reclutamento e organizzazione per Gruppo di Lavoro - Guida per disinfettare da Bagle

[Chill-Out]

@thewebsurfer
Domanda: Elibagle su Vista l'hai eseguito loggato da amministratore?

[Bugs Bunny]

allora,io a thewebsurfer ho pensato di:

killare i processi di bagle ed il driver,in modo che si disattivi il rootkit e che si possano levare dai piedi i file con explorer....

[Chill-Out]

Quote:

Originariamente inviato da Bugs Bunny

allora,io a thewebsurfer ho pensato di:

killare i processi di bagle ed il driver,in modo che si disattivi il rootkit e che si possano levare dai piedi i file con explorer....

con Gmer?
Ho posto la domanda sopra perchè volevo sapere se ha lanciato il tool col doppio clic o con il tasto dx Avvia come amministratore

[leolas]

esiste un sito da cui si possono scaricare dei virus (in particolare mi interesserebbero i bagle) per fare dei test?
edit: ora che ci penso non credo sarebbe troppo legale fare un sito dove si possono scaricare dei virus...

[thewebsurfer]

Quote:

Originariamente inviato da Chill-Out

@thewebsurfer
Domanda: Elibagle su Vista l'hai eseguito loggato da amministratore?

c'è solo un utente..dovrebbe essere amministratore, giusto?..

[thewebsurfer]

ora ho provato GMER...durante la scansione "smette di funzionare"

[Riverside]

Quote:

Originariamente inviato da leolas

esiste un sito da cui si possono scaricare dei virus (in particolare mi interesserebbero i bagle) per fare dei test?
edit: ora che ci penso non credo sarebbe troppo legale fare un sito dove si possono scaricare dei virus...

Leo, è pieno di siti da cui si possono scaricare virus
In ogni caso, se proprio ti vuoi cimentare, da un pò di tempo a questa parte, Emule è diventata una discarica a cielo aperto: li scarichi .... ops ... volevo dire, se non sei sfigiato, li becchi tutti

[Chill-Out]

Quote:

Originariamente inviato da thewebsurfer

c'è solo un utente..dovrebbe essere amministratore, giusto?..

Ho posto la domanda sopra perchè volevo sapere se hai lanciato il tool (Elibagle) col doppio clic o con il tasto dx Avvia come amministratore

[leolas]

Quote:

Originariamente inviato da Riverside

Leo, è pieno di siti da cui si possono scaricare virus
In ogni caso, se proprio ti vuoi cimentare, da un pò di tempo a questa parte, Emule è diventata una discarica a cielo aperto: li scarichi .... ops ... volevo dire, se non sei sfigiato, li becchi tutti

se emule mi funzionasse... bè.. mi installo limewire.. lì è ancora peggio

[xcdegasp]

Quote:

Originariamente inviato da Bugs Bunny

non si ostacola la ricerca scientifica

ho modificato

infatti, perchè hai editato?

[thewebsurfer]

Quote:

Originariamente inviato da Chill-Out

Ho posto la domanda sopra perchè volevo sapere se hai lanciato il tool (Elibagle) col doppio clic o con il tasto dx Avvia come amministratore

ho provato col tasto dx come amministratore, ma si verifica la stessa situazione...appena viene trovato il virus si blocca

[Bugs Bunny]

Quote:

Originariamente inviato da thewebsurfer

ora ho provato GMER...durante la scansione "smette di funzionare"

prova panda antirootkit

[thewebsurfer]

Quote:

Originariamente inviato da Bugs Bunny

prova panda antirootkit

messaggio semplice e chiaro "Operating System not supported"

[Bugs Bunny]

rootkit unhooker dovrebbe funzionare

[Bugs Bunny]

ma guarda un po'.... ci mancava anche sto caxxo di sistema operativo...

la sicurezza di windows vista....COME NO?!? Non funzionano i programmi di sicurezza ma i virus funzionano eccome! bella sicurezza!

dopo questo piccolo sfogo,attendo notizie da thewebsurfer.
Se invece di fare la scansione clicchi direttamente su >>> e poi su processi,gmer ti si blocca lo stesso?

[Chill-Out]

Quote:

Originariamente inviato da Bugs Bunny

ma guarda un po'.... ci mancava anche sto caxxo di sistema operativo...

la sicurezza di windows vista....COME NO?!? Non funzionano i programmi di sicurezza ma i virus funzionano eccome! bella sicurezza!

dopo questo piccolo sfogo,attendo notizie da thewebsurfer.
Se invece di fare la scansione clicchi direttamente su >>> e poi su processi,gmer ti si blocca lo stesso?

Lo slogan al lancio di Vista: "Ancora più sicuro"

[thewebsurfer]

scollegato da internet non so come sono riuscito a fare una scansione con gmer...ora che si fa?

Quote:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-28 22:38:07
Windows 6.0.6000


---- System - GMER 1.0.13 ----

SSDT 8A087968 ZwConnectPort

---- Kernel code sections - GMER 1.0.13 ----

.text ntoskrnl.exe!ZwQueryLicenseValue + D21 81C460B9 1 Byte [ 06 ]
.text ntoskrnl.exe!_alloca_probe + 104 81C55E54 4 Bytes [ 68, 79, 08, 8A ]

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6E1788F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6E178B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6E178A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E17A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6EAA4618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E179815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E179639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] [6E179BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E1788F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6EAA4618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E17A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E178A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6EAA4618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [6E178C84] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] [6E1788F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] [6E178A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] [6E178B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [6E17A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [6E17A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6EAA4618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [6E17952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [6E179AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [6E179741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [6E179815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6E172E2C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6E178A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6E172C16] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6E17A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6E172A18] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6EAA4618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [6E17883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6E179A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [6E179CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E179815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [6E179BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E179639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E179741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E178A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E178FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E17A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E178F4E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E17A275] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6EAA4618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] [6E179AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6E17952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6E179741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [6E179C57] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6E179639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6E179815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [6E179BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [6E179CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [6E179BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [6E179DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E179741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E179639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E179815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [6E17883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [6E17A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] [6E178C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6EAA4618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E1788F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E178B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6E178A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6E178FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E178C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6EAA4618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6E17A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E179815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [6E179BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E179639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [6E179CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6E179A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6E179498] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [6E179DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AccessCheck] [6E17883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E179741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!PrivCopyFileExW] [6E178EEA] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] [6E178C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] [6E178A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6EAA4618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [6E17A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetFileAttributesW] [6E178FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [6E179DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [6E179639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] [6E179BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [6E179815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [6E17A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6EAA4618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E179639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [6E179BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\sasà.PC-sasà\Desktop\gmer.exe[860] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E179815] C:\Windows\AppPatch\AcGenral.DLL

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_READ [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [804F1F42] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [804F1F42] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CREATE [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CLOSE [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_READ [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_WRITE [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_INFORMATION [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_INFORMATION [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_EA [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_EA [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_FLUSH_BUFFERS [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_DEVICE_CONTROL [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SHUTDOWN [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_LOCK_CONTROL [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CLEANUP [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CREATE_MAILSLOT [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_SECURITY [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_SECURITY [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_POWER [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SYSTEM_CONTROL [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_DEVICE_CHANGE [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_QUOTA [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_QUOTA [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CREATE [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CLOSE [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_READ [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_WRITE [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_INFORMATION [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_INFORMATION [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_EA [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_EA [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_FLUSH_BUFFERS [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_DIRECTORY_CONTROL [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_DEVICE_CONTROL [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SHUTDOWN [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_LOCK_CONTROL [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CLEANUP [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CREATE_MAILSLOT [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_SECURITY [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_SECURITY [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_POWER [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SYSTEM_CONTROL [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_DEVICE_CHANGE [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_QUOTA [8A9731D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_QUOTA [8A9731D0] SYMTDI.SYS

---- Files - GMER 1.0.13 ----

ADS C:\Documents and Settings\sasà.PC-sasà\AppData\Local\Microsoft\Messenger\antonioaltamura@msn.com\SharingMetadata\devil-ale@hotmail.it\DFSR\Staging\CS{F7C0111C-3846-4567-F50D-9AB4E3601DFC}\01\10-{F7C0111C-3846-4567-F50D-9AB4E3601DFC}-v1-{AD4007AD-3C93-48C2-AABD-803722A3EFE8}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\sasà.PC-sasà\AppData\Local\Microsoft\Messenger\antonioaltamura@msn.com\SharingMetadata\soresprint@aliceposta.it\DFSR\Staging\CS{77DB3B5F-F51E-B142-0446-E66147F50B15}\01\11-{77DB3B5F-F51E-B142-0446-E66147F50B15}-v1-{AD4007AD-3C93-48C2-AABD-803722A3EFE8}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\sasà.PC-sasà\AppData\Local\Microsoft\Messenger\cristiano.altamura@hotmail.it\SharingMetadata\ferdy11@hotmail.it\DFSR\Staging\CS{F96F71BE-1B23-7B52-643F-D45EF88F8AE1}\01\10-{F96F71BE-1B23-7B52-643F-D45EF88F8AE1}-v1-{9AD08A21-4DD3-40A1-92D1-238F7DE82D13}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\sasà.PC-sasà\AppData\Local\Microsoft\Messenger\antonioaltamura@msn.com\SharingMetadata\devil-ale@hotmail.it\DFSR\Staging\CS{F7C0111C-3846-4567-F50D-9AB4E3601DFC}\01\10-{F7C0111C-3846-4567-F50D-9AB4E3601DFC}-v1-{AD4007AD-3C93-48C2-AABD-803722A3EFE8}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\sasà.PC-sasà\AppData\Local\Microsoft\Messenger\antonioaltamura@msn.com\SharingMetadata\soresprint@aliceposta.it\DFSR\Staging\CS{77DB3B5F-F51E-B142-0446-E66147F50B15}\01\11-{77DB3B5F-F51E-B142-0446-E66147F50B15}-v1-{AD4007AD-3C93-48C2-AABD-803722A3EFE8}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\sasà.PC-sasà\AppData\Local\Microsoft\Messenger\cristiano.altamura@hotmail.it\SharingMetadata\ferdy11@hotmail.it\DFSR\Staging\CS{F96F71BE-1B23-7B52-643F-D45EF88F8AE1}\01\10-{F96F71BE-1B23-7B52-643F-D45EF88F8AE1}-v1-{9AD08A21-4DD3-40A1-92D1-238F7DE82D13}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.13 ----

[Bugs Bunny]

non mi pare abbia trovato nulla....

vai su >>> e poi su autostart. fai una scansione lì

[thewebsurfer]

aspettando risposte sul log di gmer..

sempre con gmer nella scheda processi c:\windows\system32\wininit.exe...cercando su google ho visto che è un trojan o sbaglio?


ma secondo me norton i virus non solo li fa passare..gli prepara pure la poltrona e il cuscino

[Chill-Out]

Quote:

Originariamente inviato da thewebsurfer

aspettando risposte sul log di gmer..

sempre con gmer nella scheda processi c:\windows\system32\wininit.exe...cercando su google ho visto che è un trojan o sbaglio?


ma secondo me norton i virus non solo li fa passare..gli prepara pure la poltrona e il cuscino

Dovrebbe trattarsi di un Worm - IRC Backdoor
edit: ma UAC l'hai disabilitato?