Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Infettato da Bagle..almeno credo

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Infettato da Bagle..almeno credo

Messaggioda stele66 » dom mag 27, 2007 11:39 am

Ciao a tutti. Sono anche io nuovo del forum e ringrazio tutti in anticipo della disponibilità. Prmetto che al pc non sono un genio e cerco di sopravvivere..... [rotfl] . Anche io nn riesco più ad istallare alcun antivirus, la cosa strana è che il tutto è accaduto dopo aver fatto la scansione con Superantivirus prima e con 2AB3AAD.exe. Ora ho fatto la scansione con gmer poi ho preso il primo file rosso ed ho incollato il log qui sotto. Giusto?

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-27 10:12:38
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT Vax347b.sys ZwClose
SSDT \??\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT Vax347b.sys ZwCreateKey
SSDT Vax347b.sys ZwCreatePagingFile
SSDT \??\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT Vax347b.sys ZwOpenKey
SSDT \??\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation
SSDT Vax347b.sys ZwQueryValueKey
SSDT Vax347b.sys ZwSetSystemPowerState

---- Kernel code sections - GMER 1.0.12 ----

? csglyfex.sys Impossibile trovare il file specificato.
? C:\WINDOWS\system32\DRIVERS\update.sys

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86705268
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86222590
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 862F9200
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_READ 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_NAMED_PIPE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_READ 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_WRITE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FLUSH_BUFFERS 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DIRECTORY_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FILE_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SHUTDOWN 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_LOCK_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLEANUP 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_MAILSLOT 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CHANGE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 861B65B0
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 86250BC0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86255738
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86255738
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8634A0D8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 8627C758
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 863030D8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 863030D8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 863030D8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 863030D8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 863030D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86263818

---- Modules - GMER 1.0.12 ----

Module _________ F774B000-F7763000 (98304 bytes)

---- Processes - GMER 1.0.12 ----

Process C:\WINDOWS\system32\hldrrr.exe (*** hidden *** ) 220
Process C:\Documents and Settings\stefano\Dati applicazioni\hidires\hidr.exe (*** hidden *** ) 1880

Questo è il secondo file in rosso:
Avatar utente
stele66
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: dom mag 27, 2007 10:59 am
Top

Messaggioda crazy.cat » dom mag 27, 2007 12:16 pm

Qui trovi lo script da dare ad avenger e poi segui le istruzioni dell'articolo per ripristinare i servizi danneggiati o mancanti.
http://www.MegaLab.it/forum/viewtopic.p ... 510#238510
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

niente da fere

Messaggioda stele66 » lun mag 28, 2007 6:48 pm

ho eseguito la scansione ma non ho ottenuto alcun risultato. Questo è ciò che mi risponde come log.Inoltre ho difficoltà a scrivere e explorer lmpeggia. Aiuto



Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\taaleqvk

*******************

Script file located at: \??\C:\WINDOWS\system32\jkcowmgg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C::\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys for deletion
Deletion of file C::\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys failed!

Could not process line:
C::\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys
Status: 0xc000003a



Could not open file C::\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\hidr.exe for deletion
Deletion of file C::\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\hidr.exe failed!

Could not process line:
C::\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\hidr.exe
Status: 0xc000003a



Could not open file C::\WINDOWS\system32\wintems.exe for deletion
Deletion of file C::\WINDOWS\system32\wintems.exe failed!

Could not process line:
C::\WINDOWS\system32\wintems.exe
Status: 0xc000003a



Could not open file C::\WINDOWS\system32\hldrrr.exe for deletion
Deletion of file C::\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C::\WINDOWS\system32\hldrrr.exe
Status: 0xc000003a



Could not open folder C::\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires for deletion
Deletion of folder C::\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires failed!

Could not process line:
C::\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires
Status: 0xc000003a



Could not open folder C::\WINDOWS\exefld for deletion
Deletion of folder C::\WINDOWS\exefld failed!

Could not process line:
C::\WINDOWS\exefld
Status: 0xc000003a

Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Avatar utente
stele66
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: dom mag 27, 2007 10:59 am
Top
Top

Messaggioda crazy.cat » lun mag 28, 2007 8:26 pm

Hai sbagliato completamente i percorsi, la parte in rosso è da eliminare su tutte le righe
C::\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys

qui c'è un doppio :: ne basta uno solo
C::\WINDOWS\
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Re: niente da fere

Messaggioda crazy.cat » lun mag 28, 2007 8:40 pm

Lo script esatto è questo

C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys
C:\Documents and Settings\stefano\Dati applicazioni\hidires\hidr.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe

folders to delete:
C:\Documents and Settings\stefano\Dati applicazioni\hidires
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

bagle

Messaggioda stele66 » mar mag 29, 2007 1:34 pm

Ok grazie, lo farò se riuscirò ad accenderlo. ieri ho tentato di accenderlo in modalità provvisoria per poi lanciare degli antivirus e rivelatori di trjan ma il computer non si è più acceso o meglio si accende mostra la schermata nel quale ti chiede in quale modalità vuoi accenderlo e qualunque si scelga il pc ricomincia e ti rimostra la stessa schermata. L'ho lasciato acceso tutta la notte con un disco inserito nel quale c'è un programma che rivela eventuali errori nell'hd mi sembra hd regen. Spero quando torno a casa di riuscire a riavviarlo. Saluti
Avatar utente
stele66
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: dom mag 27, 2007 10:59 am
Top

Messaggioda Amantide » mer mag 30, 2007 7:38 pm

Vedi qui perché non ti funziona la modalità provvisoria, prima dovrai ripulire il pc dal worm Bagle e solo poi potrai ripristinarla.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 12 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising