Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

HELP! Virus Bagle ?? o cosa ?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

HELP! Virus Bagle ?? o cosa ?

Messaggioda alverman » ven gen 25, 2008 3:59 pm

Buondì, sono nuovo del forum e ovviamente ho un problema che non mi sembra avere trovato nei vari post, perlomeno con le mie medesime modalità.
Parliamo di un PC con Windows 2000 che successivamente ad un aggiornamento di "Alice ti aiuta" (lo so, lo so non dite niente a proposito...) non andato a buon fine e ad una sessione di Messanger terminata regolarmente ha cominciato a dare i seguenti problemi :
-Disabilitazione di AVG e Zone Alarm
-Impossibilità di lanciare i sopracitati programmi
-Chiusura di internet explorer al momento di connettersi con siti relativi
ad antivirus (Kaspersky, ecc...) o per lo scan "on-line"
-Chiusura del browser se da Google si ricerca qualcosa di attinente a
"virus"
Ho provato a lanciare in modalità provvisoria avg ma non sono stati
trovati virus.
L'utilizzo di adware con relativa pulizia di file "sospetti" non ha portato alcun beneficio, stessa cosa con System Mechanic.
La problematica sembrerebbe essere molto simile a quella del virus "Bagle"
ma io al momento riesco ancora ad andare in modalità provvisoria e la CPU
non mi sembra eccessivamente impegnata.
Che dite? Provo intanto con una passata di Hijack per capire meglio ?
ciao e grazie.
Avatar utente
alverman
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: ven gen 25, 2008 3:46 pm
Località: roma
Top

Messaggioda crazy.cat » ven gen 25, 2008 4:03 pm

Vediamo la scansione di hijackthis e poi prova anche gmer e vedi se ti trova delle voci in rosso o attività rootkit nascoste appena lo apri.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda alverman » sab gen 26, 2008 4:03 pm

Sono riuscito a far girare Hijackthis in modalità provvisoria perché in modalità normale non riesce a partire....e questo è il log non so quanto valido a questo punto :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.34.50, on 26/01/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\APPOKEY\pasuqleThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/it/ita/gen/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Programmi\File comuni\Nokia\NCLTools\NclConf.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmi\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV03.EXE
O4 - Global Startup: CN405WLUSB54 Utility LAN wireless.lnk = C:\Programmi\CONITECH\CN405WLUSB54.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Alice - {32439238-73A3-4B85-960F-6B1ADC78F57E} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINNT\system32\dllcache\mravsc32.exe (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft PowerPoint Application - Unknown owner - C:\WINNT\system32\dllcache\winppa.exe
O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. - C:\WINNT\SYSTEM32\ZONELABS\minilog.exe
O23 - Service: MSN RAV - Unknown owner - C:\WINNT\system\msnrav.exe (file missing)
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 5919 bytes
********************
Inoltre ho provato a lanciare anche GMER (questo mi parte in modalità normale) e questo è il log :
***********************
GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2008-01-26 15:55:11
Windows 5.0.2195 Service Pack 4


---- Kernel code sections - GMER 1.0.14 ----

.text ntdll.dll!NtClose 784628C8 5 Bytes JMP 72049770
.text ntdll.dll!NtWriteFile 78463313 5 Bytes JMP 7204A3D0
.text ntdll.dll!NtCreateKey 78464EC0 5 Bytes JMP 7204ADA0
.text ntdll.dll!NtSetValueKey 78464EDC 5 Bytes JMP 7204AD10
.text ntdll.dll!NtCreateSection 78465EB0 5 Bytes JMP 72049A40
.text ntdll.dll!NtCreateFile 78467CAC 5 Bytes JMP 7204A570
.text ntdll.dll!NtCreateProcess 78472362 5 Bytes JMP 7204AE30
.text ntdll.dll!NtLoadDriver 78479E38 5 Bytes JMP 7204A1E0

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW] [7789786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA] [77897800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryExW] [77897955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryW] [7789786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryA] [77897800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!LoadLibraryW] [7789786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!LoadLibraryA] [77897800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.DLL!LoadLibraryExW] [77897955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.DLL!LoadLibraryA] [77897800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.DLL!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.DLL!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.DLL!LoadLibraryW] [7789786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\USER32.DLL [KERNEL32.DLL!LoadLibraryExW] [77897955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\USER32.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\USER32.DLL [KERNEL32.DLL!LoadLibraryA] [77897800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\USER32.DLL [KERNEL32.DLL!LoadLibraryW] [7789786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\USER32.DLL [KERNEL32.DLL!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\USER32.DLL [KERNEL32.DLL!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExA] [778978DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExW] [77897955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryW] [7789786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryA] [77897800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [77897800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [7789786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [77897955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryW] [7789786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryExW] [77897955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryA] [77897800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryW] [7789786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryA] [77897800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.DLL!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.DLL!LoadLibraryA] [77897800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.DLL!LoadLibraryExW] [77897955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.DLL!LoadLibraryExA] [778978DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.DLL!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [77897800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [77897800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\netapi32.dll [KERNEL32.DLL!LoadLibraryW] [7789786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\netapi32.dll [KERNEL32.DLL!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\netapi32.dll [KERNEL32.DLL!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\SECUR32.DLL [KERNEL32.DLL!LoadLibraryA] [77897800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\SECUR32.DLL [KERNEL32.DLL!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\SECUR32.DLL [KERNEL32.DLL!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\SECUR32.DLL [KERNEL32.DLL!LoadLibraryW] [7789786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.DLL!FreeLibrary] [77897A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.DLL!LoadLibraryA] [77897800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1100] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.DLL!GetProcAddress] [7789771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

Ho visto che sarebbe da provare anche Avenger ma con molta attenzione, che ne dite è il caso ?
Comincio a predispormi mentalmente alla formattazione? gulp !
grazie.
Avatar utente
alverman
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: ven gen 25, 2008 3:46 pm
Località: roma
Top
Top

Messaggioda ste_95 » sab gen 26, 2008 4:27 pm

Qualcosa si vede in hijackthis, dovresti fare il log di GMER anche della sezione autostart.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda alverman » sab gen 26, 2008 4:51 pm

ho rifatto girare gmer ed ecco il log di autostart, ma le segnalazioni sul log principale sembrano diverse da quelle postate in precedenza !

GMER 1.0.14.14116 - http://www.gmer.net
Autostart scan 2008-01-26 16:46:59
Windows 5.0.2195 Service Pack 4


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINNT\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
wzcnotif@DLLName = wzcdlg.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
Avg7Alrt@ = C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Avg7UpdSvc@ = C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
AVGEMS@ = C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
BAsfIpM@ = C:\WINNT\system32\basfipm.exe
Distributed Allocated Memory Unit@ = "C:\WINNT\system32\dllcache\mravsc32.exe" /*file not found*/
Microsoft PowerPoint Application@ = "C:\WINNT\system32\dllcache\winppa.exe"
minilog@ = C:\WINNT\SYSTEM32\ZONELABS\minilog.exe -service
MSN RAV@ = "C:\WINNT\system\msnrav.exe" /*file not found*/
PPPoEService@ = C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
SCardSvr@ = %SystemRoot%\System32\SCardSvr.exe
Schedule@ = %SystemRoot%\system32\MSTask.exe
vsmon@ = C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe -service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Synchronization Managermobsync.exe /logon = mobsync.exe /logon
@ApointC:\Programmi\Apoint\Apoint.exe = C:\Programmi\Apoint\Apoint.exe
@ATIModeChangeAti2mdxx.exe = Ati2mdxx.exe
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_07\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
@ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
@PRPCMonitorPRPCUI.exe = PRPCUI.exe
@bascstrayBascsTray.exe /*file not found*/ = BascsTray.exe /*file not found*/
@Nokia Connection Monitor"C:\Programmi\File comuni\Nokia\NCLTools\NclConf.exe" = "C:\Programmi\File comuni\Nokia\NCLTools\NclConf.exe"
@REGSHAVEC:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN = C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@PCSuiteTrayApplicationC:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup /*file not found*/
@AVG7_CCC:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@internat.exeinternat.exe = internat.exe
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@AVG7_RunC:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE = C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{41E300E0-78B6-11ce-849B-444553540000} /*Estensione CPL PlusPack*/plustab.dll = plustab.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{8BEBB290-52D0-11D0-B7F4-00C04FD706EC} /*Anteprima*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{EAB841A0-9550-11CF-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{1AEB1360-5AFC-11D0-B806-00C04FD706EC} /*Programma di estrazione filtri grafici di Office in anteprima*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{9DBD2C50-62AD-11D0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{500202A0-731E-11D0-B829-00C04FD706EC} /*LNK file thumbnail interface delegator*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{fe1290f0-cfbd-11cf-a330-00aa00c16e65} /*Directory Namespace*/dsfolder.dll = dsfolder.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/dsfolder.dll = dsfolder.dll
@{1E2CDF40-419B-11D2-A5A1-002018648BA7} /*AVG Shell Extension*/(null) =
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{e0d79300-84be-11ce-9641-444553540000} /*WinZip*/C:\WinZip\wzshlext.dll = C:\WinZip\wzshlext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*Nokia Phone Browser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG7\avgse.dll = C:\Programmi\Grisoft\AVG7\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG7\avgse.dll = C:\Programmi\Grisoft\AVG7\avgse.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG7\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{e0d79300-84be-11ce-9641-444553540000} = C:\WinZip\wzshlext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{e0d79300-84be-11ce-9641-444553540000} = C:\WinZip\wzshlext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG7\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{e0d79300-84be-11ce-9641-444553540000} = C:\WinZip\wzshlext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll = C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar4.dll = c:\programmi\google\googletoolbar4.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINNT\system32\SSMARQUE.SCR

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://gw.aliceadsl.it/home = http://gw.aliceadsl.it/home
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.euro.dell.com/countries/it/ita/gen/ = http://www.euro.dell.com/countries/it/ita/gen/
@Start Pagehttp://italian.eazel.com/index.php?rvs=hompag = http://italian.eazel.com/index.php?rvs=hompag
@Local PageC:\WINNT\system32\blank.htm = C:\WINNT\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
its@CLSID = C:\WINNT\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINNT\system32\itss.dll
vnd.ms.radio@CLSID = C:\WINNT\system32\msdxm.ocx

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001@LibraryPath = %SystemRoot%\System32\rnr20.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\msafd.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020@PackedCatalogItem = %SystemRoot%\system32\msafd.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Digital Line Detect.lnk = Digital Line Detect.lnk
Microsoft Office.lnk = Microsoft Office.lnk
ZoneAlarm Pro.lnk = ZoneAlarm Pro.lnk
Exif Launcher.lnk = Exif Launcher.lnk
EPSON Status Monitor 3 Environment Check.lnk = EPSON Status Monitor 3 Environment Check.lnk
CN405WLUSB54 Utility LAN wireless.lnk = CN405WLUSB54 Utility LAN wireless.lnk

---- EOF - GMER 1.0.14 ----
Avatar utente
alverman
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: ven gen 25, 2008 3:46 pm
Località: roma
Top

Messaggioda ste_95 » sab gen 26, 2008 5:56 pm

Fixa queste voci in hijackthis:

O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINNT\system32\dllcache\winppa.exe

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda alverman » mar gen 29, 2008 12:17 pm

ok grazie scusa il ritardo....conto di farlo stasera, nel frattempo vedo dagli altri topic che sono in buona compagnia! Solo una cosa non mi torna, gli altri riescono a fare la scansione on line da Kaspersky, io no, appena provo a puntare sul sito, "l'infame" mi chiude la finestra di IE, come mai ?
grazie
Avatar utente
alverman
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: ven gen 25, 2008 3:46 pm
Località: roma
Top

Messaggioda ste_95 » mar gen 29, 2008 2:32 pm

Sembra strano, prova prima a eseguire la procedura precedente.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda alverman » mar gen 29, 2008 8:16 pm

...forse ci siamo !
ecco il log di avenger :

ÿþL o g f i l e o f T h e A v e n g e r v e r s i o n 1 , b y S w a n d o g 4 6

R u n n i n g f r o m r e g i s t r y k e y :

\ R e g i s t r y \ M a c h i n e \ S y s t e m \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ c w q l b u b t



* * * * * * * * * * * * * * * * * * *



S c r i p t f i l e l o c a t e d a t : \ ? ? \ C : \ P r o g r a m F i l e s \ w b v d a m v x . t x t

S c r i p t f i l e o p e n e d s u c c e s s f u l l y .



S c r i p t f i l e r e a d s u c c e s s f u l l y



B a c k u p s d i r e c t o r y o p e n e d s u c c e s s f u l l y a t C : \ A v e n g e r



* * * * * * * * * * * * * * * * * * *



B e g i n n i n g t o p r o c e s s s c r i p t f i l e :



F i l e C : \ W I N N T \ s y s t e m 3 2 \ d l l c a c h e \ w i n p p a . e x e d e l e t e d s u c c e s s f u l l y .



C o m p l e t e d s c r i p t p r o c e s s i n g .



* * * * * * * * * * * * * * * * * * *



F i n i s h e d ! T e r m i n a t e .


alla ripartenza sia Zone Alarm che AVG sembrano essere partiti....
Faccio una bella scansione e vi faccio sapere...
Avatar utente
alverman
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: ven gen 25, 2008 3:46 pm
Località: roma
Top

Messaggioda alverman » mer gen 30, 2008 9:55 am

Confermo..."l'infame" è schiattato !! In verità con la scansione on-line di Kaspersky è stato trovato un virus sull'eseguibile (vecchio) di avenger...ma lo ho eliminato.
Adesso sembra tutto ok, fino a quando non si sa....comunque grazie grazie grazie. [rotolo]
Avatar utente
alverman
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: ven gen 25, 2008 3:46 pm
Località: roma
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 28 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising