View Full Version : problema strano satura memoria.....
Salve,
da qualche giorno mi accade una cosa strana quando accendo skype piano piano satura la memoria ram... insomma arrivo al picco della memoria virtuale e devo spegne e riaccende skype!! Arriva a occupare più di 250 MB di ram mi sembra assurdo!! Ho fatto scansioni in modalità provvisoria sia con Adware che con SPyboot che con Trend micro antispireware ma nulla ho eliminato quello che c'era da eliminare ma il problema nn è risolto. Ho anche disinstallato skype e rimesso ma nulla da fare!! Devo formattare???
Grazie per aiuto!!
Di solito il problema di memoria virtuale insufficente lo da il linkoptimizer,vediamo se dico bene.
Scarica gmer sul desktop
http://www.gmer.net/gmer110.zip
- decomprimi l'archivio sul desktop
- avvi gmer.exe
- clicca sul tab "Autostart" ed esegui la scansione e clicca su "Scan"
- finita la scansione clicca su "Copy", apri il Notepad ed incolla il risultato, salvalo sul desktop
- esegui nuovamente gmer.exe, clicca sul tab "Rootkit" clicca su Scan
- finita la scansione clicca su "Copy", apri il Notepad ed incolla il risultato, salvalo sul desktop
Gentilmente posta entrambi i log
Merci
1° LOG
GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-23 15:17:51
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs = \\?\C:\WINDOWS\system32\clock$.sve
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Auto RTPatch Scheduler /*Auto RTPatch Scheduler*/@ = C:\PROGRA~1\FILECO~1\POCKET~1\RTPatch\AutoRTP\artpschd.exe /*file not found*/
lmgrd /*Flexlm*/@ = "C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe" /*file not found*/
NOD32krn /*NOD32 Kernel Service*/@ = "C:\Programmi\Eset\nod32krn.exe"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SentinelProtectionServer /*Sentinel Protection Server*/@ = "C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindService /*StarWind iSCSI Service*/@ = C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
SysVxk /*SysVxk*/@ = "C:\Programmi\File comuni\System\CkJE.exe"
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@nod32kui"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE = "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
@AdslTaskBarrundll32.exe stmctrl.dll,TaskBar = rundll32.exe stmctrl.dll,TaskBar
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@RAM Idle ProfessionalC:\Programmi\RAM Idle LE\RAM_XP.exe = C:\Programmi\RAM Idle LE\RAM_XP.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@SpybotSD TeaTimerC:\Programmi\Spybot - Search & Destroy\TeaTimer.exe = C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
@Skype"C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{03A80B1D-5C6A-42c2-9DFB-81B6005D8023} = C:\Programmi\Trend Micro\Tmas\sshook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{B089FE88-FB52-11d3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} /*TuneUp Shredder Shell Context Menu Extension*/"C:\Programmi\TuneUp Utilities 2004\sdshelex.dll" = "C:\Programmi\TuneUp Utilities 2004\sdshelex.dll"
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/(null) =
@{03A80B1D-5C6A-42c2-9DFB-81B6005D8023} /*Trend Micro Anti-Spyware Shell Extension*/C:\Programmi\Trend Micro\Tmas\sshook.dll = C:\Programmi\Trend Micro\Tmas\sshook.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
TuneUp Shredder@{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programmi\TuneUp Utilities 2004\sdshelex.dll"
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
TuneUp Shredder@{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programmi\TuneUp Utilities 2004\sdshelex.dll"
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7633B7E2-538F-4026-A610-5E3F44ED5AE6} /*Connessione rete senza fili 2*/ >>>
@IPAddress192.168.0.101 = 192.168.0.101
@NameServer193.70.192.25 = 193.70.192.25
@DefaultGateway192.168.0.1 = 192.168.0.1
@Domain =
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E3906724-0869-4D47-989D-975DB7374761} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress10.0.0.4 = 10.0.0.4
@NameServer193.70.192.25 = 193.70.192.25
@DefaultGateway10.0.0.2 = 10.0.0.2
@Domain =
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = imon.dll
000000000002@PackedCatalogItem = imon.dll
000000000003@PackedCatalogItem = imon.dll
000000000004@PackedCatalogItem = imon.dll
000000000005@PackedCatalogItem = imon.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011@PackedCatalogItem = imon.dll
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk
---- EOF - GMER 1.0.10 ----
2° LOG
a breve..... (ma è normale che ci mette tanto???)
Si ci mette tanto,comunque ti confermo che sei infetta/o da linkoptimizer,spero solo che riusciamo a debbelarlo completamente :)
che cosa è un linkoptimizer? e perchè il macello succede solo con skype??
Ancora nn finisce ....
Grazie cmq
Prego,sinceramente non so perchè propio con skype,ad alcuni da quel messaggio solo aprendo il block notes di windows,linkoptimizer è un malware difficile da eliminare per via delle tecniche che usa,ciao
ecco il secondo log
[QUOTE]
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-23 15:54:12
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.10 ----
SSDT Vax347b.sys ZwClose
SSDT Vax347b.sys ZwCreateKey
SSDT Vax347b.sys ZwCreatePagingFile
SSDT Vax347b.sys ZwEnumerateKey
SSDT Vax347b.sys ZwEnumerateValueKey
SSDT Vax347b.sys ZwOpenKey
SSDT Vax347b.sys ZwQueryKey
SSDT Vax347b.sys ZwQueryValueKey
SSDT Vax347b.sys ZwSetSystemPowerState
---- Devices - GMER 1.0.10 ----
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 824AB4D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 824AB4D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 824AB4D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 824A3D38
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 824A3D38
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 824A3D38
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 824A3D38
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_NAMED_PIPE 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLOSEIRP_MJ_READ 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_WRITE 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_INFORMATION 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_INFORMATION 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_EA 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_EA 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FLUSH_BUFFERS 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_VOLUME_INFORMATION 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_VOLUME_INFORMATION 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DIRECTORY_CONTROL 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FILE_SYSTEM_CONTROL 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CONTROL 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_INTERNAL_DEVICE_CONTROL 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SHUTDOWN 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_LOCK_CONTROL 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLEANUP 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_MAILSLOT 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_SECURITY 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_SECURITY 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_POWER 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SYSTEM_CONTROL 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CHANGE 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_QUOTA 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_QUOTA 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_PNP 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_PNP_POWER 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CREATE 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_WRITE 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_EA 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_POWER 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_PNP 824757B0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 824757B0
---- Modules - GMER 1.0.10 ----
Module _________ BAF1C000
---- Registry - GMER 1.0.10 ----
Reg \Registry\USER\S-1-5-21-1708537768-1580818891-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{944B59D3-472C-FDE5-A597-B20DD753B648}@kajbalgiobfmnjllnedbhe 0x62 0x61 0x6C 0x6B ...
Reg \Registry\USER\S-1-5-21-1708537768-1580818891-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A85AE12A-A0B0-47EB-AF23-D8483DCD82F2}@kafdgbdjnbenbannjffemg 0x62 0x61 0x6C 0x66 ...
---- Files - GMER 1.0.10 ----
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\WINDOWS\system32\clock$.sve
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{0C4225A8-0BC9-4F35-A500-29EFB5732EB1}
File D:\System Volume Information\_restore{4540C112-5E04-4FE9-BF85-BCB6BF154F46}
File D:\System Volume Information\_restore{D40FE6BC-E6CA-41E8-B2A5-A5E757FA04C5}
File D:\System Volume Information\_restore{E18508D0-EFFF-49EC-87BD-684F01FC5002}
---- EOF - GMER 1.0.10 ----
Ciao,esegui queste operazioni
scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento
Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in rosso
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\SysVxk
Files to delete:
C:\WINDOWS\system32\clock$.sve
C:\Programmi\File comuni\System\CkJE.exe
Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente
Una volta riavviato il pc,collegati e posta il contenuto del file C:\Avenger.txt
Una volta riavviato,apri il prompt dos(start>esegui digita cmd nella casella e clicca ok)
digita:
cd C:\programmi\file comuni\system <----dai l'invio
dir > c:\files.txt <----dai l'invio
cd C:\Programmi\File comuni\Microsoft Shared <----dai l'invio
dir > c:\files1.txt <----dai l'invio
Apri C:\ dovresti avere il file files.txt e files1.txt per piacere posta il contenuto dei 2 files
file avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\smchpkai
*******************
Script file located at: \??\C:\Documents and Settings\aobhpbye.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Registry key HKLM\SYSTEM\CurrentControlSet\Services\SysVxk deleted successfully.
File C:\WINDOWS\system32\clock$.sve deleted successfully.
File C:\Programmi\File comuni\System\CkJE.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Completed script processing.
*******************
Finished! Terminate.
files.txt
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: A8E3-7787
Directory di C:\Programmi\File comuni\System
23/08/2006 16.18 <DIR> .
23/08/2006 16.18 <DIR> ..
03/09/2005 13.52 <DIR> ado
19/08/2004 15.39 197.120 Aku.exe
19/08/2004 15.39 103.936 aQOUib.exe
19/08/2004 15.39 81.408 directdb.dll
19/08/2004 15.39 137.216 fzq.exe
19/08/2004 15.39 147.968 gNQ.exe
03/09/2005 13.52 <DIR> msadc
19/08/2004 15.39 118.272 MVtO.exe
02/10/2005 20.33 <DIR> Ole DB
19/08/2004 15.39 179.200 qHs.exe
19/08/2004 15.39 504.832 wab32.dll
19/08/2004 15.38 254.976 wab32res.dll
19/08/2004 15.39 179.200 wpgw.exe
19/08/2004 15.39 96.768 xubYB.exe
11 File 2.000.896 byte
5 Directory 955.940.864 byte disponibili
files1.txt
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: A8E3-7787
Directory di C:\Programmi\File comuni\Microsoft Shared
03/06/2006 12.30 <DIR> .
03/06/2006 12.30 <DIR> ..
07/12/2005 13.32 <DIR> DAO
02/10/2005 20.33 <DIR> DW
03/09/2005 12.19 <DIR> Elementi decorativi
02/10/2005 21.06 <DIR> EQUATION
02/10/2005 20.33 <DIR> EURO
02/10/2005 20.33 <DIR> GRPHFLT
02/10/2005 20.33 <DIR> INK
02/10/2005 20.32 <DIR> MODI
02/10/2005 20.33 <DIR> MSClientDataMgr
02/10/2005 20.32 <DIR> MSInfo
02/10/2005 20.33 <DIR> MSORUN
03/06/2006 12.51 <DIR> NoteSync Forms
02/10/2005 20.33 <DIR> OFFICE11
02/10/2005 20.33 <DIR> Portal
19/07/2006 09.24 <DIR> PROOF
02/10/2005 20.33 <DIR> Smart Tag
02/10/2005 20.33 <DIR> Source Engine
03/09/2005 12.57 <DIR> Speech
02/10/2005 20.33 <DIR> TextConv
02/10/2005 20.33 <DIR> THEMES11
03/09/2005 12.57 <DIR> Triedit
02/10/2005 20.33 <DIR> VBA
03/09/2005 12.57 <DIR> VGX
02/10/2005 20.33 <DIR> Web Components
02/10/2005 20.33 <DIR> Web Folders
02/10/2005 20.33 <DIR> web server extensions
0 File 0 byte
28 Directory 955.936.768 byte disponibili
Ciao,scarica questo tool da qui
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP
Avvia il programma,clicca su Start
Attendi e si apre una finestra(tipo risorse del computer)
Clicca sul disco C:\
scorri l'albero fino a questo percorso
C:\Programmi\File comuni\System
Adesso seleziona il file Aku.exe
Una finestra si aprirà "File LvY.exe selected for cleaning."
Do you want to continue?"
Clicca su Yes
Ripeti la medesima operazione per questi files
aQOUib.exe
fzq.exe
gNQ.exe
MVtO.exe
qHs.exe
wpgw.exe
xubYB.exe
Riavvia il pc
Al riavvio,clicca su start>esegui nella casellina digita control userpasswords2 clicca su ok
Ti si apre una schermata,mi dici i nomi presenti(aspnet,administrator ecc)
Un piccolo piacere(se puoi)
Mi ca potresti inviarmi l'archivio in rosso C:\Avenger\backup.zip
lo puoi inviare qui
http://www.suspectfile.com/
Grazie
mi appaiono i seguenti nomi
Administrator
Alessandro
Guest
rSDYOK
Immagino di dover eliminare quest'ultimo...
Eccoti il file che mi hai chiesto...
http://www.megaupload.com/?d=JJDY0HJM
Senti mi potresti spiegare cosa abbiamo fatto?? Mi piacerebbe capire così magari posso aiutare anche io...
Grazie
Si,devi selezionare l'account ed cliccare su "Rimuovi",abbiamo eliminato il servizio aggiunto dal malware e tutti i files a lui collegati,grazie mille per il file
Si,devi selezionare l'account ed cliccare su "Rimuovi",abbiamo eliminato il servizio aggiunto dal malware e tutti i files a lui collegati,grazie mille per il file
Questo lo avevo capito... volevo sapere come si fa a capire dai log sopra che c'è un malware e quali sono i file infetti...
Grazie
Bellissima domanda :D
Purtroppo la risposta c'è ma è molto vaga,google è un buon amico in questi casi
Ok grazie lo stesso... cmq nel mio log quali sono le righe di troppo?? Dal primo log come hai fatto a capire che sono infetto da linkoptimizer
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.