|
| Precedente :: Successivo |
| Autore |
Messaggio |
Finne
Mortale pio
Registrato: 30/06/08 23:32
Messaggi: 20
|
 Inviato: 30 Giu 2008 23:48 Oggetto: Connessione lentissima! Problema svchost |
 |
|
Ciao a tutti!
Da stamattina la connessione a internet mi va lentissima, anche se non apro internet vedo che cmq la rete è utilizzata; usando TcpView noto che svchost mi apre centinaia di processi, connettendosi a moltissimi siti. Il nod32 non mi trova niente, ad-aware nemmeno. Ho notato poi che in windows/system32/drivers c'è un file sospetto: Kvj83.sys che si è creato proprio stamattina quando ho iniziato ad avere problemi, che è impossibile da eliminare, nemmeno con unlocker; c'è pure una chiave di registro che si chiama Kvj83 in HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kvj83
anche questo ineliminabile, anche con la modalità provvisoria. Forse c'entra qualcosa o forse no, cercando su internet ho letto su un forum che qualcuno aveva un problema simile e che aveva un file .sys proprio come quello, tant'è che non riesco a toglierlo.
Ormai non so più dove sbattere la testa, spero possiate aiutarmi
Grazie |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 01 Lug 2008 09:18 Oggetto: |
|
|
Ciao Finne, 
Fai queste operazioni:
- Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
- Fai una scansione con Norman Malware Cleaner.
- Riavvia il computer in modalità normale
- Segui le istruzioni di questo topic per eseguire combofix.
- Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di Norman Malware Cleaner su WikiSend e posta il Forum Link che ti viene assegnato
- Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio
PS: se vuoi, puoi presentarti qui |
|
| Top |
|
|
Finne
Mortale pio
Registrato: 30/06/08 23:32
Messaggi: 20
|
| Inviato: 01 Lug 2008 16:37 Oggetto: |
|
|
Ciao,
Norman Malware cleaner mi ha tolto qualche file infetto, ma il problema persiste...
NFix_2008-07-01_14-03-15.log
Combo-fix invece non mi ha creato nessun report in c  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 01 Lug 2008 17:04 Oggetto: |
|
|
Hai anche provato a rinominare ComboFix prima di salvarlo? 
Se proprio non riesce a produrre il log, andiamo sul complicato:
- segui le istruzioni di questo topic per usare MBAM carica il log che verrà generato su WikiSend e posta il Forum Link che ti viene assegnato.
- Fai questa scansione con SystemScan, carica il log su WikiSend e posta il Forum Link che ti viene assegnato.
|
|
| Top |
|
|
Finne
Mortale pio
Registrato: 30/06/08 23:32
Messaggi: 20
|
| Inviato: 01 Lug 2008 17:48 Oggetto: |
|
|
| Si, l'avevo rinominato in COMBO-FIX.exe |
|
| Top |
|
|
Finne
Mortale pio
Registrato: 30/06/08 23:32
Messaggi: 20
|
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 01 Lug 2008 19:02 Oggetto: |
|
|
| Intanto che mi guardo il log di SystemScan, prova a rinominare ComboFix in BombaFix (o altro, basta che non ci siano caratteri non alfabetici) e a rieseguirlo. |
|
| Top |
|
|
Finne
Mortale pio
Registrato: 30/06/08 23:32
Messaggi: 20
|
| Inviato: 01 Lug 2008 19:19 Oggetto: |
|
|
| Ho riprovato con combofix ma niente, non mi si crea nessun report... |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 01 Lug 2008 19:33 Oggetto: |
|
|
Mah! Che cosa curiosa...
- Avvia nuovamente SystemScan
- metti il segno di spunta a I have read and agree. Please let me free to proceed e clicca su Proceed
- clicca su Removal Script
- Nel riquadro inserisci il seguente script:
| Codice: | Files to delete:
C:\WINDOWS\System32\drivers\Kvj83.sys
C:\WINDOWS\System32\drivers\tcpsr.sys
C:\WINDOWS\tasks\zzu.job
C:\WINDOWS\tasks\wecpzzmr.job
C:\WINDOWS\tasks\iizrm.job
C:\WINDOWS\tasks\zxyi.job
C:\WINDOWS\tasks\zns.job
C:\WINDOWS\tasks\eom.job
C:\WINDOWS\tasks\txleb.job
C:\WINDOWS\tasks\tjv.job
C:\WINDOWS\tasks\pbtlq.job
C:\WINDOWS\tasks\igwkgx.job
C:\WINDOWS\tasks\hzqpoijq.job
C:\WINDOWS\tasks\gxjqn.job
C:\WINDOWS\tasks\ezd.job
C:\WINDOWS\tasks\kslg.job
C:\WINDOWS\tasks\sgctjis.job
C:\WINDOWS\tasks\lcnwd.job
C:\WINDOWS\tasks\egv.job
C:\WINDOWS\tasks\shkyw.job
C:\WINDOWS\tasks\zxkae.job
C:\WINDOWS\tasks\edbkui.job
C:\WINDOWS\tasks\kpgv.job
C:\WINDOWS\tasks\sbb.job
C:\WINDOWS\tasks\zmpgih.job
C:\WINDOWS\tasks\rwpefn.job
C:\WINDOWS\tasks\dzpre.job
C:\WINDOWS\tasks\sdawfe.job
C:\WINDOWS\tasks\kmw.job
C:\WINDOWS\tasks\zwvffuo.job
C:\WINDOWS\tasks\zmli.job
C:\WINDOWS\tasks\ecgwf.job
C:\WINDOWS\tasks\dyyd.job
C:\WINDOWS\tasks\dwfxcbsh.job
C:\WINDOWS\tasks\dxotlzcc.job
C:\WINDOWS\tasks\dyizti.job
C:\WINDOWS\tasks\kidtr.job
C:\WINDOWS\tasks\kfqbzc.job
C:\WINDOWS\tasks\kjj.job
C:\WINDOWS\tasks\you.job
C:\WINDOWS\tasks\kmuakmok.job
C:\WINDOWS\tasks\rjsyeav.job
C:\WINDOWS\tasks\rjz.job
C:\WINDOWS\tasks\yxr.job
C:\WINDOWS\tasks\zgrdl.job
C:\WINDOWS\tasks\zfjbnak.job
C:\WINDOWS\tasks\raxbuc.job
C:\WINDOWS\tasks\rubwpimx.job
C:\WINDOWS\tasks\yhdsxo.job
C:\WINDOWS\tasks\qzft.job
C:\WINDOWS\tasks\dsrutw.job
C:\WINDOWS\tasks\dosntaet.job
C:\WINDOWS\tasks\qzdb.job
C:\WINDOWS\tasks\jxp.job
C:\WINDOWS\tasks\jvoqxwgu.job
C:\WINDOWS\tasks\jqpakhu.job
C:\WINDOWS\tasks\ylw.job
C:\WINDOWS\tasks\xzbzn.job
C:\WINDOWS\tasks\jnijdw.job
C:\WINDOWS\tasks\ycox.job
C:\WINDOWS\tasks\jpnnplsb.job
C:\WINDOWS\tasks\qyph.job
C:\WINDOWS\tasks\qwoknirz.job
C:\WINDOWS\tasks\yejckm.job
C:\WINDOWS\tasks\dgnizp.job
C:\WINDOWS\tasks\dijam.job
C:\WINDOWS\tasks\ddwdssre.job
C:\WINDOWS\tasks\jldp.job
C:\WINDOWS\tasks\xpeya.job
C:\WINDOWS\tasks\xxdzlqnm.job
C:\WINDOWS\tasks\czm.job
C:\WINDOWS\tasks\dbrbach.job
C:\WINDOWS\tasks\dcxon.job
C:\WINDOWS\tasks\qbwc.job
C:\WINDOWS\tasks\qcx.job
C:\WINDOWS\tasks\xpzlnbyu.job
C:\WINDOWS\tasks\jdlt.job
C:\WINDOWS\tasks\qjjt.job
C:\WINDOWS\tasks\xuyj.job
C:\WINDOWS\tasks\jfcmo.job
C:\WINDOWS\tasks\qvd.job
C:\WINDOWS\tasks\jjusavy.job
C:\WINDOWS\tasks\ixhg.job
C:\WINDOWS\tasks\jbapshc.job
C:\WINDOWS\tasks\jbcennu.job
C:\WINDOWS\tasks\xdysck.job
C:\WINDOWS\tasks\xmauf.job
C:\WINDOWS\tasks\xnjdzcc.job
C:\WINDOWS\tasks\pznkm.job
C:\WINDOWS\tasks\pxzyf.job
C:\WINDOWS\tasks\pwunmf.job
C:\WINDOWS\tasks\cwqseknn.job
C:\WINDOWS\tasks\cob.job
C:\WINDOWS\tasks\covl.job
C:\WINDOWS\tasks\cud.job
C:\WINDOWS\tasks\oxxvxkxx.job
C:\WINDOWS\tasks\xaz.job
C:\WINDOWS\tasks\xaqfhfmz.job
C:\WINDOWS\tasks\xantkq.job
C:\WINDOWS\tasks\ilk.job
C:\WINDOWS\tasks\wyo.job
C:\WINDOWS\tasks\iqct.job
C:\WINDOWS\tasks\pslwsp.job
C:\WINDOWS\tasks\iswlrb.job
C:\WINDOWS\tasks\publgua.job
C:\WINDOWS\tasks\patpglu.job
C:\WINDOWS\tasks\irbgojfz.job
C:\WINDOWS\tasks\piocimwj.job
C:\WINDOWS\tasks\cdhfw.job
C:\WINDOWS\tasks\cgjtpu.job
C:\WINDOWS\tasks\bxib.job
C:\WINDOWS\tasks\bzqmxn.job
C:\WINDOWS\tasks\wfpri.job
C:\WINDOWS\tasks\bju.job
C:\WINDOWS\tasks\bkp.job
C:\WINDOWS\tasks\wsro.job
C:\WINDOWS\tasks\wslusuu.job
C:\WINDOWS\tasks\whcdtovd.job
C:\WINDOWS\tasks\orkqafge.job
C:\WINDOWS\tasks\ovimkza.job
C:\WINDOWS\tasks\owktfj.job
C:\WINDOWS\tasks\bqt.job
C:\WINDOWS\tasks\bqtoifv.job
C:\WINDOWS\tasks\opg.job
C:\WINDOWS\tasks\iimg.job
C:\WINDOWS\tasks\ijhkv.job
C:\WINDOWS\tasks\ifyhk.job
C:\WINDOWS\tasks\ibrzbpd.job
C:\WINDOWS\tasks\icilmeyk.job
C:\WINDOWS\tasks\vkuf.job
C:\WINDOWS\tasks\bctb.job
C:\WINDOWS\tasks\axomqq.job
C:\WINDOWS\tasks\vlbgjf.job
C:\WINDOWS\tasks\vsytjdur.job
C:\WINDOWS\tasks\bjmnneab.job
C:\WINDOWS\tasks\vsno.job
C:\WINDOWS\tasks\oohlg.job
C:\WINDOWS\tasks\olzqm.job
C:\WINDOWS\tasks\oounnbo.job
C:\WINDOWS\tasks\hqrd.job
C:\WINDOWS\tasks\hvy.job
C:\WINDOWS\tasks\ojr.job
C:\WINDOWS\tasks\oirpvuw.job
C:\WINDOWS\tasks\vifr.job
C:\WINDOWS\tasks\vie.job
C:\WINDOWS\tasks\hqcuinn.job
C:\WINDOWS\tasks\awiln.job
C:\WINDOWS\tasks\atwmygq.job
C:\WINDOWS\tasks\hpxsx.job
C:\WINDOWS\tasks\vgqmx.job
C:\WINDOWS\tasks\oehhfps.job
C:\WINDOWS\tasks\arynedt.job
C:\WINDOWS\tasks\arolqef.job
C:\WINDOWS\tasks\oiitoij.job
C:\WINDOWS\tasks\hnsjej.job
C:\WINDOWS\tasks\hnhts.job
C:\WINDOWS\tasks\arl.job
C:\WINDOWS\tasks\gxrb.job
C:\WINDOWS\tasks\nzcb.job
C:\WINDOWS\tasks\vcpnupx.job
C:\WINDOWS\tasks\oazelbtz.job
C:\WINDOWS\tasks\obigcs.job
C:\WINDOWS\tasks\amjddio.job
C:\WINDOWS\tasks\aoy.job
C:\WINDOWS\tasks\aow.job
C:\WINDOWS\tasks\hcjtzh.job
C:\WINDOWS\tasks\vdrguyew.job
C:\WINDOWS\tasks\hlhaxx.job
C:\WINDOWS\tasks\vdomckk.job
C:\WINDOWS\tasks\vdhhhh.job
C:\WINDOWS\tasks\hbbjbg.job
C:\WINDOWS\tasks\ubuwv.job
C:\WINDOWS\tasks\aavznn.job
C:\WINDOWS\tasks\numav.job
C:\WINDOWS\tasks\nvqcsfd.job
C:\WINDOWS\tasks\uhskzs.job
C:\WINDOWS\tasks\untxku.job
C:\WINDOWS\tasks\uexdi.job
C:\WINDOWS\tasks\ugy.job
C:\WINDOWS\tasks\uodfaiu.job
C:\WINDOWS\tasks\gnmz.job
C:\WINDOWS\tasks\gkzjn.job
C:\WINDOWS\tasks\gnowjfi.job
C:\WINDOWS\tasks\gvly.job
C:\WINDOWS\tasks\gvijsh.job
C:\WINDOWS\tasks\gdjqkru.job
C:\WINDOWS\tasks\fzg.job
C:\WINDOWS\tasks\gehep.job
C:\WINDOWS\tasks\gkq.job
C:\WINDOWS\tasks\ghuib.job
C:\WINDOWS\tasks\mrwoaymi.job
C:\WINDOWS\tasks\ngha.job
C:\WINDOWS\tasks\nbkzrwx.job
C:\WINDOWS\tasks\ngzaehs.job
C:\WINDOWS\tasks\uusn.job
C:\WINDOWS\tasks\nkqmxjr.job
C:\WINDOWS\tasks\myjxadaf.job
C:\WINDOWS\tasks\vbc.job
C:\WINDOWS\tasks\muo.job
C:\WINDOWS\tasks\vaca.job
C:\WINDOWS\tasks\mzgfzk.job
C:\WINDOWS\tasks\facxmsgg.job
C:\WINDOWS\tasks\flfxc.job
C:\WINDOWS\tasks\spqkzy.job
C:\WINDOWS\tasks\spzi.job
C:\WINDOWS\tasks\sswbb.job
C:\WINDOWS\tasks\flt.job
C:\WINDOWS\tasks\tmkcjdz.job
C:\WINDOWS\tasks\tkdcfnjx.job
C:\WINDOWS\tasks\fqjlkw.job
C:\WINDOWS\tasks\fmrpqgqr.job
C:\WINDOWS\tasks\uag.job
C:\WINDOWS\tasks\etbczg.job
C:\WINDOWS\tasks\etfxwp.job
C:\WINDOWS\tasks\lycrmt.job
C:\WINDOWS\tasks\epskpyzr.job
C:\WINDOWS\tasks\esgg.job
C:\WINDOWS\tasks\mobr.job
C:\WINDOWS\tasks\mqy.job
C:\WINDOWS\tasks\mkpgelcw.job
C:\WINDOWS\tasks\lzv.job
C:\WINDOWS\tasks\mbiklh.job
C:\WINDOWS\tasks\luma.job
C:\WINDOWS\tasks\svfo.job
C:\WINDOWS\tasks\szcdiwn.job
C:\WINDOWS\tasks\ltpse.job
C:\WINDOWS\tasks\stedm.job
C:\WINDOWS\tasks\lsc.job
C:\WINDOWS\tasks\eja.job
C:\WINDOWS\tasks\eozxh.job
C:\WINDOWS\tasks\tglw.job
C:\WINDOWS\tasks\ltwl.job
C:\WINDOWS\tasks\tahda.job
C:\WINDOWS\tasks\slqkpp.job
C:\WINDOWS\tasks\smagbrj.job
C:\WINDOWS\tasks\ehjont.job
C:\WINDOWS\tasks\lqgzynb.job
C:\WINDOWS\tasks\eivo.job
C:\WINDOWS\tasks\ehrkan.job
C:\WINDOWS\tasks\ljsvq.job
C:\WINDOWS\tasks\skcca.job
C:\WINDOWS\tasks\lgmbvkwn.job
C:\WINDOWS\tasks\lhxochxn.job
C:\WINDOWS\tasks\pzmqxj.job
C:\WINDOWS\tasks\tiy.job
C:\WINDOWS\tasks\jaolhkpd.job
C:\WINDOWS\tasks\mlcph.job
C:\WINDOWS\tasks\kndu.job
C:\WINDOWS\tasks\agubu.job
C:\WINDOWS\tasks\xxrolf.job
C:\WINDOWS\tasks\mzb.job
C:\WINDOWS\tasks\qkjz.job
C:\WINDOWS\tasks\eivq.job
C:\WINDOWS\tasks\uujuk.job
C:\WINDOWS\tasks\xpdfxur.job
C:\WINDOWS\tasks\kfdur.job
C:\WINDOWS\tasks\jksuhdy.job
C:\WINDOWS\tasks\hmlv.job
C:\WINDOWS\tasks\rzfhsw.job
C:\WINDOWS\tasks\bfc.job
C:\WINDOWS\tasks\mxif.job
C:\WINDOWS\tasks\lsgtt.job
C:\WINDOWS\tasks\vryg.job
C:\WINDOWS\tasks\ipehvf.job
C:\WINDOWS\tasks\qogmbukj.job
C:\WINDOWS\tasks\yhohuxs.job
C:\WINDOWS\tasks\tkxvy.job
C:\WINDOWS\tasks\tgfunkv.job
C:\WINDOWS\tasks\vkjfanh.job
C:\WINDOWS\tasks\pbmpf.job
C:\WINDOWS\tasks\ecf.job
C:\WINDOWS\tasks\kapm.job
C:\WINDOWS\tasks\pjyp.job
C:\WINDOWS\tasks\raa.job
C:\WINDOWS\tasks\ycmghsyc.job
C:\WINDOWS\tasks\miisp.job
C:\WINDOWS\tasks\jwpf.job
C:\WINDOWS\tasks\getruhq.job
C:\WINDOWS\tasks\vpdcw.job
C:\WINDOWS\tasks\agyic.job
C:\WINDOWS\tasks\ilvq.job
C:\WINDOWS\tasks\vrt.job
C:\WINDOWS\tasks\sfczzah.job
C:\WINDOWS\tasks\xmzbeow.job
C:\WINDOWS\tasks\xhypzjbv.job
C:\WINDOWS\tasks\nnnt.job
C:\WINDOWS\tasks\erun.job
C:\WINDOWS\tasks\wpz.job
C:\WINDOWS\tasks\ypyk.job
C:\WINDOWS\tasks\rux.job
C:\WINDOWS\tasks\axr.job
C:\WINDOWS\tasks\kjzdpby.job
C:\WINDOWS\tasks\ewpzbdim.job
C:\WINDOWS\tasks\vwxnyzuw.job
C:\WINDOWS\tasks\hvka.job
C:\WINDOWS\tasks\yqph.job
C:\WINDOWS\tasks\pzfj.job
C:\WINDOWS\tasks\yriu.job
C:\WINDOWS\tasks\hssyd.job
C:\WINDOWS\tasks\fcaxmvbb.job
C:\WINDOWS\tasks\mfeskguw.job
C:\WINDOWS\tasks\waoyfss.job
C:\WINDOWS\tasks\adnt.job
C:\WINDOWS\tasks\wjmasel.job
C:\WINDOWS\tasks\bbxqhfyv.job
C:\WINDOWS\tasks\kzz.job
C:\WINDOWS\tasks\wlpd.job
C:\WINDOWS\tasks\crsz.job
C:\WINDOWS\tasks\yud.job
C:\WINDOWS\tasks\lkbzzy.job
C:\WINDOWS\tasks\zxd.job
C:\WINDOWS\tasks\kwndai.job
C:\WINDOWS\tasks\wtiutr.job
C:\WINDOWS\tasks\aojnto.job
C:\WINDOWS\tasks\trnizv.job
C:\WINDOWS\tasks\xlb.job
C:\WINDOWS\tasks\xtplbi.job
C:\WINDOWS\tasks\hqqcqjk.job
C:\WINDOWS\tasks\citepl.job
C:\WINDOWS\tasks\rhuhfg.job
C:\WINDOWS\tasks\kdgilpc.job
C:\WINDOWS\tasks\lvahley.job
C:\WINDOWS\tasks\nqyaz.job
C:\WINDOWS\tasks\jka.job
C:\WINDOWS\tasks\kzd.job
C:\WINDOWS\tasks\hhpbgcwe.job
C:\WINDOWS\tasks\igq.job
C:\WINDOWS\tasks\klbfkhk.job
C:\WINDOWS\tasks\egf.job
C:\WINDOWS\tasks\dccq.job
C:\WINDOWS\tasks\wfskm.job
registry keys to delete:
HKLM\system\currentcontrolset\services\Kvj83
HKLM\system\currentcontrolset\services\tcpsr
HKEY_LOCAL_MACHINE\system\controlset002\services\Kvj83
HKEY_LOCAL_MACHINE\system\controlset001\services\Kvj83
drivers to unload:
Kvj83
tcpsr |
e clicca Proceed with removal
******
Se dovessi ricevere l'errore Please copy and paste a valid script file, una volta incollato lo script in SystemScan (o Avenger), selezioni la prima riga, la cancelli e la ri-digiti. Fatto questo, dovrebbe tornare a funzionare.
******
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il contenuto del file C:\Avenger.txt con un log aggiornato di hijackthis. |
|
| Top |
|
|
Finne
Mortale pio
Registrato: 30/06/08 23:32
Messaggi: 20
|
| Inviato: 01 Lug 2008 19:43 Oggetto: |
|
|
Ho riprovato e mi ha fatto il report, ma non in c:, ma in c:\combofix,
vabè cmq questo è il report:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TCPSR
-------\Service_tcpsr
-------\Legacy_TCPSR
-------\Service_tcpsr
-------\Legacy_TCPSR
-------\Service_tcpsr
((((((((((((((((((((((((( Files Creati Da 2008-06-01 al 2008-07-01 )))))))))))))))))))))))))))))))))))
.
2008-07-01 19:06 . 2008-07-01 19:15 <DIR> d-------- C:\BombaFix
2008-07-01 18:16 . 2008-07-01 18:16 708,333 --a------ C:\sys41906.exe
2008-07-01 17:57 . 2008-07-01 17:57 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-07-01 17:57 . 2008-07-01 17:57 <DIR> d-------- C:\Documents and Settings\FINESSI\Dati applicazioni\Malwarebytes
2008-07-01 17:57 . 2008-07-01 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-07-01 17:57 . 2008-07-01 17:57 1,705,000 --a------ C:\mbam-setup.exe
2008-07-01 17:57 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 17:57 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 12:24 . 2008-07-01 12:24 50,688 --a------ C:\ATF-Cleaner.exe
2008-06-30 22:16 . 2005-12-05 17:29 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-06-30 22:16 . 2005-12-05 16:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-06-30 22:16 . 2005-12-05 16:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-06-30 22:16 . 2005-12-05 15:56 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2008-06-30 22:16 . 2005-12-05 15:47 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-06-30 22:16 . 2005-12-05 16:39 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-06-30 22:16 . 2005-12-05 16:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-06-30 22:16 . 2005-12-05 15:56 <DIR> dr------- C:\Documents and Settings\Administrator\Documenti
2008-06-30 22:16 . 2005-12-05 15:56 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-06-30 22:16 . 2008-06-30 22:16 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-30 21:25 . 2008-06-30 21:27 <DIR> d-------- C:\CopyLock2
2008-06-30 21:24 . 2008-06-30 21:25 292,243 --a------ C:\CopyLock2.zip
2008-06-30 19:40 . 2008-06-30 19:40 <DIR> d-------- C:\TcpView
2008-06-30 19:40 . 2008-06-30 19:40 170,702 --a------ C:\TcpView.zip
2008-06-30 02:31 . 2008-07-01 19:17 30,208 --a------ C:\WINDOWS\system32\drivers\Kvj83.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 08:12 --------- d-----w C:\Programmi\MVM 2005 - Sacred
2007-05-19 13:13 53,448 ----a-w C:\Documents and Settings\FINESSI\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-05-12 20:13 1,201 --sha-w C:\WINDOWS\system32\mmf(10)(2).sys
2007-05-13 08:30 1,201 --sha-w C:\WINDOWS\system32\mmf(11)(2).sys
2007-05-14 11:39 1,201 --sha-w C:\WINDOWS\system32\mmf(12)(2).sys
2007-05-15 21:42 1,201 --sha-w C:\WINDOWS\system32\mmf(14)(2).sys
2007-05-15 22:03 1,201 --sha-w C:\WINDOWS\system32\mmf(14)(3).sys
2007-05-12 16:09 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(10).sys
2007-05-14 11:39 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(11).sys
2007-05-12 11:39 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(2).sys
2007-05-12 16:09 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(3).sys
2007-05-15 11:55 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(4).sys
2007-05-15 17:20 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(5).sys
2007-05-15 11:55 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(6).sys
2007-05-15 11:55 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(7).sys
2007-05-15 22:14 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(8).sys
2007-05-15 11:55 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(9).sys
2008-03-01 10:08 1,201 --sha-w C:\WINDOWS\system32\mmf(2).sys
2007-05-12 20:13 1,201 --sha-w C:\WINDOWS\system32\mmf(3)(2).sys
2007-05-14 11:39 1,201 --sha-w C:\WINDOWS\system32\mmf(3)(3).sys
2007-05-14 11:39 1,201 --sha-w C:\WINDOWS\system32\mmf(3)(4).sys
2007-05-15 17:20 1,201 --sha-w C:\WINDOWS\system32\mmf(3)(5).sys
2007-05-13 08:30 1,201 --sha-w C:\WINDOWS\system32\mmf(4)(2).sys
2007-05-13 08:30 1,201 --sha-w C:\WINDOWS\system32\mmf(4)(3).sys
2007-05-13 08:30 1,201 --sha-w C:\WINDOWS\system32\mmf(4)(4).sys
2007-05-12 20:13 1,201 --sha-w C:\WINDOWS\system32\mmf(5)(2).sys
2007-05-12 16:09 1,201 --sha-w C:\WINDOWS\system32\mmf(6)(2).sys
2007-05-15 21:37 1,201 --sha-w C:\WINDOWS\system32\mmf(7)(2).sys
2007-05-12 11:39 1,201 --sha-w C:\WINDOWS\system32\mmf(8)(2).sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-01_16.26.18.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 14:21:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 17:33:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-07-11 07:41:36 345,656 ----a-w C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-r 925,696 2005-07-08 23:10:12 C:\Programmi\Analog Devices\Core\bak\smax4pnp.exe
----a-r 925,696 2005-07-08 23:10:12 C:\Programmi\Analog Devices\Core\smax4pnp.exe
----a-w 716,800 2005-05-31 13:54:28 C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe
----a-w 716,800 2005-05-31 13:54:28 C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
----a-w 90,112 2006-11-10 10:35:24 C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\bak\CLIStart.exe
----a-w 90,112 2006-11-10 10:35:24 C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\clistart.exe
----a-w 949,376 2007-05-28 18:36:21 C:\Programmi\ESET\bak\nod32kui.exe
----a-w 949,376 2008-01-12 11:13:30 C:\Programmi\ESET\nod32kui.exe
----a-w 3,770,024 2007-03-14 15:52:50 C:\Programmi\TomTom HOME\bak\TomTomHOME.exe
----a-w 3,770,024 2007-03-14 15:52:50 C:\Programmi\TomTom HOME\TomTomHOME.exe
----a-w 204,288 2006-11-02 20:56:58 C:\Programmi\Windows Media Player\bak\WMPNSCFG.exe
----a-w 204,288 2006-11-02 20:56:58 C:\Programmi\Windows Media Player\wmpnscfg.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 98,304 2005-01-25 04:00:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATIAAE.EXE
----a-w 98,304 2005-01-25 04:00:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:56 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2005-07-09 01:10 925696]
"EPSON Stylus D68 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 06:00 98304]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME\TomTomHOME.exe" [2007-03-14 17:52 3770024]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-01-12 13:13 949376]
"UnlockerAssistant"="C:\Programmi\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"ISDN Monitor"="Linksts.exe" [2002-06-24 11:49 229376 C:\WINDOWS\system32\linksts.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2004-11-29 20:55:44 569405]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kvj83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Briscola\\BriscolaChiamata.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
R0 isdnlink;isdnlink;C:\WINDOWS\system32\DRIVERS\linkisdn.sys [2002-06-24 11:47]
R0 Kvj83;Kvj83;C:\WINDOWS\system32\Drivers\Kvj83.sys [2008-07-01 19:17]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2007-04-19 17:01]
R3 wanlink;wanlink;C:\WINDOWS\system32\DRIVERS\wanlink.sys [2002-06-24 11:47]
S3 SWUSBFLT;Driver filtro Microsoft SideWinder VIA;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 23:02]
S3 WNGQJRFPD;WNGQJRFPD;C:\DOCUME~1\FINESSI\IMPOST~1\Temp\WNGQJRFPD.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a01a40e9-9b3e-11dc-b3e7-c6ca727e6d0a}]
\Shell\AutoRun\command - I:\InstallTomTomHOME.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-15 07:44:56 C:\WINDOWS\Tasks\aavznn.job"
- c:\windows\system32\sqlgtcbo.exe
"2008-04-20 11:25:11 C:\WINDOWS\Tasks\adnt.job" |
|
| Top |
|
|
Finne
Mortale pio
Registrato: 30/06/08 23:32
Messaggi: 20
|
| Inviato: 01 Lug 2008 20:19 Oggetto: |
|
|
| Ho provato a fare quello che mi hai detto con systemscan, ma quando si è riavviato il pc, si è riavviato 4-5 volte (credevo non partisse più), poi quando è partito al momento di dare il report ha fatto un errore ed in pratica mi ha dato il file avenger.txt vuoto... |
|
| Top |
|
|
Finne
Mortale pio
Registrato: 30/06/08 23:32
Messaggi: 20
|
| Inviato: 01 Lug 2008 20:38 Oggetto: |
|
|
Il file C:\WINDOWS\System32\drivers\tcpsr.sys non c'è in drivers e la chiave HKLM\system\currentcontrolset\services\tcpsr me l'aveva già rimossa MBAM  che sia x quello che ha fatto errore?
Intanto tutti i tasks li ho rimossi manualmente, mentre il famoso kvj83 è sempre lì... riprovo con systemscan?
Nella pagina precedente ho postato il report di combofix, ci hai dato un'occhiata?  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 01 Lug 2008 21:24 Oggetto: |
|
|
Sono tornato uora uora... ho dato un'occhiata velocissima al log di combofix, e ho visto che è incompleto. 
Prova a rieseguirlo e vediamo cosa ci trova adesso.
Prima di fare di nuovo qualcosa con SystemScan, aspetta che dia un'occhiata al nuovo log di combofix. |
|
| Top |
|
|
Finne
Mortale pio
Registrato: 30/06/08 23:32
Messaggi: 20
|
| Inviato: 01 Lug 2008 21:43 Oggetto: |
|
|
Ho rifatto con combofix:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TCPSR
-------\Service_tcpsr
-------\Legacy_TCPSR
-------\Service_tcpsr
-------\Legacy_TCPSR
-------\Service_tcpsr
-------\Legacy_TCPSR
-------\Service_tcpsr
((((((((((((((((((((((((( Files Creati Da 2008-06-01 al 2008-07-01 )))))))))))))))))))))))))))))))))))
.
2008-07-01 19:46 . 2008-07-01 19:46 <DIR> d-------- C:\suspectfile
2008-07-01 19:06 . 2008-07-01 19:15 <DIR> d-------- C:\BombaFix
2008-07-01 18:16 . 2008-07-01 18:16 708,333 --a------ C:\sys41906.exe
2008-07-01 17:57 . 2008-07-01 17:57 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-07-01 17:57 . 2008-07-01 17:57 <DIR> d-------- C:\Documents and Settings\FINESSI\Dati applicazioni\Malwarebytes
2008-07-01 17:57 . 2008-07-01 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-07-01 17:57 . 2008-07-01 17:57 1,705,000 --a------ C:\mbam-setup.exe
2008-07-01 17:57 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 17:57 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 12:24 . 2008-07-01 12:24 50,688 --a------ C:\ATF-Cleaner.exe
2008-06-30 22:16 . 2005-12-05 17:29 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-06-30 22:16 . 2005-12-05 16:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-06-30 22:16 . 2005-12-05 16:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-06-30 22:16 . 2005-12-05 15:56 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2008-06-30 22:16 . 2005-12-05 15:47 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-06-30 22:16 . 2005-12-05 16:39 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-06-30 22:16 . 2005-12-05 16:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-06-30 22:16 . 2005-12-05 15:56 <DIR> dr------- C:\Documents and Settings\Administrator\Documenti
2008-06-30 22:16 . 2005-12-05 15:56 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-06-30 22:16 . 2008-06-30 22:16 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-30 21:25 . 2008-06-30 21:27 <DIR> d-------- C:\CopyLock2
2008-06-30 21:24 . 2008-06-30 21:25 292,243 --a------ C:\CopyLock2.zip
2008-06-30 19:40 . 2008-06-30 19:40 <DIR> d-------- C:\TcpView
2008-06-30 19:40 . 2008-06-30 19:40 170,702 --a------ C:\TcpView.zip
2008-06-30 02:31 . 2008-07-01 20:16 30,208 --a------ C:\WINDOWS\system32\drivers\Kvj83.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 08:12 --------- d-----w C:\Programmi\MVM 2005 - Sacred
2007-05-19 13:13 53,448 ----a-w C:\Documents and Settings\FINESSI\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-05-12 20:13 1,201 --sha-w C:\WINDOWS\system32\mmf(10)(2).sys
2007-05-13 08:30 1,201 --sha-w C:\WINDOWS\system32\mmf(11)(2).sys
2007-05-14 11:39 1,201 --sha-w C:\WINDOWS\system32\mmf(12)(2).sys
2007-05-15 21:42 1,201 --sha-w C:\WINDOWS\system32\mmf(14)(2).sys
2007-05-15 22:03 1,201 --sha-w C:\WINDOWS\system32\mmf(14)(3).sys
2007-05-12 16:09 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(10).sys
2007-05-14 11:39 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(11).sys
2007-05-12 11:39 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(2).sys
2007-05-12 16:09 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(3).sys
2007-05-15 11:55 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(4).sys
2007-05-15 17:20 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(5).sys
2007-05-15 11:55 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(6).sys
2007-05-15 11:55 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(7).sys
2007-05-15 22:14 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(8).sys
2007-05-15 11:55 1,201 --sha-w C:\WINDOWS\system32\mmf(2)(9).sys
2008-03-01 10:08 1,201 --sha-w C:\WINDOWS\system32\mmf(2).sys
2007-05-12 20:13 1,201 --sha-w C:\WINDOWS\system32\mmf(3)(2).sys
2007-05-14 11:39 1,201 --sha-w C:\WINDOWS\system32\mmf(3)(3).sys
2007-05-14 11:39 1,201 --sha-w C:\WINDOWS\system32\mmf(3)(4).sys
2007-05-15 17:20 1,201 --sha-w C:\WINDOWS\system32\mmf(3)(5).sys
2007-05-13 08:30 1,201 --sha-w C:\WINDOWS\system32\mmf(4)(2).sys
2007-05-13 08:30 1,201 --sha-w C:\WINDOWS\system32\mmf(4)(3).sys
2007-05-13 08:30 1,201 --sha-w C:\WINDOWS\system32\mmf(4)(4).sys
2007-05-12 20:13 1,201 --sha-w C:\WINDOWS\system32\mmf(5)(2).sys
2007-05-12 16:09 1,201 --sha-w C:\WINDOWS\system32\mmf(6)(2).sys
2007-05-15 21:37 1,201 --sha-w C:\WINDOWS\system32\mmf(7)(2).sys
2007-05-12 11:39 1,201 --sha-w C:\WINDOWS\system32\mmf(8)(2).sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-01_16.26.18.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 14:21:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 19:34:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-07-11 07:41:36 345,656 ----a-w C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-r 925,696 2005-07-08 23:10:12 C:\Programmi\Analog Devices\Core\bak\smax4pnp.exe
----a-r 925,696 2005-07-08 23:10:12 C:\Programmi\Analog Devices\Core\smax4pnp.exe
----a-w 716,800 2005-05-31 13:54:28 C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe
----a-w 716,800 2005-05-31 13:54:28 C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
----a-w 90,112 2006-11-10 10:35:24 C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\bak\CLIStart.exe
----a-w 90,112 2006-11-10 10:35:24 C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\clistart.exe
----a-w 949,376 2007-05-28 18:36:21 C:\Programmi\ESET\bak\nod32kui.exe
----a-w 949,376 2008-01-12 11:13:30 C:\Programmi\ESET\nod32kui.exe
----a-w 3,770,024 2007-03-14 15:52:50 C:\Programmi\TomTom HOME\bak\TomTomHOME.exe
----a-w 3,770,024 2007-03-14 15:52:50 C:\Programmi\TomTom HOME\TomTomHOME.exe
----a-w 204,288 2006-11-02 20:56:58 C:\Programmi\Windows Media Player\bak\WMPNSCFG.exe
----a-w 204,288 2006-11-02 20:56:58 C:\Programmi\Windows Media Player\wmpnscfg.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 98,304 2005-01-25 04:00:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATIAAE.EXE
----a-w 98,304 2005-01-25 04:00:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:56 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2005-07-09 01:10 925696]
"EPSON Stylus D68 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 06:00 98304]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME\TomTomHOME.exe" [2007-03-14 17:52 3770024]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-01-12 13:13 949376]
"UnlockerAssistant"="C:\Programmi\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"ISDN Monitor"="Linksts.exe" [2002-06-24 11:49 229376 C:\WINDOWS\system32\linksts.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2004-11-29 20:55:44 569405]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kvj83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Briscola\\BriscolaChiamata.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
R0 isdnlink;isdnlink;C:\WINDOWS\system32\DRIVERS\linkisdn.sys [2002-06-24 11:47]
R0 Kvj83;Kvj83;C:\WINDOWS\system32\Drivers\Kvj83.sys [2008-07-01 20:16]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2007-04-19 17:01]
R3 wanlink;wanlink;C:\WINDOWS\system32\DRIVERS\wanlink.sys [2002-06-24 11:47]
S3 SWUSBFLT;Driver filtro Microsoft SideWinder VIA;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 23:02]
S3 WNGQJRFPD;WNGQJRFPD;C:\DOCUME~1\FINESSI\IMPOST~1\Temp\WNGQJRFPD.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a01a40e9-9b3e-11dc-b3e7-c6ca727e6d0a}]
\Shell\AutoRun\command - I:\InstallTomTomHOME.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-20 11:25:11 C:\WINDOWS\Tasks\adnt.job" |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 01 Lug 2008 22:44 Oggetto: |
|
|
Niente da fare, anche questo log è incompleto (manca l'intestazione e la parte finale).
Comunque, cominciamo a eliminare/disabilitare le cose già riconosciute...
Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop
Avvia AVENGER
Clicca Ok
Inserisci queste righe nel riquadro bianco:
| Codice: | Files to delete:
C:\WINDOWS\tasks\zzu.job
C:\WINDOWS\tasks\wecpzzmr.job
C:\WINDOWS\tasks\iizrm.job
C:\WINDOWS\tasks\zxyi.job
C:\WINDOWS\tasks\zns.job
C:\WINDOWS\tasks\eom.job
C:\WINDOWS\tasks\txleb.job
C:\WINDOWS\tasks\tjv.job
C:\WINDOWS\tasks\pbtlq.job
C:\WINDOWS\tasks\igwkgx.job
C:\WINDOWS\tasks\hzqpoijq.job
C:\WINDOWS\tasks\gxjqn.job
C:\WINDOWS\tasks\ezd.job
C:\WINDOWS\tasks\kslg.job
C:\WINDOWS\tasks\sgctjis.job
C:\WINDOWS\tasks\lcnwd.job
C:\WINDOWS\tasks\egv.job
C:\WINDOWS\tasks\shkyw.job
C:\WINDOWS\tasks\zxkae.job
C:\WINDOWS\tasks\edbkui.job
C:\WINDOWS\tasks\kpgv.job
C:\WINDOWS\tasks\sbb.job
C:\WINDOWS\tasks\zmpgih.job
C:\WINDOWS\tasks\rwpefn.job
C:\WINDOWS\tasks\dzpre.job
C:\WINDOWS\tasks\sdawfe.job
C:\WINDOWS\tasks\kmw.job
C:\WINDOWS\tasks\zwvffuo.job
C:\WINDOWS\tasks\zmli.job
C:\WINDOWS\tasks\ecgwf.job
C:\WINDOWS\tasks\dyyd.job
C:\WINDOWS\tasks\dwfxcbsh.job
C:\WINDOWS\tasks\dxotlzcc.job
C:\WINDOWS\tasks\dyizti.job
C:\WINDOWS\tasks\kidtr.job
C:\WINDOWS\tasks\kfqbzc.job
C:\WINDOWS\tasks\kjj.job
C:\WINDOWS\tasks\you.job
C:\WINDOWS\tasks\kmuakmok.job
C:\WINDOWS\tasks\rjsyeav.job
C:\WINDOWS\tasks\rjz.job
C:\WINDOWS\tasks\yxr.job
C:\WINDOWS\tasks\zgrdl.job
C:\WINDOWS\tasks\zfjbnak.job
C:\WINDOWS\tasks\raxbuc.job
C:\WINDOWS\tasks\rubwpimx.job
C:\WINDOWS\tasks\yhdsxo.job
C:\WINDOWS\tasks\qzft.job
C:\WINDOWS\tasks\dsrutw.job
C:\WINDOWS\tasks\dosntaet.job
C:\WINDOWS\tasks\qzdb.job
C:\WINDOWS\tasks\jxp.job
C:\WINDOWS\tasks\jvoqxwgu.job
C:\WINDOWS\tasks\jqpakhu.job
C:\WINDOWS\tasks\ylw.job
C:\WINDOWS\tasks\xzbzn.job
C:\WINDOWS\tasks\jnijdw.job
C:\WINDOWS\tasks\ycox.job
C:\WINDOWS\tasks\jpnnplsb.job
C:\WINDOWS\tasks\qyph.job
C:\WINDOWS\tasks\qwoknirz.job
C:\WINDOWS\tasks\yejckm.job
C:\WINDOWS\tasks\dgnizp.job
C:\WINDOWS\tasks\dijam.job
C:\WINDOWS\tasks\ddwdssre.job
C:\WINDOWS\tasks\jldp.job
C:\WINDOWS\tasks\xpeya.job
C:\WINDOWS\tasks\xxdzlqnm.job
C:\WINDOWS\tasks\czm.job
C:\WINDOWS\tasks\dbrbach.job
C:\WINDOWS\tasks\dcxon.job
C:\WINDOWS\tasks\qbwc.job
C:\WINDOWS\tasks\qcx.job
C:\WINDOWS\tasks\xpzlnbyu.job
C:\WINDOWS\tasks\jdlt.job
C:\WINDOWS\tasks\qjjt.job
C:\WINDOWS\tasks\xuyj.job
C:\WINDOWS\tasks\jfcmo.job
C:\WINDOWS\tasks\qvd.job
C:\WINDOWS\tasks\jjusavy.job
C:\WINDOWS\tasks\ixhg.job
C:\WINDOWS\tasks\jbapshc.job
C:\WINDOWS\tasks\jbcennu.job
C:\WINDOWS\tasks\xdysck.job
C:\WINDOWS\tasks\xmauf.job
C:\WINDOWS\tasks\xnjdzcc.job
C:\WINDOWS\tasks\pznkm.job
C:\WINDOWS\tasks\pxzyf.job
C:\WINDOWS\tasks\pwunmf.job
C:\WINDOWS\tasks\cwqseknn.job
C:\WINDOWS\tasks\cob.job
C:\WINDOWS\tasks\covl.job
C:\WINDOWS\tasks\cud.job
C:\WINDOWS\tasks\oxxvxkxx.job
C:\WINDOWS\tasks\xaz.job
C:\WINDOWS\tasks\xaqfhfmz.job
C:\WINDOWS\tasks\xantkq.job
C:\WINDOWS\tasks\ilk.job
C:\WINDOWS\tasks\wyo.job
C:\WINDOWS\tasks\iqct.job
C:\WINDOWS\tasks\pslwsp.job
C:\WINDOWS\tasks\iswlrb.job
C:\WINDOWS\tasks\publgua.job
C:\WINDOWS\tasks\patpglu.job
C:\WINDOWS\tasks\irbgojfz.job
C:\WINDOWS\tasks\piocimwj.job
C:\WINDOWS\tasks\cdhfw.job
C:\WINDOWS\tasks\cgjtpu.job
C:\WINDOWS\tasks\bxib.job
C:\WINDOWS\tasks\bzqmxn.job
C:\WINDOWS\tasks\wfpri.job
C:\WINDOWS\tasks\bju.job
C:\WINDOWS\tasks\bkp.job
C:\WINDOWS\tasks\wsro.job
C:\WINDOWS\tasks\wslusuu.job
C:\WINDOWS\tasks\whcdtovd.job
C:\WINDOWS\tasks\orkqafge.job
C:\WINDOWS\tasks\ovimkza.job
C:\WINDOWS\tasks\owktfj.job
C:\WINDOWS\tasks\bqt.job
C:\WINDOWS\tasks\bqtoifv.job
C:\WINDOWS\tasks\opg.job
C:\WINDOWS\tasks\iimg.job
C:\WINDOWS\tasks\ijhkv.job
C:\WINDOWS\tasks\ifyhk.job
C:\WINDOWS\tasks\ibrzbpd.job
C:\WINDOWS\tasks\icilmeyk.job
C:\WINDOWS\tasks\vkuf.job
C:\WINDOWS\tasks\bctb.job
C:\WINDOWS\tasks\axomqq.job
C:\WINDOWS\tasks\vlbgjf.job
C:\WINDOWS\tasks\vsytjdur.job
C:\WINDOWS\tasks\bjmnneab.job
C:\WINDOWS\tasks\vsno.job
C:\WINDOWS\tasks\oohlg.job
C:\WINDOWS\tasks\olzqm.job
C:\WINDOWS\tasks\oounnbo.job
C:\WINDOWS\tasks\hqrd.job
C:\WINDOWS\tasks\hvy.job
C:\WINDOWS\tasks\ojr.job
C:\WINDOWS\tasks\oirpvuw.job
C:\WINDOWS\tasks\vifr.job
C:\WINDOWS\tasks\vie.job
C:\WINDOWS\tasks\hqcuinn.job
C:\WINDOWS\tasks\awiln.job
C:\WINDOWS\tasks\atwmygq.job
C:\WINDOWS\tasks\hpxsx.job
C:\WINDOWS\tasks\vgqmx.job
C:\WINDOWS\tasks\oehhfps.job
C:\WINDOWS\tasks\arynedt.job
C:\WINDOWS\tasks\arolqef.job
C:\WINDOWS\tasks\oiitoij.job
C:\WINDOWS\tasks\hnsjej.job
C:\WINDOWS\tasks\hnhts.job
C:\WINDOWS\tasks\arl.job
C:\WINDOWS\tasks\gxrb.job
C:\WINDOWS\tasks\nzcb.job
C:\WINDOWS\tasks\vcpnupx.job
C:\WINDOWS\tasks\oazelbtz.job
C:\WINDOWS\tasks\obigcs.job
C:\WINDOWS\tasks\amjddio.job
C:\WINDOWS\tasks\aoy.job
C:\WINDOWS\tasks\aow.job
C:\WINDOWS\tasks\hcjtzh.job
C:\WINDOWS\tasks\vdrguyew.job
C:\WINDOWS\tasks\hlhaxx.job
C:\WINDOWS\tasks\vdomckk.job
C:\WINDOWS\tasks\vdhhhh.job
C:\WINDOWS\tasks\hbbjbg.job
C:\WINDOWS\tasks\ubuwv.job
C:\WINDOWS\tasks\aavznn.job
C:\WINDOWS\tasks\numav.job
C:\WINDOWS\tasks\nvqcsfd.job
C:\WINDOWS\tasks\uhskzs.job
C:\WINDOWS\tasks\untxku.job
C:\WINDOWS\tasks\uexdi.job
C:\WINDOWS\tasks\ugy.job
C:\WINDOWS\tasks\uodfaiu.job
C:\WINDOWS\tasks\gnmz.job
C:\WINDOWS\tasks\gkzjn.job
C:\WINDOWS\tasks\gnowjfi.job
C:\WINDOWS\tasks\gvly.job
C:\WINDOWS\tasks\gvijsh.job
C:\WINDOWS\tasks\gdjqkru.job
C:\WINDOWS\tasks\fzg.job
C:\WINDOWS\tasks\gehep.job
C:\WINDOWS\tasks\gkq.job
C:\WINDOWS\tasks\ghuib.job
C:\WINDOWS\tasks\mrwoaymi.job
C:\WINDOWS\tasks\ngha.job
C:\WINDOWS\tasks\nbkzrwx.job
C:\WINDOWS\tasks\ngzaehs.job
C:\WINDOWS\tasks\uusn.job
C:\WINDOWS\tasks\nkqmxjr.job
C:\WINDOWS\tasks\myjxadaf.job
C:\WINDOWS\tasks\vbc.job
C:\WINDOWS\tasks\muo.job
C:\WINDOWS\tasks\vaca.job
C:\WINDOWS\tasks\mzgfzk.job
C:\WINDOWS\tasks\facxmsgg.job
C:\WINDOWS\tasks\flfxc.job
C:\WINDOWS\tasks\spqkzy.job
C:\WINDOWS\tasks\spzi.job
C:\WINDOWS\tasks\sswbb.job
C:\WINDOWS\tasks\flt.job
C:\WINDOWS\tasks\tmkcjdz.job
C:\WINDOWS\tasks\tkdcfnjx.job
C:\WINDOWS\tasks\fqjlkw.job
C:\WINDOWS\tasks\fmrpqgqr.job
C:\WINDOWS\tasks\uag.job
C:\WINDOWS\tasks\etbczg.job
C:\WINDOWS\tasks\etfxwp.job
C:\WINDOWS\tasks\lycrmt.job
C:\WINDOWS\tasks\epskpyzr.job
C:\WINDOWS\tasks\esgg.job
C:\WINDOWS\tasks\mobr.job
C:\WINDOWS\tasks\mqy.job
C:\WINDOWS\tasks\mkpgelcw.job
C:\WINDOWS\tasks\lzv.job
C:\WINDOWS\tasks\mbiklh.job
C:\WINDOWS\tasks\luma.job
C:\WINDOWS\tasks\svfo.job
C:\WINDOWS\tasks\szcdiwn.job
C:\WINDOWS\tasks\ltpse.job
C:\WINDOWS\tasks\stedm.job
C:\WINDOWS\tasks\lsc.job
C:\WINDOWS\tasks\eja.job
C:\WINDOWS\tasks\eozxh.job
C:\WINDOWS\tasks\tglw.job
C:\WINDOWS\tasks\ltwl.job
C:\WINDOWS\tasks\tahda.job
C:\WINDOWS\tasks\slqkpp.job
C:\WINDOWS\tasks\smagbrj.job
C:\WINDOWS\tasks\ehjont.job
C:\WINDOWS\tasks\lqgzynb.job
C:\WINDOWS\tasks\eivo.job
C:\WINDOWS\tasks\ehrkan.job
C:\WINDOWS\tasks\ljsvq.job
C:\WINDOWS\tasks\skcca.job
C:\WINDOWS\tasks\lgmbvkwn.job
C:\WINDOWS\tasks\lhxochxn.job
C:\WINDOWS\tasks\pzmqxj.job
C:\WINDOWS\tasks\tiy.job
C:\WINDOWS\tasks\jaolhkpd.job
C:\WINDOWS\tasks\mlcph.job
C:\WINDOWS\tasks\kndu.job
C:\WINDOWS\tasks\agubu.job
C:\WINDOWS\tasks\xxrolf.job
C:\WINDOWS\tasks\mzb.job
C:\WINDOWS\tasks\qkjz.job
C:\WINDOWS\tasks\eivq.job
C:\WINDOWS\tasks\uujuk.job
C:\WINDOWS\tasks\xpdfxur.job
C:\WINDOWS\tasks\kfdur.job
C:\WINDOWS\tasks\jksuhdy.job
C:\WINDOWS\tasks\hmlv.job
C:\WINDOWS\tasks\rzfhsw.job
C:\WINDOWS\tasks\bfc.job
C:\WINDOWS\tasks\mxif.job
C:\WINDOWS\tasks\lsgtt.job
C:\WINDOWS\tasks\vryg.job
C:\WINDOWS\tasks\ipehvf.job
C:\WINDOWS\tasks\qogmbukj.job
C:\WINDOWS\tasks\yhohuxs.job
C:\WINDOWS\tasks\tkxvy.job
C:\WINDOWS\tasks\tgfunkv.job
C:\WINDOWS\tasks\vkjfanh.job
C:\WINDOWS\tasks\pbmpf.job
C:\WINDOWS\tasks\ecf.job
C:\WINDOWS\tasks\kapm.job
C:\WINDOWS\tasks\pjyp.job
C:\WINDOWS\tasks\raa.job
C:\WINDOWS\tasks\ycmghsyc.job
C:\WINDOWS\tasks\miisp.job
C:\WINDOWS\tasks\jwpf.job
C:\WINDOWS\tasks\getruhq.job
C:\WINDOWS\tasks\vpdcw.job
C:\WINDOWS\tasks\agyic.job
C:\WINDOWS\tasks\ilvq.job
C:\WINDOWS\tasks\vrt.job
C:\WINDOWS\tasks\sfczzah.job
C:\WINDOWS\tasks\xmzbeow.job
C:\WINDOWS\tasks\xhypzjbv.job
C:\WINDOWS\tasks\nnnt.job
C:\WINDOWS\tasks\erun.job
C:\WINDOWS\tasks\wpz.job
C:\WINDOWS\tasks\ypyk.job
C:\WINDOWS\tasks\rux.job
C:\WINDOWS\tasks\axr.job
C:\WINDOWS\tasks\kjzdpby.job
C:\WINDOWS\tasks\ewpzbdim.job
C:\WINDOWS\tasks\vwxnyzuw.job
C:\WINDOWS\tasks\hvka.job
C:\WINDOWS\tasks\yqph.job
C:\WINDOWS\tasks\pzfj.job
C:\WINDOWS\tasks\yriu.job
C:\WINDOWS\tasks\hssyd.job
C:\WINDOWS\tasks\fcaxmvbb.job
C:\WINDOWS\tasks\mfeskguw.job
C:\WINDOWS\tasks\waoyfss.job
C:\WINDOWS\tasks\adnt.job
C:\WINDOWS\tasks\wjmasel.job
C:\WINDOWS\tasks\bbxqhfyv.job
C:\WINDOWS\tasks\kzz.job
C:\WINDOWS\tasks\wlpd.job
C:\WINDOWS\tasks\crsz.job
C:\WINDOWS\tasks\yud.job
C:\WINDOWS\tasks\lkbzzy.job
C:\WINDOWS\tasks\zxd.job
C:\WINDOWS\tasks\kwndai.job
C:\WINDOWS\tasks\wtiutr.job
C:\WINDOWS\tasks\aojnto.job
C:\WINDOWS\tasks\trnizv.job
C:\WINDOWS\tasks\xlb.job
C:\WINDOWS\tasks\xtplbi.job
C:\WINDOWS\tasks\hqqcqjk.job
C:\WINDOWS\tasks\citepl.job
C:\WINDOWS\tasks\rhuhfg.job
C:\WINDOWS\tasks\kdgilpc.job
C:\WINDOWS\tasks\lvahley.job
C:\WINDOWS\tasks\nqyaz.job
C:\WINDOWS\tasks\jka.job
C:\WINDOWS\tasks\kzd.job
C:\WINDOWS\tasks\hhpbgcwe.job
C:\WINDOWS\tasks\igq.job
C:\WINDOWS\tasks\klbfkhk.job
C:\WINDOWS\tasks\egf.job
C:\WINDOWS\tasks\dccq.job
C:\WINDOWS\tasks\wfskm.job
Drivers to delete:
WNGQJRFPD
Drivers to disable:
Kvj83 |
Clicca su Execute
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di SystemScan. |
|
| Top |
|
|
Finne
Mortale pio
Registrato: 30/06/08 23:32
Messaggi: 20
|
| Inviato: 01 Lug 2008 23:32 Oggetto: |
|
|
I tasks li avevo eliminati io manualmente, quindi ho copiato solo l'ultima parte del codice...
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "WNGQJRFPD" deleted successfully.
Driver "Kvj83" disabled successfully.
Completed script processing.
*******************
Finished! Terminate.
Il problema sembra essersi risolto, da quando sono connesso a internet, subito faceva come prima, cioè guardando tcpview vedevo molti processi aperti, ma da qualche minuto sembra essere tornato tutto normale... spero di non aver cantato vittoria troppo presto 
Comunque questo è il report di systemscan:
report.txt |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 02 Lug 2008 09:20 Oggetto: |
|
|
Ho dato un'occhiata velocissima al nuovo log, più tardi lo controllo con calma.
Ho notato che sono rimasti ancora parecchi tasks non cancellati. Se vuoi fare una passata con Avenger:
| Citazione: | Files to delete:
C:\WINDOWS\tasks\zzu.job
C:\WINDOWS\tasks\wecpzzmr.job
C:\WINDOWS\tasks\iizrm.job
C:\WINDOWS\tasks\eom.job
C:\WINDOWS\tasks\pzmqxj.job
C:\WINDOWS\tasks\tiy.job
C:\WINDOWS\tasks\jaolhkpd.job
C:\WINDOWS\tasks\mlcph.job
C:\WINDOWS\tasks\kndu.job
C:\WINDOWS\tasks\agubu.job
C:\WINDOWS\tasks\xxrolf.job
C:\WINDOWS\tasks\mzb.job
C:\WINDOWS\tasks\qkjz.job
C:\WINDOWS\tasks\eivq.job
C:\WINDOWS\tasks\uujuk.job
C:\WINDOWS\tasks\xpdfxur.job
C:\WINDOWS\tasks\kfdur.job
C:\WINDOWS\tasks\jksuhdy.job
C:\WINDOWS\tasks\hmlv.job
C:\WINDOWS\tasks\rzfhsw.job
C:\WINDOWS\tasks\bfc.job
C:\WINDOWS\tasks\mxif.job
C:\WINDOWS\tasks\lsgtt.job
C:\WINDOWS\tasks\vryg.job
C:\WINDOWS\tasks\ipehvf.job
C:\WINDOWS\tasks\qogmbukj.job
C:\WINDOWS\tasks\yhohuxs.job
C:\WINDOWS\tasks\tkxvy.job
C:\WINDOWS\tasks\tgfunkv.job
C:\WINDOWS\tasks\vkjfanh.job
C:\WINDOWS\tasks\pbmpf.job
C:\WINDOWS\tasks\ecf.job
C:\WINDOWS\tasks\kapm.job
C:\WINDOWS\tasks\pjyp.job
C:\WINDOWS\tasks\raa.job
C:\WINDOWS\tasks\ycmghsyc.job
C:\WINDOWS\tasks\miisp.job
C:\WINDOWS\tasks\jwpf.job
C:\WINDOWS\tasks\getruhq.job
C:\WINDOWS\tasks\vpdcw.job
C:\WINDOWS\tasks\agyic.job
C:\WINDOWS\tasks\ilvq.job
C:\WINDOWS\tasks\vrt.job
C:\WINDOWS\tasks\sfczzah.job
C:\WINDOWS\tasks\xmzbeow.job
C:\WINDOWS\tasks\xhypzjbv.job
C:\WINDOWS\tasks\nnnt.job
C:\WINDOWS\tasks\erun.job
C:\WINDOWS\tasks\wpz.job
C:\WINDOWS\tasks\ypyk.job
C:\WINDOWS\tasks\rux.job
C:\WINDOWS\tasks\axr.job
C:\WINDOWS\tasks\kjzdpby.job
C:\WINDOWS\tasks\ewpzbdim.job
C:\WINDOWS\tasks\vwxnyzuw.job
C:\WINDOWS\tasks\hvka.job
C:\WINDOWS\tasks\yqph.job
C:\WINDOWS\tasks\pzfj.job
C:\WINDOWS\tasks\yriu.job
C:\WINDOWS\tasks\hssyd.job
C:\WINDOWS\tasks\fcaxmvbb.job
C:\WINDOWS\tasks\mfeskguw.job
C:\WINDOWS\tasks\waoyfss.job
C:\WINDOWS\tasks\adnt.job
C:\WINDOWS\tasks\wjmasel.job
C:\WINDOWS\tasks\bbxqhfyv.job
C:\WINDOWS\tasks\kzz.job
C:\WINDOWS\tasks\wlpd.job
C:\WINDOWS\tasks\crsz.job
C:\WINDOWS\tasks\yud.job
C:\WINDOWS\tasks\lkbzzy.job
C:\WINDOWS\tasks\zxd.job
C:\WINDOWS\tasks\kwndai.job
C:\WINDOWS\tasks\wtiutr.job
C:\WINDOWS\tasks\aojnto.job
C:\WINDOWS\tasks\trnizv.job
C:\WINDOWS\tasks\xlb.job
C:\WINDOWS\tasks\xtplbi.job
C:\WINDOWS\tasks\hqqcqjk.job
C:\WINDOWS\tasks\citepl.job
C:\WINDOWS\tasks\rhuhfg.job
C:\WINDOWS\tasks\kdgilpc.job
C:\WINDOWS\tasks\lvahley.job
C:\WINDOWS\tasks\nqyaz.job
C:\WINDOWS\tasks\jka.job
C:\WINDOWS\tasks\kzd.job
C:\WINDOWS\tasks\hhpbgcwe.job
C:\WINDOWS\tasks\igq.job
C:\WINDOWS\tasks\klbfkhk.job
C:\WINDOWS\tasks\egf.job
C:\WINDOWS\tasks\dccq.job
C:\WINDOWS\tasks\wfskm.job |
Nel frattempo, fai queste altre operazioni (così ci portiamo avanti):
- Disabilita il tuo antivirus
- Collegati a BitDefender (con IE) e fai la scansione completa.
- Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato TXT), carica il file su WikiSend e posta qui il Forum Link che ti viene assegnato.
|
|
| Top |
|
|
Finne
Mortale pio
Registrato: 30/06/08 23:32
Messaggi: 20
|
| Inviato: 02 Lug 2008 10:56 Oggetto: |
|
|
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\tasks\zzu.job" deleted successfully.
File "C:\WINDOWS\tasks\wecpzzmr.job" deleted successfully.
File "C:\WINDOWS\tasks\iizrm.job" deleted successfully.
File "C:\WINDOWS\tasks\eom.job" deleted successfully.
File "C:\WINDOWS\tasks\pzmqxj.job" deleted successfully.
File "C:\WINDOWS\tasks\tiy.job" deleted successfully.
File "C:\WINDOWS\tasks\jaolhkpd.job" deleted successfully.
File "C:\WINDOWS\tasks\mlcph.job" deleted successfully.
File "C:\WINDOWS\tasks\kndu.job" deleted successfully.
File "C:\WINDOWS\tasks\agubu.job" deleted successfully.
File "C:\WINDOWS\tasks\xxrolf.job" deleted successfully.
File "C:\WINDOWS\tasks\mzb.job" deleted successfully.
File "C:\WINDOWS\tasks\qkjz.job" deleted successfully.
File "C:\WINDOWS\tasks\eivq.job" deleted successfully.
File "C:\WINDOWS\tasks\uujuk.job" deleted successfully.
File "C:\WINDOWS\tasks\xpdfxur.job" deleted successfully.
File "C:\WINDOWS\tasks\kfdur.job" deleted successfully.
File "C:\WINDOWS\tasks\jksuhdy.job" deleted successfully.
File "C:\WINDOWS\tasks\hmlv.job" deleted successfully.
File "C:\WINDOWS\tasks\rzfhsw.job" deleted successfully.
File "C:\WINDOWS\tasks\bfc.job" deleted successfully.
File "C:\WINDOWS\tasks\mxif.job" deleted successfully.
File "C:\WINDOWS\tasks\lsgtt.job" deleted successfully.
File "C:\WINDOWS\tasks\vryg.job" deleted successfully.
File "C:\WINDOWS\tasks\ipehvf.job" deleted successfully.
File "C:\WINDOWS\tasks\qogmbukj.job" deleted successfully.
File "C:\WINDOWS\tasks\yhohuxs.job" deleted successfully.
File "C:\WINDOWS\tasks\tkxvy.job" deleted successfully.
File "C:\WINDOWS\tasks\tgfunkv.job" deleted successfully.
File "C:\WINDOWS\tasks\vkjfanh.job" deleted successfully.
File "C:\WINDOWS\tasks\pbmpf.job" deleted successfully.
File "C:\WINDOWS\tasks\ecf.job" deleted successfully.
File "C:\WINDOWS\tasks\kapm.job" deleted successfully.
File "C:\WINDOWS\tasks\pjyp.job" deleted successfully.
File "C:\WINDOWS\tasks\raa.job" deleted successfully.
File "C:\WINDOWS\tasks\ycmghsyc.job" deleted successfully.
File "C:\WINDOWS\tasks\miisp.job" deleted successfully.
File "C:\WINDOWS\tasks\jwpf.job" deleted successfully.
File "C:\WINDOWS\tasks\getruhq.job" deleted successfully.
File "C:\WINDOWS\tasks\vpdcw.job" deleted successfully.
File "C:\WINDOWS\tasks\agyic.job" deleted successfully.
File "C:\WINDOWS\tasks\ilvq.job" deleted successfully.
File "C:\WINDOWS\tasks\vrt.job" deleted successfully.
File "C:\WINDOWS\tasks\sfczzah.job" deleted successfully.
File "C:\WINDOWS\tasks\xmzbeow.job" deleted successfully.
File "C:\WINDOWS\tasks\xhypzjbv.job" deleted successfully.
File "C:\WINDOWS\tasks\nnnt.job" deleted successfully.
File "C:\WINDOWS\tasks\erun.job" deleted successfully.
File "C:\WINDOWS\tasks\wpz.job" deleted successfully.
File "C:\WINDOWS\tasks\ypyk.job" deleted successfully.
File "C:\WINDOWS\tasks\rux.job" deleted successfully.
File "C:\WINDOWS\tasks\axr.job" deleted successfully.
File "C:\WINDOWS\tasks\kjzdpby.job" deleted successfully.
File "C:\WINDOWS\tasks\ewpzbdim.job" deleted successfully.
File "C:\WINDOWS\tasks\vwxnyzuw.job" deleted successfully.
File "C:\WINDOWS\tasks\hvka.job" deleted successfully.
File "C:\WINDOWS\tasks\yqph.job" deleted successfully.
File "C:\WINDOWS\tasks\pzfj.job" deleted successfully.
File "C:\WINDOWS\tasks\yriu.job" deleted successfully.
File "C:\WINDOWS\tasks\hssyd.job" deleted successfully.
File "C:\WINDOWS\tasks\fcaxmvbb.job" deleted successfully.
File "C:\WINDOWS\tasks\mfeskguw.job" deleted successfully.
File "C:\WINDOWS\tasks\waoyfss.job" deleted successfully.
File "C:\WINDOWS\tasks\adnt.job" deleted successfully.
File "C:\WINDOWS\tasks\wjmasel.job" deleted successfully.
File "C:\WINDOWS\tasks\bbxqhfyv.job" deleted successfully.
File "C:\WINDOWS\tasks\kzz.job" deleted successfully.
File "C:\WINDOWS\tasks\wlpd.job" deleted successfully.
File "C:\WINDOWS\tasks\crsz.job" deleted successfully.
File "C:\WINDOWS\tasks\yud.job" deleted successfully.
File "C:\WINDOWS\tasks\lkbzzy.job" deleted successfully.
File "C:\WINDOWS\tasks\zxd.job" deleted successfully.
File "C:\WINDOWS\tasks\kwndai.job" deleted successfully.
File "C:\WINDOWS\tasks\wtiutr.job" deleted successfully.
File "C:\WINDOWS\tasks\aojnto.job" deleted successfully.
File "C:\WINDOWS\tasks\trnizv.job" deleted successfully.
File "C:\WINDOWS\tasks\xlb.job" deleted successfully.
File "C:\WINDOWS\tasks\xtplbi.job" deleted successfully.
File "C:\WINDOWS\tasks\hqqcqjk.job" deleted successfully.
File "C:\WINDOWS\tasks\citepl.job" deleted successfully.
File "C:\WINDOWS\tasks\rhuhfg.job" deleted successfully.
File "C:\WINDOWS\tasks\kdgilpc.job" deleted successfully.
File "C:\WINDOWS\tasks\lvahley.job" deleted successfully.
File "C:\WINDOWS\tasks\nqyaz.job" deleted successfully.
File "C:\WINDOWS\tasks\jka.job" deleted successfully.
File "C:\WINDOWS\tasks\kzd.job" deleted successfully.
File "C:\WINDOWS\tasks\hhpbgcwe.job" deleted successfully.
File "C:\WINDOWS\tasks\igq.job" deleted successfully.
File "C:\WINDOWS\tasks\klbfkhk.job" deleted successfully.
File "C:\WINDOWS\tasks\egf.job" deleted successfully.
File "C:\WINDOWS\tasks\dccq.job" deleted successfully.
File "C:\WINDOWS\tasks\wfskm.job" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Il problema è proprio risolto perchè la connessione è tornata normale  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 02 Lug 2008 11:30 Oggetto: |
|
|
Disinstalla ComboFix:
Clicca Start
Clicca Esegui...
Digita:
Clicca su ok
Attendi pazientemente la fine dei lavori.
Poi, giusto per sicurezza:
- Disabilita il tuo antivirus
- Collegati a BitDefender (con IE) e fai la scansione completa.
- Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su WikiSend e posta qui il Forum Link che ti viene assegnato.
|
|
| Top |
|
|
Finne
Mortale pio
Registrato: 30/06/08 23:32
Messaggi: 20
|
| Inviato: 02 Lug 2008 14:27 Oggetto: |
 |
|
| bdoriano ha scritto: | Disinstalla ComboFix:
Clicca Start
Clicca Esegui...
Digita:
Clicca su ok
Attendi pazientemente la fine dei lavori.
|
Questo vale per tutti i combofix? perchè ne ho scaricati due da due link diversi, salvandoli con nomi diversi (tipo bombafix)
Cmq ho fatto lo scan con bitdifender, mi ha trovato dei virus che il mio nod32 aveva già messo in quarantena, e poi mi ha visto come virus il file di systemscan:
C:\sys41906.exe=>(NSIS o)=>zlib_nsis0011
Infected with: DeepScan:Generic.Zlob.38B68927
C:\sys41906.exe=>(NSIS o)=>zlib_nsis0011
Disinfection failed
C:\sys41906.exe=>(NSIS o)=>zlib_nsis0011
Deleted
C:\sys41906.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C7612528-1E8A-4A89-B3B8-D3D24491732E}\RP2\A0000023.exe=>(NSIS o)=>zlib_nsis0010
Infected with: DeepScan:Generic.Zlob.F1D635D3
C:\System Volume Information\_restore{C7612528-1E8A-4A89-B3B8-D3D24491732E}\RP2\A0000023.exe=>(NSIS o)=>zlib_nsis0010
Disinfection failed
C:\System Volume Information\_restore{C7612528-1E8A-4A89-B3B8-D3D24491732E}\RP2\A0000023.exe=>(NSIS o)=>zlib_nsis0010
Deleted
C:\System Volume Information\_restore{C7612528-1E8A-4A89-B3B8-D3D24491732E}\RP2\A0000023.exe=>(NSIS o)
Update failed |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
