da crazy.cat » ven gen 02, 2009 3:17 pm
Amantide ha scritto:L'allegato è corrotto e non riesco ad aprirlo.
Io si, sono ben 26 pagine di file doc.
Ho accorciato il log lasciando le parti not deleted
Bagle è mutato un altra volta, mai visto un casino di file infetti come questa volta.
X Bep93
Non è che hai ancora il file che ha dato il via all'infezione e potresti passarmelo tramite un qualsiasi sito di file hosting (con un PM per darmi il link per scaricarlo) lo vorrei studiare.
Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
Not deleted !! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
»»»» Supression files in C:\Documents and Settings\Giuseppe Costantino\Dati applicazioni
Not deleted !! - "C:\Documents and Settings\Giuseppe Costantino\Dati applicazioni\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Giuseppe Costantino\Dati applicazioni\m\list.oct"
Deleted ! - "C:\Documents and Settings\Giuseppe Costantino\Dati applicazioni\m\data.oct"
Deleted ! - "C:\Documents and Settings\Giuseppe Costantino\Dati applicazioni\m\srvlist.oct"
Not deleted !! - "C:\Documents and Settings\Giuseppe Costantino\Dati applicazioni\m"
Deleted ! - "C:\Documents and Settings\Giuseppe Costantino\Dati applicazioni\inst.exe"
Not deleted !! - "C:\Documents and Settings\Giuseppe Costantino\Dati applicazioni\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\Giuseppe Costantino\Dati applicazioni\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Giuseppe Costantino\Dati applicazioni\drivers\winupgro.exe"
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Dati applicazioni\drivers\downld\1000843.exe
Deleted ! - "C:\Documents and Settings\Giuseppe Costantino\Dati applicazioni\drivers\downld"
Not deleted !! - "C:\Documents and Settings\Giuseppe Costantino\Dati applicazioni\drivers"
»»»» Supression files in C:\DOCUME~1\GIUSEP~1\IMPOST~1\Temp
»»»» Supression files in C:\Documents and Settings\Giuseppe Costantino\Local Settings\Temporary Internet Files\Content.IE5
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Documenti\EA Games\The Sims 2\Neighborhoods\F001\Storytelling\snapshot_364ec64b_b64ec64c.jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Documenti\EA Games\The Sims 2\Neighborhoods\F001\Storytelling\snapshot_b64ebf29_30cfff3f.jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Documenti\EA Games\The Sims 2\Neighborhoods\F001\Storytelling\snapshot_b64ebf29_30cfff41.jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Documenti\EA Games\The Sims 2\Neighborhoods\F001\Storytelling\snapshot_b64ebf29_70cfff3c.jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Documenti\EA Games\The Sims 2\Neighborhoods\F001\Storytelling\snapshot_b64ebf29_70cfff3d.jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Documenti\EA Games\The Sims 2\Neighborhoods\F001\Storytelling\thumbnail_364ec64b_b64ec64c.jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Documenti\EA Games\The Sims 2\Neighborhoods\F001\Storytelling\thumbnail_b64ebf29_30cfff3f.jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Documenti\EA Games\The Sims 2\Neighborhoods\F001\Storytelling\thumbnail_b64ebf29_30cfff41.jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Documenti\EA Games\The Sims 2\Neighborhoods\F001\Storytelling\thumbnail_b64ebf29_70cfff3c.jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Documenti\EA Games\The Sims 2\Neighborhoods\F001\Storytelling\thumbnail_b64ebf29_70cfff3d.jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\0Z8ZIILG\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\28FZVMB5\b64[1].jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\8FZ9F964\b64[1].jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\AQ6QTJ1Q\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\LP9G572T\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\LP9G572T\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\NUKKWOL1\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\U2TDXHHE\b64_1[1].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\0FWPKX0S\3RCAISX1VBCA9TPQB0CA58XI16CAOQTDBBCAU9KFHECA6S7UYKCA393NKWCAPC2Q3UCAB8455XCAEKB64ZCAF95LAXCAOEEMX0CA5KZ2VMCA6QZVGHCA02DT45CA35KQ1UCAVCZE0W.jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\0FWPKX0S\AXCAMFW1LBCAVNTDJDCA0MXDLMCA4ZLRPCCAVC0MV7CAB9GK3ECAQ9E4AICA5DDGSICA62BGT3CAMUZRS3CAX87NNACAFUB3FOCAK73XZOCA3S7W2UCAWSZPQLCA46KIC1CA0KHUZF.jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\0FWPKX0S\H4CA912UZMCAMX18J3CAPB64VTCA9UNTUACAF03AXUCA151F8MCAFPH4I9CAKZXDI7CA1MXX7ZCALWD62SCA7ESIA0CA3Y0F52CAAVJTC1CAQ2SYTDCALLMZETCAV6XSN1CARWDMX3.jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\71KNUIHQ\b64_3[1].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\8EWI6RGD\b64_3[1].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\8EWI6RGD\b64_3[2].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\8EWI6RGD\b64_3[3].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\8EWI6RGD\b64_3[4].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\8EWI6RGD\mxd[1].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\FB1PSZXG\b64[1].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\HY5NJ62V\b64_2[1].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\HY5NJ62V\b64_3[1].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\NUKKWOL1\b64_1[1].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\O5T3NZBV\b64_2[1].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\P2HHRZYW\b64_3[1].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\V6F9QQ7E\b64_2[1].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\V6F9QQ7E\b64_3[1].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\V6F9QQ7E\b64_3[2].jpg
Deleted ! - C:\_OTMoveIt\MovedFiles\01022009_114331\Documents and Settings\Giuseppe Costantino\Impostazioni locali\Temporary Internet Files\Content.IE5\V6F9QQ7E\b64_5[1].jpg
--------------- [ Other deleting ] ----------------
Infected ! - "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" -> Deleted !
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_USERS\S-1-5-21-484763869-1060284298-725345543-1003\Software\Local AppWizard-Generated Applications\MsnMsgr
Deleted ! - HKEY_USERS\S-1-5-21-484763869-1060284298-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro
--------------- [ States / Restarting of services ] ----------------
+- Safe boot mode restored !
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.