Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

firefox apre pagine web involontarie durante navigazione.

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

firefox apre pagine web involontarie durante navigazione.

Messaggioda zanzibarzaza » mar nov 13, 2007 10:39 pm

Ciao a tutti, mi sono appena iscritto per cercare di risolvere il mio problema riguardo l'apertura involontaria di pagine web durante la navigazione in internet con il browser mozzila firefox. Alcune volte firefox mi avvisa trattasi di phishing e mi invita ad allontanarmi dalla pagina web, altre volte invece durante la navigazione si aprono e si sovrappongono altre pagine web sempre diverse tra di loro...
Ho provato "giuro" a fare una ricerca prima di aprire un nuovo argomento, ma non sono molto esperto e ho appreso solo in parte il dafarsi... tipo... sono riuscito a copiare 1 logfile di hijackthis e 1 logfile di gmer che vi incollo qui sotto...
Ho provato a fare girare ad-aware e spybot in modalità provvisoria e con ripristino configurazione di sistema disattivato...ma non ho risolto il mio problema,windows xp è aggiornato da windows update e il suo firewall e attivo,ho avast antivirus aggiornato e attivo..... mi aiutate per favore [cry+]
Grazie mille in anticipo per l'interesse.
-----------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21.42.06, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\davide\IMPOST~1\Temp\Rar$EX00.125\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 65.75.216.6 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.54 www.winmx.com err.winmx.com
O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com
O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com
O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O1 - Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net
O1 - Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net
O1 - Hosts: 82.43.229.238 test2.winmxgroup.net
O1 - Hosts: 205.238.40.1 test3.winmxgroup.net
O1 - Hosts: 205.238.40.2 test4.winmxgroup.net
O1 - Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net
O1 - Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net
O1 - Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net
O1 - Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net
O1 - Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{43948E41-CE93-44DF-A359-5BDC7AEAB32D}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{43948E41-CE93-44DF-A359-5BDC7AEAB32D}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{43948E41-CE93-44DF-A359-5BDC7AEAB32D}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
-----------------------------------------------------------------------------------------------
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-13 22:06:27
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\system32\csrss.exe[576] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\csrss.exe[576] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\csrss.exe[576] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\csrss.exe[576] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\services.exe[644] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\services.exe[644] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\services.exe[644] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\services.exe[644] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\System32\svchost.exe[924] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\System32\svchost.exe[924] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\System32\svchost.exe[924] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\System32\svchost.exe[924] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\DOCUME~1\davide\IMPOST~1\Temp\Rar$EX00.000\gmer.exe[1208] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\DOCUME~1\davide\IMPOST~1\Temp\Rar$EX00.000\gmer.exe[1208] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\DOCUME~1\davide\IMPOST~1\Temp\Rar$EX00.000\gmer.exe[1208] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\DOCUME~1\davide\IMPOST~1\Temp\Rar$EX00.000\gmer.exe[1208] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\Explorer.EXE[1376] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\Explorer.EXE[1376] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\Explorer.EXE[1376] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\Explorer.EXE[1376] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1404] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1404] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1404] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1404] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1452] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0243200E
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1452] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 02431DAF
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1452] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 02431CF2
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1452] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0243191B
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Mozilla Firefox\firefox.exe[1768] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Mozilla Firefox\firefox.exe[1768] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Mozilla Firefox\firefox.exe[1768] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Mozilla Firefox\firefox.exe[1768] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Mozilla Firefox\firefox.exe[1768] WS2_32.dll!send 71A3428A 5 Bytes JMP 100030E6
.text C:\Programmi\Mozilla Firefox\firefox.exe[1768] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 100032CC
.text C:\Programmi\Mozilla Firefox\firefox.exe[1768] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 100035BC
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1796] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1796] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1796] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1796] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[1832] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[1832] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[1832] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[1832] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1880] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1880] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1880] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1880] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe[1896] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe[1896] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe[1896] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe[1896] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\ctfmon.exe[1920] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\ctfmon.exe[1920] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\ctfmon.exe[1920] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\ctfmon.exe[1920] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Messenger\msmsgs.exe[1928] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Messenger\msmsgs.exe[1928] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Messenger\msmsgs.exe[1928] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Messenger\msmsgs.exe[1928] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\documents and settings\davide\impostazioni locali\dati applicazioni\iabwxklgbd.exe[1936] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\documents and settings\davide\impostazioni locali\dati applicazioni\iabwxklgbd.exe[1936] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\documents and settings\davide\impostazioni locali\dati applicazioni\iabwxklgbd.exe[1936] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\documents and settings\davide\impostazioni locali\dati applicazioni\iabwxklgbd.exe[1936] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\WinRAR\WinRAR.exe[3628] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\WinRAR\WinRAR.exe[3628] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\WinRAR\WinRAR.exe[3628] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\WinRAR\WinRAR.exe[3628] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F433BF76] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F433A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F433A812] aswMon2.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8D542C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8D542C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F8D548E6] aswTdi.SYS

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82AC92F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82BCB958
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82AC92F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82BCB958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B5C5B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B5C5B8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B5C5B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82B5C5B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B5C5B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B5C5B8
Device \Driver\usbstor \Device\00000073 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8C0595C] sfsync03.sys
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 82AC92F8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 82BCB958
Device \Driver\usbstor \Device\00000074 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8C0595C] sfsync03.sys
Device \Driver\usbstor \Device\00000075 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8C0595C] sfsync03.sys
Device \Driver\usbstor \Device\00000076 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8C0595C] sfsync03.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8D542C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8D542C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F8D548E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA
VIVA LA LIBERTA'
Avatar utente
zanzibarzaza
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: mar nov 13, 2007 9:14 pm
Località: milano

Messaggioda djlino » mar nov 13, 2007 11:52 pm

ciao e ben arrivato.... [^]

non essendo un gran esperto di log, l'unico consiglio che ti do è di pulire un po' il tuo pc dai cookies-file temporanei e altri....magari con ccleaner...

poi per il resto come ho detto non sono ancora esperto con l'identificazione nei log....
tu devi fartela...non è la vita che ti fa fra!!!!
video da vedere assolutamente: http://www.stupidexe.com/files/the_stor ... p?lang=ita
Avatar utente
djlino
Bronze Member
Bronze Member
 
Messaggi: 995
Iscritto il: gio gen 25, 2007 7:59 pm
Località: Madonna di Campiglio

Messaggioda kap » mer nov 14, 2007 12:57 am

Dal log di hijackthis si presume che tu sia un devoto alla setta WinMx... a parte qualche file missing che ti inviterei a togliere(non è essenziale, ma è questione di pulizia) il resto del log è pulito.

Come già suggerito da djlino svuota i cookie, i file temporanei e fai una passata con ccleaner.

Per il controllo del log di gMer devi aspettare i security's guru.

p.s1: potresti rifare la scansione con hijackthis(magari con la versione aggiornata che trovi qui) tenendo tutti i programmi chiusi(eccetto quelli della traybar) ?

p.s2: fai una passata con A-squared(ovviamente aggiornandolo) e con Spybot search and destroy (avendo cura, come il precedente software, di aggiornarlo)




ciau e facce sapè!!

p.s3(speriamo sia l'ultimo): BENVENUTO NEL FORUM!!!! [:)]
In bocca al lupo per tutto ragazzi
Avatar utente
kap
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2876
Iscritto il: lun ott 09, 2006 11:10 am
Località: car el me car milan


Messaggioda crazy.cat » mer nov 14, 2007 9:07 am

sia gmer che hijackthis sono a posto.

Per bloccare tante pagine pubblicitarie e pseudo tali, una buona soluzione e' l'estensione Adblock (o adblock plus non mi ricordo piu' il nome).

La scansione p.s1: che ti hanno consigliato falla che non fa sicuramente male.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: firefox apre pagine web involontarie durante navigazione

Messaggioda Pacopas » mer nov 14, 2007 10:31 am

zanzibarzaza ha scritto:altre volte invece durante la navigazione si aprono e si sovrappongono altre pagine web sempre diverse tra di loro...


ciao
a volte capita di permettere per sbaglio a firefox di abilitare la possibilità di aprire popup su alcuni siti, so che la domanda è sciocca, ma hai verificato?
considerando che il pc sembra pulito (se lo dice crazy puoi scommetterci), potrebbe essere un opzione...
per capire come fare, leggi qui schermata "contenuti punto 1".

una buona soluzione e' l'estensione Adblock (o adblock plus non mi ricordo piu' il nome)


esistono entrambe ma Adblock plus è superiore alla prima, che ormai risulta obsoleta e inadatta a mio avviso.

link

anche se a dirla tutta non serve proprio a questo scopo, toglie la pubblicità, ma non è escluso che possa servire, con alcuni tipi di banner
alla fine... ogni uomo considera i limiti della propria visione personale come i limiti del mondo...
Avatar utente
Pacopas
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 6708
Iscritto il: mer ott 05, 2005 12:44 am

Messaggioda zanzibarzaza » gio nov 15, 2007 7:16 pm

Ciao ragazzi, scusate il ritardo ma tra il lavoro la casa la ragazza..... il pc passa in secondo piano...
Allora, le impostazioni del browser sono ok., ho seguito la guida.
Pulizia con ccleaner fatta.
Scansione con hijackthis versione aggiornata fatta (allegata di seguito).
Scansione con A-squred "aggiornato" fatta, ha trovato qualche "trace.trakingCookie" che ho provveduto ad eliminare (allegata di seguito).
Scansione con spyBoot e adAware "aggiornati" fatta.
Rifatto scansione con Gmer che alla fine mi dice "warning gmer has found system modification caused by rootkit activity" (vi riallego la scansione di segiuito), ho notato poi, nella sez. process di gmer un processo strano "evidenziato in rosso" (C:\Documents and Setting\davide\impostazioni locali\Dati applicazioni\iabwxklgbd.exe) è pericoloso????
COMUNQUE PROBLEMA ANCORA ATTIVO!!, durante la navigazione, ogni tanto mi si aprono automaticamente pagine web che si sovrappongono a quella corrente (ho notato principalmente la h.page di sky e altre che non ricordo bene).
Che si fa? [uhm]
Sta diventado una questione di principio.... [nonono]
Grazie ancora per l'interesse...
---------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.56.50, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\davide\IMPOST~1\Temp\Rar$EX11.953\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{43948E41-CE93-44DF-A359-5BDC7AEAB32D}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{43948E41-CE93-44DF-A359-5BDC7AEAB32D}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{43948E41-CE93-44DF-A359-5BDC7AEAB32D}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 10052 bytes
-------------------------------------------------------------------------------------------

a-squared Free - Version 3.0
Last update: 15/11/2007 0.58.13

Impostazioni scansione:

Oggetti: Memoria, Tracce, Cookies, C:\, D:\
Archivio scansioni: On
Scientifico: On
ADS Scan: On

Scansione avviata: 15/11/2007 1.00.21

C:\Documents and Settings\davide\Cookies\davide@2o7[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\davide\Cookies\davide@media.intelia[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\davide\Dati applicazioni\Mozilla\Firefox\Profiles\csamqqdb.default\cookies.txt:9 rilevati: Trace.TrackingCookie

Scansionati

Files: 142129
Tracce: 339607
Cookies: 30
Processi: 23

Rilevato

Files: 0
Tracce: 0
Cookies: 3
Processi: 0
Chiavi registro: 0

Fine scansione: 15/11/2007 1.49.06
Tempo scansione: 0.48.45
----------------------------------------------------------------------------------------

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-15 18:33:03
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.13 ----

.text C:\DOCUME~1\davide\IMPOST~1\Temp\Rar$EX11.782\gmer.exe[216] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\DOCUME~1\davide\IMPOST~1\Temp\Rar$EX11.782\gmer.exe[216] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\DOCUME~1\davide\IMPOST~1\Temp\Rar$EX11.782\gmer.exe[216] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\DOCUME~1\davide\IMPOST~1\Temp\Rar$EX11.782\gmer.exe[216] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\a-squared Free\a2service.exe[468] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\a-squared Free\a2service.exe[468] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\a-squared Free\a2service.exe[468] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\a-squared Free\a2service.exe[468] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\csrss.exe[604] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\csrss.exe[604] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\csrss.exe[604] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\csrss.exe[604] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1368] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1368] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1368] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1368] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1468] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1468] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1468] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1468] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\Explorer.EXE[1484] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\Explorer.EXE[1484] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\Explorer.EXE[1484] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\Explorer.EXE[1484] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\spoolsv.exe[1720] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\spoolsv.exe[1720] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\spoolsv.exe[1720] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\spoolsv.exe[1720] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[1760] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[1760] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[1760] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[1760] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1792] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1792] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1792] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1792] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe[1812] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe[1812] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe[1812] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe[1812] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\ctfmon.exe[1836] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\ctfmon.exe[1836] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\ctfmon.exe[1836] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\ctfmon.exe[1836] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Messenger\msmsgs.exe[1852] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Messenger\msmsgs.exe[1852] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Messenger\msmsgs.exe[1852] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Messenger\msmsgs.exe[1852] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1888] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1888] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1888] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1888] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\documents and settings\davide\impostazioni locali\dati applicazioni\iabwxklgbd.exe[1892] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\documents and settings\davide\impostazioni locali\dati applicazioni\iabwxklgbd.exe[1892] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\documents and settings\davide\impostazioni locali\dati applicazioni\iabwxklgbd.exe[1892] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\documents and settings\davide\impostazioni locali\dati applicazioni\iabwxklgbd.exe[1892] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\WinRAR\WinRAR.exe[2992] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\WinRAR\WinRAR.exe[2992] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\WinRAR\WinRAR.exe[2992] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\WinRAR\WinRAR.exe[2992] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F41CCF76] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F41CB812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F41CB812] aswMon2.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8D642C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8D642C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F8D648E6] aswTdi.SYS

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82AEB678
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82AE9A90
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82AEB678
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82AE9A90
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AE85C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AE85C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AE85C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82AE85C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AE85C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AE85C0
Device \Driver\usbstor \Device\00000073 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8C0595C] sfsync03.sys
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 82AEB678
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 82AE9A90
Device \Driver\usbstor \Device\00000074 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8C0595C] sfsync03.sys
Device \Driver\usbstor \Device\00000075 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8C0595C] sfsync03.sys
Device \Driver\usbstor \Device\00000076 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8C0595C] sfsync03.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8D642C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8D642C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F8D648E6] aswTdi.SYS
AttachedDevice \Driver\T
VIVA LA LIBERTA'
Avatar utente
zanzibarzaza
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: mar nov 13, 2007 9:14 pm
Località: milano

Messaggioda crazy.cat » gio nov 15, 2007 7:24 pm

zanzibarzaza ha scritto:ho notato poi, nella sez. process di gmer un processo strano "evidenziato in rosso" (C:\Documents and Setting\davide\impostazioni locali\Dati applicazioni\iabwxklgbd.exe) è pericoloso????

Si vede che sono troppo impegnato in questi giorni, mi era sfuggito nel primo log.
si è pericoloso quel file, solo quello viene dato in rosso o c'è dell'altro?
Puoi rimuovere il file usando unlocker o killbox.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda zanzibarzaza » gio nov 15, 2007 7:27 pm

.....sembra solo quello, ora lo disrtuggo e poi ti faccio sapere...... [devil]
VIVA LA LIBERTA'
Avatar utente
zanzibarzaza
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: mar nov 13, 2007 9:14 pm
Località: milano

Messaggioda zanzibarzaza » gio nov 15, 2007 7:32 pm

Scusa, ma se vado nella sez process di gmer e faccio kilproces va bene? o devo rifare la scansione? xchè io killbox o unlooker non li vedo....
VIVA LA LIBERTA'
Avatar utente
zanzibarzaza
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: mar nov 13, 2007 9:14 pm
Località: milano

Messaggioda crazy.cat » gio nov 15, 2007 7:35 pm

Killproces serve solo a chiudere il processo in quel momento, non elimina il file.

Unlocker
http://ccollomb.free.fr/unlocker/

Killbox
http://killbox.net/
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda zanzibarzaza » gio nov 15, 2007 7:54 pm

scusa l'ignoranza ma killbox mi chiede che file voglio cancellare ma pur seguendo il percorso non riesco a trovare niente.... come si usa killbox??
VIVA LA LIBERTA'
Avatar utente
zanzibarzaza
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: mar nov 13, 2007 9:14 pm
Località: milano

Messaggioda zanzibarzaza » ven nov 16, 2007 12:06 am

aiutooooo proprio non ci riesco come faccio ad eliminare il processo definitivamente con kill box??????
VIVA LA LIBERTA'
Avatar utente
zanzibarzaza
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: mar nov 13, 2007 9:14 pm
Località: milano

Messaggioda ste_95 » ven nov 16, 2007 7:16 am

con avenger inserisci questo script:

Files to delete:
C:\Documents and Setting\davide\impostazioni locali\Dati applicazioni\iabwxklgbd.exe
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda zanzibarzaza » ven nov 16, 2007 5:59 pm

HO provato con avenger ma mi sa che c'e' stato qualche problema, allego il risultato....

------------------------------------------------------------------------------------
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rwnrwqjg

*******************

Script file located at: \??\C:\WINDOWS\kmspghrv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\Documents and Setting\davide\impostazioni locali\Dati applicazioni\iabwxklgbd.exe for deletion
Deletion of file C:\Documents and Setting\davide\impostazioni locali\Dati applicazioni\iabwxklgbd.exe failed!

Could not process line:
C:\Documents and Setting\davide\impostazioni locali\Dati applicazioni\iabwxklgbd.exe
Status: 0xc000003a


Completed script processing.

*******************

Finished! Terminate.
VIVA LA LIBERTA'
Avatar utente
zanzibarzaza
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: mar nov 13, 2007 9:14 pm
Località: milano

Messaggioda crazy.cat » ven nov 16, 2007 6:04 pm

Non lo ha cancellato, se vai a vedere in quella cartella il file e' presente?
Oppure ha magari cambiato nome?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda zanzibarzaza » ven nov 16, 2007 7:01 pm

.....no nel percorso sospetto no c'e' il file "iabwxklgbd.exe"....

volevo allegare un immagine dellla cartella aperta con "carica un file" per far vedere che file ci sono ma non riesco, anche se il file jpeg e inferiopre a 2 mb.....
VIVA LA LIBERTA'
Avatar utente
zanzibarzaza
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: mar nov 13, 2007 9:14 pm
Località: milano

Messaggioda ste_95 » ven nov 16, 2007 8:49 pm

visulizzi i files nascosti e di sistema?

perché dice che non ha potuto eliminarlo...non che non lo ha trovato..giusto?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda crazy.cat » sab nov 17, 2007 8:22 am

zanzibarzaza ha scritto:.....no nel percorso sospetto no c'e' il file "iabwxklgbd.exe"....

volevo allegare un immagine dellla cartella aperta con "carica un file" per far vedere che file ci sono ma non riesco, anche se il file jpeg e inferiopre a 2 mb.....


Le immagini grosse le puoi caricare su uno di questi siti
http://www.MegaLab.it/2995/2
e poi posti nella discussione il link della foto.

Prova a vedere se uno di questi programmi lo trova e rimuove
http://www.MegaLab.it/2714/2
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda zanzibarzaza » sab nov 17, 2007 1:34 pm

ecco cosa c'e' nella cartella del percorso sospetto......Immagine
VIVA LA LIBERTA'
Avatar utente
zanzibarzaza
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: mar nov 13, 2007 9:14 pm
Località: milano

Messaggioda ste_95 » sab nov 17, 2007 1:40 pm

i file nascosti li vedi, e quelli di sistema?

presumo che il problema ci sia ancora...giusto?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising