services.exe....e altro

**emilianoPSG** · 02-05-2008, 10:34

Ho effettuato il Removal Script e le prime due operazioni le ha eseguite con successo, mentre non è riuscito nell'eliminazione del file csrs.exe, quindi dopo il reboot l'ho rilanciato, ma come puoi vedere, nulla e purtroppo il secondo log ha sovrascritto il primo, ma come ti ho detto le altre due operazioni le ha eseguite:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\isecwdef

*******************

Script file located at: \??\C:\WINDOWS\system32\llgmdnof.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-05-02 10:22:37
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Symantec AntiVirus Corporate Edition 10.1.5.5000 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Don Marco\Cookies\don_marco@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Don Marco\Dati applicazioni\Mozilla\Firefox\Profiles\2ikktfwf.def ault\COOKIES.TXT[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Don Marco\Dati applicazioni\Mozilla\Firefox\Profiles\2ikktfwf.def ault\COOKIES.TXT[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Don Marco\Cookies\don_marco@atdmt[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Don Marco\Cookies\don_marco@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Don Marco\Cookies\don_marco@bs.serving-sys[1].txt
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location
File C:\WINDOWS\csrs.exe not found!
Deletion of file C:\WINDOWS\csrs.exe failed!

Could not process line:
C:\WINDOWS\csrs.exe
Status: 0xc0000034

Program C:\Documents and Settings\Don Marco\Desktop\sys43240.exe successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

Questo invece è il log del panda :

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-05-02 10:22:37
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Symantec AntiVirus Corporate Edition 10.1.5.5000 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Don Marco\Cookies\don_marco@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Don Marco\Dati applicazioni\Mozilla\Firefox\Profiles\2ikktfwf.def ault\COOKIES.TXT[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Don Marco\Dati applicazioni\Mozilla\Firefox\Profiles\2ikktfwf.def ault\COOKIES.TXT[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Don Marco\Cookies\don_marco@atdmt[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Don Marco\Cookies\don_marco@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Don Marco\Cookies\don_marco@bs.serving-sys[1].txt
;
SUSPECTS
Sent Location

Mi succede una cosa strana: dopo ogni reboot trovo la scheda di rete lan disabilitata..............però non mi è più apparso quel maledetto messaggio con shutdown.

Grazie mille ancora per la disponibilità
Emiliano

Discussione: services.exe....e altro

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio