Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

svchost.exe errore (e disperazione)

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

svchost.exe errore (e disperazione)

Messaggioda raffy » sab set 02, 2006 9:21 am

[cry+]

Salve ragazzi, vi espongo il mio problema:
in maniera del tutto irregolare(piu' volte in un'ora o una volta ogni
tante ore) mi appare una finestrella di errore con su scritto:
"svchost.exe errore di applicazione
si è verificato l'errore di exception eccezione software sconosciuta
(0xc0000409) nell'applicazione alla posizione 0x5bc7a3c0"
risultato di questo errore è la disconnesione automatica da internet
e devo riavviare per riconnettermi...
Ho tentanto tutte le soluzioni che ho trovato nei vari forum ma senza
successo...
Tutti gli antivirus che ho usato non hanno rivelato niente.
L'assistenza mi ha ridato il computer dicendomi che tutto funziona ma
il problema continua...
Sono disperato.... potete dare uno sguardo al log di Hijackthis per cortesia??
GRAZIE IN ANTICIPO



Logfile of HijackThis v1.99.1
Scan saved at 21.31.35, on 01/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
c:\programmi\panda software\panda platinum 2006 internet
security\firewall\PNMSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet
Security\AntiSpam\pskmssvc.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
C:\Documents and Settings\gpiero\Desktop\FixBlast.exe
C:\Documents and Settings\gpiero\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.virgilio.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.pandasoftware.com/redirector ... r&lang=ita
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
= Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {978F954C-3467-5F21-E573-7993B594DABF} -
C:\WINDOWS\skiku1.dll (file missing)
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda
Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmi\Panda Software\Panda
Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sgrx1.exe] C:\WINDOWS\TEMP\sgrx1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: w32.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk =
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/microsoftup ... 6614322343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
-
http://update.microsoft.com/microsoftup ... 6614300812
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software
International - C:\Programmi\Panda Software\Panda Platinum 2006
Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda
Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software
International - C:\Programmi\Panda Software\Panda Platinum 2006
Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software
International - C:\Programmi\Panda Software\Panda Platinum 2006
Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software -
c:\programmi\panda software\panda platinum 2006 internet
security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software -
C:\Programmi\Panda Software\Panda Platinum 2006 Internet
Security\PsImSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service
(default)) - Analog Devices, Inc. - C:\Programmi\Analog
Devices\SoundMAX\SMAgent.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software -
C:\Programmi\Panda Software\Panda Platinum 2006 Internet
Security\TPSrv.exe
Avatar utente
raffy
Neo Iscritto
Neo Iscritto
 
Messaggi: 2
Iscritto il: ven set 01, 2006 8:24 pm

Messaggioda BilloKenobi » sab set 02, 2006 10:02 am

non mi sono immerso nel leggere il log, ma ho notato che sei infetto da LinkOtimizer

scarica questi altri programmi

Ccleaner --- http://download.ccleaner.com/ccsetup132.exe
The Avenger --- http://swandog46.geekstogo.com/avenger.zip
Myuninstaller --- http://www.puntocr.it/index/downloads_r ... d/214.html
GMER --- http://www.gmer.net/files.php


quando li hai scaricati, estrai Gmer, avvialo, e fai uno scan dalla sezione "Autostart". poi clicchi su copia e incolli nella risposta

stessa cosa con la sezione "Rootkit"
Begun the Clone War has
Avatar utente
BilloKenobi
Senior Member
Senior Member
 
Messaggi: 453
Iscritto il: gio ago 10, 2006 11:06 am

Messaggioda crazy.cat » sab set 02, 2006 10:18 am

Visto che androrra24 ha trovato un tools per la rimozione
http://www.MegaLab.it/forum/viewtopic.p ... 595#194595
proviamo prima con quello per vedere se funziona.

X raffy, benvenuto nel forum e facci sapere se risolvi con il tools.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda raffy » sab set 02, 2006 3:58 pm

grazie per l'aiuto...
ho provato il tool di andorra24 ma sembra non funzionare; l'ho lanciato un paio di volte ma ad un certo punto si blocca....

Di seguito allego i log ottenuti con Gmer come suggerito da BilloKenobi:

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-09-02 16:28:36
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe
ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On
SubSystemType=Windows ServerDll=basesrv,1
ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit =
C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\avldr@DLLName = avldr.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft
Shared\VS7DEBUG\MDM.EXE"
PAVFNSVR /*Panda Function Service*/@ = "C:\Programmi\Panda
Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe"
PavPrSrv /*Panda Process Protection Service*/@ = "C:\Programmi\File
comuni\Panda Software\PavShld\pavprsrv.exe"
PAVSRV /*Panda anti-virus service*/@ = "C:\Programmi\Panda
Software\Panda Platinum 2006 Internet Security\pavsrv51.exe"
pmshellsrv /*Panda Antispam Engine*/@ = C:\Programmi\Panda
Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
PNMSRV /*Panda Network Manager*/@ = "c:\programmi\panda software\panda
platinum 2006 internet security\firewall\PNMSRV.EXE"
PREVXAgent /*Prevx Agent*/@ = "C:\Programmi\Prevx1\PXAgent.exe" -f
PSIMSVC /*Panda IManager Service*/@ = "C:\Programmi\Panda
Software\Panda Platinum 2006 Internet Security\PsImSvc.exe"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ =
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
SrvTlo /*SrvTlo*/@ = "C:\Programmi\File comuni\System\QgS.exe"
TPSrv /*Panda TPSrv*/@ = "C:\Programmi\Panda Software\Panda Platinum
2006 Internet Security\TPSrv.exe"
WinNie /*WinNie*/@ = "C:\Programmi\File comuni\System\sJhnI.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@APVXDWIN"C:\Programmi\Panda Software\Panda Platinum 2006 Internet
Security\APVXDWIN.EXE" /s = "C:\Programmi\Panda Software\Panda
Platinum 2006 Internet Security\APVXDWIN.EXE" /s
@SCANINICIO"C:\Programmi\Panda Software\Panda Platinum 2006 Internet
Security\Inicio.exe" = "C:\Programmi\Panda Software\Panda Platinum
2006 Internet Security\Inicio.exe"
@SmappC:\Programmi\Analog Devices\SoundMAX\SMTray.exe =
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe =
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe =
C:\WINDOWS\system32\NeroCheck.exe
@sgrx1.exeC:\WINDOWS\TEMP\sgrx1.exe = C:\WINDOWS\TEMP\sgrx1.exe
@PrevxOneC:\Programmi\Prevx1\PXConsole.exe = C:\Programmi\Prevx1\PXConsole.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background =
"C:\Programmi\Messenger\msmsgs.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video
del Pannello di controllo*/deskpan.dll /*file not found*/ =
deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property
Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous
Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager
Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle
Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL =
C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook
Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL =
C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook
Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL =
C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon
Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll =
C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell
extension*/C:\Programmi\WinRAR\rarext.dll =
C:\Programmi\WinRAR\rarext.dll
@{65756541-C65C-11CD-0000-4B656E696100} /*Panda
Antivirus*/C:\Programmi\Panda Software\Panda Platinum 2006 Internet
Security\PAVOLE.DLL = C:\Programmi\Panda Software\Panda Platinum 2006
Internet Security\PAVOLE.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Panda Antivirus@{65756541-C65C-11CD-0000-4B656E696100} =
C:\Programmi\Panda Software\Panda Platinum 2006 Internet
Security\PAVOLE.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} =
C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Panda Antivirus@{65756541-C65C-11CD-0000-4B656E696100} =
C:\Programmi\Panda Software\Panda Platinum 2006 Internet
Security\PAVOLE.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
@{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}C:\Documents and Settings\All
Users\Dati applicazioni\Prevx\pxbho.dll = C:\Documents and
Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
@{978F954C-3467-5F21-E573-7993B594DABF}C:\WINDOWS\skiku1.dll /*file
not found*/ = C:\WINDOWS\skiku1.dll /*file not found*/

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome =
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start
Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home =
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.virgilio.it/ = http://www.virgilio.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID =
C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information
Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
>>>
000000000001@PackedCatalogItem = C:\Programmi\Panda Software\Panda
Platinum 2006 Internet Security\pavlsp.dll
000000000002@PackedCatalogItem = C:\Programmi\Panda Software\Panda
Platinum 2006 Internet Security\pavlsp.dll
000000000003@PackedCatalogItem = C:\Programmi\Panda Software\Panda
Platinum 2006 Internet Security\pavlsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009@PackedCatalogItem = C:\Programmi\Panda Software\Panda Platinum 2006 Internet
Security\pavlsp.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione
automatica = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.10 ----



GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-02 16:35:49
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT pxfsf.sys
ZwAlertResumeThread
SSDT pxfsf.sys
ZwAllocateUserPhysicalPages
SSDT pxfsf.sys
ZwAllocateVirtualMemory
SSDT pxfsf.sys
ZwClose
SSDT pxfsf.sys
ZwCompactKeys
SSDT pxfsf.sys
ZwCompressKey
SSDT pxfsf.sys
ZwCreateDirectoryObject
SSDT pxfsf.sys
ZwCreateEvent
SSDT pxfsf.sys
ZwCreateEventPair
SSDT pxfsf.sys
ZwCreateFile
SSDT pxfsf.sys
ZwCreateIoCompletion
SSDT pxfsf.sys
ZwCreateJobObject
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS
ZwCreateKey
SSDT pxfsf.sys
ZwCreateMailslotFile
SSDT pxfsf.sys
ZwCreateMutant
SSDT pxfsf.sys
ZwCreateNamedPipeFile
SSDT pxfsf.sys
ZwCreatePort
SSDT pxfsf.sys
ZwCreateProcess
SSDT pxfsf.sys
ZwCreateProcessEx
SSDT pxfsf.sys
ZwCreateSection
SSDT pxfsf.sys
ZwCreateSemaphore
SSDT pxfsf.sys
ZwCreateSymbolicLinkObject
SSDT pxfsf.sys
ZwCreateThread
SSDT pxfsf.sys
ZwCreateTimer
SSDT pxfsf.sys
ZwCreateToken
SSDT pxfsf.sys
ZwDeleteFile
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS
ZwDeleteKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS
ZwDeleteValueKey
SSDT pxfsf.sys
ZwDeviceIoControlFile
SSDT pxfsf.sys
ZwDuplicateObject
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS
ZwEnumerateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS
ZwEnumerateValueKey
SSDT pxfsf.sys
ZwFreeUserPhysicalPages
SSDT pxfsf.sys
ZwFreeVirtualMemory
SSDT pxfsf.sys
ZwImpersonateAnonymousToken
SSDT pxfsf.sys
ZwImpersonateThread
SSDT pxfsf.sys
ZwLoadDriver
SSDT pxfsf.sys
ZwLoadKey
SSDT pxfsf.sys
ZwLoadKey2
SSDT pxfsf.sys
ZwLockRegistryKey
SSDT pxfsf.sys
ZwLockVirtualMemory
SSDT pxfsf.sys
ZwMapViewOfSection
SSDT pxfsf.sys
ZwOpenFile
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS
ZwOpenKey
SSDT pxfsf.sys
ZwOpenProcess
SSDT pxfsf.sys
ZwOpenProcessToken
SSDT pxfsf.sys
ZwOpenSection
SSDT pxfsf.sys
ZwOpenThread
SSDT pxfsf.sys
ZwOpenThreadToken
SSDT pxfsf.sys
ZwProtectVirtualMemory
SSDT pxfsf.sys
ZwQueryInformationProcess
SSDT pxfsf.sys
ZwQueryInformationThread
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS
ZwQueryKey
SSDT pxfsf.sys
ZwQueryMultipleValueKey
SSDT pxfsf.sys
ZwQueryOpenSubKeys
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS
ZwQueryValueKey
SSDT pxfsf.sys
ZwQueueApcThread
SSDT pxfsf.sys
ZwReadFile
SSDT pxfsf.sys
ZwReadVirtualMemory
SSDT pxfsf.sys
ZwRenameKey
SSDT pxfsf.sys
ZwReplaceKey
SSDT pxfsf.sys
ZwRestoreKey
SSDT pxfsf.sys
ZwResumeProcess
SSDT pxfsf.sys
ZwResumeThread
SSDT pxfsf.sys
ZwSaveKey
SSDT pxfsf.sys
ZwSaveKeyEx
SSDT pxfsf.sys
ZwSaveMergedKeys
SSDT pxfsf.sys
ZwSetContextThread
SSDT pxfsf.sys
ZwSetInformationKey
SSDT pxfsf.sys
ZwSetInformationProcess
SSDT pxfsf.sys
ZwSetInformationThread
SSDT pxfsf.sys
ZwSetSystemInformation
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS
ZwSetValueKey
SSDT pxfsf.sys
ZwSuspendProcess
SSDT pxfsf.sys
ZwSuspendThread
SSDT pxfsf.sys
ZwSystemDebugControl
SSDT pxfsf.sys
ZwTerminateJobObject
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
ZwTerminateThread
SSDT pxfsf.sys
ZwUnloadDriver
SSDT pxfsf.sys
ZwUnloadKey
SSDT pxfsf.sys
ZwUnloadKeyEx
SSDT pxfsf.sys
ZwUnlockVirtualMemory
SSDT pxfsf.sys
ZwUnmapViewOfSection
SSDT pxfsf.sys
ZwWriteFile
SSDT \??\C:\WINDOWS\system32\PavSRK.sys
ZwWriteVirtualMemory

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE
[F95CA810] ShldDrv.SYS
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA
[F95CABD8] ShldDrv.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE
[F95CA7D2] ShldDrv.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA
[F95CAB9A] ShldDrv.SYS
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE
[F95CA7D2] ShldDrv.SYS
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA
[F95CAB9A] ShldDrv.SYS

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume
Information\_restore{BDB1EC6F-D127-4A28-83A2-262C1D8B506C}
File F:\System Volume Information\MountPointManagerRemoteDatabase
File F:\System Volume Information\tracking.log
File F:\System Volume
Information\_restore{167E266E-6D1B-40D9-96E1-07BBDC9347CC}
File F:\System Volume
Information\_restore{365ED133-C3A3-4569-81F4-D5DAF813838F}
File F:\System Volume
Information\_restore{BDB1EC6F-D127-4A28-83A2-262C1D8B506C}

---- EOF - GMER 1.0.10 ----
Avatar utente
raffy
Neo Iscritto
Neo Iscritto
 
Messaggi: 2
Iscritto il: ven set 01, 2006 8:24 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Majestic-12 [Bot] e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising