|
|
|
|
Strumenti |
02-06-2009, 18:49 | #221 | |
Senior Member
Iscritto dal: Apr 2008
Messaggi: 1279
|
Quote:
Per quanto riguarda quel programma, fai una ricerca con l'apposita funzione di Windows (Start > Cerca > ecc..) e, una volta trovato v6m78.exe, clicca con il tasto dx > Proprietà e leggi un po' cosa c'è scritto. Nel caso in cui vi fosse qualcosa che non conosci, riportalo qui
__________________
So di non sapere (cit.)... | Dichiarazione d'Amore | Usi creativi dell'ASUS Eee PC | Configurazione di Sicurezza e Note su Tor per MS Windows | Mail Provider: i più sicuri? | |
|
02-06-2009, 19:02 | #222 | |
Senior Member
Iscritto dal: Dec 2008
Messaggi: 1355
|
Quote:
ecco qua, un nuovo log di gmer, ma ho controllato bene, il mio nome non c'è, vabboh che io sò miope, però gmer.txt
__________________
... I'm not scared of you. Well you really shouldn't have said that ... |
|
02-06-2009, 19:07 | #223 | ||
Senior Member
Iscritto dal: Apr 2008
Messaggi: 1279
|
Quote:
Quote:
__________________
So di non sapere (cit.)... | Dichiarazione d'Amore | Usi creativi dell'ASUS Eee PC | Configurazione di Sicurezza e Note su Tor per MS Windows | Mail Provider: i più sicuri? | |
||
02-06-2009, 19:11 | #224 | |
Senior Member
Iscritto dal: Dec 2008
Messaggi: 1355
|
Quote:
e ho avuto paura!
__________________
... I'm not scared of you. Well you really shouldn't have said that ... |
|
09-06-2009, 16:09 | #225 |
Member
Iscritto dal: Apr 2008
Messaggi: 49
|
ciao a tutti...stavo facendo un po di pulizia tramite la guida per infetti e volevo chiedervi di leggere il mio log di gmer...
grazie mille Codice:
GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-09 16:59:00 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- SSDT \??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xF3C3B606] SSDT \??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xF3C3B05A] SSDT \??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xF3C3AD3C] SSDT \??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xF3C3C652] SSDT \??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xF3C3AE46] SSDT \??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xF3C3AF30] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF3B5E14C] SSDT \??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xF3C3B8CC] SSDT \??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xF3C3B362] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF3B5E64E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF3B5E08C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF3B5E0F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF3B5E76E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF3B5E72E] SSDT \??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xF3C3ABBA] SSDT \??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xF3C3B814] SSDT \??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xF3C3B494] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 154 804E2E25 3 Bytes [AF, C3, F3] ? oxsxavau.sys Impossibile trovare il file specificato. ! ? D:\DOCUME~1\Granara\IMPOST~1\Temp\esihdrv.sys Impossibile trovare il file specificato. ! ---- User code sections - GMER 1.0.15 ---- .text D:\Programmi\a-squared Free\a2service.exe[3980] kernel32.dll!CreateThread + 1A 7C810849 4 Bytes CALL 00454935 D:\Programmi\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH) ---- User IAT/EAT - GMER 1.0.15 ---- IAT D:\WINDOWS\system32\services.exe[1504] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002 IAT D:\WINDOWS\system32\services.exe[1504] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad |
09-06-2009, 16:15 | #226 | |
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Hai fatto lo scan completo con gmer?
Ci sono questi che sono più che sospetti: Quote:
http://www.hwupgrade.it/forum/showpo...2&postcount=12
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
|
|
09-06-2009, 16:16 | #227 |
Member
Iscritto dal: Apr 2008
Messaggi: 49
|
|
26-06-2009, 15:23 | #229 | |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
26-06-2009, 15:31 | #230 |
Senior Member
Iscritto dal: Dec 2008
Messaggi: 1355
|
Provvederò, grazie
__________________
... I'm not scared of you. Well you really shouldn't have said that ... |
28-06-2009, 11:47 | #231 |
Junior Member
Iscritto dal: Feb 2006
Messaggi: 28
|
salve a tutti.
vorrei chidervi se potreste gentilmente controllare il log di gmer. qualche giorno fa Avira mi ha segnalato un trojan in entrata "dldr" che ha bloccato. per sicurezza ho fatto un controllo con cureit che ha individuato tre trojan rimossi. infine ho fatto uno scan con gmer, ed ecco il log: Codice:
GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-21 22:26:01 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- SSDT FA05EA1E ZwCreateKey SSDT FA05EA14 ZwCreateThread SSDT FA05EA23 ZwDeleteKey SSDT FA05EA2D ZwDeleteValueKey SSDT FA05EA32 ZwLoadKey SSDT FA05EA00 ZwOpenProcess SSDT FA05EA05 ZwOpenThread SSDT FA05EA3C ZwReplaceKey SSDT FA05EA37 ZwRestoreKey SSDT FA05EA28 ZwSetValueKey SSDT FA05EA0F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + F0 804E274C 4 Bytes JMP 5222FA05 .text ntoskrnl.exe!_abnormal_termination + 120 804E277C 4 Bytes JMP A849FA05 .text ntoskrnl.exe!_abnormal_termination + 148 804E27A4 4 Bytes JMP 8701FA05 .text ntoskrnl.exe!_abnormal_termination + 150 804E27AC 4 Bytes JMP BF7BFA05 .text ntoskrnl.exe!_abnormal_termination + 1D4 804E2830 4 Bytes JMP AB3EFA05 .text ... ---- EOF - GMER 1.0.15 ---- il pc non segnala anomalie, a parte nel Task MAnager, dove è comparso un "System" che non ricordo ci fosse, ma non non occupa memoria ed è costante sui 40 KB. per sicurezza tuttaiva preferirei se deste un'occhiata. grazie mille! |
02-07-2009, 10:12 | #232 |
Senior Member
Iscritto dal: Aug 2002
Città: Velletri (RM)
Messaggi: 1291
|
salve a tutti anche io sto seguendo la guida che c'è ad inizio pagina questo è il risultato
qualcuno mi può dire se e tutto ok grazie
__________________
CPU: Intel Q6600-G0@400X8 S.V.: ATI Radon HD 3870 512MB S.M.: DFI LANPARTY DK P35-T2RS S.A.: X-Fi Platinum Ram: 2x1GB Corsair XMS2 DHX 4-4-4-12 Ali: Liberty 620W S.TV: PINNACLE PCTVpro Master. DVD: Nec Lett. DVD: LG Monitor: Samsung 22" 226BW tutto raffreddato a Liquido by Lunasio Sito: www.alexsera.it |
02-07-2009, 10:14 | #233 |
Senior Member
Iscritto dal: Aug 2002
Città: Velletri (RM)
Messaggi: 1291
|
eccolo non si allegava che era .log
ciao e grazie
__________________
CPU: Intel Q6600-G0@400X8 S.V.: ATI Radon HD 3870 512MB S.M.: DFI LANPARTY DK P35-T2RS S.A.: X-Fi Platinum Ram: 2x1GB Corsair XMS2 DHX 4-4-4-12 Ali: Liberty 620W S.TV: PINNACLE PCTVpro Master. DVD: Nec Lett. DVD: LG Monitor: Samsung 22" 226BW tutto raffreddato a Liquido by Lunasio Sito: www.alexsera.it |
30-07-2009, 11:29 | #234 |
Junior Member
Iscritto dal: Jul 2009
Messaggi: 1
|
ciao a tutti,
stavo mettendo un po' in sesto il pc e ho avviato una bella scansione con gmer. mi ha segnato una voce in rosso, ho cliccato su rimuovere e nella prima finestra di conferma ("you're removing the service...are you sure you want to continue?") ho cliccato su si, nella seconda finestra invece su no. In seguito ho riavviato la scansione, ma la voce, sebbene non avessi agito in alcun modo sul processo con rootkit, è ricomparsa in nero come sana. sapreste spiegarmi il perchè? vi allego il log della prima scansione. Thanks Codice:
GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-29 03:47:07 Windows 5.1.2600 Service Pack 2 ---- User code sections - GMER 1.0.15 ---- .text C:\Programmi\MSN Messenger\msnmsgr.exe[1148] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 C:\Programmi\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation) .text E:\CDVS\programmi\Uty\a-squared Free\a2service.exe[1596] kernel32.dll!CreateThread + 1A 7C810849 4 Bytes CALL 0045493D E:\CDVS\programmi\Uty\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\DRIVERS\vbev5mp.sys (*** hidden *** ) [SYSTEM] vbev5mp <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@LicenseKey N5C2-NC02-9450-4D41 Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@NumberOfcdroms 2 Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@ServiceBinary C:\WINDOWS\system32\drivers\vbev5mp.sys Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@Group SCSI Miniport Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@ImagePath system32\DRIVERS\vbev5mp.sys Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@Start 1 Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@Type 1 Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@Tag 33 Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\DrvInstaller Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\DrvInstaller\Error Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\DrvInstaller\Error@ Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\DrvInstaller\Result Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\DrvInstaller\Result@ 0 Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\Enum Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\Enum@0 ROOT\SCSIADAPTER\0000 Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\Enum@Count 1 Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\Enum@NextInstance 1 Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\parameters Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\parameters\pnpinterface Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\parameters\pnpinterface@1 1 Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\Security Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@LicenseKey N5C2-NC02-9450-4D41 Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@NumberOfcdroms 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@ServiceBinary C:\WINDOWS\system32\drivers\vbev5mp.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@Group SCSI Miniport Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@ImagePath system32\DRIVERS\vbev5mp.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@Tag 33 Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\DrvInstaller Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\DrvInstaller\Error Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\DrvInstaller\Error@ Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\DrvInstaller\Result Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\DrvInstaller\Result@ 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\Enum Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\Enum@0 ROOT\SCSIADAPTER\0000 Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\Enum@Count 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\Enum@NextInstance 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\parameters\pnpinterface Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\parameters\pnpinterface@1 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp@LicenseKey N5C2-NC02-9450-4D41 Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp@NumberOfcdroms 2 Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp@ServiceBinary C:\WINDOWS\system32\drivers\vbev5mp.sys Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp@Group SCSI Miniport Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp@ImagePath system32\DRIVERS\vbev5mp.sys Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp@Start 1 Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp@Tag 33 Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp\DrvInstaller Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp\DrvInstaller\Error Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp\DrvInstaller\Error@ Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp\DrvInstaller\Result Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp\DrvInstaller\Result@ 0 Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp\Enum Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp\Enum@0 ROOT\SCSIADAPTER\0000 Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp\Enum@Count 1 Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp\Enum@NextInstance 1 Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp\parameters Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp\parameters\pnpinterface Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp\parameters\pnpinterface@1 1 Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp\Security Reg HKLM\SYSTEM\ControlSet003\Services\vbev5mp\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG04.00.00.01SERVER 22116579F3698863CA890BB7A047F19FAA351E6472391EDF26623C9941BE7F0A5DC0A31ABAE79E4DE139C5AA61D1325F858761ABA1EBC5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DD311B5B6AFB4E0C25BD5E0BA3CCEC1D6C913E014961FEE3B790D75DBF86EAB63D42719C26401CC5D9526A6AFC4AE846E4C914571E382F7D1C31D2BF8ADECAA7C2B21ADAA4709B3F20D2621BBF26B4A3025FD8BA3C108991C75F2229419A26D9136FB1B908CD127F6110BCE02771289E02F67276F7D67CE4D941762B7478F92664BD81F5D98C689DA6230C0EB379689C43A8020E01ABCE41C1EB508ABF5188C43B3FB8ABE0AB3929A38931FA649CDE7A488A190454C85FBC2029DC4021885A3F2AD5044A12F4ACE30BBD52224FB7395CFD1C229AEFCA60CFEA4C35B0CD28270C568DFC33E0C209C9C0BBE9998CD25D5173F84ABF1CAE7DD16DCBFA4E00221638E0A5C980A57AE32E538B5E77D76E4C350722B70AB07F2104BF7CD0DDCB454BE262B9C61C0FC531594C94A8210DA1AC955FD9AE239365914ECB6CD939E2BF518E75918D3649C4F22B339ADF2511A8EAA0366DF81BB130D2EC64BC2CE88DDC1DCB294EABAB889C78955F3375A078370F9BBA9A9609A8AE4FA2C5 ---- EOF - GMER 1.0.15 ---- |
06-08-2009, 18:35 | #235 |
Junior Member
Iscritto dal: Aug 2009
Messaggi: 2
|
Salve ho fatto la scansione con GMER e nel log sono presenti una library hidden nella directory di kaspersky e un riga text con tre puntini. Ci sono altre cose che non riesco ad individiuare?
Grazie Codice:
GMER 1.0.15.15011 [mtre5pmo.exe] - http://www.gmer.net Rootkit scan 2009-08-06 18:38:07 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB720EA72] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xB720F01E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xB7210A82] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xB7210438] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xB720E1E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB72123E4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xB720EE1A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xB720E62A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xB720E82A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xB7210744] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xB72128F0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xB720E940] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xB720E9A8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xB72105FA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xB7211EA8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xB7210294] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xB720E34A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xB720EC40] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xB721240E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xB720EB96] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xB720EA10] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xB720E714] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xB720E4F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xB7212110] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xB720DE6A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xB721130C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xB720DFCC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xB72127C0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xB720DC68] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xB7210924] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xB720EF18] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xB7211FA2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xB7212438] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xB720E3A0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xB721251C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xB7212648] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xB7211DD4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xB720ECEA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xB720ED5C] Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B72251E8 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B72255A2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) .text ntkrnlpa.exe!ZwCallbackReturn + 2BF0 8050448C 4 Bytes JMP 4B46B720 .text ntkrnlpa.exe!ZwCallbackReturn + 2C68 80504504 4 Bytes CALL 130765EA .text ntkrnlpa.exe!ZwCallbackReturn + 2CC8 80504564 8 Bytes CALL 8794FC89 .text ntkrnlpa.exe!ZwCallbackReturn + 2CE0 8050457C 4 Bytes JMP E142FCA1 .text ntkrnlpa.exe!ZwCallbackReturn + 2CE8 80504584 4 Bytes JMP BCEEFCA9 .text ... ---- User code sections - GMER 1.0.15 ---- ? C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[472] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[472] USER32.dll!AlignRects + FFFA5598 7E392A78 4 Bytes [70, 11, 41, 35] ? C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[3872] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[3872] USER32.dll!AlignRects + FFFA5598 7E392A78 4 Bytes [70, 11, 41, 35] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 89F1C670 IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 89F1C670 IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[TDI.SYS!TdiRegisterDeviceObject] 89F1C670 IAT \SystemRoot\system32\DRIVERS\nwlnknb.sys[TDI.SYS!TdiRegisterDeviceObject] 89F1C670 IAT \SystemRoot\system32\DRIVERS\nwlnkspx.sys[TDI.SYS!TdiRegisterDeviceObject] 89F1C670 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ---- Threads - GMER 1.0.15 ---- Thread System [4:732] 89F5AE50 Thread System [4:736] 89F5AE50 Thread System [4:740] 89F29F80 Thread System [4:744] 89F29F80 Thread System [4:752] 89F29F80 Thread System [4:1120] 89BB5180 ---- Processes - GMER 1.0.15 ---- Library C:\Documents (*** hidden *** ) @ C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [472] 0x09010000 ---- EOF - GMER 1.0.15 ---- |
07-08-2009, 23:58 | #236 | |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
08-08-2009, 00:04 | #237 |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Ciao il log non presenta anomalie
__________________
Try again and you will be luckier.
|
14-08-2009, 15:06 | #238 |
Junior Member
Iscritto dal: Aug 2009
Messaggi: 6
|
log gmer
scusatemi ma ho inviato ad un altro sito il log , ma vorrei riproporvelo e cercare di avere al più presto una risposta sono disperata ed ho assoluto bisogno del computer per motivi di lavoro.
GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net Rootkit scan 2009-08-13 19:31:14 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- SSDT F836994E ZwCreateKey SSDT F8369944 ZwCreateThread SSDT F8369953 ZwDeleteKey SSDT F836995D ZwDeleteValueKey SSDT F8369962 ZwLoadKey SSDT F8369930 ZwOpenProcess SSDT F8369935 ZwOpenThread SSDT F836996C ZwReplaceKey SSDT F8369967 ZwRestoreKey SSDT F8369958 ZwSetValueKey SSDT \SystemRoot\System32\drivers\pxsec.sys (Prevx Realtime Analysis/Prevx) ZwTerminateProcess [0xEF5BA680] ---- User code sections - GMER 1.0.15 ---- .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1004] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\ACPI \Device\00000043 81467F80 Device \Driver\ACPI \Device\00000050 81467F80 Device \Driver\ACPI \Device\00000052 81467F80 Device \Driver\ACPI \Device\00000053 81467F80 Device \Driver\ACPI \Device\00000047 81467F80 Device \Driver\ACPI \Device\00000054 81467F80 Device \Driver\ACPI \Device\00000048 81467F80 Device \Driver\ACPI \Device\00000055 81467F80 Device \Driver\ACPI \Device\00000049 81467F80 Device \Driver\ACPI \Device\00000056 81467F80 Device \Driver\ACPI \Device\00000057 81467F80 Device \Driver\ACPI \Device\00000070 81467F80 Device \Driver\ACPI \Device\00000064 81467F80 Device \Driver\ACPI \Device\00000071 81467F80 Device \Driver\ACPI \Device\00000059 81467F80 Device \Driver\ACPI \Device\00000065 81467F80 Device \Driver\ACPI \Device\00000066 81467F80 Device \Driver\ACPI \Device\00000082 81467F80 Device \Driver\ACPI \Device\00000069 81467F80 Device \Driver\ACPI \Device\0000004a 81467F80 Device \Driver\ACPI \Device\00000083 81467F80 Device \Driver\ACPI \Device\0000004b 81467F80 Device \Driver\ACPI \Device\0000004d 81467F80 Device \Driver\ACPI \Device\0000005a 81467F80 Device \Driver\ACPI \Device\0000005b 81467F80 Device \Driver\ACPI \Device\0000004e 81467F80 Device \Driver\ACPI \Device\0000005c 81467F80 Device \Driver\ACPI \Device\0000005d 81467F80 Device \Driver\ACPI \Device\0000005e 81467F80 Device \Driver\ACPI \Device\0000006a 81467F80 Device \Driver\ACPI \Device\0000005f 81467F80 Device \Driver\ACPI \Device\0000006e 81467F80 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:2184] 81496D00 Thread System [4:2192] 81483435 Thread System [4:2196] 814B4D77 Thread System [4:2204] 814863C7 ---- EOF - GMER 1.0.15 ---- Ho inoltre il log del pvrx3.0 che dice. ROOTKIT $mbr.0 in C:\ Rootkit MBR Vi prego aiutatemi come detto prima ho assoluto bisogno del computer. GRAZIE GRAZIE |
14-08-2009, 15:15 | #239 | |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
rincorrerti per tutto il Forum inizia ad essere stancante, grazie per la collaborazione.
__________________
Try again and you will be luckier.
|
|
14-08-2009, 15:43 | #240 |
Junior Member
Iscritto dal: Aug 2009
Messaggi: 6
|
Scusami Chill-Out ma sono presa dall'ansia di poter usare il PC che come dicevo ne ho assoluto bisogno
|
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 22:35.