Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 4 su 4
  1. 31-08-2006, 23:37 #1
    nosgtracing
    nosgtracing non è in linea
    Utente di HTML.it
    Registrato dal
    Aug 2006
    Messaggi
    4

    Ho un trojan che non trovo.....

    Salve ragazzi,e complimenti x il bel gran forum.
    Vi chiedo aiuto per il mio caro amico che ogni giorno mi da una bella crisi isterica.......

    Torniamo a noi...

    Come da cosigli letti ho fatto la scansione con gmer su rootkit e mi da questo risultato:

    GMER 1.0.10.10122 - http://www.gmer.net
    Autostart 2006-08-31 23:23:01
    Windows 5.1.2600 Service Pack 1


    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxdev.dll

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\System32\lpt7.umm

    HKLM\SYSTEM\CurrentControlSet\Services\ >>>
    Autodata Limited License Service /*Autodata Limited License Service*/@ = "C:\Programmi\File comuni\Autodata Limited Shared\Service\ADCDLicSvc.exe"
    BlueSoleil Hid Service /*BlueSoleil Hid Service*/@ = C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
    ccEvtMgr /*Symantec Event Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
    ccSetMgr /*Symantec Settings Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
    Crypkey License /*Crypkey License*/@ = crypserv.exe
    ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Programmi\ewido anti-spyware 4.0\guard.exe
    navapsvc /*Servizio Auto-Protect di Norton AntiVirus*/@ = "C:\Programmi\Norton AntiVirus\navapsvc.exe"
    NPFMntor /*Norton AntiVirus Firewall Monitor Service*/@ = "C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe"
    SNDSrvc /*Symantec Network Drivers Service*/@ = "C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe"
    SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    SPBBCSvc /*SPBBCSvc*/@ = "C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe"
    Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
    Symantec Core LC /*Symantec Core LC*/@ = "C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe"
    UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
    Utilità di pianificazione di LiveUpdate automatico /*Utilità di pianificazione di LiveUpdate automatico*/@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc. exe"

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
    @SoundMAXPnPC:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe = C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
    @SoundMAXC:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray /*file not found*/ = C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray /*file not found*/
    @PTHOSTTRC:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start /*file not found*/ = C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start /*file not found*/
    @AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe
    @SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    @IgfxTrayC:\WINDOWS\System32\igfxtray.exe = C:\WINDOWS\System32\igfxtray.exe
    @HotKeysCmdsC:\WINDOWS\System32\hkcmd.exe = C:\WINDOWS\System32\hkcmd.exe
    @PersistenceC:\WINDOWS\System32\igfxpers.exe = C:\WINDOWS\System32\igfxpers.exe
    @CpqsetC:\Programmi\HPQ\Default Settings\cpqset.exe ? ??? E ???? ???? ??B ? ????B ? ???? = C:\Programmi\HPQ\Default Settings\cpqset.exe ? ??? E ???? ???? ??B ? ????B ? ????
    @eabconfg.cplC:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start /*file not found*/ = C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start /*file not found*/
    @UpdateManager"C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r = "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
    @dlaC:\WINDOWS\system32\dla\tfswctrl.exe = C:\WINDOWS\system32\dla\tfswctrl.exe
    @SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0\bin\ jusched.exe = C:\Programmi\Java\jre1.5.0\bin\jusched.exe
    @hpWirelessAssistantC:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe = C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    @WatchDogC:\Programmi\InterVideo\DVD Check\DVDCheck.exe = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
    @NeroFilterCheckC:\WINDOWS\System32\NeroCheck.exe = C:\WINDOWS\System32\NeroCheck.exe
    @ccApp"C:\Programmi\File comuni\Symantec Shared\ccApp.exe" = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    @SSC_UserPrompt"C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe" = "C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe"
    @MessengerPlus3"C:\Programmi\MessengerPlus! 3\MsgPlus.exe" = "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
    @CTFMON.EXEC:\WINDOWS\System32\ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
    @BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
    @PbxnsdC:\WINDOWS\W?nSxS\s?rvices.exe /*file not found*/ = C:\WINDOWS\W?nSxS\s?rvices.exe /*file not found*/

    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll

    HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved >>>
    @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
    @{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
    @{DEE12703-6333-4D4E-8F34-738C4DCC2E04} /*RecordNow! SendToExt*/C:\Programmi\Sonic\RecordNow!\shlext.dll = C:\Programmi\Sonic\RecordNow!\shlext.dll
    @{5CA3D70E-1895-11CF-8E15-001234567890} /*DriveLetterAccess*/C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
    @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
    @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L
    @{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
    @{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
    @{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
    @{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll = C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll
    @{ABC70703-32AF-11d4-90C4-D483A70F4825} /*CMenuExtender*/C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll = C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll

    HKLM\Software\Classes\*\shellex\ContextMenuHandler s\ >>>
    ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
    Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programmi\Norton AntiVirus\NavShExt.dll
    WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

    HKLM\Software\Classes\*\shellex\ContextMenuHandler s@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

    HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\ >>>
    CMenuExtender@{ABC70703-32AF-11d4-90C4-D483A70F4825} = C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll
    ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
    WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

    HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\ >>>
    Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programmi\Norton AntiVirus\NavShExt.dll
    WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

    HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects >>>
    @{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    @{0907553E-BBD3-9623-F060-951C81E9B4E3}C:\WINDOWS\System32\xiki.dll /*file not found*/ = C:\WINDOWS\System32\xiki.dll /*file not found*/
    @{5CA3D70E-1895-11CF-8E15-001234567890}C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
    @{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}C:\Programmi\Norton AntiVirus\NavShExt.dll = C:\Programmi\Norton AntiVirus\NavShExt.dll

    HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\scrnsave.scr

    HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.spop@Location = C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

    HKLM\Software\Microsoft\Internet Explorer\Main >>>
    @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome = http://www.microsoft.com/isapi/redir...5.5&ar=msnhome
    @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
    @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

    HKCU\Software\Microsoft\Internet Explorer\Main >>>
    @Start Pagehttp://www.libero.it/ = http://www.libero.it/
    @Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

    HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

    HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
    dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
    its@CLSID = C:\WINDOWS\System32\itss.dll
    mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
    ms-its@CLSID = C:\WINDOWS\System32\itss.dll
    msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
    mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DL L
    mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DL L
    tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
    vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx

    HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

    C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica >>>
    Stardock ObjectDock.lnk = Stardock ObjectDock.lnk
    Y'z ToolBar.lnk = Y'z ToolBar.lnk

    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = DVD Check.lnk

    ---- EOF - GMER 1.0.10 ----
    Rispondi quotando Rispondi quotando
  2. 31-08-2006, 23:39 #2
    nosgtracing
    nosgtracing non è in linea
    Utente di HTML.it
    Registrato dal
    Aug 2006
    Messaggi
    4

    Seguito

    Poi ho riaperto tutto e ho rifatto la scansione con autostart e mi ha dato:

    GMER 1.0.10.10122 - http://www.gmer.net
    Rootkit 2006-08-31 23:21:35
    Windows 5.1.2600 Service Pack 1


    ---- System - GMER 1.0.10 ----

    SSDT 820EB6B0 ZwAlertResumeThread
    SSDT 820E8888 ZwAlertThread
    SSDT 820D8C18 ZwAllocateVirtualMemory
    SSDT a347bus.sys ZwClose
    SSDT 820E69F0 ZwConnectPort
    SSDT \??\C:\Programmi\Symantec\SYMEVENT.SYS ZwCreateKey
    SSDT 820EC0F0 ZwCreateMutant
    SSDT a347bus.sys ZwCreatePagingFile
    SSDT 821715A8 ZwCreateThread
    SSDT \??\C:\Programmi\Symantec\SYMEVENT.SYS ZwDeleteKey
    SSDT \??\C:\Programmi\Symantec\SYMEVENT.SYS ZwDeleteValueKey
    SSDT a347bus.sys ZwEnumerateKey
    SSDT a347bus.sys ZwEnumerateValueKey
    SSDT 820E6100 ZwFreeVirtualMemory
    SSDT 820EC0B8 ZwImpersonateAnonymousToken
    SSDT 820EBDD8 ZwImpersonateThread
    SSDT 82289B40 ZwMapViewOfSection
    SSDT 820EC1C8 ZwOpenEvent
    SSDT a347bus.sys ZwOpenFile
    SSDT a347bus.sys ZwOpenKey
    SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
    SSDT 820E60C8 ZwOpenProcessToken
    SSDT 820E6588 ZwOpenThreadToken
    SSDT a347bus.sys ZwQueryKey
    SSDT 82253D58 ZwQueryValueKey
    SSDT 820EE928 ZwResumeThread
    SSDT 820E6818 ZwSetContextThread
    SSDT 820E6438 ZwSetInformationProcess
    SSDT 820E6998 ZwSetInformationThread
    SSDT a347bus.sys ZwSetSystemPowerState
    SSDT \??\C:\Programmi\Symantec\SYMEVENT.SYS ZwSetValueKey
    SSDT 820EC428 ZwSuspendProcess
    SSDT 820E6C90 ZwSuspendThread
    SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess
    SSDT 820E6B10 ZwTerminateThread
    SSDT 820E62A0 ZwUnmapViewOfSection
    SSDT 82112F58 ZwWriteVirtualMemory

    INT 0x06 \??\C:\WINDOWS\System32\drivers\Haspnt.sys A9E8616D
    INT 0x0E \??\C:\WINDOWS\System32\drivers\Haspnt.sys A9E85FC2

    ---- Devices - GMER 1.0.10 ----

    Device \Driver\hardlock \Device\HLVol IRP_MJ_INTERNAL_DEVICE_CONTROL [A9984568] hl_mull.SYS
    Device \Driver\hardlock \Device\HLVol IRP_MJ_SHUTDOWN [A9984568] hl_mull.SYS
    Device \Driver\hardlock \Device\FNT0 IRP_MJ_INTERNAL_DEVICE_CONTROL [A9984568] hl_mull.SYS
    Device \Driver\hardlock \Device\FNT0 IRP_MJ_SHUTDOWN [A9984568] hl_mull.SYS
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81E6FB48
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 81E6FB48
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 81FCD518
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 81FCD518
    Rispondi quotando Rispondi quotando
  3. 31-08-2006, 23:40 #3
    nosgtracing
    nosgtracing non è in linea
    Utente di HTML.it
    Registrato dal
    Aug 2006
    Messaggi
    4

    Ultimo

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 81FCD518
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 81FCD518
    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_DEVICE_CONTROL [AA923863] tfsnifs.sys
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_DEVICE_CONTROL [AA923863] tfsnifs.sys
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_DEVICE_CONTROL [AA923863] tfsnifs.sys
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_DEVICE_CONTROL [AA923863] tfsnifs.sys
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_DEVICE_CONTROL [AA923863] tfsnifs.sys
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL [AA9239FF] tfsnifs.sys

    ---- Modules - GMER 1.0.10 ----

    Module _________ F8456000

    ---- Files - GMER 1.0.10 ----

    File C:\System Volume Information\tracking.log
    File C:\WINDOWS\system32\lpt7.umm

    ---- EOF - GMER 1.0.10 ----



    Chi di voi mi puo' aiutare??????????


    GRAZIE
    Rispondi quotando Rispondi quotando
  4. 04-09-2006, 11:00 #4
    nosgtracing
    nosgtracing non è in linea
    Utente di HTML.it
    Registrato dal
    Aug 2006
    Messaggi
    4

    AIUTO!!!!!!!!!

    Nessuno mi aiuta??

    Ho gia' provato tutte le informazioni riportate sulla guida ma non risolvo nulla...

    Ho installato norton 2006 aggiornato a oggi nella scansione dell'avvio mi rileva un trojan horse e il percorso ma vado alla fine del percorso e quel file nn esiste.

    Ho provato pure a controllare che nn fosse un file nascosto ma nn appare nemmeno cn quella visualizzazione....


    Come posso fare????? l'ho formattato da poco.....e ho un sacco di dati importanti


    Grazie
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.