| Precedente :: Successivo |
| Autore |
Messaggio |
kevin
Moderatore Caffè dell'Olimpo
Registrato: 08/02/07 10:52
Messaggi: 15785
Residenza: Qui se guardi da lì
|
 Inviato: 02 Apr 2007 15:59 Oggetto: non riesco più a girare per l'olimpo! |
 |
|
un cordiale saluto ad Orange  e Smjert 
sono di nuovo qui 
come da consiglio di utenti più capaci di me (4683 attualmente)
vi posto il log per questi miei
problemi che mi fanno impazzire, sarà Zeus che non mi sopporta più? grazie 
Logfile of HijackThis v1.99.1
Scan saved at 15.34.45, on 02/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\C HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PE2CKFNT SE] "C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166887521281
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
grazie mille
PS modifica x malfunzionamento, scusate |
|
| Top |
|
 |
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 02 Apr 2007 16:17 Oggetto: |
|
|
ciao Kevin 
mi fà sempre piacere di reincontrarti, ma non in questa sezione
comunque ti è andata bene. il log è pulitissimo.
Puoi descriverlo il tuo problema? Cliccando sul link vedo solo la pagina bianca  |
|
| Top |
|
|
kevin
Moderatore Caffè dell'Olimpo
Registrato: 08/02/07 10:52
Messaggi: 15785
Residenza: Qui se guardi da lì
|
| Inviato: 02 Apr 2007 16:34 Oggetto: |
|
|
ciao Orange, scusami ma ho fatto un macello ma poi ho modificato,
comunque mi spiego.
quando entro nell'olimpo (con IE) il più delle volte è lentissimo, e spesso
mi esce: impossibile visualizzare la pagina.
ti faccio un esempio: sono al caffè, clicco su indice del forum, e succede che va lentamente, troppo, o addirittura si perde.
se sono con Opera, si bloccano i numeri in alto che scorrono, o a metà strada, o non girano, e rimango bloccato lì dov'ero.
ho provato anche ad installare FF, ma di tre browser, non ne andava
neanche uno.
eppure sono andato sempre bene con IE, boo?!
alterna momenti di regolare funzionamento ad altri che proprio non vanno.
ecco, spero si capisca. grazie! |
|
| Top |
|
|
chemicalbit
Dio maturo
Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
|
| Inviato: 02 Apr 2007 16:56 Oggetto: |
|
|
Ti succede solo con l'Olimpo Informatico?
col resto del sito ZeusNews mai? e con altri siti? |
|
| Top |
|
|
kevin
Moderatore Caffè dell'Olimpo
Registrato: 08/02/07 10:52
Messaggi: 15785
Residenza: Qui se guardi da lì
|
| Inviato: 02 Apr 2007 17:01 Oggetto: |
|
|
| Citazione: | | Ti succede solo con l'Olimpo Informatico? |
esatto chem, mi capita solo qua! 
| Citazione: | | col resto del sito ZeusNews mai? e con altri siti? |
 non conosco il resto del sito
con altri siti no, a parte imageshack, una fatica.!..mentre su altri forum si
ad esempio ora ho riavviato ed un pò va, non riuscivo più a muovermi |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 02 Apr 2007 17:15 Oggetto: |
|
|
ora ho capito.
di sicuro non è per l'incompatibilità dei browser (io li uso tutti e 3 senza nessun problema)
le probabili cause posono essere
problemi di linea, malfunzionamento del modem...
un rootkit....
stavo per consigliarti lo scan con Kaspersky , ma ho ripensato...
scarica AVG AntiRootkit fai la scansione e dimmi se ti trova qualcosa.. |
|
| Top |
|
|
kevin
Moderatore Caffè dell'Olimpo
Registrato: 08/02/07 10:52
Messaggi: 15785
Residenza: Qui se guardi da lì
|
| Inviato: 02 Apr 2007 17:50 Oggetto: |
|
|
grazie, ho fatto ma non ha trovato niente.
mi ha detto: congratulations.
mi riesce sempre più difficile spostarmi. |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 02 Apr 2007 18:23 Oggetto: |
|
|
......
Kevin non ti staro a seccare con lo scan di Kaspersky. Ho visto che hai già installato controlli ActiveX per Panda scan.
puoi fare quella scansione?
eccoti un'altro compito: scarica Gmer e fai lo scan dal tab Rootkit
posta il risultato |
|
| Top |
|
|
kevin
Moderatore Caffè dell'Olimpo
Registrato: 08/02/07 10:52
Messaggi: 15785
Residenza: Qui se guardi da lì
|
| Inviato: 02 Apr 2007 19:12 Oggetto: |
|
|
Panda sta lavorando e...per ora:
Spyware n. 7
hacking tools and rootkits n. 1
p.s. ma ho capito male o per toglierli vuole 12.95?
Orange....che si fa ora? |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 02 Apr 2007 21:42 Oggetto: |
|
|
| kevin ha scritto: |
p.s. ma ho capito male o per toglierli vuole 12.95?
|
no,no hai capito bene...! (io chiedo molto di più...  )
| Citazione: | | che si fa ora? |
ora mi serve il risultato della scansione...
riprova anche con Gmer (ho cambiato il link)
ignora le segnalazioni del tuo antivirus... |
|
| Top |
|
|
kevin
Moderatore Caffè dell'Olimpo
Registrato: 08/02/07 10:52
Messaggi: 15785
Residenza: Qui se guardi da lì
|
| Inviato: 02 Apr 2007 22:01 Oggetto: |
|
|
| Citazione: | | ora mi serve il risultato della scansione... |
se è quello di panda che mi chiedi,
non so dove pescarlo
gmer sta lavorando, io ho ignorato eh?! ma che tortura.
ora gmer ha finito, devo postarti quella lunga fila che ha fatto o solo i due in rosso? |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 02 Apr 2007 22:18 Oggetto: |
|
|
| kevin ha scritto: | | ora gmer ha finito, devo postarti quella lunga fila che ha fatto o solo i due in rosso? |
mi serve tutto.
sai come fare?
quando Gmer ha terminato lo scan, clicca su Copy
ora apri il blocco notes di Windows (da Tutti i programmi/Accessori)
con tasti Ctrl+V incolli dentro il log e salva il file.
il log di Panda l'hai salvato?
prova a cercarlo con "Cerca".. |
|
| Top |
|
|
kevin
Moderatore Caffè dell'Olimpo
Registrato: 08/02/07 10:52
Messaggi: 15785
Residenza: Qui se guardi da lì
|
| Inviato: 02 Apr 2007 22:37 Oggetto: |
|
|
non ti arrabbiare, non so s'è giusto così, è un ...Km.
vvvGMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-04-02 22:31:58
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT Vax347b.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT Vax347b.sys ZwSetSystemPowerState
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]
Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.12 ----
.text ntoskrnl.exe!KiDispatchInterrupt + 100 804DC962 7 Bytes JMP F5794CD0 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!IoIsOperationSynchronous 804EAF7E 5 Bytes JMP F5791C50 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F3BF9 5 Bytes JMP F5791760 \??\C:\WINDOWS\system32\drivers\klif.sys
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\explorer.exe[1808] SHELL32.dll!StrStrW + FFE2DA3E 7C9D8920 4 Bytes [ D2, 04, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1808] SHELL32.dll!StrStrW + FFE2DAB6 7C9D8998 4 Bytes [ FC, 04, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1808] SHELL32.dll!StrStrW + FFE33B16 7C9DE9F8 4 Bytes [ 04, 03, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1808] SHELL32.dll!StrStrW + FFE33B26 7C9DEA08 4 Bytes [ 00, 04, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1808] SHELL32.dll!StrStrW + FFE34A66 7C9DF948 4 Bytes [ 54, 04, FF, 00 ]
.text ...
.text C:\WINDOWS\explorer.exe[1808] SHELL32.dll!ILLoadFromStream + 54F 7CA16334 4 Bytes [ 50, 05, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1808] SHELL32.dll!ILLoadFromStream + 65F 7CA16444 4 Bytes [ 26, 05, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1808] SHELL32.dll!DAD_ShowDragImage + 2384 7CA19E7C 4 Bytes [ 6E, 08, FF, 00 ]
.text C:\Programmi\Internet Explorer\iexplore.exe[1928] USER32.dll!DialogBoxParamW 77D2662C 5 Bytes JMP 7E1FF205 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1928] USER32.dll!DialogBoxIndirectParamW 77D32043 5 Bytes JMP 7E38FEBF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1928] USER32.dll!MessageBoxIndirectA 77D3A05A 5 Bytes JMP 7E38FE40 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1928] USER32.dll!DialogBoxParamA 77D3B11C 5 Bytes JMP 7E38FE84 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1928] USER32.dll!MessageBoxExW 77D50538 5 Bytes JMP 7E38FDCC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1928] USER32.dll!MessageBoxExA 77D5055C 5 Bytes JMP 7E38FE06 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1928] USER32.dll!DialogBoxIndirectParamA 77D56CAD 5 Bytes JMP 7E38FEFA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1928] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 7E2215DA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1928] ole32.dll!WdtpInterfacePointer_UserFree + FFEDD21B 774B2148 4 Bytes [ 94, 09, 11, 06 ]
.text C:\Programmi\Internet Explorer\iexplore.exe[1928] ole32.dll!WdtpInterfacePointer_UserFree + FFEDD233 774B2160 4 Bytes [ 0A, 0C, 11, 06 ]
.text C:\Programmi\Internet Explorer\iexplore.exe[1928] ole32.dll!WdtpInterfacePointer_UserFree + FFEDD257 774B2184 4 Bytes [ 6A, 09, 11, 06 ]
.text C:\Programmi\Internet Explorer\iexplore.exe[1928] ole32.dll!WdtpInterfacePointer_UserFree + FFEE6FEF 774BBF1C 4 Bytes [ 16, 09, 11, 06 ]
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8575DB60
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 852B7120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 852B7120
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 853014D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 852B7120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 852B7120
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_READ 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 852B7008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 03 Apr 2007 08:12 Oggetto: |
|
|
il log non è completo
se non entra nel post lo puoi mettere su http://www.mytempdir.com/
metti poi il link, dove lo posso trovare.
log di Panda dov'è?
al limite rifai la scansione.
Kevin, mi devi dare i più informazioni possibili, senno c'è poco che posso fare.... |
|
| Top |
|
|
kevin
Moderatore Caffè dell'Olimpo
Registrato: 08/02/07 10:52
Messaggi: 15785
Residenza: Qui se guardi da lì
|
| Inviato: 03 Apr 2007 15:10 Oggetto: |
|
|
sto riscansionando con panda, spero solo di riuscire a salvare il log
ora ha trovato anche 1 dialers, boo??? |
|
| Top |
|
|
chemicalbit
Dio maturo
Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
|
| Inviato: 03 Apr 2007 16:21 Oggetto: |
|
|
Ma Panda salva in automatico il log,
o bisogna fare qualche operazione?
(io non l'ho mai usato) |
|
| Top |
|
|
kevin
Moderatore Caffè dell'Olimpo
Registrato: 08/02/07 10:52
Messaggi: 15785
Residenza: Qui se guardi da lì
|
| Inviato: 03 Apr 2007 16:30 Oggetto: |
|
|
a me pare che dia una semplice tabella con il totale di quello che trova
senza specificare, più o meno così:
virus- n. 0
spyware- n. 8
hacking stools and rooktis n. 3
dialer n. 1
modificato 2 volte, manmano che aumentano. |
|
| Top |
|
|
kevin
Moderatore Caffè dell'Olimpo
Registrato: 08/02/07 10:52
Messaggi: 15785
Residenza: Qui se guardi da lì
|
| Inviato: 03 Apr 2007 17:13 Oggetto: |
|
|
raghi, ce l'ho fatta, ecco il log di Panda
Incident Status Location
Potentially unwanted tool:application/mywebsearch Not disinfected c:\programmi\MyWebSearch
Dialer:dialer.min Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF}
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Osvi\Cookies\osvi@doubleclick[1].txt
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Osvi\Dati applicazioni\Cake eq seek\Antioneamen.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Osvi\Dati applicazioni\Cake eq seek\rjfjzwim.exe
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Osvi\Dati applicazioni\Mozilla\Firefox\Profiles\pmyqky1t.default\cookies.txt.old[.com.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Osvi\Dati applicazioni\Mozilla\Firefox\Profiles\pmyqky1t.default\cookies.txt.old[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Osvi\Dati applicazioni\Mozilla\Firefox\Profiles\pmyqky1t.default\cookies.txt.old[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Osvi\Dati applicazioni\Mozilla\Firefox\Profiles\pmyqky1t.default\cookies.txt.old[.fastclick.net/]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Osvi\Desktop\Icone di Servizio\SmileyCentralPFSetup2.2.60.6.exe
Adware:Adware/SweetBar Not disinfected C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
P.S vedete che c'è Antioneamen, avevo aperto un 3D,per quello. |
|
| Top |
|
|
kevin
Moderatore Caffè dell'Olimpo
Registrato: 08/02/07 10:52
Messaggi: 15785
Residenza: Qui se guardi da lì
|
| Inviato: 03 Apr 2007 17:45 Oggetto: |
|
|
piano piano  ci riesco calma che aggiusto S\s\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT Vax347b.sys ZwSetSystemPowerState
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]
Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.12 ----
.text ntoskrnl.exe!KiDispatchInterrupt + 100 804DC962 7 Bytes JMP F577CCD0 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!IoIsOperationSynchronous 804EAF7E 5 Bytes JMP F5779C50 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F3BF9 5 Bytes JMP F5779760 \??\C:\WINDOWS\system32\drivers\klif.sys
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\explorer.exe[1884] SHELL32.dll!StrStrW + FFE2DA3E 7C9D8920 4 Bytes [ D2, 04, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1884] SHELL32.dll!StrStrW + FFE2DAB6 7C9D8998 4 Bytes [ FC, 04, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1884] SHELL32.dll!StrStrW + FFE33B16 7C9DE9F8 4 Bytes [ 04, 03, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1884] SHELL32.dll!StrStrW + FFE33B26 7C9DEA08 4 Bytes [ 00, 04, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1884] SHELL32.dll!StrStrW + FFE34A66 7C9DF948 4 Bytes [ 54, 04, FF, 00 ]
.text ...
.text C:\WINDOWS\explorer.exe[1884] SHELL32.dll!ILLoadFromStream + 54F 7CA16334 4 Bytes [ 50, 05, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1884] SHELL32.dll!ILLoadFromStream + 65F 7CA16444 4 Bytes [ 26, 05, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1884] SHELL32.dll!DAD_ShowDragImage + 2384 7CA19E7C 4 Bytes [ 94, 09, FF, 00 ]
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 857CAB10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 84C60C68
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8546C008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8546C008
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 850BC6F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8546C008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8546C008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_READ 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 854075F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 854075F8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT |
|
| Top |
|
|
kevin
Moderatore Caffè dell'Olimpo
Registrato: 08/02/07 10:52
Messaggi: 15785
Residenza: Qui se guardi da lì
|
| Inviato: 03 Apr 2007 18:03 Oggetto: |
 |
|
ora spacco tutto
IE,Opera,poi la password 100 volte
proviamo così
http://www.mytempdir.com/1281139 (download ciccio)
scusate il post precedente
ma sono un nei guai e faccio dei...guai |
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
