allora: posto il log di Norman:
Number of processes/threads found: 600
Number of processes/threads scanned: 600
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 29s
Scanning file system...
Scanning: C:\*.*
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\0FAE736D.com (Infected with Agent.FHFC)
Deleted file
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\2CBD51FF.com (Infected with Agent.FHFC)
Deleted file
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\48DA4C75.com (Infected with Agent.FHFC)
Deleted file
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\4901444A.com (Infected with Agent.FHFC)
Deleted file
C:\Documents and Settings\sergio\ccppglsy.exe (Infected with Dialer.HN)
Deleted file
C:\Documents and Settings\sergio\ptgxqpbn.exe (Infected with Dialer.HN)
Deleted file
C:\Documents and Settings\sergio\rxirgucd.exe (Infected with Dialer.HN)
Deleted file
C:\Documents and Settings\sergio\Impostazioni locali\Temp\_addon.exe (Infected with Horst.gen29.dropper)
Deleted file
C:\Programmi\MediaCoder\xulapp\Dati applicazioni\Mozilla\Firefox\Profiles\r8kotsdm.def ault\Cache\90487342d01/unknown0 (Error whilst scanning file: I/O Error)
C:\Sistema1\casinoeuropa_profilo.exe (Infected with W32/DLoader.DZNY)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010714.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010715.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010716.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010717.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010718.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010719.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010720.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010721.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010722.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010723.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010724.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010725.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010726.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010727.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010728.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010729.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010730.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010731.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010732.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010733.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP26\A0010734.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP32\A0012047.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP52\A0016042.com (Infected with Agent.FHFC)
Deleted file
C:\System Volume Information\_RESTO~1\RP52\A0016043.com (Infected with Agent.FHFC)
Deleted file
C:\System Volume Information\_RESTO~1\RP52\A0016044.com (Infected with Agent.FHFC)
Deleted file
C:\System Volume Information\_RESTO~1\RP52\A0016045.com (Infected with Agent.FHFC)
Deleted file
C:\System Volume Information\_RESTO~1\RP52\A0016046.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP52\A0016047.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP52\A0016048.exe (Infected with Dialer.HN)
Deleted file
C:\System Volume Information\_RESTO~1\RP52\A0016049.exe (Infected with W32/DLoader.DZNY)
Deleted file
Scanning: c:\System Volume Information\*.*
Running post-scan cleanup routine:
Number of files found: 194996
Number of archives unpacked: 6206
Number of files scanned: 194974
Number of files not scanned: 22
Number of files skipped due to exclude list: 0
Number of infected files found: 39
Number of infected files repaired/deleted: 39
Number of infections removed: 39
Total scanning time: 1h 58m 14s
il log di :
SmitFraudFix v2.324
Scan done at 11.36.38,70, 14/06/2008
Run from C:\Documents and Settings\sergio\Desktop\software\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f}"="campaniform"
[HKEY_CLASSES_ROOT\CLSID\{5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f}\InProcServer32]
@="C:\WINDOWS\system32\kfcpnd.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5c7b71b b-6d49-4bdc-b60d-f9fe0481eb5f}\InProcServer32]
@="C:\WINDOWS\system32\kfcpnd.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
212.150.54.250 dv-networks.com
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\system32\514852\514852.dll deleted.
C:\WINDOWS\system32\514852\ deleted.
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Belkin 54g Wireless USB Network Adapter #2 - Miniport dell'Utilità di pianificazione pacchetti
DNS Server Search Order: 192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B34F540C-E298-46DD-B62E-710CED026A58}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{900CF119-FDE5-479B-BB53-F1E10CA7FD4A}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B34F540C-E298-46DD-B62E-710CED026A58}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B34F540C-E298-46DD-B62E-710CED026A58}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f}"="campaniform"
[HKEY_CLASSES_ROOT\CLSID\{5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f}\InProcServer32]
@="C:\WINDOWS\system32\kfcpnd.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5c7b71b b-6d49-4bdc-b60d-f9fe0481eb5f}\InProcServer32]
@="C:\WINDOWS\system32\kfcpnd.dll"
»»»»»»»»»»»»»»»»»»»»»»»» End
Rispondi quotando