Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

link optimizer: scansioni gmer per script avenger

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

link optimizer: scansioni gmer per script avenger

Messaggioda horatius » dom nov 23, 2008 9:21 pm

Ciao, sto seguendo passo passo la guida del sito per ripulire il mio pc da link optimizer, e sono arrivato al punto che avrei bisogno che qualcuno mi venisse in soccorso con lo script da dare in pasto ad avenger.

Questa e' la scansione rootkit

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-23 16:55:17
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\System32\svchost.exe[1256] NETAPI32.dll!NetpwPathCanonicalize 5BC7A0F9 5 Bytes JMP 01CF7A90
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[3988] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[3988] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 43791667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[3988] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 437915E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[3988] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 4379162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[3988] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 43791574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[3988] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 437915AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[3988] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 437916A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[3988] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 436216B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Driver Mouse Class/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.14 ----


Questa e' la scansione autostart

GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2008-11-23 16:57:34
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\System32\com5.dpp

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
C-DillaSrv@ = C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
Fax@ = %systemroot%\system32\fxssvc.exe
hwclock@ = C:\WINDOWS\System32\hwclock.exe /*file not found*/
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Utilità di pianificazione di LiveUpdate automatico@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" /*file not found*/
viritsvclite@ = C:\VEXPLITE\viritsvc.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Window Monitorwinmon32.exe /*file not found*/ = winmon32.exe /*file not found*/
@VTTimerVTTimer.exe = VTTimer.exe
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe /*file not found*/ = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe /*file not found*/
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe /*file not found*/ = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe /*file not found*/
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@seeveC:\WINDOWS\seeve.exe /*file not found*/ = C:\WINDOWS\seeve.exe /*file not found*/
@Microsofot x386 System Monitorsystem32.exe /*file not found*/ = system32.exe /*file not found*/
@LManagerC:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE /*file not found*/ = C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE /*file not found*/
@LaunchAppAlaunch = Alaunch
@HDAudioC:\WINDOWS\hda.exe /*file not found*/ = C:\WINDOWS\hda.exe /*file not found*/
@Compaq Service Driversamsn.exe /*file not found*/ = amsn.exe /*file not found*/
@ATIPTAC:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE /*file not found*/ = C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE /*file not found*/
@ATIModeChangeAti2mdxx.exe = Ati2mdxx.exe
@AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe /*file not found*/ = C:\WINDOWS\system32\NeroCheck.exe /*file not found*/
@msmmiC:\WINDOWS\System32\msmmi.exe /*file not found*/ = C:\WINDOWS\System32\msmmi.exe /*file not found*/
@SunJavaUpdateSchedC:\Programmi\Java\j2re1.4.2\bin\jusched.exe /*file not found*/ = C:\Programmi\Java\j2re1.4.2\bin\jusched.exe /*file not found*/
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices >>>
@Window Monitorwinmon32.exe /*file not found*/ = winmon32.exe /*file not found*/
@Microsofot x386 System Monitorsystem32.exe /*file not found*/ = system32.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\ >>>
Run@CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
RunOnce@ = C:\Programmi\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servle ... 7.000001cd /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Classes\.scr@ = C:\WINDOWS\NOTEPAD.EXE "%1"

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/(null) =
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{59850401-6664-101B-B21C-00AA004BA90B} /*Microsoft Office Binder Unbind*/C:\PROGRA~1\MICROS~3\Office\1040\UNBIND.DLL = C:\PROGRA~1\MICROS~3\Office\1040\UNBIND.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*Gestore icona firma digitale di AutoCAD*/C:\WINDOWS\System32\AcSignIcon.dll = C:\WINDOWS\System32\AcSignIcon.dll
@{6DEA92E9-8682-4b6a-97DE-354772FE5727} /*Autodesk DWF Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Programmi\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll = C:\Programmi\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll = C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E114047A-66C0-4235-BE2E-D79790C37A02} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.0.2 = 192.168.0.2
@NameServer =
@DefaultGateway =
@Domain =

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Porta Symantec Fax Starter Edition.lnk = Porta Symantec Fax Starter Edition.lnk
Microsoft Office.lnk = Microsoft Office.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
Tasto di scelta rapida per l'avvio di AutoCAD.lnk = Tasto di scelta rapida per l'avvio di AutoCAD.lnk
Acrobat Assistant.lnk = Acrobat Assistant.lnk

---- EOF - GMER 1.0.14 ----
Avatar utente
horatius
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: dom nov 23, 2008 5:29 pm

Re: link optimizer: scansioni gmer per script avenger

Messaggioda Amantide » dom nov 23, 2008 9:51 pm

Scarica The Avenger, estrailo in una cartella ed avvia il file avenger.exe.
Incolla il seguente spript nello spazio bianco sotto alla voce Input script here, togli la spunta alla voce Scan for rootkits e clicca su Execute.

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\System32\com5.dpp

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\hwclock

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Window Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | seeve
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Microsofot x386 System Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices | Window Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices | Microsofot x386 System Monitor


Il pc dovrebbe riavviarsi, se così non fosse, riavvialo manualmente.
Al riavvio dovrebbe apparire il log avenger.txt, posta qui il suo contenuto.

Poi scarica ComboFix ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: link optimizer: scansioni gmer per script avenger

Messaggioda horatius » lun nov 24, 2008 1:22 am

Grazie di essermi venuta in soccorso.

Dunque, ho seguito alla lettera le tue istruzioni e questo è il log che mi ha dato avenger dopo il riavvio:

Avenger Pre-Processor log


Platform: Windows XP (build 2600, Service Pack 2)
Mon Nov 24 00:07:25 2008

00:07:13: Error: Invalid registry syntax in command:
"Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Window Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | seeve"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: file "C:\WINDOWS\System32\com5.dpp" not found!
Deletion of file "C:\WINDOWS\System32\com5.dpp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKLM\SYSTEM\CurrentControlSet\Services\hwclock" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.

Error: registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Microsofot x386 System Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices | Window Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices | Microsofot x386 System Monitor" not found!
Deletion of registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Microsofot x386 System Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices | Window Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices | Microsofot x386 System Monitor" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Poi ho eseguito la scansione con combofix, questo è il log:

ComboFix 08-11-22.02 - Casula 2008-11-24 0.16.37.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.287 [GMT 1:00]
Eseguito da: f:\logs\ComboFix.exe.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Casula\Impostazioni locali\Temporary Internet Files\sc
c:\windows\system32\_003378_.tmp.dll
c:\windows\system32\_003381_.tmp.dll
c:\windows\system32\_003384_.tmp.dll
c:\windows\system32\_003549_.tmp.dll
c:\windows\system32\_003550_.tmp.dll
c:\windows\system32\_003551_.tmp.dll
c:\windows\system32\_003552_.tmp.dll
c:\windows\system32\_003559_.tmp.dll
c:\windows\system32\_003560_.tmp.dll
c:\windows\system32\_003561_.tmp.dll
c:\windows\system32\_003562_.tmp.dll
c:\windows\system32\_003568_.tmp.dll
c:\windows\system32\_003569_.tmp.dll
c:\windows\system32\_003571_.tmp.dll
c:\windows\system32\_003572_.tmp.dll
c:\windows\system32\_003573_.tmp.dll
c:\windows\system32\_003575_.tmp.dll
c:\windows\system32\_003576_.tmp.dll
c:\windows\system32\_003578_.tmp.dll
c:\windows\system32\_003582_.tmp.dll
c:\windows\system32\_003583_.tmp.dll
c:\windows\system32\_003585_.tmp.dll
c:\windows\system32\_003588_.tmp.dll
c:\windows\system32\_003590_.tmp.dll
c:\windows\system32\_003591_.tmp.dll
c:\windows\system32\_003592_.tmp.dll
c:\windows\system32\_003593_.tmp.dll
c:\windows\system32\_003594_.tmp.dll
c:\windows\system32\_003597_.tmp.dll
c:\windows\system32\_003599_.tmp.dll
c:\windows\system32\_003600_.tmp.dll
c:\windows\system32\_003601_.tmp.dll
c:\windows\system32\_003605_.tmp.dll
c:\windows\system32\mdm.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AIM
-------\Legacy_HWCLOCK
-------\Legacy_MSDIRECTX
-------\Legacy_RDRIV
-------\Legacy_SVCPROC
-------\Service_rdriv


((((((((((((((((((((((((( Files Creati Da 2008-10-23 al 2008-11-23 )))))))))))))))))))))))))))))))))))
.

2008-11-23 15:02 . 2008-11-23 15:02 <DIR> d-------- C:\VEXPLITE
2008-11-23 15:02 . 2008-08-30 12:11 40,960 --a------ c:\windows\system32\drivers\VIRAGTLT.SYS
2008-11-23 14:46 . 2008-11-23 14:46 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-23 14:43 . 2008-11-23 14:43 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avg8
2008-11-23 11:00 . 2008-11-23 16:51 250 --a------ c:\windows\gmer.ini
2008-11-22 13:20 . 2008-11-22 13:20 <DIR> d-------- c:\programmi\AVG
2008-11-22 13:08 . 2008-11-22 13:08 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2008-11-14 18:18 . 2008-11-14 18:18 <DIR> d-------- c:\programmi\EPSON
2008-11-14 18:17 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-14 18:17 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
1999-03-10 15:53 99,840 ----a-w c:\programmi\File comuni\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w c:\programmi\File comuni\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w c:\programmi\File comuni\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w c:\programmi\File comuni\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w c:\programmi\File comuni\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w c:\programmi\File comuni\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 13,312 2003-04-08 11:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 14:39:36 c:\windows\system32\ctfmon.exe

----a-w 155,648 2001-07-09 10:50:42 c:\windows\system32\bak\NeroCheck.exe

----a-w 218,240 2004-11-04 15:48:00 c:\programmi\File comuni\Symantec Shared\Security Center\bak\UsrPrmpt.exe

----a-w 126,976 2002-11-15 16:40:26 c:\programmi\Synaptics\SynTP\bak\SynTPLpr.exe

----a-w 561,152 2002-11-18 08:34:26 c:\programmi\Synaptics\SynTP\bak\SynTPEnh.exe

----a-w 282,624 2003-08-22 11:07:00 c:\programmi\Launch Manager\bak\QtZpAcer.EXE

----a-w 335,872 2003-11-13 20:10:00 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\programmi\Internet Explorer\iexplore.exe" [2008-04-22 625664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [N/A]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"seeve"="c:\windows\seeve.exe" [N/A]
"LManager"="c:\progra~1\LAUNCH~1\QtZpAcer.EXE" [N/A]
"HDAudio"="c:\windows\hda.exe" [N/A]
"ATIPTA"="c:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [N/A]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [N/A]
"SunJavaUpdateSched"="c:\programmi\Java\j2re1.4.2\bin\jusched.exe" [N/A]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2008-10-16 249856]
"Window Monitor"="winmon32.exe" [N/A]
"VTTimer"="VTTimer.exe" [2003-05-07 c:\windows\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-05-14 c:\windows\SOUNDMAN.EXE]
"Microsofot x386 System Monitor"="system32.exe" [N/A]
"Compaq Service Drivers"="amsn.exe" [N/A]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-01 c:\windows\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Window Monitor"="winmon32.exe" [N/A]
"Microsofot x386 System Monitor"="system32.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
"Window Monitor"="winmon32.exe" [N/A]
"Microsofot x386 System Monitor"="system32.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Microsofot x386 System Monitor"="system32.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Window Monitor"="winmon32.exe" [N/A]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Porta Symantec Fax Starter Edition.lnk - c:\programmi\Microsoft Office\Office\1040\OLFSNT40.EXE [1999-03-10 45568]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - c:\programmi\File comuni\Autodesk Shared\acstart16.exe [2005-03-05 10872]
Acrobat Assistant.lnk - c:\programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= gjpeg.dll
"VIDC.XVID"= xvid.dll
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7555:TCP"= 7555:TCP:WWW

R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.SYS [2008-11-23 40960]
R2 eusk2par;EUTRON SmartKey Parallel Driver;\??\c:\windows\System32\Drivers\eusk2par.sys [2004-07-16 16695]
R2 viritsvclite;Virit eXplorer Lite;c:\vexplite\viritsvc.exe [2007-10-10 57344]
S2 uleamxx;uleamxx;c:\windows\system32\svchost.exe -k netsvcs [2007-05-03 14336]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 Gcapi20;CAPI 2.0 driver;c:\windows\system32\DRIVERS\gcapi20.sys [2005-08-12 161980]
S3 Gisdnpnp;ISDN PnP driver;c:\windows\system32\DRIVERS\gisdnpnp.sys [2005-08-12 75744]
S3 gisdnwan;ISDN WAN miniport;c:\windows\system32\DRIVERS\gisdnwan.sys [2005-08-12 23073]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\Casula\IMPOST~1\Temp\iMSPCLOj.sys []
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\RTL8180.SYS [2003-08-28 173184]
S3 skeyusb;SmartKey USB;c:\windows\system32\Drivers\skeyusb.sys [2004-07-16 39197]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uleamxx

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e918a30-8a33-11dc-8d7e-00c09f36cc8a}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ab745f0-12a2-11dd-8efc-00c09f36cc8a}]
\Shell\Auto\command - D:\UFO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ca82b10-d542-11db-8bf6-00c09f36cc8a}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c09205d0-a855-11d9-8786-00c09f36cc8a}]
\Shell\Auto\command - D:\UFO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
.
------- Supplementare di scansione -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.it/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

c:\windows\Downloaded Program Files\InstFred.ocx - O16 -: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1}
file://c:\programmi\AutoCAD 2002 Ita\InstFred.ocx

c:\windows\Downloaded Program Files\InstBanr.ocx - O16 -: {AE563729-B4F5-11D4-A415-00108302FDFD}
file://c:\programmi\AutoCAD 2002 Ita\InstBanr.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 00:19:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\rsaenh.dll
c:\windows\system32\WgaLogon.dll

- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\DRIVERS\CDANTSRV.EXE
.
**************************************************************************
.
Ora fine scansione: 2008-11-24 0:20:52 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-23 23:20:50

Pre-Run: 8.781.938.688 byte disponibili
Post-Run: 8,695,529,472 byte disponibili

215 --- E O F --- 2008-07-15 15:00:18

Quindi ho proseguito con le indicazioni della guida per la rimozione di link optimizer, vale a dire che ho installato ccleaner e ho fatto fare la pulizia (ha eliminato più di 30Mb di roba).
E infine ho aperto hijackthis, di cui ti mando il log:

Logfile of HijackThis v1.99.1
Scan saved at 0.34.50, on 24/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Casula\Impostazioni locali\temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Window Monitor] winmon32.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [Microsofot x386 System Monitor] system32.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HDAudio] C:\WINDOWS\hda.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] amsn.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2\bin\jusched.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunServices: [Window Monitor] winmon32.exe
O4 - HKLM\..\RunServices: [Microsofot x386 System Monitor] system32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [] C:\Programmi\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servle ... 7.000001cd
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD 2002 Ita\InstFred.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8191273023
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002 Ita\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

Prima di andare avanti aspetto che tu veda i log che ti ho postato, e inoltre non sono molto sicuro di come procedere per individuare con hijackhis le voci che restano da eliminare.
Avatar utente
horatius
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: dom nov 23, 2008 5:29 pm


Re: link optimizer: scansioni gmer per script avenger

Messaggioda crazy.cat » lun nov 24, 2008 8:25 am

Il primo consiglio è di mettere un vero antivirus come Avira e lasciar perdere Virit.
Subito dopo fare una bella scansione completa perché si vedono tantissimi problemi.

Rifai la scansione con hijackthis, selezioni le caselle di queste righe e premi fix checked per eliminarle.
O4 - HKLM\..\Run: [Window Monitor] winmon32.exe
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [Microsofot x386 System Monitor] system32.exe
O4 - HKLM\..\Run: [HDAudio] C:\WINDOWS\hda.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] amsn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2\bin\jusched.exe
O4 - HKLM\..\RunServices: [Window Monitor] winmon32.exe
O4 - HKLM\..\RunServices: [Microsofot x386 System Monitor] system32.exe
O4 - HKCU\..\RunOnce: [] C:\Programmi\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servle ... 7.000001cd

Questo è lo script per avenger, alcuni file li ho messi doppi perché non si capisce in quale cartella si trovino.
Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\hda.exe
C:\WINDOWS\seeve.exe
C:\WINDOWS\System32\winmon32.exe
C:\WINDOWS\System32\system32.exe
C:\WINDOWS\System32\amsn.exe
C:\WINDOWS\winmon32.exe
C:\WINDOWS\system32.exe
C:\WINDOWS\amsn.exe
c:\docume~1\Casula\IMPOST~1\Temp\iMSPCLOj.sys
D:\UFO.exe
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: link optimizer: scansioni gmer per script avenger

Messaggioda Amantide » lun nov 24, 2008 1:04 pm

Oltre a tutto questo c'è anche il trojan Obfuscated, vedi se riesci a rimuoverlo da solo seguendo questa guida altrimenti posta qui.

Questi sono i file incriminati:
Codice: Seleziona tutto
----a-w 13,312 2003-04-08 11:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 14:39:36 c:\windows\system32\ctfmon.exe

----a-w 155,648 2001-07-09 10:50:42 c:\windows\system32\bak\NeroCheck.exe

----a-w 218,240 2004-11-04 15:48:00 c:\programmi\File comuni\Symantec Shared\Security Center\bak\UsrPrmpt.exe

----a-w 126,976 2002-11-15 16:40:26 c:\programmi\Synaptics\SynTP\bak\SynTPLpr.exe

----a-w 561,152 2002-11-18 08:34:26 c:\programmi\Synaptics\SynTP\bak\SynTPEnh.exe

----a-w 282,624 2003-08-22 11:07:00 c:\programmi\Launch Manager\bak\QtZpAcer.EXE

----a-w 335,872 2003-11-13 20:10:00 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: link optimizer: scansioni gmer per script avenger

Messaggioda horatius » mar nov 25, 2008 10:59 am

Innanzitutto grazie ancora per l'apporto che mi state dando.

Dopo il post di crazy.cat ho nuovamente eseguito avenger con lo script che mi ha postato.
Il log è questo:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Nov 24 00:07:25 2008

00:07:13: Error: Invalid registry syntax in command:
"Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Window Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | seeve"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: file "C:\WINDOWS\System32\com5.dpp" not found!
Deletion of file "C:\WINDOWS\System32\com5.dpp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKLM\SYSTEM\CurrentControlSet\Services\hwclock" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.

Error: registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Microsofot x386 System Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices | Window Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices | Microsofot x386 System Monitor" not found!
Deletion of registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Microsofot x386 System Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices | Window Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices | Microsofot x386 System Monitor" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Nov 24 11:03:51 2008

11:03:51: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: file "C:\WINDOWS\hda.exe" not found!
Deletion of file "C:\WINDOWS\hda.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\seeve.exe" not found!
Deletion of file "C:\WINDOWS\seeve.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\winmon32.exe" not found!
Deletion of file "C:\WINDOWS\System32\winmon32.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\system32.exe" not found!
Deletion of file "C:\WINDOWS\System32\system32.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\amsn.exe" not found!
Deletion of file "C:\WINDOWS\System32\amsn.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\winmon32.exe" not found!
Deletion of file "C:\WINDOWS\winmon32.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32.exe" not found!
Deletion of file "C:\WINDOWS\system32.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\amsn.exe" not found!
Deletion of file "C:\WINDOWS\amsn.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\docume~1\Casula\IMPOST~1\Temp\iMSPCLOj.sys" not found!
Deletion of file "c:\docume~1\Casula\IMPOST~1\Temp\iMSPCLOj.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "D:\UFO.exe"
Deletion of file "D:\UFO.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.

Poi ho rieseguito hijackthis, fixato quanto mi diceva e il log è questo:

Logfile of HijackThis v1.99.1
Scan saved at 11.12.20, on 24/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Casula\Impostazioni locali\temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD 2002 Ita\InstFred.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8191273023
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002 Ita\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

Naturalmente ho seguito fino alla fine le procedure della guida del sito, anche se non ho trovato più niente da eliminare.
Credendo che tutto fosse a posto, ho disinstallato VirIt e reinstallato l'antivirus che utilizzavo in precedenza (AVG). Prima di AVG, sul PC era installato Norton, ma la licenza era scaduta da qualche settimana - e forse è in quei giorni che il pc si è infettato.
Mi resta però l'impressione -come afferma crazy.cat- che di problemi ce ne siano altri, e forse precedenti.
Comunque, dicevo che mi sembrava tutto a posto - quindi ho restituito il PC a mio padre, dato che è il suo e che lo usa per lavorarci, e neanche mezz'ora dopo essersi connesso nuovamente, mi dice che AVG ha rilevato un trojan.
Ora non ricordo il nome del trojan, e per qualche giorno non potrò mettere mano sul PC, comunque è stato annotato e appena posso vi farò sapere.
Comunque, mi sa che è proprio quell'obfuscated lì.
Quanto agli altri files incriminati, provvederò ad eliminare anche quelli.
Ad ogni modo, mi sa che è tempo di formattare.
Avatar utente
horatius
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: dom nov 23, 2008 5:29 pm

Re: link optimizer: scansioni gmer per script avenger

Messaggioda Amantide » mar nov 25, 2008 11:13 am

Se i problemi che riscontri sono eccessiva lentezza ed i problemi nell'esecuzione di alcuni programmi, allora si, la colpa è proprio di trojan Obfuscated.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: link optimizer: scansioni gmer per script avenger

Messaggioda horatius » mar nov 25, 2008 12:01 pm

No, nessuna lentezza particolare, se non quella dovuta al fatto che il pc è un notebook acer aspire serie 1400, cpu athlon xp 2600 con 512Mb di RAM, partizione windows su 30gb di hard disk e un bel carico di software installato.

Comunque il messaggio di AVG era più o meno questo: rilevata minaccia in c:\windows\system32\ojthb.dll, trojan downloader.agent.APKO - rilevata apertura (comunque è stato eliminato, e fino ad ora non c'è stata nessun'altra segnalazione).
Avatar utente
horatius
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: dom nov 23, 2008 5:29 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 16 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising