Ho un problema con Rootkit32 che Avast mi segnala all'avvio del computer, ma che non mi elimina.
Non sono molto esperta in materia...ho provato con Spybot, Malwarebytes, ma nulla...dopo varie ricerche su google ho trovato GMER e il vostro forum...e spero in un vostro aiuto! Vi invio il file di LOG e spero che mi aiutiate a decifrarlo per capire come andare avanti.
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-06 18:15:28
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA75D6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA75D574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA75DA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA75D14C]
SSDT sptd.sys ZwEnumerateKey [0xF8290FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF8291340]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA75D64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA75D08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA75D0F0]
SSDT sptd.sys ZwQueryKey [0xF8291418]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA75D76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA75D72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA75D8AE]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
.text USBPORT.SYS!DllUnload F7B6162C 5 Bytes JMP 821DE1C8
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F29C
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F330
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F4BD
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F29C
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F330
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F4BD
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F29C
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F330
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F4BD
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F29C
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F330
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F4BD
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F29C
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F330
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F4BD
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F29C
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F330
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F4BD
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F828BAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F828BC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F828BB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F828C748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F828C61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F82A129A] sptd.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[644] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[644] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8236C1E8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \FatCdrom 82101410
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbehci \Device\USBPDO-0 820B2440
Device \Driver\dmio \Device\DmControl\DmIoDaemon 823DA1E8
Device \Driver\dmio \Device\DmControl\DmConfig 823DA1E8
Device \Driver\dmio \Device\DmControl\DmPnP 823DA1E8
Device \Driver\dmio \Device\DmControl\DmInfo 823DA1E8
Device \Driver\usbuhci \Device\USBPDO-1 821DD1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{BCD9C92D-E4E9-4804-A580-9DC2D7A8D506} 81CC71E8
Device \Driver\usbuhci \Device\USBPDO-2 821DD1E8
Device \Driver\usbuhci \Device\USBPDO-3 821DD1E8
Device \Driver\usbuhci \Device\USBPDO-4 821DD1E8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\NetBT \Device\NetBT_Tcpip_{B32B3E7D-83D1-4505-A66A-2FA9DFA92A7D} 81CC71E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026@001f5c5b2c10 0xB6 0x07 0x9D 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x18 0x1F 0x26 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0xFE 0x32 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b00026
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b00026@001f5c5b2c10 0xB6 0x07 0x9D 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x18 0x1F 0x26 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0xFE 0x32 0xC4 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.15 ----
Rootkit scan 2009-07-06 18:15:28
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA75D6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA75D574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA75DA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA75D14C]
SSDT sptd.sys ZwEnumerateKey [0xF8290FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF8291340]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA75D64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA75D08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA75D0F0]
SSDT sptd.sys ZwQueryKey [0xF8291418]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA75D76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA75D72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA75D8AE]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
.text USBPORT.SYS!DllUnload F7B6162C 5 Bytes JMP 821DE1C8
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F29C
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F330
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F4BD
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F29C
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F330
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F4BD
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[496] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F29C
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F330
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F4BD
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F29C
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F330
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F4BD
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[1764] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F29C
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F330
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F4BD
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F29C
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F330
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F4BD
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Ale\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F828BAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F828BC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F828BB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F828C748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F828C61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F82A129A] sptd.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[644] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[644] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8236C1E8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \FatCdrom 82101410
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbehci \Device\USBPDO-0 820B2440
Device \Driver\dmio \Device\DmControl\DmIoDaemon 823DA1E8
Device \Driver\dmio \Device\DmControl\DmConfig 823DA1E8
Device \Driver\dmio \Device\DmControl\DmPnP 823DA1E8
Device \Driver\dmio \Device\DmControl\DmInfo 823DA1E8
Device \Driver\usbuhci \Device\USBPDO-1 821DD1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{BCD9C92D-E4E9-4804-A580-9DC2D7A8D506} 81CC71E8
Device \Driver\usbuhci \Device\USBPDO-2 821DD1E8
Device \Driver\usbuhci \Device\USBPDO-3 821DD1E8
Device \Driver\usbuhci \Device\USBPDO-4 821DD1E8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\NetBT \Device\NetBT_Tcpip_{B32B3E7D-83D1-4505-A66A-2FA9DFA92A7D} 81CC71E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026@001f5c5b2c10 0xB6 0x07 0x9D 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x18 0x1F 0x26 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0xFE 0x32 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b00026
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b00026@001f5c5b2c10 0xB6 0x07 0x9D 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x18 0x1F 0x26 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0xFE 0x32 0xC4 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.15 ----