Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

strano file rdvixc.exe

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

strano file rdvixc.exe

Messaggioda ziognu » mer apr 15, 2009 9:46 pm

ciao a tutti,
ho trovato nel mio pc uno strano file chiamato rdvixc.exe con una strana icona che ogni volta che lo cancello si ricrea in un'altra cartella; ora ad esempio è in documenti, mentre prima era nei file scaricati di emule. Inoltre facendo una ricerca con quel nome mi trova un altro file nel mio pc: RDVIXC.EXE-1A1137A3.pf

Secondo me è un virus, come potrei fare dato che avast non lo rileva????

Immagine
Avatar utente
ziognu
Aficionado
Aficionado
 
Messaggi: 39
Iscritto il: mer mar 19, 2008 3:51 pm

Re: strano file rdvixc.exe

Messaggioda Seba:-) » mer apr 15, 2009 9:53 pm

Prova a postare il log di hijackthis ed a caricare il file su VirusTotal
http://www.virustotal.com/it/
Grazie Zane!
Avatar utente
Seba:-)
Silver Member
Silver Member
 
Messaggi: 1739
Iscritto il: ven nov 07, 2008 7:16 pm

Re: strano file rdvixc.exe

Messaggioda ziognu » mer apr 15, 2009 9:56 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.56.57, on 15/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\GiocoDigitale\Poker\GiocoDigitalePoker.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\DOCUME~1\Claudio\IMPOST~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\mIRC\mirc.exe
C:\Documents and Settings\Claudio\Desktop\Virus Removal Tool\is-VOIOK\is-VOIOK.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\VideoLAN\VLC\vlc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ROBOTFTPSCHED] C:\Programmi\FTPShell\botsched.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4" -"http://scudettoweb.videogame.it/lega.php?sid=440444d1d40a7d56087aa049ed415cf3&idlega=00222&idsqd2=051443"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-436374069-2139871995-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-21-436374069-2139871995-725345543-1005\..\RunOnce: [NeroHomeFirstStart] "C:\Programmi\File comuni\Nero\Lib\NMFirstStart.exe" (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: is-VOIOK.lnk = C:\Documents and Settings\Claudio\Desktop\Virus Removal Tool\is-VOIOK\startup.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Programmi\Betway\Casino\casinogame.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmi\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Programmi\Betway\Poker\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AC1A45B-8A21-465F-9091-2A199D4E7A02}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AC1A45B-8A21-465F-9091-2A199D4E7A02}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{0AC1A45B-8A21-465F-9091-2A199D4E7A02}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{0AC1A45B-8A21-465F-9091-2A199D4E7A02}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS4\Services\Tcpip\..\{0AC1A45B-8A21-465F-9091-2A199D4E7A02}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Programmi\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13274 bytes


questo è il link di virustotal: http://www.virustotal.com/it/analisis/e ... d9c0cf6703
Avatar utente
ziognu
Aficionado
Aficionado
 
Messaggi: 39
Iscritto il: mer mar 19, 2008 3:51 pm


Re: strano file rdvixc.exe

Messaggioda Seba:-) » mer apr 15, 2009 10:02 pm

Dal log di hijackthis non vedo nulla di dannoso, ma rdvixc.exe è un bel trojan... ti chiederei di postare il log di combofix, ma quello non lo so leggere molto bene... Magari postalo ed aspetta che arrivi qualcuno che lo faccia o prova ad usare un altro antivirus per rimuovere l'infezione visto che Avast non lo rileva nemmeno... magari Avira...
Grazie Zane!
Avatar utente
Seba:-)
Silver Member
Silver Member
 
Messaggi: 1739
Iscritto il: ven nov 07, 2008 7:16 pm

Re: strano file rdvixc.exe

Messaggioda ziognu » mer apr 15, 2009 10:44 pm

ComboFix 09-04-15.08 - Claudio 15/04/2009 23.21.53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2038.1130 [GMT 2:00]
Eseguito da: c:\documents and settings\Claudio\Desktop\dsadasdsa.exe
AV: avast! antivirus 4.8.1335 [VPS 090414-0] *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000010_.tmp.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-03-15 al 2009-04-15 )))))))))))))))))))))))))))))))))))
.

2009-04-14 12:49 . 2009-04-14 12:49 0 --sha-r C:\kht
2009-04-14 12:49 . 2009-04-14 12:49 925 --sha-r c:\windows\system32\autorun.in
2009-04-14 12:49 . 2009-04-14 12:49 1007 --sha-r c:\windows\system32\autorun.i
2009-04-14 12:17 . 2005-10-16 06:00 12928 ----a-w c:\windows\system32\drivers\filedisk.sys
2009-04-11 23:54 . 2009-04-11 23:54 -------- d-----w c:\documents and settings\Claudio\dwhelper
2009-04-09 12:29 . 2009-04-09 12:29 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\105myPlayer
2009-04-05 20:24 . 2009-04-07 14:57 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\uTorrent
2009-04-01 17:48 . 2009-04-01 17:49 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-01 17:44 . 2009-03-05 21:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-31 09:10 . 2009-03-31 09:10 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-31 09:10 . 2009-03-31 09:10 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-31 09:10 . 2008-03-21 11:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll
2009-03-30 23:40 . 2009-03-30 23:40 -------- d-----w c:\documents and settings\Claudio\Impostazioni locali\Dati applicazioni\HoldemLuck
2009-03-23 02:30 . 2009-03-23 02:30 -------- d-----w C:\Sandbox
2009-03-23 02:22 . 2009-03-23 02:22 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\VoipCheapCom
2009-03-23 02:21 . 2009-03-23 02:21 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\VoipBuster
2009-03-21 20:59 . 2009-03-22 23:50 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\InternetCalls
2009-03-21 01:26 . 2009-03-21 01:26 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\VoipStunt
2009-03-21 01:16 . 2009-03-21 02:48 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\ADPHONE
2009-03-21 00:29 . 2009-03-23 01:37 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\Voipwise
2009-03-18 02:15 . 2008-08-26 08:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-03-18 02:14 . 2008-09-15 06:29 1112288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 21:38 . 2009-01-18 01:10 748691488 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-15 21:38 . 2009-01-18 01:10 748691488 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-15 21:33 . 2008-06-23 21:57 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\mirc
2009-04-15 14:13 . 2008-06-23 21:57 -------- d-----w c:\programmi\mIRC
2009-04-15 02:47 . 2009-01-18 01:10 8731088 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-15 00:22 . 2009-03-26 00:28 -------- d-----w c:\programmi\PokerStars.IT
2009-04-14 17:00 . 2008-06-23 21:22 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-13 19:36 . 2008-07-02 20:38 -------- d-----w c:\programmi\PokerStars
2009-04-09 12:29 . 2009-04-09 12:28 -------- d-----w c:\programmi\105 myPlayer
2009-04-08 12:08 . 2004-08-30 20:00 70964 ----a-w c:\windows\system32\perfc010.dat
2009-04-08 12:08 . 2004-08-30 20:00 440738 ----a-w c:\windows\system32\perfh010.dat
2009-04-05 22:31 . 2008-06-23 22:40 -------- d-----w c:\programmi\Full Tilt Poker
2009-04-05 20:24 . 2009-04-05 20:24 -------- d-----w c:\programmi\uTorrent
2009-04-05 16:29 . 2009-04-05 16:29 -------- d-----w c:\programmi\File comuni\Adobe AIR
2009-04-04 21:07 . 2008-11-04 13:45 -------- d-----w c:\programmi\Italian VIP Club
2009-04-04 20:55 . 2008-07-11 00:08 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\Apple Computer
2009-04-01 17:49 . 2009-04-01 17:48 -------- d-----w c:\programmi\iTunes
2009-04-01 17:48 . 2009-04-01 17:48 -------- d-----w c:\programmi\iPod
2009-04-01 17:48 . 2008-09-19 21:33 -------- d-----w c:\programmi\File comuni\Apple
2009-04-01 17:46 . 2009-04-01 17:46 -------- d-----w c:\programmi\QuickTime
2009-03-26 18:41 . 2008-10-05 21:09 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\Skype
2009-03-26 15:06 . 2008-10-05 21:10 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\skypePM
2009-03-26 14:07 . 2008-07-07 14:25 -------- d-----w c:\programmi\PokerStrategy
2009-03-23 20:03 . 2008-06-25 19:56 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\Microgaming
2009-03-23 17:04 . 2008-12-17 16:19 -------- d-----w c:\programmi\FTPShell
2009-03-23 02:35 . 2009-03-23 02:35 -------- d-----w c:\programmi\FreeCall.com
2009-03-18 02:16 . 2009-03-18 02:16 -------- d-----w c:\programmi\File comuni\PCSuite
2009-03-18 02:16 . 2009-03-18 02:16 -------- d-----w c:\programmi\File comuni\Nokia
2009-03-18 02:16 . 2009-03-18 02:14 -------- d-----w c:\programmi\Nokia
2009-03-18 02:15 . 2009-03-18 02:15 -------- d-----w c:\programmi\PC Connectivity Solution
2009-03-18 02:13 . 2008-08-11 11:13 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Installations
2009-03-14 15:00 . 2009-03-14 15:00 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-03-11 15:22 . 2008-07-15 01:12 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-03-10 21:19 . 2008-10-05 21:08 -------- d-----w c:\programmi\Skype
2009-03-08 10:12 . 2008-08-10 12:20 -------- d-----w c:\programmi\Microsoft Silverlight
2009-03-05 21:59 . 2008-12-01 16:56 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-04 15:32 . 2008-09-26 21:40 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\TeamViewer
2009-03-04 15:31 . 2009-03-04 15:31 -------- d-----w c:\programmi\TeamViewer
2009-02-22 01:29 . 2009-02-10 20:29 -------- d-----w c:\programmi\PokerTracker 3
2009-02-09 14:04 . 2004-08-30 20:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-12-24 14:27 . 2008-12-21 17:17 2269 ----a-w c:\documents and settings\All Users\Dati applicazioni\sortedcards.tmp
2008-12-21 17:25 . 2008-08-07 15:19 0 ----a-w c:\documents and settings\All Users\Dati applicazioni\playercachelines.tmp
2008-11-08 10:47 . 2008-06-24 00:48 2322008 ----a-w c:\documents and settings\Claudio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-09-11 21:38 . 2008-09-11 21:38 0 ----a-w c:\documents and settings\Claudio\java_ee_sdk-5_01-windows.exe
2008-08-07 15:14 . 2008-08-07 15:14 337 ----a-w c:\documents and settings\Claudio\Impostazioni locali\Dati applicazioni\postgresinstall.bat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-07-08 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-05-04 502544]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"ROBOTFTPSCHED"="c:\programmi\FTPShell\botsched.exe" [2004-07-26 60928]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-27 16875008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Claudio\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
is-VOIOK.lnk - c:\documents and settings\Claudio\Desktop\Virus Removal Tool\is-VOIOK\startup.exe [2009-1-31 65536]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-6-24 535336]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted 1e6f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 17:52 3885408 ----a-w c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-09-29 15:57 21755688 ----a-r c:\programmi\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"d:\\eMule\\emule.exe"=
"d:\\Programmi\\guitarhero\\GH3.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Programmi\\ClubDelGioco\\jre\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"d:\\mIRC\\mirc.exe"=
"d:\\Programmi\\PokerStrategy\\PokerStrategy Elephant\\PokerStrategy Elephant.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\PokerStrategy\\PokerStrategy Equilator\\Equilator.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-10-16 22640]
S1 aswSP;avast! Self Protection; [x]
S1 is-VOIOKdrv;is-VOIOKdrv;c:\windows\system32\DRIVERS\82608522.sys [2008-07-08 148496]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2004-07-19 4096]
S2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-04-07 78208]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programmi\PostgreSQL\8.3\bin\pg_ctl.exe [2008-10-31 65536]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2008-06-03 5632]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\DRIVERS\winbondhidcir.sys [2008-06-03 23040]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cae701e-8647-11dd-9487-001cbfc01585}]
\Shell\AutoRun\command - System\Security\DriveGuard.exe -run
\Shell\Explore\Command - System\Security\DriveGuard.exe -run
\Shell\Open\Command - System\Security\DriveGuard.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fecb252a-5734-11dd-93e0-001cbfc01585}]
\Shell\AutoRun\command - G:\qwultj1.bat
\Shell\explore\Command - G:\qwultj1.bat
\Shell\open\Command - G:\qwultj1.bat
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
MSConfigStartUp-ADPHONE - c:\programmi\ADPHONE3\ADPHONE.EXE
MSConfigStartUp-InternetCalls - c:\programmi\InternetCalls.com\InternetCalls\InternetCalls.exe
MSConfigStartUp-PoivY - c:\programmi\PoivY.com\PoivY\PoivY.exe
MSConfigStartUp-SandboxieControl - c:\programmi\Sandboxie\SbieCtrl.exe
MSConfigStartUp-VoipBuster - c:\programmi\VoipBuster.com\VoipBuster\VoipBuster.exe
MSConfigStartUp-VoipCheapCom - c:\programmi\VoipCheapCom\VoipCheapCom.exe
MSConfigStartUp-VoipStunt - c:\programmi\VoipStunt.com\VoipStunt\VoipStunt.exe
MSConfigStartUp-Voipwise - c:\programmi\Voipwise.com\Voipwise\Voipwise.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{3063c161-2f7e-4225-ba73-08bc8f64c67e} - c:\programmi\Betway\Casino\casinogame.exe
IE: {{4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - c:\programmi\Betway\Poker\MPPoker.exe
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
TCP: {0AC1A45B-8A21-465F-9091-2A199D4E7A02} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Claudio\Dati applicazioni\Mozilla\Firefox\Profiles\hw3ltp2b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Claudio\Dati applicazioni\Mozilla\Firefox\Profiles\hw3ltp2b.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 23:38
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\netprovcredman.dll
.
Ora fine scansione: 2009-04-15 23.41.20
ComboFix-quarantined-files.txt 2009-04-15 21:40

Pre-Run: 1.686.007.808 byte disponibili
Post-Run: 2.561.662.976 byte disponibili

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
231 --- E O F --- 2009-03-22 03:24
Avatar utente
ziognu
Aficionado
Aficionado
 
Messaggi: 39
Iscritto il: mer mar 19, 2008 3:51 pm

Re: strano file rdvixc.exe

Messaggioda crazy.cat » gio apr 16, 2009 7:17 am

Strani questi due file
2009-04-14 12:49 . 2009-04-14 12:49 925 --sha-r c:\windows\system32\autorun.in
2009-04-14 12:49 . 2009-04-14 12:49 1007 --sha-r c:\windows\system32\autorun.i

Fai controllare su virustotal anche questi due file
2009-04-01 17:44 . 2009-03-05 21:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-31 09:10 . 2008-03-21 11:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll

E anche questo, alcuni lo danno per buono, altri no.
c:\windows\system32\netprovcredman.dll

Hai chiavette o dischi esterni che puoi aver collegato al pc in questi giorni?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: strano file rdvixc.exe

Messaggioda ziognu » gio apr 16, 2009 1:29 pm

Avatar utente
ziognu
Aficionado
Aficionado
 
Messaggi: 39
Iscritto il: mer mar 19, 2008 3:51 pm

Re: strano file rdvixc.exe

Messaggioda crazy.cat » gio apr 16, 2009 2:53 pm

Questi due li puoi eliminare senza problemi


Verifica anche questo
c:\windows\system32\netprovcredman.dll

Non è che hai infetto anche la chiavetta così quando la riutilizzi ti ributta dentro il virus?
Prova a disabilitare l'autoplay della chiavetta e vedere se ci trovi dei strani exe o un autorun.inf infetto.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: strano file rdvixc.exe

Messaggioda ziognu » gio apr 16, 2009 3:24 pm

ho controllato anche quel file: http://www.virustotal.com/it/analisis/4 ... f7ebe12da5
sembra pulito.
come faccio a cancellare quei file autorun ? non me li visualizza se entro nella cartella nemmeno abilitando i file nascosti.

la chiavetta lo ho formattata direttamente per evitare problemi.
Avatar utente
ziognu
Aficionado
Aficionado
 
Messaggi: 39
Iscritto il: mer mar 19, 2008 3:51 pm

Re: strano file rdvixc.exe

Messaggioda crazy.cat » gio apr 16, 2009 3:46 pm

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nel box bianco che si è aperto:

Codice: Seleziona tutto
Files to delete:
c:\windows\system32\autorun.in
c:\windows\system32\autorun.i


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: strano file rdvixc.exe

Messaggioda ziognu » gio apr 16, 2009 5:02 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "c:\windows\system32\autorun.in" deleted successfully.
File "c:\windows\system32\autorun.i" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Avatar utente
ziognu
Aficionado
Aficionado
 
Messaggi: 39
Iscritto il: mer mar 19, 2008 3:51 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 45 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising