Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 9 su 9
  1. 12-03-2008, 20:28 #1
    sylver65
    sylver65 non è in linea
    Utente di HTML.it
    Registrato dal
    May 2001
    Messaggi
    112

    Nod323 disattivato e altri problemi

    Salve a tutti.
    mi trovo con un problema che credo sia BEAGLE.
    Il NOD32 è styato disattivato ed è impossibile ripristinarlo. Anche dopo una disinstallazione e reinstallazione.
    Kaspesky trial è inpossibile installarlo perchè dice che non ci sono i permessi validi per creare la cartella.
    HiJackThis una volta salvato sul desktop e lanciato dice che non è una applicazione win32 VALIDA.

    Per adesso sto facendo fare una scansione online di Kaspesky, ma è lentissima.

    Potrebbe essere un'altro tipo di virus?
    Come posso procedere per la sua rimozione?
    Rispondi quotando Rispondi quotando
  2. 12-03-2008, 21:16 #2
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    dopo kaspersky esegui una scansione anche con elibagla: eseguilo e clicca su Explorar. Riavvia il pc quando finisce e posta il rapporto (C:\Infosat.txt)
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  3. 13-03-2008, 09:43 #3
    sylver65
    sylver65 non è in linea
    Utente di HTML.it
    Registrato dal
    May 2001
    Messaggi
    112
    Questo è il rapporto di Elibagla



    Wed Mar 12 19:55:27 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Wed Mar 12 19:55:57 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\
    C:\Programmi\Analog Devices\SoundMAX\SMTRAY.EXE --> Eliminado Bagle.dldr
    C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

    Nº Total de Directorios: 10680
    Nº Total de Ficheros: 102392
    Nº de Ficheros Analizados: 12653
    Nº de Ficheros Infectados: 2
    Nº de Ficheros Limpiados: 2

    Wed Mar 12 20:33:35 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Nº Total de Directorios: 52
    Nº Total de Ficheros: 251
    Nº de Ficheros Analizados: 42
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0
    Exploración Detenida por el Usuario.

    Wed Mar 12 20:34:13 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    Reinicie para Completar la Limpieza.

    Wed Mar 12 20:35:06 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\
    C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

    Nº Total de Directorios: 10680
    Nº Total de Ficheros: 102422
    Nº de Ficheros Analizados: 12653
    Nº de Ficheros Infectados: 1
    Nº de Ficheros Limpiados: 1

    Wed Mar 12 21:34:49 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    Reinicie para Completar la Limpieza.

    Wed Mar 12 21:35:29 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Nº Total de Directorios: 6166
    Nº Total de Ficheros: 56753
    Nº de Ficheros Analizados: 3382
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0
    Exploración Detenida por el Usuario.

    Wed Mar 12 21:41:44 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    Reinicie para Completar la Limpieza.

    Wed Mar 12 21:41:51 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\
    C:\Programmi\Analog Devices\SoundMAX\SMTRAY.EXE --> Eliminado Bagle.dldr

    Wed Mar 12 21:48:26 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    Reinicie para Completar la Limpieza.

    Wed Mar 12 21:49:04 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\
    C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

    Nº Total de Directorios: 10690
    Nº Total de Ficheros: 102481
    Nº de Ficheros Analizados: 12654
    Nº de Ficheros Infectados: 1
    Nº de Ficheros Limpiados: 1

    Wed Mar 12 22:08:38 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    Reinicie para Completar la Limpieza.

    Wed Mar 12 22:09:27 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\
    C:\Programmi\Analog Devices\SoundMAX\SMTRAY.EXE --> Eliminado Bagle.dldr
    C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

    Nº Total de Directorios: 10362
    Nº Total de Ficheros: 99746
    Nº de Ficheros Analizados: 12560
    Nº de Ficheros Infectados: 2
    Nº de Ficheros Limpiados: 2

    Wed Mar 12 22:30:32 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    Reinicie para Completar la Limpieza.
    Rispondi quotando Rispondi quotando
  4. 13-03-2008, 10:47 #4
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    ok. ..ma il pc l'hai riavviato, si? ...vedo che passano pochi secondi tra una scansione e l'altra.

    entra in modalita' provvisoria e prova ad eliminare:
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS \
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE

    scarica Avenger e fammi sapere se riesci ad eseguirlo.

    Disattiva il ripristino configurazione di sistema: start -> pannello di controllo -> sistema -> ripristino configurazione di sistema -> spunta "disattiva ripristino configuraz. di sistema"

    e fai la scansione con Kaspersky_virusscanner.
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  5. 13-03-2008, 11:37 #5
    sylver65
    sylver65 non è in linea
    Utente di HTML.it
    Registrato dal
    May 2001
    Messaggi
    112
    sono andato in modalità provvisoria con ELIbagle:

    Thu Mar 13 09:36:16 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\
    C:\WINDOWS\system32\drivers\down\174984.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\down\182218.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\down\242437.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\down\278015.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\down\3513781.EXE --> Eliminado Bagle

    Nº Total de Directorios: 10243
    Nº Total de Ficheros: 99141
    Nº de Ficheros Analizados: 12401
    Nº de Ficheros Infectados: 5
    Nº de Ficheros Limpiados: 5

    Thu Mar 13 10:09:37 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Thu Mar 13 10:09:38 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Nº Total de Directorios: 10289
    Nº Total de Ficheros: 99196
    Nº de Ficheros Analizados: 12396
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0

    Thu Mar 13 10:24:26 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Thu Mar 13 10:24:48 2008
    EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Nº Total de Directorios: 10290
    Nº Total de Ficheros: 99203
    Nº de Ficheros Analizados: 12398
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0

    poi ho ravviato e sono riuscito ad aprire HiJackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10.33.57, on 13/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Programmi\Apache Group\Apache2\bin\Apache.exe
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programmi\Matrox X.tools\System\digisc.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\mgabg.exe
    C:\Programmi\MySQL\MySQL Server 5.1\bin\mysqld.exe
    C:\Programmi\Norton Ghost\Agent\VProSvc.exe
    C:\Programmi\Apache Group\Apache2\bin\Apache.exe
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Programmi\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
    C:\Programmi\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Programmi\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Programmi\Norton Ghost\Agent\GhostTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\PDesk\PDesk.exe
    C:\Programmi\Matrox X.tools\DSOutputEnabler.exe
    C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
    C:\Programmi\Babylon\Babylon-Pro\Babylon.exe
    C:\Programmi\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
    C:\Documents and Settings\mwf\Desktop\HostsToggle.exe
    C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Programmi\Google\Google Updater\GoogleUpdater.exe
    C:\Programmi\Apache Group\Apache2\bin\ApacheMonitor.exe
    C:\Programmi\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\Programmi\Windows Desktop Search\WindowsSearch.exe
    C:\Programmi\WinZip\WZQKPICK.EXE
    C:\Programmi\Hamachi\hamachi.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin .dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119 .1736\swg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmi\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Programmi\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [MGA_CD_Install] E:\mgasetup.exe /No_Welcome /Lang:Italiano
    O4 - HKLM\..\Run: [DSOutputEnabler] "C:\Programmi\Matrox X.tools\DSOutputEnabler.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe "
    O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon-Pro\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    O4 - HKLM\..\Run: [Unamon] wscript.exe //b C:\DOCUME~1\mwf\IMPOST~1\Temp\Unamon.vbs
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [HostsToggle] "C:\Documents and Settings\mwf\Desktop\HostsToggle.exe"
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    Rispondi quotando Rispondi quotando
  6. 13-03-2008, 11:38 #6
    sylver65
    sylver65 non è in linea
    Utente di HTML.it
    Registrato dal
    May 2001
    Messaggi
    112
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: hamachi.lnk = C:\Programmi\Hamachi\hamachi.exe
    O4 - Global Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programmi\Apache Group\Apache2\bin\ApacheMonitor.exe
    O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1204133953203
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DD7DD612-28E3-469E-9051-1A9DA5CE203A}: NameServer = 151.99.125.1,151.99.0.100
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programmi\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Apache2 - Apache Software Foundation - C:\Programmi\Apache Group\Apache2\bin\Apache.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: DigiCtrl - Matrox Electronic Systems - C:\Programmi\Matrox X.tools\System\digisc.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
    O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

    --
    End of file - 13956 bytes
    Rispondi quotando Rispondi quotando
  7. 13-03-2008, 12:15 #7
    sylver65
    sylver65 non è in linea
    Utente di HTML.it
    Registrato dal
    May 2001
    Messaggi
    112
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Thursday, March 13, 2008 11:06:10 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 13/03/2008
    Kaspersky Anti-Virus database records: 627185
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - Critical Areas:
    C:\WINDOWS
    C:\DOCUME~1\mwf\IMPOST~1\Temp\

    Scan Statistics:
    Total number of scanned objects: 18847
    Number of viruses found: 2
    Number of infected objects: 12
    Number of suspicious objects: 0
    Duration of the scan process: 00:11:31

    Infected Object Name / Virus Name / Last Action
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\down\176640.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
    C:\WINDOWS\system32\drivers\down\185468.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
    C:\WINDOWS\system32\drivers\down\209484.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
    C:\WINDOWS\system32\drivers\down\252000.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
    C:\WINDOWS\system32\drivers\down\254468.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
    C:\WINDOWS\system32\drivers\down\3506734.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
    C:\WINDOWS\system32\drivers\down\3526140.exe Infected: Trojan.Win32.Pakes.bwy skipped
    C:\WINDOWS\system32\drivers\down\3526265.exe Infected: Trojan.Win32.Pakes.bwy skipped
    C:\WINDOWS\system32\drivers\down\777968.exe Infected: Trojan.Win32.Pakes.bwy skipped
    C:\WINDOWS\system32\drivers\down\891750.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
    C:\WINDOWS\system32\drivers\down\896546.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
    C:\WINDOWS\system32\drivers\down\928953.exe Infected: Trojan.Win32.Pakes.bwy skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\hsperfdata_SYSTEM\1684 Object is locked skipped
    C:\WINDOWS\Temp\ib5 Object is locked skipped
    C:\WINDOWS\Temp\ib6 Object is locked skipped
    C:\WINDOWS\Temp\ib6.tmp Object is locked skipped
    C:\WINDOWS\Temp\ib7 Object is locked skipped
    C:\WINDOWS\Temp\ib7.tmp Object is locked skipped
    C:\WINDOWS\Temp\ib8.tmp Object is locked skipped
    C:\WINDOWS\Temp\ib9.tmp Object is locked skipped
    C:\WINDOWS\Temp\ibA.tmp Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_7c4.dat Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\DOCUME~1\mwf\IMPOST~1\Temp\Perflib_Perfdata_10c 0.dat Object is locked skipped
    C:\DOCUME~1\mwf\IMPOST~1\Temp\~DF2C4F.tmp Object is locked skipped
    C:\DOCUME~1\mwf\IMPOST~1\Temp\~DF611F.tmp Object is locked skipped
    C:\DOCUME~1\mwf\IMPOST~1\Temp\~DF9F4.tmp Object is locked skipped

    Scan process completed.
    Rispondi quotando Rispondi quotando
  8. 04-04-2008, 15:05 #8
    gimmymatrix
    gimmymatrix non è in linea
    Utente di HTML.it
    Registrato dal
    Apr 2008
    Messaggi
    1
    ciao,
    ho lo stesso problema. Ho fatto una mezza scansione con kaspersky poi mi è saltata la connessione. Vi posto la parte scansionata:

    C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.da t Object is locked skipped
    C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.da t Object is locked skipped
    C:\Documents and Settings\giammy\bwmxdxsy.exe Infected: Trojan.Win32.Dialer.anm skipped
    C:\Documents and Settings\giammy\bzndqtzp.exe Infected: Trojan.Win32.Dialer.anm skipped
    C:\Documents and Settings\giammy\bzpqltel.exe Infected: Trojan.Win32.Dialer.anm skipped
    C:\Documents and Settings\giammy\chrymvvp.exe Infected: Trojan.Win32.Dialer.anm skipped
    C:\Documents and Settings\giammy\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Mozilla\Firefox\Profiles\cvl1j1pr.def ault\cert8.db Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Mozilla\Firefox\Profiles\cvl1j1pr.def ault\formhistory.dat Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Mozilla\Firefox\Profiles\cvl1j1pr.def ault\history.dat Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Mozilla\Firefox\Profiles\cvl1j1pr.def ault\key3.db Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Mozilla\Firefox\Profiles\cvl1j1pr.def ault\parent.lock Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Mozilla\Firefox\Profiles\cvl1j1pr.def ault\search.sqlite Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Mozilla\Firefox\Profiles\cvl1j1pr.def ault\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\call256.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\callmember256.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\chat1024.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\chat512.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\chatmember256.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\chatmsg1024.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\chatmsg2048.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\chatmsg256.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\chatmsg4096.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\chatmsg512.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\chatmsg8192.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\contactgroup256.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\dyncontent\bundle.d at Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\index2.dat Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\profile16384.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\transfer1024.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\transfer256.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\transfer512.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\user1024.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\user16384.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\user256.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\user32768.dbb Object is locked skipped
    C:\Documents and Settings\giammy\Dati applicazioni\Skype\gimmymatrix\voicemail256.dbb Object is locked skipped
    C:\Documents and Settings\giammy\drxqzvjw.exe Infected: Trojan.Win32.Dialer.anm skipped
    C:\Documents and Settings\giammy\ejttsfcv.exe Infected: Trojan.Win32.Dialer.anm skipped
    C:\Documents and Settings\giammy\epvsylpv.exe Infected: Trojan.Win32.Dialer.anm skipped
    C:\Documents and Settings\giammy\ezsgfkxj.exe Infected: Trojan.Win32.Dialer.anm skipped
    C:\Documents and Settings\giammy\fognejtz.exe Infected: Trojan.Win32.Dialer.anm skipped
    C:\Documents and Settings\giammy\hrtnhefo.exe Infected: Trojan.Win32.Dialer.anm skipped
    C:\Documents and Settings\giammy\huldxbyp.exe Infected: Trojan.Win32.Dialer.anm skipped
    C:\Documents and Settings\giammy\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\giammy\Impostazioni locali\Cronologia\History.IE5\MSHist01200804042008 0405\index.dat Object is locked skipped
    Rispondi quotando Rispondi quotando
  9. 05-04-2008, 00:55 #9
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    non sembra lo stesso problema.. Vediamo..

    scarica Avenger e nel box bianco copia e incolla:
    files to delete:
    C:\Documents and Settings\giammy\bwmxdxsy.exe
    C:\Documents and Settings\giammy\bzndqtzp.exe
    C:\Documents and Settings\giammy\bzpqltel.exe
    C:\Documents and Settings\giammy\chrymvvp.exe
    C:\Documents and Settings\giammy\drxqzvjw.exe
    C:\Documents and Settings\giammy\ejttsfcv.exe
    C:\Documents and Settings\giammy\epvsylpv.exe
    C:\Documents and Settings\giammy\ezsgfkxj.exe
    C:\Documents and Settings\giammy\fognejtz.exe
    C:\Documents and Settings\giammy\hrtnhefo.exe
    C:\Documents and Settings\giammy\huldxbyp.exe
    C:\WINDOWS\system32\drivers\hidr.exe
    C:\WINDOWS\system32\drivers\hidrrr.exe
    C:\WINDOWS\system32\drivers\hldrrr.ex_
    C:\WINDOWS\system32\drivers\hldrrr.exe
    C:\WINDOWS\system32\drivers\srosa.sys
    C:\WINDOWS\system32\drivers\klif.sys
    C:\WINDOWS\system32\drivers\pci32.sys
    C:\WINDOWS\system32\wintems.exe
    c:\WINDOWS\system32\hlpuybtr.exe
    C:\WINDOWS\system32\hldrrr.exe
    C:\WINDOWS\system32\trusted.exe
    C:\WINDOWS\system32\mdelk.exe
    c:\Documents and Settings\giammy\Dati applicazioni\hidires\m_hook.sys
    c:\Documents and Settings\giammy\Dati applicazioni\hidires\hidr.exe
    c:\Documents and Settings\giammy\Dati applicazioni\hidires\srosa.sys
    c:\Documents and Settings\giammy\Dati applicazioni\hidn\hidn2.exe
    c:\Documents and Settings\giammy\Dati applicazioni\hidn\hldrrr.exe
    c:\Documents and Settings\giammy\Dati applicazioni\m\data.oct
    c:\Documents and Settings\giammy\Dati applicazioni\m\flec006.exe

    folders to delete:
    c:\WINDOWS\exefld
    c:\WINDOWS\exefnd
    C:\WINDOWS\exefqd
    C:\WINDOWS\system32\drivers\down
    c:\Documents and Settings\giammy\Dati applicazioni\hidires
    c:\Documents and Settings\giammy\Dati applicazioni\hidn
    Spunta "Automatically disable any rootkits found" e clicca su "execute".
    Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato

    scarica elibagla, eseguilo e clicca su Explorar - riavvia il pc quando finisce. Posta il rapporto (C:\Infosat.txt)

    Scarica Hijackthis e mettilo in un cartella dedicata (tipo: c:\programmi\Hijackthis).
    Eseguilo e clicca sul tasto "Do a system scan and save a log file". Posta il file di testo ottenuto.
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.