@hotmail.it\ObjectStore\CustomEmoticons\g41IyC65osxVwjS4eEClEZ+Grj4=.dt2 Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\magdy_92@hotmail.it\ObjectStore\CustomEmoticons\PphMOmjSQVbGAqDeS7N2FGPysLEc=.dt2 Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\magdy_92@hotmail.it\ObjectStore\CustomEmoticons\t5E1nJTyoH3g3lGxHUeNT64jc3s=.dt2 Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Programmi\eMule\Incoming\AVG Anti Virus 2008 Pro + serial.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.nnm 1
C:\Programmi\eMule\Incoming\AVG Anti Virus 2008 Pro + serial.rar Infected: Trojan-Downloader.Win32.VB.eau 1
C:\Programmi\IncrediMail\bin\INCRED~1.EXE Infected: not-a-virus:Downloader.Win32.ImLoader.k 1
C:\WINDOWS\system32\Moyea FLV Downloader1.4.0.20-Setup.exe Infected: not-a-virus:AdWare.Win32.AdMoke.agg 1
C:\WINDOWS\system32\Moyea FLV Downloader1.4.0.20-Setup.exe Infected: Constructor.Win32.Lmir.ac 1
C:\WINDOWS\system32\Moyea FLV Downloader1.4.0.20-Setup.exe Infected: Backdoor.Win32.Sheldor.aw 1

The selected area was scanned.

adesso, cosa devo fare?
grazie!!!!!!!!!!!!
Avatar utente
mafeder
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: dom feb 08, 2009 6:39 pm
Top

Re: Explorer Bloccato

Messaggioda ste_95 » lun feb 09, 2009 7:15 am

Segui questa guida.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto
Files to delete:
C:\Documents and Settings\Ferrari\Dati applicazioni\Microsoft\MSN Messenger\3564572893\CustomEmoticons\TFR18E.dat
C:\Documents and Settings\Ferrari\Dati applicazioni\Microsoft\MSN Messenger\3564572893\CustomEmoticons\TFR190.dat
C:\Documents and Settings\Ferrari\Dati applicazioni\Microsoft\MSN Messenger\3564572893\CustomEmoticons\TFR192.dat
C:\Documents and Settings\Ferrari\Dati applicazioni\Microsoft\MSN Messenger\3564572893\CustomEmoticons\TFR196.dat
C:\Documents and Settings\Ferrari\Documenti\Immagini\gif animate\Gestos11.gif
C:\Documents and Settings\Ferrari\Documenti\Immagini\gif animate\Gestos14.gif
C:\Documents and Settings\Ferrari\Documenti\Immagini\gif animate\Gestos15.gif
C:\Documents and Settings\Ferrari\Documenti\Immagini\gif animate\Gestos9.gif
C:\Documents and Settings\Ferrari\Documenti\My Completed Downloads\BurnAwareHomeEdition.zip
C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\magdy_92@hotmail.it\ObjectStore\CustomEmoticons\criD3sjfAqYOLT5LaB0L2ly3J7o=.dt2
C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\magdy_92@hotmail.it\ObjectStore\CustomEmoticons\g41IyC65osxVwjS4eEClEZ+Grj4=.dt2
C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\magdy_92@hotmail.it\ObjectStore\CustomEmoticons\PphMOmjSQVbGAqDeS7N2FGPysLEc=.dt2
C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\magdy_92@hotmail.it\ObjectStore\CustomEmoticons\t5E1nJTyoH3g3lGxHUeNT64jc3s=.dt2
C:\Programmi\eMule\Incoming\AVG Anti Virus 2008 Pro + serial.rar
C:\WINDOWS\system32\Moyea FLV Downloader1.4.0.20-Setup.exe


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger riporta un errore, prova a riscrivere manualmente la prima riga (Files to delete:) ricordando i due punti.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Re: Explorer Bloccato

Messaggioda mafeder » lun feb 09, 2009 9:00 am

Ciao
Ho provato a eseguire la guida riferita a gmer, però digitando start-> esegui-> cmd , si apre la finestra nera che mette: C:\Documents adn Settings\Ferrari> e dando invio ripete la stessa dicitura, ma non C:\....; quindi ho lasciato stare e ho eseguito il passaggio con avenger: il risultato è

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************
e adesso? che devo fare?
grazie


Beginning to process script file:

File "C:\Documents and Settings\Ferrari\Dati applicazioni\Microsoft\MSN Messenger\3564572893\CustomEmoticons\TFR18E.dat" deleted successfully.
File "C:\Documents and Settings\Ferrari\Dati applicazioni\Microsoft\MSN Messenger\3564572893\CustomEmoticons\TFR190.dat" deleted successfully.
File "C:\Documents and Settings\Ferrari\Dati applicazioni\Microsoft\MSN Messenger\3564572893\CustomEmoticons\TFR192.dat" deleted successfully.
File "C:\Documents and Settings\Ferrari\Dati applicazioni\Microsoft\MSN Messenger\3564572893\CustomEmoticons\TFR196.dat" deleted successfully.
File "C:\Documents and Settings\Ferrari\Documenti\Immagini\gif animate\Gestos11.gif" deleted successfully.
File "C:\Documents and Settings\Ferrari\Documenti\Immagini\gif animate\Gestos14.gif" deleted successfully.
File "C:\Documents and Settings\Ferrari\Documenti\Immagini\gif animate\Gestos15.gif" deleted successfully.
File "C:\Documents and Settings\Ferrari\Documenti\Immagini\gif animate\Gestos9.gif" deleted successfully.
File "C:\Documents and Settings\Ferrari\Documenti\My Completed Downloads\BurnAwareHomeEdition.zip" deleted successfully.
File "C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\magdy_92@hotmail.it\ObjectStore\CustomEmoticons\criD3sjfAqYOLT5LaB0L2ly3J7o=.dt2" deleted successfully.
File "C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\magdy_92@hotmail.it\ObjectStore\CustomEmoticons\g41IyC65osxVwjS4eEClEZ+Grj4=.dt2" deleted successfully.
File "C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\magdy_92@hotmail.it\ObjectStore\CustomEmoticons\PphMOmjSQVbGAqDeS7N2FGPysLEc=.dt2" deleted successfully.
File "C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\magdy_92@hotmail.it\ObjectStore\CustomEmoticons\t5E1nJTyoH3g3lGxHUeNT64jc3s=.dt2" deleted successfully.
File "C:\Programmi\eMule\Incoming\AVG Anti Virus 2008 Pro + serial.rar" deleted successfully.
File "C:\WINDOWS\system32\Moyea FLV Downloader1.4.0.20-Setup.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Avatar utente
mafeder
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: dom feb 08, 2009 6:39 pm
Top

Re: Explorer Bloccato

Messaggioda ste_95 » lun feb 09, 2009 3:29 pm

Dopo aver scaricato ed estratto il programam in C:\, dov'è il problema?

Per quanto riguarda la rimozione, basta digitare da Start --> Esegui --> cmd, il comando cd C:\, seguito da start mbr.exe -f.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Re: Explorer Bloccato

Messaggioda mafeder » lun feb 09, 2009 3:39 pm

Si, avevo capito bene, ma però quando apro il prompt di comandi, al posto de C:\....
esce C:\Documents and Setting\ Ferrari> e non riesco a far comparire soltanto C:\per aggiungere dopo "start mbr.exe -f", c'è qualche altra via?
grazie
Avatar utente
mafeder
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: dom feb 08, 2009 6:39 pm
Top

Re: Explorer Bloccato

Messaggioda ste_95 » lun feb 09, 2009 4:04 pm

Devi digitare anche cd C:\
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Re: Explorer Bloccato

Messaggioda crazy.cat » lun feb 09, 2009 4:05 pm

mafeder ha scritto:Si, avevo capito bene, ma però quando apro il prompt di comandi, al posto de C:\....
esce C:\Documents and Setting\ Ferrari> e non riesco a far comparire soltanto C:\per aggiungere dopo "start mbr.exe -f", c'è qualche altra via?
grazie

basta che scrivi nel prompt dei comandi
cd\ e premi invio
così ti ritrovi in c:\
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 15 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising