Condividi:        

Non riesco ad eliminare e1explorer

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Non riesco ad eliminare e1explorer

Postdi taochi » 04/08/06 11:13

Vi riporto il log

Logfile of HijackThis v1.99.1
Scan saved at 12.08.29, on 04/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

(Unable to list running processes)
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,,C:\WINDOWS\SERVICES.EXE
O1 - Hosts: 127.0.0.3 http://www.onedayoffer.biz
O1 - Hosts: 127.0.0.3 onedayoffer.biz
O1 - Hosts: 127.0.0.3 callmachine.net
O1 - Hosts: 127.0.0.3 http://www.callmachine.net
O1 - Hosts: 127.0.0.3 reportbucks.com
O1 - Hosts: 127.0.0.3 http://www.reportbucks.com
O1 - Hosts: 127.0.0.3 isuckall.com
O1 - Hosts: 127.0.0.3 http://www.isuckall.com
O1 - Hosts: 127.0.0.3 wbdialer.biz
O1 - Hosts: 127.0.0.3 http://www.wbdialer.biz
O1 - Hosts: 127.0.0.3 alphadialer.com
O1 - Hosts: 127.0.0.3 http://www.alphadialer.com
O1 - Hosts: 127.0.0.3 it.online-more.com
O1 - Hosts: 127.0.0.3 http://www.it.online-more.com
O1 - Hosts: 127.0.0.3 statscash.net
O1 - Hosts: 127.0.0.3 http://www.statscash.net
O1 - Hosts: 127.0.0.3 85.255.113.242
O1 - Hosts: 127.0.0.3 takeyourbucks.com
O1 - Hosts: 127.0.0.3 http://www.takeyourbucks.com
O1 - Hosts: 127.0.0.3 195.225.176.25
O1 - Hosts: 127.0.0.3 iframebiz.biz
O1 - Hosts: 127.0.0.3 iframeurl.biz
O1 - Hosts: 127.0.0.3 iframesite.biz
O1 - Hosts: 127.0.0.3 toolbarbiz.biz
O1 - Hosts: 127.0.0.3 toolbarsite.biz
O1 - Hosts: 127.0.0.3 toolbarurl.biz
O1 - Hosts: 127.0.0.3 toolbartraff.biz
O1 - Hosts: 127.0.0.3 buytoolbar.biz
O1 - Hosts: 127.0.0.3 http://www.iframebiz.biz
O1 - Hosts: 127.0.0.3 http://www.iframeurl.biz
O1 - Hosts: 127.0.0.3 http://www.iframesite.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarbiz.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarsite.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarurl.biz
O1 - Hosts: 127.0.0.3 http://www.toolbartraff.biz
O1 - Hosts: 127.0.0.3 http://www.buytoolbar.biz
O1 - Hosts: 127.0.0.3 81.9.5.9
O1 - Hosts: 127.0.0.3 procounter.biz
O1 - Hosts: 127.0.0.3 http://www.procounter.biz
O1 - Hosts: 127.0.0.3 advadmin.biz
O1 - Hosts: 127.0.0.3 http://www.advadmin.biz
O1 - Hosts: 127.0.0.3 trafficbest.net
O1 - Hosts: 127.0.0.3 http://www.trafficbest.net
O1 - Hosts: 127.0.0.3 http://www.vparivalka.com
O1 - Hosts: 127.0.0.3 iframeprofit.com
O1 - Hosts: 127.0.0.3 http://www.iframeprofit.com
O1 - Hosts: 127.0.0.3 topsearch10.com
O1 - Hosts: 127.0.0.3 http://www.topsearch10.com
O1 - Hosts: 127.0.0.3 statscash.biz
O1 - Hosts: 127.0.0.3 http://www.statscash.biz
O1 - Hosts: 127.0.0.3 vxiframe.biz
O1 - Hosts: 127.0.0.3 http://www.vxiframe.biz
O1 - Hosts: 127.0.0.3 crazy-toolbar.com
O1 - Hosts: 127.0.0.3 http://www.crazy-toolbar.com
O1 - Hosts: 127.0.0.3 topcash.biz
O1 - Hosts: 127.0.0.3 http://www.topcash.biz
O1 - Hosts: 127.0.0.3 loadcash.biz
O1 - Hosts: 127.0.0.3 http://www.loadcash.biz
O1 - Hosts: 127.0.0.3 txiframe.biz
O1 - Hosts: 127.0.0.3 http://www.txiframe.biz
O1 - Hosts: 127.0.0.3 besthvac.com
O1 - Hosts: 127.0.0.3 http://www.besthvac.com
O1 - Hosts: 127.0.0.3 traff4.com
O1 - Hosts: 127.0.0.3 http://www.traff4.com
O1 - Hosts: 127.0.0.3 porn-host.org
O1 - Hosts: 127.0.0.3 http://www.porn-host.org
O1 - Hosts: 127.0.0.3 http://www.sarc.com
O1 - Hosts: 127.0.0.3 ad.doubleclick.net
O1 - Hosts: 127.0.0.3 ad.fastclick.net
O1 - Hosts: 127.0.0.3 ads.fastclick.net
O1 - Hosts: 127.0.0.3 ar.atwola.com
O1 - Hosts: 127.0.0.3 atdmt.com
O1 - Hosts: 127.0.0.3 awaps.net
O1 - Hosts: 127.0.0.3 banner.fastclick.net
O1 - Hosts: 127.0.0.3 banners.fastclick.net
O1 - Hosts: 127.0.0.3 click.atdmt.com
O1 - Hosts: 127.0.0.3 clicks.atdmt.com
O1 - Hosts: 127.0.0.3 engine.awaps.net
O1 - Hosts: 127.0.0.3 fastclick.net
O1 - Hosts: 127.0.0.3 media.fastclick.net
O1 - Hosts: 127.0.0.3 spd.atdmt.com
O1 - Hosts: 127.0.0.3 http://www.fastclick.net
O1 - Hosts: 127.0.0.3 http://www.viruslist.ru
O1 - Hosts: 127.0.0.3 lycee.explode.ru
O1 - Hosts: 127.0.0.3 http://www.lycee.explode.ru
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\Suono\SONICS~1\SsAAD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Internet\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Internet\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Internet\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/co ... eportW.CAB
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe


Volevo precisare che il file service.exe non c'è nella cartella Windows. Inoltre ho già provato con Smitfraudfix.

Non riesco ad eliminare la riga
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,,C:\WINDOWS\SERVICES.EXE

Help
taochi
Utente Junior
 
Post: 13
Iscritto il: 04/08/06 11:09

Sponsor
 

Postdi Luke57 » 04/08/06 11:25

Ciao, prima se non l'hai ancora fatto Rendi visibili file e cartelle nascosti:
da risorse del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti (consigliato)"
Click Ok

Scarica KILLBOX da qui
http://www.bleepingcomputer.com/files/s ... illBox.zip
- estrailo sul desktop e apri la cartella che lo contiene e quindi avvialo
- Seleziona l'opzione Delete on Reboot . Nello spazio scrivi il percorso del file da eliminare
C:\WINDOWS\SERVICES.EXE C:\WINNT\SERVICES.EXE
e clicchi sulla crocetta rossa (il computer si riavvierà)- Se il file non c'è ti apparirà una scritta tipo "pending...." o qualcosa di simile.

Allora a quel punto informa e adotterremo un altro metodo per eliminare la riga F2.

Inoltre eliminerei le voci 01 con hijackthis, tranne quelle che tu conosci.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi taochi » 04/08/06 11:29

Ripeto. Già fatto. Non c'è il file service.exe nella cartella Windows :neutral:
taochi
Utente Junior
 
Post: 13
Iscritto il: 04/08/06 11:09

Postdi Luke57 » 04/08/06 11:44

Ciao, allora entra nel registro di sistema:
start>esegui>regedit>ok
Cliccando sui * accanto alle singole voci segui questo percorso:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon, doppio click su tale cartella e individui
Userinit, doppio click sulla voce e nella finestra Modifica stringa nello spazio apparirà la scritta:
C:\WINDOWS\SYSTEM32\Userinit.exe,,C:\WINDOWS\SERVICES.EXE
selezioni la seconda parte virgola compresa, vale a dire
,C:\WINDOWS\SERVICES.EXE
in modo da lasciare quindi:
C:\WINDOWS\SYSTEM32\Userinit.exe,
e premi Canc (attentissimo a non eliminare Userinit.exe, pena la non riaccensione del computer).
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi andorra24 » 04/08/06 11:44

Prima di cercare quel file nella cartella windows hai fatto come ti ha detto Luke57?

Luke57 ha scritto:Ciao, prima se non l'hai ancora fatto Rendi visibili file e cartelle nascosti:
da risorse del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti (consigliato)"
Click Ok

andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi taochi » 04/08/06 11:50

E' chiaro che ho i file nascosti visibili.

Sto provando a modificare la voce nel registro, ma non riesco. Ogni volta che riapro regedit ricompare come prima :(
taochi
Utente Junior
 
Post: 13
Iscritto il: 04/08/06 11:09

Postdi Luke57 » 04/08/06 12:11

Cao, hai provato ad utilizzare killbox ugualmente?

Se no, esegui l'operazione con regedit dalla modalità provvisoria.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Luke57 » 04/08/06 12:15

Luke57 ha scritto:Cao, hai provato ad utilizzare killbox ugualmente?

Se no, esegui l'operazione con regedit dalla modalità provvisoria.

Ciao, scusa se mi quoto ma il file che devi cercare è SERVICES.EXE IN Windows, nei tuoi post parli di Service.exe. E' questo l'equivoco?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi taochi » 04/08/06 13:06

Ragazzi. Non ci sto a capire più niente.
Preciso di aver già usato Killbox, e non c'è traccia di SERVICE.EXE.

Sono andato in modalità provvisoria, ho provato con regedit a modificare la stringa ma NIENTE. Quando clicco su aggiorna ricompare subito. Perchè non me la salva la modifica?
taochi
Utente Junior
 
Post: 13
Iscritto il: 04/08/06 11:09

Postdi andorra24 » 04/08/06 13:17

Luke57 ha scritto:Ciao, allora entra nel registro di sistema:
start>esegui>regedit>ok
Cliccando sui * accanto alle singole voci segui questo percorso:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon, doppio click su tale cartella e individui
Userinit, doppio click sulla voce e nella finestra Modifica stringa nello spazio apparirà la scritta:
C:\WINDOWS\SYSTEM32\Userinit.exe,,C:\WINDOWS\SERVICES.EXE
selezioni la seconda parte virgola compresa, vale a dire
,C:\WINDOWS\SERVICES.EXE
in modo da lasciare quindi:
C:\WINDOWS\SYSTEM32\Userinit.exe,
e premi Canc (attentissimo a non eliminare Userinit.exe, pena la non riaccensione del computer).

taochi ma sei sicuro di aver seguito alle lettera questo procedimento?
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi taochi » 04/08/06 13:25

Secondo te. Se ti dico che la cancello e dopo riappare subito ;)
taochi
Utente Junior
 
Post: 13
Iscritto il: 04/08/06 11:09

Postdi andorra24 » 04/08/06 13:33

E allora dobbiamo provare con un po' di scansioni. Prova con queste:

http://www.bitdefender.com/scan8/ie.html
http://www.grisoft.cz/softw/70/filedir/ ... 0.172c.exe
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Luke57 » 04/08/06 17:28

Ciao, inoltre scarica Rootkitrvelear da qui:
http://www.rkunhooker.narod.ru/
Fai uno Sca, clicca sul tab Report e poi sul pulsante Refresh. Copia e incolla qui il log.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi taochi » 04/08/06 18:36

E allora dobbiamo provare con un po' di scansioni. Prova con queste:

http://www.bitdefender.com/scan8/ie.html
http://www.grisoft.cz/softw/70/filedir/ ... 0.172c.exe


Dunque, col primo non riesco, mi dice che ho il service pack 2. Il secondo ho vito che è uno spyware. Ho già provato Spybot e Lavasoft Adaware, e non hanno sortito risultati. Non ho voglia di installare decine di programmi se non servono a niente.

Rootkitrvelear da qui:
http://www.rkunhooker.narod.ru/
Fai uno Sca, clicca sul tab Report e poi sul pulsante Refresh. Copia e incolla qui il log.

questo cos'è?
taochi
Utente Junior
 
Post: 13
Iscritto il: 04/08/06 11:09

Postdi Luke57 » 04/08/06 20:59

Ciao, serve a rivelare eventuali malware con tecniche rootkit ( che si nascondono)
Comunque, semza file presente, la voce di registro dovrebbe essere innocua.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi taochi » 07/08/06 08:24

Dunque, aggiorniamo. Dopo due giorni di Ewido, mi sono accorto che nulla è cambiato. Ho fatto diverse èulizie, ma il problema rimane. Per tutto il giorno Ewido manda messaggi di allarme e di cancellazione dei soliti files infetti, cosa che evidenzia come da uqlache parte, forse nel registro, ci sia qualcosa che li crea ogni volta. Un volta infatti sono riuscito a beccare con Killbox C:\WINDOWS\SERVICE.EXE appena creato, ho provato a cancellarlo ma windows mi ha dato il messaggio di arresto del sistema e riavvio. Una volta riavviato come prima. In modalità provvisoria tali files non si creano.

Mi è stato detto che la riga incriminata è
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,,C:\WIND OWS\SERVICES.EXE

Ho provato ad andare nel registro e seguire la procedura:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Cu rrentVersion\Winlogon, doppio click su tale cartella e individui
Userinit, doppio click sulla voce e nella finestra Modifica stringa nello spazio apparirà la scritta:
C:\WINDOWS\SYSTEM32\Userinit.exe,,C:\WINDOWS\SERVI CES.EXE

Ho provato pure in modalità provvisoria, ma incredibilmente una volta cancellata la stringa, do OK, poi faccio aggiorna e ritorna subito come prima!!!


Secondo me il problema sta qui. Non dipende da sta stringa se ogni volta si creano certi files? Perchè non riesco a cancellarla, neppure in modalità provvisoria?
taochi
Utente Junior
 
Post: 13
Iscritto il: 04/08/06 11:09

Postdi taochi » 07/08/06 08:34

Comunque, ecco il report di rootkit

RkUnhooker report generator v0.3
=====================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
=====================================
System Call Instruction State - Normal
=====================================
>SDT State

Hooked service: NtCreateKey Actuall Address 0xF73FBB3A Hooked by: sptd.sys

Hooked service: NtEnumerateKey Actuall Address 0xF73FBC7E Hooked by: sptd.sys

Hooked service: NtEnumerateValueKey Actuall Address 0xF73FBFF6 Hooked by: sptd.sys

Hooked service: NtOpenKey Actuall Address 0xF73FBA18 Hooked by: sptd.sys

Hooked service: NtOpenProcess Actuall Address 0xF72438AC Hooked by: C:\Utility\ewido anti-spyware 4.0\guard.sys

Hooked service: NtQueryKey Actuall Address 0xF73FC0C0 Hooked by: sptd.sys

Hooked service: NtQueryValueKey Actuall Address 0xF73FBF58 Hooked by: sptd.sys

Hooked service: NtSetValueKey Actuall Address 0xF73FC148 Hooked by: sptd.sys

Hooked service: NtTerminateProcess Actuall Address 0xF7243812 Hooked by: C:\Utility\ewido anti-spyware 4.0\guard.sys
Service: NtAcceptConnectPort Actuall Address 0x80586691
Service: NtAccessCheck Actuall Address 0x805706EF
Service: NtAccessCheckAndAuditAlarm Actuall Address 0x80579B71
Service: NtAccessCheckByType Actuall Address 0x80580B5C
Service: NtAccessCheckByTypeAndAuditAlarm Actuall Address 0x80598FF7
Service: NtAccessCheckByTypeResultList Actuall Address 0x80636B80
Service: NtAccessCheckByTypeResultListAndAuditAlarm Actuall Address 0x80638D05
Service: NtAccessCheckByTypeResultListAndAuditAlarmByHandle Actuall Address 0x80638D4E
Service: NtAddAtom Actuall Address 0x8057641C
Service: NtAddBootEntry Actuall Address 0x8064755B
Service: NtAdjustGroupsToken Actuall Address 0x80636347
Service: NtAdjustPrivilegesToken Actuall Address 0x80598539
Service: NtAlertResumeThread Actuall Address 0x8062E4EC
Service: NtAlertThread Actuall Address 0x8057998C
Service: NtAllocateLocallyUniqueId Actuall Address 0x8059055E
Service: NtAllocateUserPhysicalPages Actuall Address 0x8062561F
Service: NtAllocateUuids Actuall Address 0x80595801
Service: NtAllocateVirtualMemory Actuall Address 0x80568777
Service: NtAreMappedFilesTheSame Actuall Address 0x805DA3FD
Service: NtAssignProcessToJobObject Actuall Address 0x805A4567
Service: NtCallbackReturn Actuall Address 0x804E3340
Service: NtCancelDeviceWakeupRequest Actuall Address 0x80647547
Service: NtCancelIoFile Actuall Address 0x805CBCA2
Service: NtCancelTimer Actuall Address 0x804F9F8F
Service: NtClearEvent Actuall Address 0x80566C11
Service: NtClose Actuall Address 0x805675D9
Service: NtCloseObjectAuditAlarm Actuall Address 0x805989A7
Service: NtCompactKeys Actuall Address 0x8064D537
Service: NtCompareTokens Actuall Address 0x80582410
Service: NtCompleteConnectPort Actuall Address 0x80580562
Service: NtCompressKey Actuall Address 0x8064D7A5
Service: NtConnectPort Actuall Address 0x80598C34
Service: NtContinue Actuall Address 0x804E28FF
Service: NtCreateDebugObject Actuall Address 0x80658494
Service: NtCreateDirectoryObject Actuall Address 0x805A4A04
Service: NtCreateEvent Actuall Address 0x8056B553
Service: NtCreateEventPair Actuall Address 0x80647BAC
Service: NtCreateFile Actuall Address 0x8057164C
Service: NtCreateIoCompletion Actuall Address 0x80597EED
Service: NtCreateJobObject Actuall Address 0x805AD39A
Service: NtCreateJobSet Actuall Address 0x8062E993
Service: NtCreateMailslotFile Actuall Address 0x805DA312
Service: NtCreateMutant Actuall Address 0x80578E73
Service: NtCreateNamedPipeFile Actuall Address 0x80580F0D
Service: NtCreatePagingFile Actuall Address 0x805BD9D8
Service: NtCreatePort Actuall Address 0x80592699
Service: NtCreateProcess Actuall Address 0x805B3543
Service: NtCreateProcessEx Actuall Address 0x805885D3
Service: NtCreateProfile Actuall Address 0x806481CD
Service: NtCreateSection Actuall Address 0x80564B1B
Service: NtCreateSemaphore Actuall Address 0x805750D8
Service: NtCreateSymbolicLinkObject Actuall Address 0x805A27B0
Service: NtCreateThread Actuall Address 0x8057F262
Service: NtCreateTimer Actuall Address 0x805DF0B0
Service: NtCreateToken Actuall Address 0x805AAD09
Service: NtCreateWaitablePort Actuall Address 0x805A4F96
Service: NtDebugActiveProcess Actuall Address 0x8065960C
Service: NtDebugContinue Actuall Address 0x80659767
Service: NtDelayExecution Actuall Address 0x80565FE1
Service: NtDeleteAtom Actuall Address 0x805796B4
Service: NtDeleteBootEntry Actuall Address 0x80647547
Service: NtDeleteFile Actuall Address 0x805D8CF7
Service: NtDeleteKey Actuall Address 0x8059D6BD
Service: NtDeleteObjectAuditAlarm Actuall Address 0x80638DA5
Service: NtDeleteValueKey Actuall Address 0x80597430
Service: NtDeviceIoControlFile Actuall Address 0x8057FBD0
Service: NtDisplayString Actuall Address 0x805C10E1
Service: NtDuplicateObject Actuall Address 0x805743BE
Service: NtDuplicateToken Actuall Address 0x8057D3F7
Service: NtEnumerateBootEntries Actuall Address 0x8064755B
Service: NtEnumerateSystemEnvironmentValuesEx Actuall Address 0x80647533
Service: NtExtendSection Actuall Address 0x80624448
Service: NtFilterToken Actuall Address 0x805B2D2D
Service: NtFindAtom Actuall Address 0x80598095
Service: NtFlushBuffersFile Actuall Address 0x805797B4
Service: NtFlushInstructionCache Actuall Address 0x805769AB
Service: NtFlushKey Actuall Address 0x80594925
Service: NtFlushVirtualMemory Actuall Address 0x8059B83B
Service: NtFlushWriteBuffer Actuall Address 0x80625E7F
Service: NtFreeUserPhysicalPages Actuall Address 0x806259D4
Service: NtFreeVirtualMemory Actuall Address 0x80568FC4
Service: NtFsControlFile Actuall Address 0x8057DA0D
Service: NtGetContextThread Actuall Address 0x805DC5B0
Service: NtGetDevicePowerState Actuall Address 0x8062ACE3
Service: NtGetPlugPlayEvent Actuall Address 0x805A1173
Service: NtGetWriteWatch Actuall Address 0x8053B0EF
Service: NtImpersonateAnonymousToken Actuall Address 0x80596925
Service: NtImpersonateClientOfPort Actuall Address 0x80581B6A
Service: NtImpersonateThread Actuall Address 0x8057C33A
Service: NtInitializeRegistry Actuall Address 0x805A5A4D
Service: NtInitiatePowerAction Actuall Address 0x8062AAAF
Service: NtIsProcessInJob Actuall Address 0x8062E84B
Service: NtIsSystemResumeAutomatic Actuall Address 0x8062ACCA
Service: NtListenPort Actuall Address 0x805ACE2A
Service: NtLoadDriver Actuall Address 0x805A6B26
Service: NtLoadKey Actuall Address 0x805B0F28
Service: NtLoadKey2 Actuall Address 0x805B0D76
Service: NtLockFile Actuall Address 0x80584301
Service: NtLockProductActivationKeys Actuall Address 0x805B2EFD
Service: NtLockRegistryKey Actuall Address 0x805D5933
Service: NtLockVirtualMemory Actuall Address 0x805B236A
Service: NtMakePermanentObject Actuall Address 0x805A2A81
Service: NtMakeTemporaryObject Actuall Address 0x805A2C6E
Service: NtMapUserPhysicalPages Actuall Address 0x80624B13
Service: NtMapUserPhysicalPagesScatter Actuall Address 0x80624FE2
Service: NtMapViewOfSection Actuall Address 0x80573C04
Service: NtModifyBootEntry Actuall Address 0x80647547
Service: NtNotifyChangeDirectoryFile Actuall Address 0x80582C94
Service: NtNotifyChangeKey Actuall Address 0x805829DD
Service: NtNotifyChangeMultipleKeys Actuall Address 0x80582AA6
Service: NtOpenDirectoryObject Actuall Address 0x80587840
Service: NtOpenEvent Actuall Address 0x80580306
Service: NtOpenEventPair Actuall Address 0x80647C9D
Service: NtOpenFile Actuall Address 0x805715E7
Service: NtOpenIoCompletion Actuall Address 0x8061557F
Service: NtOpenJobObject Actuall Address 0x8062EBE9
Service: NtOpenMutant Actuall Address 0x80578F21
Service: NtOpenObjectAuditAlarm Actuall Address 0x8059AC32
Service: NtOpenProcessToken Actuall Address 0x8056C8FC
Service: NtOpenProcessTokenEx Actuall Address 0x8056CAF5
Service: NtOpenSection Actuall Address 0x805766CC
Service: NtOpenSemaphore Actuall Address 0x805A3C97
Service: NtOpenSymbolicLinkObject Actuall Address 0x8058770C
Service: NtOpenThread Actuall Address 0x80597C0A
Service: NtOpenThreadToken Actuall Address 0x8056C383
Service: NtOpenThreadTokenEx Actuall Address 0x8056C2F1
Service: NtOpenTimer Actuall Address 0x80647AD3
Service: NtPlugPlayControl Actuall Address 0x80595DEC
Service: NtPowerInformation Actuall Address 0x8059E8D7
Service: NtPrivilegeCheck Actuall Address 0x80597207
Service: NtPrivilegeObjectAuditAlarm Actuall Address 0x80595670
Service: NtPrivilegedServiceAuditAlarm Actuall Address 0x805AD13E
Service: NtProtectVirtualMemory Actuall Address 0x8057494D
Service: NtPulseEvent Actuall Address 0x805A4EEE
Service: NtQueryAttributesFile Actuall Address 0x80571ECB
Service: NtQueryBootEntryOrder Actuall Address 0x8064755B
Service: NtQueryBootOptions Actuall Address 0x8064755B
Service: NtQueryDebugFilterState Actuall Address 0x804F3BDD
Service: NtQueryDefaultLocale Actuall Address 0x8056676E
Service: NtQueryDefaultUILanguage Actuall Address 0x80586F59
Service: NtQueryDirectoryFile Actuall Address 0x80574DAD
Service: NtQueryDirectoryObject Actuall Address 0x8058D55D
Service: NtQueryEaFile Actuall Address 0x80615A00
Service: NtQueryEvent Actuall Address 0x805878BD
Service: NtQueryFullAttributesFile Actuall Address 0x8057B349
Service: NtQueryInformationAtom Actuall Address 0x805D8720
Service: NtQueryInformationFile Actuall Address 0x80572D12
Service: NtQueryInformationJobObject Actuall Address 0x805896BC
Service: NtQueryInformationPort Actuall Address 0x80621F19
Service: NtQueryInformationProcess Actuall Address 0x8056C537
Service: NtQueryInformationThread Actuall Address 0x80566D06
Service: NtQueryInformationToken Actuall Address 0x8056DEAB
Service: NtQueryInstallUILanguage Actuall Address 0x80580509
Service: NtQueryIntervalProfile Actuall Address 0x8064867F
Service: NtQueryIoCompletion Actuall Address 0x80615640
Service: NtQueryMultipleValueKey Actuall Address 0x8064CF58
Service: NtQueryMutant Actuall Address 0x80648006
Service: NtQueryObject Actuall Address 0x80587E10
Service: NtQueryOpenSubKeys Actuall Address 0x8064D15E
Service: NtQueryPerformanceCounter Actuall Address 0x80567041
Service: NtQueryQuotaInformationFile Actuall Address 0x806162C3
Service: NtQuerySection Actuall Address 0x8057B825
Service: NtQuerySecurityObject Actuall Address 0x805970A2
Service: NtQuerySemaphore Actuall Address 0x80646DFF
Service: NtQuerySymbolicLinkObject Actuall Address 0x8058757D
Service: NtQuerySystemEnvironmentValue Actuall Address 0x80647583
Service: NtQuerySystemEnvironmentValueEx Actuall Address 0x80647520
Service: NtQuerySystemInformation Actuall Address 0x8057CC27
Service: NtQuerySystemTime Actuall Address 0x80597D9C
Service: NtQueryTimer Actuall Address 0x805DE777
Service: NtQueryTimerResolution Actuall Address 0x8058B9E6
Service: NtQueryVirtualMemory Actuall Address 0x8056CBF3
Service: NtQueryVolumeInformationFile Actuall Address 0x8057188F
Service: NtQueueApcThread Actuall Address 0x80580A00
Service: NtRaiseException Actuall Address 0x804E294C
Service: NtRaiseHardError Actuall Address 0x80646B3B
Service: NtReadFile Actuall Address 0x80571B30
Service: NtReadFileScatter Actuall Address 0x805DB7A8
Service: NtReadRequestData Actuall Address 0x805821C2
Service: NtReadVirtualMemory Actuall Address 0x8057BFD1
Service: NtRegisterThreadTerminatePort Actuall Address 0x8057F9AF
Service: NtReleaseMutant Actuall Address 0x8056604C
Service: NtReleaseSemaphore Actuall Address 0x80579463
Service: NtRemoveIoCompletion Actuall Address 0x80566AB2
Service: NtRemoveProcessDebug Actuall Address 0x806596E1
Service: NtRenameKey Actuall Address 0x8064D39F
Service: NtReplaceKey Actuall Address 0x8064D892
Service: NtReplyPort Actuall Address 0x8057D0F1
Service: NtReplyWaitReceivePort Actuall Address 0x8056A6FD
Service: NtReplyWaitReceivePortEx Actuall Address 0x8056A210
Service: NtReplyWaitReplyPort Actuall Address 0x80621FF8
Service: NtRequestDeviceWakeup Actuall Address 0x8062AC57
Service: NtRequestPort Actuall Address 0x805DF2BF
Service: NtRequestWaitReplyPort Actuall Address 0x8057860F
Service: NtRequestWakeupLatency Actuall Address 0x8062AA50
Service: NtResetEvent Actuall Address 0x805DCBAF
Service: NtResetWriteWatch Actuall Address 0x8053B57A
Service: NtRestoreKey Actuall Address 0x8064C3B0
Service: NtResumeProcess Actuall Address 0x8062E48C
Service: NtResumeThread Actuall Address 0x8057F8D5
Service: NtSaveKey Actuall Address 0x8064C457
Service: NtSaveKeyEx Actuall Address 0x8064C4EF
Service: NtSaveMergedKeys Actuall Address 0x8064C5C3
Service: NtSecureConnectPort Actuall Address 0x80585D7D
Service: NtSetBootEntryOrder Actuall Address 0x8064755B
Service: NtSetBootOptions Actuall Address 0x8064755B
Service: NtSetContextThread Actuall Address 0x8062C85B
Service: NtSetDebugFilterState Actuall Address 0x8065B228
Service: NtSetDefaultHardErrorPort Actuall Address 0x805D668F
Service: NtSetDefaultLocale Actuall Address 0x805B0A35
Service: NtSetDefaultUILanguage Actuall Address 0x805B09DC
Service: NtSetEaFile Actuall Address 0x80615F4D
Service: NtSetEvent Actuall Address 0x80569CCE
Service: NtSetEventBoostPriority Actuall Address 0x80577275
Service: NtSetHighEventPair Actuall Address 0x80647F91
Service: NtSetHighWaitLowEventPair Actuall Address 0x80647EB5
Service: NtSetInformationDebugObject Actuall Address 0x80659081
Service: NtSetInformationFile Actuall Address 0x80579E7E
Service: NtSetInformationJobObject Actuall Address 0x805AD4EE
Service: NtSetInformationKey Actuall Address 0x8064CABB
Service: NtSetInformationObject Actuall Address 0x8058042E
Service: NtSetInformationProcess Actuall Address 0x8056C608
Service: NtSetInformationThread Actuall Address 0x80576E5D
Service: NtSetInformationToken Actuall Address 0x805AA8A1
Service: NtSetIntervalProfile Actuall Address 0x806481AB
Service: NtSetIoCompletion Actuall Address 0x80576D12
Service: NtSetLdtEntries Actuall Address 0x8062D573
Service: NtSetLowEventPair Actuall Address 0x80647F27
Service: NtSetLowWaitHighEventPair Actuall Address 0x80647E43
Service: NtSetQuotaInformationFile Actuall Address 0x8061629B
Service: NtSetSecurityObject Actuall Address 0x8059DB78
Service: NtSetSystemEnvironmentValue Actuall Address 0x80647820
Service: NtSetSystemEnvironmentValueEx Actuall Address 0x80647520
Service: NtSetSystemInformation Actuall Address 0x805A5110
Service: NtSetSystemPowerState Actuall Address 0x8066608F
Service: NtSetSystemTime Actuall Address 0x80646487
Service: NtSetThreadExecutionState Actuall Address 0x8059C19F
Service: NtSetTimer Actuall Address 0x804E5D2B
Service: NtSetTimerResolution Actuall Address 0x80595BCF
Service: NtSetUuidSeed Actuall Address 0x805AD2EA
Service: NtSetVolumeInformationFile Actuall Address 0x806167DF
Service: NtShutdownSystem Actuall Address 0x80645BD3
Service: NtSignalAndWaitForSingleObject Actuall Address 0x80500906
Service: NtStartProfile Actuall Address 0x80648414
Service: NtStopProfile Actuall Address 0x806485CD
Service: NtSuspendProcess Actuall Address 0x8062E431
Service: NtSuspendThread Actuall Address 0x805DC61B
Service: NtSystemDebugControl Actuall Address 0x8064872D
Service: NtTerminateJobObject Actuall Address 0x8062ED63
Service: NtTerminateThread Actuall Address 0x8057E97C
Service: NtTestAlert Actuall Address 0x8057F3BC
Service: NtTraceEvent Actuall Address 0x805453B8
Service: NtTranslateFilePath Actuall Address 0x8064756F
Service: NtUnloadDriver Actuall Address 0x80618B6E
Service: NtUnloadKey Actuall Address 0x8064C689
Service: NtUnloadKeyEx Actuall Address 0x8064C886
Service: NtUnlockFile Actuall Address 0x80584461
Service: NtUnlockVirtualMemory Actuall Address 0x80625EF3
Service: NtUnmapViewOfSection Actuall Address 0x80573789
Service: NtVdmControl Actuall Address 0x805B9B48
Service: NtWaitForDebugEvent Actuall Address 0x80658DD0
Service: NtWaitForMultipleObjects Actuall Address 0x805662B1
Service: NtWaitForSingleObject Actuall Address 0x80565A0B
Service: NtWaitHighEventPair Actuall Address 0x80647DD9
Service: NtWaitLowEventPair Actuall Address 0x80647D6F
Service: NtWriteFile Actuall Address 0x8057A125
Service: NtWriteFileGather Actuall Address 0x805DB3DE
Service: NtWriteRequestData Actuall Address 0x805823AE
Service: NtWriteVirtualMemory Actuall Address 0x8057C123
Service: NtYieldExecution Actuall Address 0x804FC679
Service: NtCreateKeyedEvent Actuall Address 0x805CDF0C
Service: NtOpenKeyedEvent Actuall Address 0x8058A043
Service: NtReleaseKeyedEvent Actuall Address 0x80648BA1
Service: NtWaitForKeyedEvent Actuall Address 0x80648E3C
Service: NtQueryPortInformationProcess Actuall Address 0x8062C033
=====================================
>Processes
System Process Id: 4 EPROCESS Address: 0x83FCAA00
C:\INTERNET\MOZILLA\FIREFOX.EXE Process Id: 220 EPROCESS Address: 0x83C77D20
C:\WINDOWS\SYSTEM32\WDFMGR.EXE Process Id: 520 EPROCESS Address: 0x83CAF708
C:\WINDOWS\SYSTEM32\SMSS.EXE Process Id: 596 EPROCESS Address: 0x83DAF020
C:\WINDOWS\SYSTEM32\CSRSS.EXE Process Id: 664 EPROCESS Address: 0x83D31DA0
C:\WINDOWS\SYSTEM32\WINLOGON.EXE Process Id: 688 EPROCESS Address: 0x83E50128
C:\WINDOWS\SYSTEM32\SERVICES.EXE Process Id: 736 EPROCESS Address: 0x83ECCDA0
C:\WINDOWS\SYSTEM32\LSASS.EXE Process Id: 748 EPROCESS Address: 0x83EBB340
C:\WINDOWS\SYSTEM32\SVCHOST.EXE Process Id: 896 EPROCESS Address: 0x83EBE778
C:\WINDOWS\SYSTEM32\SVCHOST.EXE Process Id: 944 EPROCESS Address: 0x83E818D8
C:\WINDOWS\SYSTEM32\SVCHOST.EXE Process Id: 980 EPROCESS Address: 0x83E4FCA8
C:\WINDOWS\SYSTEM32\SVCHOST.EXE Process Id: 1072 EPROCESS Address: 0x83CD96E8
C:\WINDOWS\SYSTEM32\SVCHOST.EXE Process Id: 1100 EPROCESS Address: 0x83EB5900
C:\Documents and Settings\SAKU\Desktop\RKU2Beta\RKUnHooker.exe Process Id: 1300 EPROCESS Address: 0x83A79DA0
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE Process Id: 1380 EPROCESS Address: 0x83EC51E0
C:\WINDOWS\SYSTEM32\ALG.EXE Process Id: 1452 EPROCESS Address: 0x83EACC08
C:\Internet\emuleAenarionMod\emuleAenarion.exe Process Id: 1608 EPROCESS Address: 0x83E5C020
C:\WINDOWS\EXPLORER.EXE Process Id: 1828 EPROCESS Address: 0x83C53658
C:\WINDOWS\SYSTEM32\SVCHOST.EXE Process Id: 1916 EPROCESS Address: 0x83C767C0
C:\PROGRAMMI\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE Process Id: 1976 EPROCESS Address: 0x83CB5DA0
C:\SUONO\SONIC STAGE\SSAAD.EXE Process Id: 1984 EPROCESS Address: 0x83D9B5B0
C:\Internet\BitComet\BitComet.exe Process Id: 1992 EPROCESS Address: 0x83B052C0

Hidden process: C:\UTILITY\EWIDO ANTI-SPYWARE 4.0\GUARD.EXE Process Id: 280 EPROCESS Address: 0x83DC0DA0

=====================================
>Drivers
nv4_disp.dll C:\WINDOWS\System32\nv4_disp.dll Address: 0xBF012000 Size: 4276224 bytes
ntoskrnl.exe C:\WINDOWS\system32\ntoskrnl.exe Address: 0x804D7000 Size: 2184704 bytes
nv4_mini.sys C:\WINDOWS\system32\DRIVERS\nv4_mini.sys Address: 0xF7024000 Size: 1900544 bytes
win32k.sys C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1839104 bytes
sptd.sys sptd.sys Address: 0xF73F6000 Size: 851968 bytes
Ntfs.SYS C:\WINDOWS\System32\Drivers\Ntfs.SYS Address: 0xF4B5D000 Size: 577536 bytes
mrxsmb.sys C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xF4C33000 Size: 454656 bytes
tcpip.sys C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xF4D18000 Size: 360448 bytes
srv.sys C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0xF436B000 Size: 339968 bytes
vaxscsi.sys C:\WINDOWS\System32\Drivers\vaxscsi.sys Address: 0xF6F35000 Size: 303104 bytes
HTTP.sys C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0xF4032000 Size: 266240 bytes
update.sys C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xF6E90000 Size: 212992 bytes
rdpdr.sys C:\WINDOWS\system32\DRIVERS\rdpdr.sys Address: 0xF6EEC000 Size: 200704 bytes
NDIS.sys NDIS.sys Address: 0xF72EA000 Size: 184320 bytes
mrxdav.sys C:\WINDOWS\system32\DRIVERS\mrxdav.sys Address: 0xF43E6000 Size: 184320 bytes
rdbss.sys C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xF4CA2000 Size: 180224 bytes
kmixer.sys C:\WINDOWS\system32\drivers\kmixer.sys Address: 0xF3E28000 Size: 172032 bytes
netbt.sys C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xF4CF0000 Size: 163840 bytes
NETDLWL.SYS C:\WINDOWS\system32\DRIVERS\NETDLWL.SYS Address: 0xF6FA3000 Size: 159744 bytes
dmio.sys dmio.sys Address: 0xF7388000 Size: 155648 bytes
portcls.sys C:\WINDOWS\system32\drivers\portcls.sys Address: 0xF6F7F000 Size: 147456 bytes
Fastfat.sys Fastfat.sys Address: 0xF732E000 Size: 143360 bytes
ks.sys C:\WINDOWS\system32\DRIVERS\ks.sys Address: 0xF6FED000 Size: 143360 bytes
USBPORT.SYS C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xF6FCA000 Size: 143360 bytes
afd.sys C:\WINDOWS\System32\drivers\afd.sys Address: 0xF4CCE000 Size: 139264 bytes
ipnat.sys C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xF4C12000 Size: 135168 bytes
ftdisk.sys ftdisk.sys Address: 0xF73AE000 Size: 126976 bytes
fltMgr.sys fltMgr.sys Address: 0xF7351000 Size: 126976 bytes
Mup.sys Mup.sys Address: 0xF72CF000 Size: 110592 bytes
hal.dll C:\WINDOWS\system32\hal.dll Address: 0x806ED000 Size: 105472 bytes
atapi.sys atapi.sys Address: 0xF7370000 Size: 98304 bytes
SPTD4061.SYS C:\WINDOWS\System32\Drivers\SPTD4061.SYS Address: 0xF73DE000 Size: 98304 bytes
SCSIPORT.SYS C:\WINDOWS\System32\Drivers\SCSIPORT.SYS Address: 0xF6F1D000 Size: 98304 bytes
dump_atapi.sys C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF4B45000 Size: 98304 bytes
KSecDD.sys KSecDD.sys Address: 0xF7317000 Size: 94208 bytes
ndiswan.sys C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xF7216000 Size: 94208 bytes
wdmaud.sys C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xF4620000 Size: 86016 bytes
parport.sys C:\WINDOWS\system32\DRIVERS\parport.sys Address: 0xF6DDC000 Size: 81920 bytes
VIDEOPRT.SYS C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xF7010000 Size: 81920 bytes
ipsec.sys C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xF4D70000 Size: 77824 bytes
dxg.sys C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF000000 Size: 73728 bytes
psched.sys C:\WINDOWS\system32\DRIVERS\psched.sys Address: 0xF7205000 Size: 69632 bytes
pci.sys pci.sys Address: 0xF73CD000 Size: 69632 bytes
serial.sys C:\WINDOWS\system32\DRIVERS\serial.sys Address: 0xF6DCB000 Size: 69632 bytes
Cdfs.SYS C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xF76A7000 Size: 65536 bytes
redbook.sys C:\WINDOWS\system32\DRIVERS\redbook.sys Address: 0xF75E7000 Size: 61440 bytes
usbhub.sys C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xF7647000 Size: 61440 bytes
sysaudio.sys C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xF49C5000 Size: 61440 bytes
drmk.sys C:\WINDOWS\system32\drivers\drmk.sys Address: 0xF7607000 Size: 61440 bytes
VolSnap.sys VolSnap.sys Address: 0xF7507000 Size: 57344 bytes
i8042prt.sys C:\WINDOWS\system32\DRIVERS\i8042prt.sys Address: 0xF7627000 Size: 57344 bytes
rasl2tp.sys C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xF7577000 Size: 53248 bytes
cdrom.sys C:\WINDOWS\system32\DRIVERS\cdrom.sys Address: 0xF75D7000 Size: 53248 bytes
CLASSPNP.SYS C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xF7527000 Size: 53248 bytes
raspptp.sys C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xF7597000 Size: 49152 bytes
PxHelp20.sys PxHelp20.sys Address: 0xF7537000 Size: 49152 bytes
MountMgr.sys MountMgr.sys Address: 0xF74F7000 Size: 45056 bytes
raspppoe.sys C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xF7587000 Size: 45056 bytes
agp440.sys agp440.sys Address: 0xF7547000 Size: 45056 bytes
imapi.sys C:\WINDOWS\system32\DRIVERS\imapi.sys Address: 0xF75C7000 Size: 45056 bytes
es1371mp.sys C:\WINDOWS\system32\drivers\es1371mp.sys Address: 0xF75F7000 Size: 40960 bytes
NDProxy.SYS C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xF7637000 Size: 40960 bytes
termdd.sys C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xF7617000 Size: 40960 bytes
Fips.SYS C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xF7677000 Size: 36864 bytes
isapnp.sys isapnp.sys Address: 0xF74E7000 Size: 36864 bytes
wanarp.sys C:\WINDOWS\system32\DRIVERS\wanarp.sys Address: 0xF7687000 Size: 36864 bytes
disk.sys disk.sys Address: 0xF7517000 Size: 36864 bytes
msgpc.sys C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xF75A7000 Size: 36864 bytes
netbios.sys C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xF7667000 Size: 36864 bytes
Npfs.SYS C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xF77E7000 Size: 32768 bytes
kbdclass.sys C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xF77A7000 Size: 28672 bytes
fdc.sys C:\WINDOWS\system32\DRIVERS\fdc.sys Address: 0xF77B7000 Size: 28672 bytes
PCIIDEX.SYS C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xF7767000 Size: 28672 bytes
mouclass.sys C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xF77AF000 Size: 24576 bytes
vga.sys C:\WINDOWS\System32\drivers\vga.sys Address: 0xF77D7000 Size: 24576 bytes
raspti.sys C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xF7797000 Size: 20480 bytes
ptilink.sys C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xF778F000 Size: 20480 bytes
usbuhci.sys C:\WINDOWS\system32\DRIVERS\usbuhci.sys Address: 0xF779F000 Size: 20480 bytes
PartMgr.sys PartMgr.sys Address: 0xF776F000 Size: 20480 bytes
flpydisk.sys C:\WINDOWS\system32\DRIVERS\flpydisk.sys Address: 0xF77BF000 Size: 20480 bytes
Msfs.SYS C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xF77DF000 Size: 20480 bytes
TDI.SYS C:\WINDOWS\system32\DRIVERS\TDI.SYS Address: 0xF7787000 Size: 20480 bytes
watchdog.sys C:\WINDOWS\System32\watchdog.sys Address: 0xF77EF000 Size: 20480 bytes
serenum.sys C:\WINDOWS\system32\DRIVERS\serenum.sys Address: 0xF79C7000 Size: 16384 bytes
mssmbios.sys C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xF79C3000 Size: 16384 bytes
ndisuio.sys C:\WINDOWS\system32\DRIVERS\ndisuio.sys Address: 0xF4955000 Size: 16384 bytes
rkhdrv10.SYS C:\WINDOWS\System32\Drivers\rkhdrv10.SYS Address: 0xF442B000 Size: 12288 bytes
rasacd.sys C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xF729B000 Size: 12288 bytes
gameenum.sys C:\WINDOWS\system32\DRIVERS\gameenum.sys Address: 0xF72A7000 Size: 12288 bytes
NtApm.sys C:\WINDOWS\system32\DRIVERS\NtApm.sys Address: 0xF79AF000 Size: 12288 bytes
ndistapi.sys C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xF799F000 Size: 12288 bytes
BOOTVID.dll C:\WINDOWS\system32\BOOTVID.dll Address: 0xF78F7000 Size: 12288 bytes
Dxapi.sys C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xF6EE8000 Size: 12288 bytes
Beep.SYS C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xF79FB000 Size: 8192 bytes
dmload.sys dmload.sys Address: 0xF79ED000 Size: 8192 bytes
swenum.sys C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xF79F1000 Size: 8192 bytes
RDPCDD.sys C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xF79FF000 Size: 8192 bytes
ParVdm.SYS C:\WINDOWS\System32\Drivers\ParVdm.SYS Address: 0xF7A3D000 Size: 8192 bytes
mnmdd.SYS C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xF79FD000 Size: 8192 bytes
intelide.sys intelide.sys Address: 0xF79EB000 Size: 8192 bytes
Fs_Rec.SYS C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xF79F9000 Size: 8192 bytes
KDCOM.DLL C:\WINDOWS\system32\KDCOM.DLL Address: 0xF79E7000 Size: 8192 bytes
WMILIB.SYS C:\WINDOWS\System32\Drivers\WMILIB.SYS Address: 0xF79E9000 Size: 8192 bytes
USBD.SYS C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xF79F7000 Size: 8192 bytes
dump_WMILIB.SYS C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7A01000 Size: 8192 bytes
audstub.sys C:\WINDOWS\system32\DRIVERS\audstub.sys Address: 0xF7B43000 Size: 4096 bytes
Null.SYS C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xF7257000 Size: 4096 bytes
guard.sys C:\Utility\ewido anti-spyware 4.0\guard.sys Address: 0xF7243000 Size: 4096 bytes
dxgthk.sys C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xF7BBF000 Size: 4096 bytes

Hidden driver: PCI_HAL
Loaded from: Address: 0x00000000 Size: 0 bytes


Hidden driver: Win32k
Loaded from: Address: 0x00000000 Size: 0 bytes


Hidden driver: 00000357
Loaded from: Address: 0x00000000 Size: 0 bytes


Hidden driver: WMIxWDM
Loaded from: Address: 0x00000000 Size: 0 bytes


Hidden driver: PnpManager
Loaded from: Address: 0x00000000 Size: 0 bytes


Hidden driver: RAW
Loaded from: Address: 0x00000000 Size: 0 bytes
taochi
Utente Junior
 
Post: 13
Iscritto il: 04/08/06 11:09

Postdi andorra24 » 07/08/06 09:09

Controlla anche se hai questi files e se li trovi eliminali:

C:\Windows\services32.dll
C:\Windows\services.dll

Altra cosa, sei sicuro al 100% di aver tolto la spunta da ''nascondi i file protetti di sistema (consigliato)'' ?
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi taochi » 07/08/06 09:42

andorra, evidentemente non hai nè competenze tecniche nè di moderazione. Ti ho già detto, VEDI SOPRA, che ho tutti i files visibili. Secondo il files C:\WINDOWS\services.dll NON ESISTE, COSI' COME NON RIESCO A TOGLIERE QUELLA MALEDETTA STRINGA DAL REGISTRO. HAI CAPITO ADESSO :roll:
Il files C:\WINDOWS\services32.dll c'è ma nessuno mi ha mai consigliato di cancellarlo. Ho provato anche in modalità provvisoria seguendo (ultima volta) il tuo consiglio e per fortuna non me lo fa cancellare, nemmeno con Killbox (evidentemente è un file che serve al sistema, ed infatti nessun log di Ewido me lo da tra i files infetti/trojan)

Luke57, spero in un tuo aiuto
taochi
Utente Junior
 
Post: 13
Iscritto il: 04/08/06 11:09

Postdi andorra24 » 07/08/06 09:50

taochi cerca di non essere maleducato per favore. Sii piu' rispettoso con le persone che stanno soltanto cercando di aiutarti.
Ultima modifica di andorra24 su 07/08/06 13:53, modificato 1 volte in totale.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Non riesco ad eliminare e1explorer":


Chi c’è in linea

Visitano il forum: Nessuno e 70 ospiti