Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Il compu si riavvia

Problemi con i sistemi operativi di casa Microsoft? Questa è la sezione che fa per te!

Il compu si riavvia

Messaggioda francescosurya » ven nov 23, 2007 8:42 pm

Mentre uso il compu qualche volta si riavvia automaticamente (es. sto navigando in internet e si riavvia)
Posterò gmer e hijackthis (hijack devo ancora installarlo xchè ho appena formattato ttt e installato Vista Ultimate)



Se sapete aiutarmi!!

Grazie comunque, Francesco.

[uhm] [uhm]

ho 3 Hdd partizionati:
1=Xp programmi
2=Xp SO
3=Vista So
4=Vista Programmi
5=Cassaforte

COn gmer ho fatto solo VIsta So e Vista Programmi!!!
W ANNASOPHIA ROBB
Avatar utente
francescosurya
Senior Member
Senior Member
 
Messaggi: 180
Iscritto il: mer lug 25, 2007 1:15 pm
Località: Vicenza

Messaggioda ste_95 » ven nov 23, 2007 8:56 pm

posta il log di hijackthis
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

gmer

Messaggioda francescosurya » ven nov 23, 2007 9:50 pm

Ecco gmer, domani installo e posto hijack.


GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-23 21:51:39
Windows 6.0.6001 Service Pack 1, v.275


---- System - GMER 1.0.13 ----

SSDT 98DA71C4 ZwCreateThread
SSDT 98DA71B0 ZwOpenProcess
SSDT 98DA71B5 ZwOpenThread
SSDT 98DA71BF ZwTerminateProcess
SSDT 98DA71BA ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.13 ----

.text ntoskrnl.exe!ZwQueryLicenseValue + D05 8185DE59 1 Byte [ 06 ]
.text ntoskrnl.exe!_alloca_probe + 164 8186E468 4 Bytes [ C4, 71, DA, 98 ]
.text ntoskrnl.exe!_alloca_probe + 334 8186E638 4 Bytes [ B0, 71, DA, 98 ]
.text ntoskrnl.exe!_alloca_probe + 350 8186E654 4 Bytes [ B5, 71, DA, 98 ]
.text ntoskrnl.exe!_alloca_probe + 564 8186E868 4 Bytes [ BF, 71, DA, 98 ]
.text ntoskrnl.exe!_alloca_probe + 5C4 8186E8C8 4 Bytes [ BA, 71, DA, 98 ]

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1312] kernel32.dll!SetUnhandledExceptionFilter 77CC5F8C 5 Bytes JMP 67125629 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Windows\System32\rundll32.exe[576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[576] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[576] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[576] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7184196B] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Windows\System32\rundll32.exe[576] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[576] @ C:\Windows\System32\USERENV.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[576] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1628] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1628] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1628] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1628] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1628] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1628] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7184196B] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Windows\System32\rundll32.exe[1628] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1628] @ C:\Windows\System32\USERENV.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1628] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1628] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1628] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1832] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1832] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7184196B] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Windows\System32\rundll32.exe[1832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1832] @ C:\Windows\System32\USERENV.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1832] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[1832] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [68C3E76E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [68C3E9A7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [68C3E8DD] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [68C40209] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [68C3F68D] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [68C3F4B1] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] [68C3FA1F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [68C3E76E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [68C40209] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [68C3E8DD] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [68C3EAFC] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] [68C3E76E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] [68C3E8DD] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] [68C3E9A7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [68C40209] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [68C40209] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [68C3F3A2] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [68C3F973] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [68C3F5B9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [68C3F68D] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [68C35B24] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [68C3E8DD] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [68C3590E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [68C40209] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [68C35710] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [68C3E6B2] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [68C3F8CB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [68C3FB71] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [68C3F68D] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [68C3FA1F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [68C3F4B1] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [68C3F5B9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [68C3E8DD] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [68C3EE1E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [68C40209] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [68C3EDC6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [68C400ED] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] [68C3F973] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [68C3F3A2] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [68C3F5B9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [68C3FACF] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [68C3F4B1] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [68C3F68D] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [68C3FA1F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [68C3FB71] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [68C3F5B9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [68C3F4B1] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [68C3FA1F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [68C3F68D] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [68C3E6B2] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [68C3FC6C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [68C40209] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] [68C3EA8C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [68C3E76E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [68C3E9A7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [68C3E8DD] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [68C3EE1E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [68C3EA8C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [68C40209] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [68C3F68D] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [68C3FA1F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [68C3F4B1] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [68C3FB71] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [68C3F8CB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AccessCheck] [68C3E6B2] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [68C3F310] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [68C3FC6C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [68C3F5B9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!PrivCopyFileExW] [68C3ED62] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] [68C3EA8C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] [68C3E8DD] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [68C40209] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetFileAttributesW] [68C3EE1E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [68C3FC6C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [68C3F4B1] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] [68C3FA1F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [68C3F68D] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [68C40209] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [72F44618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [68C3F4B1] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [68C3FA1F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Administrator\Desktop\SICUREZZA\RootKit Gmer\gmer.exe[3892] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [68C3F68D] C:\Windows\AppPatch\AcGenral.DLL

---- EOF - GMER 1.0.13 ----
W ANNASOPHIA ROBB
Avatar utente
francescosurya
Senior Member
Senior Member
 
Messaggi: 180
Iscritto il: mer lug 25, 2007 1:15 pm
Località: Vicenza


Messaggioda ste_95 » ven nov 23, 2007 9:53 pm

gmer è pulito....attendo domani hijackthis....
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

hijackthis

Messaggioda francescosurya » sab nov 24, 2007 11:03 am

Logfile of HijackThis v1.99.1
Scan saved at 10.39.06, on 24/11/2007
Platform: Unknown Windows (WinNT 6.00.1905 SP1, v.275)
MSIE: Internet Explorer v7.00 (7.00.6001.16659)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\rundll32.exe
G:\Programmi\Nero 8\InCD\NBHGui.exe
G:\Programmi\Nero 8\InCD\InCD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
G:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\SICUREZZA\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] G:\Programmi\Nero 8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] G:\Programmi\Nero 8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "G:\Programmi\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{880750E9-DF23-48E5-A0E2-5F3ACCC526FF}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - G:\Programmi\Nero 8\InCD\InCDsrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - G:\Programmi\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - G:\Programmi\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
W ANNASOPHIA ROBB
Avatar utente
francescosurya
Senior Member
Senior Member
 
Messaggi: 180
Iscritto il: mer lug 25, 2007 1:15 pm
Località: Vicenza

Messaggioda ste_95 » sab nov 24, 2007 11:13 am

anche questo è pulito....dubito sia colpa di un malware...
al riavvio del computer, vai nel visulizzatore eventi e vedi se ci sono errori...postali
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda RaFFoLo » sab nov 24, 2007 12:03 pm

ste_95 ha scritto:dubito sia colpa di un malware


Vero...prova comunque una scansione con questo tool microsoft:
http://www.microsoft.com/italy/security ... fault.mspx

Scansiona con Avast! (o antivirus simile che hai)

Scansiona con Spybot Search & Destroy (o antispyware simile che hai).

Ciao.
Powered by AMD Athlon II X2 3 Ghz | Geforce 8300 | 2 gb DDR-2 1000 Mhz | 300 Gb ATA-100 | Via HD Audio | Windows Seven x64 / OpenSUSE 11
Avatar utente
RaFFoLo
Silver Member
Silver Member
 
Messaggi: 1144
Iscritto il: dom ago 19, 2007 3:16 pm
Località: "(Un)eXPerienced Land"

TT ok

Messaggioda francescosurya » sab nov 24, 2007 7:26 pm

Tutto ok con tutti i programmi che mi avete detto!!!!

Mi sono dimenticato di dirvi che dopo essersi riavviato si apre una finestra di segnalazione errori e mi dice che è un problema Blue Screen, e nn mi ricordo il testo xchè è da un po' che nn mi viene!

Ho anche aggiornato con windows Update i malaware e ho scannerizzato con windows defender ed è tutto ok!!!

Ho anche reinstallato Vista e fino ad adesso non ho riscontrato il problema!!!!


Ciao [:D]
W ANNASOPHIA ROBB
Avatar utente
francescosurya
Senior Member
Senior Member
 
Messaggi: 180
Iscritto il: mer lug 25, 2007 1:15 pm
Località: Vicenza

Messaggioda ste_95 » dom nov 25, 2007 7:43 pm

se il problema si ripresenta sai dove trovarci...[^]

[ciao]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Torna a Sistema Operativo

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising