Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 4 1 2 3 ... ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 32
  1. 24-05-2008, 21:01 #1
    francè1978
    francè1978 non è in linea
    Utente di HTML.it
    Registrato dal
    Feb 2007
    Messaggi
    80

    PC infettatao da Win32:Zapchast-FL

    Come faccio ad eliminare sto' trojan?
    Come antivirus c'ho Avast! ma a quanto pare non riesce ad eliminarlo.
    Mi date un'aiuto?
    www.sposidautore.it
    www.metrospazioarte.it
    http://iltempodifrankie.blogspot.com
    Rispondi quotando Rispondi quotando
  2. 24-05-2008, 21:57 #2
    hell's bells
    hell's bells non è in linea
    Utente di HTML.it L'avatar di hell's bells
    Registrato dal
    May 2008
    Messaggi
    1,660
    Per cominciare vediamo di fare una scansione, segui queste istruzioni:

    Fare una scansione on-line con kaspersky:

    Per la scansione Kaspersky


    1.Clicca su Kaspersky Online Scanner
    2.Scarica un componente ActiveX da Kaspersky, Clicca su "Yes."
    3.Attendi la fine del download
    4.Clicca su "Next"
    5.Clicca su "Scan Settings"
    6.Assicurati che siano spuntate le seguenti voci
    Scan using the following Anti-Virus database:
    Extended
    spunta le voci di "Scan options"
    Scan Archives
    Scan Mail Bases
    7.Clicca su "OK"
    8.Scegli "My computer"

    Attendi la fine della scansione,se viene rilevato qualcosa salva il rapporto cliccando su "Save as Text"

    poi fai una scansione con hijackthis

    Per scaricare Hijackthis Hijackthis
    1) crea una cartella dedicata e scompattalo al suo interno
    2) lancia il programma
    3) nel menu' di destra clicca su "do a system scan and save a log file"
    4) il programma ti rilascerà un file di report in formato txt, salvalo e postalo sul forum

    Per ora procedi con queste 2 operazioni preliminari.

    Probabilmente sarebbe opportuno utilizzare Dr Web, ma su questo sarà piu' esaustiva Deifobe.
    Rispondi quotando Rispondi quotando
  3. 24-05-2008, 23:12 #3
    Analyzer
    Analyzer non è in linea
    Utente di HTML.it
    Registrato dal
    May 2008
    Messaggi
    92
    Scarica SystemScan e fai una scansione poi ( al termine della scansione) il log che ottieni lo uppi su un host free e posti nella prossima discussione il link ottenuto..

    Dopodichè saremo in grado di analizzarti il log e vedere cosa c'è che non va..

    Ciao
    Rispondi quotando Rispondi quotando
  4. 25-05-2008, 01:00 #4
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    Originariamente inviato da Analyzer
    Scarica SystemScan e fai una scansione poi ( al termine della scansione) il log che ottieni lo uppi su un host free e posti nella prossima discussione il link ottenuto..

    Dopodichè saremo in grado di analizzarti il log e vedere cosa c'è che non va..

    Ciao
    all'interno del 3d sono stati già dati consigli riguardo la rimozione, cerchiamo di non sovrapporre procedure diverse, diversamente si correrrebbe il rischio di confondere l'utente che ha aperto la discussione.
    Grazie
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  5. 26-05-2008, 20:49 #5
    francè1978
    francè1978 non è in linea
    Utente di HTML.it
    Registrato dal
    Feb 2007
    Messaggi
    80
    Ecco il report di HijackThis

    • Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20.33.54, on 26/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
      C:\Programmi\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Programmi\Bonjour\mDNSResponder.exe
      C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\ups.exe
      C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
      C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\WgaTray.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
      C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\ALCWZRD.EXE
      C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\twain_32\Flatbed\USB\Detector.exe
      C:\Programmi\Google\Google Updater\GoogleUpdater.exe
      C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      C:\Programmi\Windows Live\Messenger\usnsvc.exe
      C:\Programmi\File comuni\Real\Update_OB\realsched.exe
      C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Programmi\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Programmi\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\Frankie\Documenti\HiJackThis\HiJackThis\H ijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmi\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119 .1736\swg.dll
      O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmi\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FILECO~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
      O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe "
      O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
      O4 - HKCU\..\Policies\Explorer\Run: [NT Security Service] NTSecurity.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
      O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
      O4 - Global Startup: Detector.lnk = C:\WINDOWS\twain_32\Flatbed\USB\Detector.exe
      O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
      O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/vers...n/AMClient.cab
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
      O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/vers...n/AMClient.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{101E3653-F1C1-449E-833D-87851EC71EFE}: NameServer = 193.70.152.15 193.70.152.25
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

      --
      End of file - 11249 bytes
    www.sposidautore.it
    www.metrospazioarte.it
    http://iltempodifrankie.blogspot.com
    Rispondi quotando Rispondi quotando
  6. 26-05-2008, 20:58 #6
    francè1978
    francè1978 non è in linea
    Utente di HTML.it
    Registrato dal
    Feb 2007
    Messaggi
    80
    questo è il report di KASPERSKY ONLINE:

    • -------------------------------------------------------------------------------
      KASPERSKY ONLINE SCANNER REPORT
      Monday, May 26, 2008 8:55:57 PM
      Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
      Kaspersky Online Scanner version: 5.0.98.0
      Kaspersky Anti-Virus database last update: 26/05/2008
      Kaspersky Anti-Virus database records: 800672
      -------------------------------------------------------------------------------

      Scan Settings:
      Scan using the following antivirus database: extended
      Scan Archives: true
      Scan Mail Bases: true

      Scan Target - My Computer:
      A:\
      C:\
      D:\
      E:\

      Scan Statistics:
      Total number of scanned objects: 161527
      Number of viruses found: 18
      Number of infected objects: 61
      Number of suspicious objects: 0
      Duration of the scan process: 06:50:05

      Infected Object Name / Virus Name / Last Action
      C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.da t Object is locked skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.da t Object is locked skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\02E9672B.exe Infected: Worm.Win32.AutoRun.aul skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\07542734.exe Infected: Worm.Win32.AutoRun.aul skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\081A59E3.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\09A26BFB.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\0A366BCF.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\0FEB4158.tmp Infected: Trojan-Downloader.Win32.Bagle.bu skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\10824882.tmp/td.exe Infected: P2P-Worm.Win32.Agent.v skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\10824882.tmp/run.exe Infected: P2P-Worm.Win32.Agent.v skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\10824882.tmp/zgo.exe Infected: P2P-Worm.Win32.Agent.v skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\10824882.tmp ZIP: infected - 3 skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\10824882.tmp CryptFF: infected - 3 skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\13C823DF.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\14233E70.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\14C773D7.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\17D611AA.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\1B43106C.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\1C324DE7.exe Infected: Worm.Win32.AutoRun.aul skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\23674DA9.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\23B24291.exe Infected: Worm.Win32.RJump.a skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\2D2378EB.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\2ECA0FD0.tmp Infected: Backdoor.Win32.Agent.aox skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\3F0915F7.tmp Infected: Trojan-Downloader.Win32.Bagle.bv skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\3FD97528.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\40B04047.exe Infected: Worm.Win32.AutoRun.aul skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\438D1FC3.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\54480BDB.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\5D9E6FA9.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\61AD3DBF.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\692F2BA8.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6A130A7C.exe Infected: Worm.Win32.AutoRun.aul skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6BA274E4.exe Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6BD82F1A.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6DD53250.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6DD75476.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6DDA7E73.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6DDD286F.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6DE0526B.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6DE47C68.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6FB0344F.exe Infected: Worm.Win32.AutoRun.aul skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\79FE26E1.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\7A8832B2.exe Infected: Trojan.Win32.Pakes.bzo skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\7F644EC6.dll Infected: Backdoor.Win32.VB.bax skipped
      C:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\LightningSand.CFD Object is locked skipped
      C:\Documents and Settings\Frankie\Cookies\index.dat Object is locked skipped
      C:\Documents and Settings\Frankie\Documenti\ISTALLAZIONI\5.Terzepar ti\Perfect.Keylogger-v1.6.0.1.keygen.by.ttavi FUNCIONA UN 10 es el k uso y de lujooo.rar/i_bpk2003.exe/bpk.exe Infected: not-a-virus:Monitor.Win32.Perflogger.ad skipped
      C:\Documents and Settings\Frankie\Documenti\ISTALLAZIONI\5.Terzepar ti\Perfect.Keylogger-v1.6.0.1.keygen.by.ttavi FUNCIONA UN 10 es el k uso y de lujooo.rar/i_bpk2003.exe/bpkun.exe Infected: not-a-virus:Monitor.Win32.Perflogger.an skipped
      C:\Documents and Settings\Frankie\Documenti\ISTALLAZIONI\5.Terzepar ti\Perfect.Keylogger-v1.6.0.1.keygen.by.ttavi FUNCIONA UN 10 es el k uso y de lujooo.rar/i_bpk2003.exe/Setup.exe Infected: not-a-virus:Monitor.Win32.Perflogger.af skipped
    www.sposidautore.it
    www.metrospazioarte.it
    http://iltempodifrankie.blogspot.com
    Rispondi quotando Rispondi quotando
  7. 26-05-2008, 20:58 #7
    francè1978
    francè1978 non è in linea
    Utente di HTML.it
    Registrato dal
    Feb 2007
    Messaggi
    80
    continua..

    • C:\Documents and Settings\Frankie\Documenti\ISTALLAZIONI\5.Terzepar ti\Perfect.Keylogger-v1.6.0.1.keygen.by.ttavi FUNCIONA UN 10 es el k uso y de lujooo.rar/i_bpk2003.exe/bpkhk.dll Infected: not-a-virus:Monitor.Win32.Perflogger.al skipped
      C:\Documents and Settings\Frankie\Documenti\ISTALLAZIONI\5.Terzepar ti\Perfect.Keylogger-v1.6.0.1.keygen.by.ttavi FUNCIONA UN 10 es el k uso y de lujooo.rar/i_bpk2003.exe/bpkwb.dll Infected: not-a-virus:Monitor.Win32.Perflogger.aa skipped
      C:\Documents and Settings\Frankie\Documenti\ISTALLAZIONI\5.Terzepar ti\Perfect.Keylogger-v1.6.0.1.keygen.by.ttavi FUNCIONA UN 10 es el k uso y de lujooo.rar/i_bpk2003.exe/bpkr.exe Infected: Trojan-Spy.Win32.Perfloger.f skipped
      C:\Documents and Settings\Frankie\Documenti\ISTALLAZIONI\5.Terzepar ti\Perfect.Keylogger-v1.6.0.1.keygen.by.ttavi FUNCIONA UN 10 es el k uso y de lujooo.rar/i_bpk2003.exe Infected: Trojan-Spy.Win32.Perfloger.f skipped
      C:\Documents and Settings\Frankie\Documenti\ISTALLAZIONI\5.Terzepar ti\Perfect.Keylogger-v1.6.0.1.keygen.by.ttavi FUNCIONA UN 10 es el k uso y de lujooo.rar RAR: infected - 7 skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Temp\18exremao59.exe Infected: SpamTool.Win32.Blen.a skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Temp\55exfbch1.exe Infected: Trojan.Win32.Zapchast.jj skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Temp\70exfbch1.exe Infected: Trojan.Win32.Zapchast.jj skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Temp\75exmdnk50.exe Infected: Backdoor.Win32.Agent.iql skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Temp\82exremao59.exe Infected: SpamTool.Win32.Blen.a skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Temp\89exmdnk50.exe Infected: Backdoor.Win32.Agent.iql skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Temp\90exmdnk50.exe Infected: Backdoor.Win32.Agent.iql skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Temp\94exremao59.exe Infected: SpamTool.Win32.Blen.a skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Temp\97exfbch1.exe Infected: Trojan.Win32.Zapchast.jj skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Temp\eraseme_24568.exe Infected: Backdoor.Win32.SdBot.cxo skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Temp\~DFD2B6.tmp Object is locked skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Temp\~DFE6FD.tmp Object is locked skipped
      C:\Documents and Settings\Frankie\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\Frankie\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\Frankie\ntuser.dat.LOG Object is locked skipped
      C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
      C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
      C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
      C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
      C:\Programmi\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
      C:\Programmi\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
      C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
      C:\Programmi\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
      C:\Programmi\Alwil Software\Avast4\DATA\report\Protezione residente.txt Object is locked skipped
      C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
      C:\System Volume Information\_restore{86750A88-BD6F-45A9-AF55-2328E07D33A5}\RP14\change.log Object is locked skipped
      C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
      C:\WINDOWS\SchedLgU.Txt Object is locked skipped
      C:\WINDOWS\SoftwareDistribution\EventCache\{01B2FA 15-4470-476B-97EE-95D6B0F551E7}.bin Object is locked skipped
      C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
      C:\WINDOWS\Sti_Trace.log Object is locked skipped
      C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
      C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
      C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
      C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
      C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\default Object is locked skipped
      C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
      C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
      C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
      C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
      C:\WINDOWS\system32\config\sam Object is locked skipped
      C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\security Object is locked skipped
      C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
      C:\WINDOWS\system32\config\software Object is locked skipped
      C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\system Object is locked skipped
      C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
      C:\WINDOWS\system32\h323log.txt Object is locked skipped
      C:\WINDOWS\system32\NTSpool.exe Infected: Backdoor.Win32.SdBot.cxo skipped
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
      C:\WINDOWS\Temp\Perflib_Perfdata_5f0.dat Object is locked skipped
      C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
      C:\WINDOWS\wiadebug.log Object is locked skipped
      C:\WINDOWS\wiaservc.log Object is locked skipped
      C:\WINDOWS\WindowsUpdate.log Object is locked skipped

      Scan process completed.
    www.sposidautore.it
    www.metrospazioarte.it
    http://iltempodifrankie.blogspot.com
    Rispondi quotando Rispondi quotando
  8. 26-05-2008, 21:15 #8
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    ti preparo lo script.
    ciao
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  9. 26-05-2008, 21:53 #9
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    questo lo inserisco da eliminare:
    C:\Documents and Settings\Frankie\Documenti\ISTALLAZIONI\5.Terzepar ti\Perfect.Keylogger-v1.6.0.1.keygen.by.ttavi FUNCIONA UN 10 es el k uso y de lujooo.rar

    scarica Avenger e CCleaner

    da hijackthis fixa:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe "
    O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
    O4 - HKCU\..\Policies\Explorer\Run: [NT Security Service] NTSecurity.exe
    Esegui avenger e nella finestra copia/incolla:
    files to delete:
    C:\WINDOWS\system\smvss.exe
    C:\WINDOWS\System32\NTSpool.exe
    C:\WINDOWS\System32\NTSecurity.exe
    C:\Documents and Settings\Frankie\Documenti\ISTALLAZIONI\5.Terzepar ti\Perfect.Keylogger-v1.6.0.1.keygen.by.ttavi FUNCIONA UN 10 es el k uso y de lujooo.rar
    C:\Documents and Settings\Frankie\Impostazioni locali\Temp\18exremao59.exe
    C:\Documents and Settings\Frankie\Impostazioni locali\Temp\55exfbch1.exe
    C:\Documents and Settings\Frankie\Impostazioni locali\Temp\70exfbch1.exe
    C:\Documents and Settings\Frankie\Impostazioni locali\Temp\75exmdnk50.exe
    C:\Documents and Settings\Frankie\Impostazioni locali\Temp\82exremao59.exe
    C:\Documents and Settings\Frankie\Impostazioni locali\Temp\89exmdnk50.exe
    C:\Documents and Settings\Frankie\Impostazioni locali\Temp\90exmdnk50.exe
    C:\Documents and Settings\Frankie\Impostazioni locali\Temp\94exremao59.exe
    C:\Documents and Settings\Frankie\Impostazioni locali\Temp\97exfbch1.exe
    C:\Documents and Settings\Frankie\Impostazioni locali\Temp\eraseme_24568.exe
    Spunta "Automatically disable any rootkits found" e clicca su "execute".
    Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato

    Esegui CCleaner e ripulisci i file temporanei e i cookie (eseguilo 2 volte).

    Scarica SystemScan, disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus, carica il rapporto che trovi sul desktop su Savefile e posta il link ottenuto.

    (ricordati di postare anche il rapporto di avenger => c:\avenger)

    Ciao
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  10. 27-05-2008, 14:02 #10
    francè1978
    francè1978 non è in linea
    Utente di HTML.it
    Registrato dal
    Feb 2007
    Messaggi
    80
    ecco il report di Averange


    • Logfile of The Avenger Version 2.0, (c) by Swandog46
      http://swandog46.geekstogo.com

      Platform: Windows XP

      *******************

      Script file opened successfully.
      Script file read successfully.

      Backups directory opened successfully at C:\Avenger

      *******************

      Beginning to process script file:

      Rootkit scan active.
      No rootkits found!

      File "C:\WINDOWS\system\smvss.exe" deleted successfully.
      File "C:\WINDOWS\System32\NTSpool.exe" deleted successfully.

      Error: file "C:\WINDOWS\System32\NTSecurity.exe" not found!
      Deletion of file "C:\WINDOWS\System32\NTSecurity.exe" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist


      Error: file "C:\Documents and Settings\Frankie\Documenti\ISTALLAZIONI\5.Terzepar ti\Perfect.Keylogger-v1.6.0.1.keygen.by.ttavi FUNCIONA UN 10 es el k uso y de lujooo.rar" not found!
      Deletion of file "C:\Documents and Settings\Frankie\Documenti\ISTALLAZIONI\5.Terzepar ti\Perfect.Keylogger-v1.6.0.1.keygen.by.ttavi FUNCIONA UN 10 es el k uso y de lujooo.rar" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist

      File "C:\Documents and Settings\Frankie\Impostazioni locali\Temp\18exremao59.exe" deleted successfully.
      File "C:\Documents and Settings\Frankie\Impostazioni locali\Temp\55exfbch1.exe" deleted successfully.
      File "C:\Documents and Settings\Frankie\Impostazioni locali\Temp\70exfbch1.exe" deleted successfully.
      File "C:\Documents and Settings\Frankie\Impostazioni locali\Temp\75exmdnk50.exe" deleted successfully.
      File "C:\Documents and Settings\Frankie\Impostazioni locali\Temp\82exremao59.exe" deleted successfully.
      File "C:\Documents and Settings\Frankie\Impostazioni locali\Temp\89exmdnk50.exe" deleted successfully.
      File "C:\Documents and Settings\Frankie\Impostazioni locali\Temp\90exmdnk50.exe" deleted successfully.
      File "C:\Documents and Settings\Frankie\Impostazioni locali\Temp\94exremao59.exe" deleted successfully.
      File "C:\Documents and Settings\Frankie\Impostazioni locali\Temp\97exfbch1.exe" deleted successfully.
      File "C:\Documents and Settings\Frankie\Impostazioni locali\Temp\eraseme_24568.exe" deleted successfully.

      Completed script processing.

      *******************

      Finished! Terminate.
    www.sposidautore.it
    www.metrospazioarte.it
    http://iltempodifrankie.blogspot.com
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.