|
|||||||
|
|
|
 |
|
|
Strumenti |
02-02-2009, 21:58
|
#1 |
|
Senior Member
Iscritto dal: Mar 2002
Messaggi: 347
|
windows update e siti microsoft non raggiungibili
ciao a tutti, ho da poco fatto l'aggiornamento di windows da sp2 a sp3 e nel frattempo devo essermi beccato qualche virus in quanto ora non mi apre più il sito di windowsupdatre, quello della microsoft e diversi altri siti (in particolar modo la maggior parte dei siti di antivirus, antispyware e software vari di questo genere)
il log di hijackthis sembra pulito... qualcuno sa di che virus si può trattare e come procedo per rintracciarlo ed eliminarlo? 
|
|
|
02-02-2009, 23:31
|
#2 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
1 Disabilita il ripristino configurazione sistema -->> http://www.hwupgrade.it/forum/showthread.php?t=1599737
2 Fai pulizia con ATF Cleaner -->> http://www.hwupgrade.it/forum/showthread.php?t=1599737 3 Scarica questo Tool f-downadup sul DeskTop scompattalo direttamente nella Directory C:\ Da Start - Esegui - digita f-downadup.exe --disinfect e clicca su OK Attendi pazientemente ed al termine riavvia il PC, il log per il controllo lo trovi in C:\Windows\temp 4 Fai girare questo tool http://download.bleepingcomputer.com/sUBs/ComboFix.exe Doppio click su combofix.exe e segui le istruzioni Allegare il log C:\combofix.txt N.B.: Durante la scansione verranno creati alcuni file sul desktop e poi eliminati - spariranno tutte le icone del desktop - il firewall potrebbe avvisare che verranno rimossi alcuni driver (consentire) ComboFix deve essere eseguito a macchina dedicata - disconnessi dalla rete, disabilitando momentaneamente i realtime dei software di sicurezza 5 Scansione completa con A-Squared come indicato qui -->> http://www.hwupgrade.it/forum/showthread.php?t=1599737 al Punto 3 NB: è assolutamente consigliato scaricare i tool sopra indicati e seguire la procedura offline Allega i log secondo le modalità indicate nelle Regole di sezione che ho in firma
__________________
Try again and you will be luckier.
|
|
|
|
12-05-2009, 10:19
|
#3 | ||||||
|
Utente sospeso
Iscritto dal: Jul 2002
Città: Avellino
Messaggi: 1784
|
Quote:
Quote:
Quote:
ma se necessario lo eseguo di nuovo Quote:
Quote:
Ho messo in quarantena soltanto gli elementi ad alto rischioquarantine.txt, riproverò rimuovendo tutto, perché non è bastato a ripristinare il corretto funzionamento del PC. Quote:
__________________
Su questo forum mi aspetterei che tutti siano disposti a scambiare con Bitcoin e .tu no?!?! Ultima modifica di LAj : 12-05-2009 alle 10:25. |
||||||
|
|
|
12-05-2009, 10:30
|
#4 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Allega un log di Gmer come indicato al Punto 8 della presente Guida http://www.hwupgrade.it/forum/showthread.php?t=1599737
__________________
Try again and you will be luckier.
|
|
|
|
13-05-2009, 09:34
|
#5 |
|
Utente sospeso
Iscritto dal: Jul 2002
Città: Avellino
Messaggi: 1784
|
Grazie Chill-Out,
questo è il log che mi avevi chiesto, penso che ci sia tanta carne a cuocere ...come procedere? Ho bisogno di avenger o posso riprovare con A-square ? Codice:
GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-05-13 09:28:58 Windows 5.1.2600 Service Pack 3 ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\svchost.exe[876] ntdll.dll!NtQueryInformationProcess 7C91D7E0 3 Bytes JMP 00929DC2 .text C:\WINDOWS\System32\svchost.exe[876] ntdll.dll!NtQueryInformationProcess + 4 7C91D7E4 1 Byte [84] .text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes JMP 01C19DC2 .text C:\WINDOWS\System32\svchost.exe[944] NETAPI32.dll!NetpwPathCanonicalize 5BC7A3A9 5 Bytes JMP 01C19D62 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01957376] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Thunderbird\thunderbird.exe[3844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019573CC] C:\Programmi\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) ---- Services - GMER 1.0.15 ---- Service C:\Programmi\File comuni\Services\Obo.exe (*** hidden *** ) [AUTO] SecLwd <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] zdebv <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\SecLwd@Type 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\SecLwd@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\SecLwd@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\SecLwd@ImagePath "C:\Programmi\File comuni\Services\Obo.exe" Reg HKLM\SYSTEM\CurrentControlSet\Services\SecLwd@DisplayName SecLwd Reg HKLM\SYSTEM\CurrentControlSet\Services\SecLwd@ObjectName .\BCMwuscaUfcganXx Reg HKLM\SYSTEM\CurrentControlSet\Services\SecLwd@Description Assicura la sincronizzazione data e ora su tutti i client e i server della rete. Se il servizio viene interrotto, la sincronizzazione data e ora non sar? disponibile. Se questo servizio ? disattivato, non potr? essere avviato alcun servizio che dipende direttamente da esso. Reg HKLM\SYSTEM\CurrentControlSet\Services\SecLwd\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\SecLwd\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\zdebv@DisplayName Config Server Reg HKLM\SYSTEM\CurrentControlSet\Services\zdebv@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\Services\zdebv@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\zdebv@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\zdebv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\CurrentControlSet\Services\zdebv@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\zdebv@Description Archivia le informazioni di protezione per gli account utenti locali. Reg HKLM\SYSTEM\CurrentControlSet\Services\zdebv\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\zdebv\Parameters@ServiceDll C:\WINDOWS\system32\axwskll.dll Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd@Type 16 Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd@ImagePath "C:\Programmi\File comuni\Services\prF.exe" Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd@DisplayName SecLwd Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd@ObjectName .\BCMwuscaUfcganXx Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd@Description Assicura la sincronizzazione data e ora su tutti i client e i server della rete. Se il servizio viene interrotto, la sincronizzazione data e ora non sar? disponibile. Se questo servizio ? disattivato, non potr? essere avviato alcun servizio che dipende direttamente da esso. Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd\Security Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Current State 0 Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Log Type 0 Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Collection Name Anteprima di sistema Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Collection Name Indirect @C:\WINDOWS\System32\smlogcfg.dll,-731 Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Counter List \Processor(_Total)\% Processor Time?\Memory\Pages/sec?\PhysicalDisk(_Total)\Avg. Disk Queue Length? Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Comment Il registro campione presenta un'anteprima delle prestazioni del sistema. Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Commento indiretto @C:\WINDOWS\System32\smlogcfg.dll,-735 Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@RealTime DataSource 1 Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Log File Max Size -1 Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Attributi archivio dati 33 Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Log File Base Name System_Overview Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Nome di base del file di registro indiretto @C:\WINDOWS\System32\smlogcfg.dll,-744 Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Sql Log Base Name SQL:!Anteprima di sistema Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Log File Serial Number 1 Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Log File Folder C:\PerfLogs Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Log File Auto Format -1 Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Log File Type 2 Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@ExecuteOnly 1 Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd@Type 16 Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd@ImagePath "C:\Programmi\File comuni\Services\Obo.exe" Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd@DisplayName SecLwd Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd@ObjectName .\BCMwuscaUfcganXx Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd@Description Assicura la sincronizzazione data e ora su tutti i client e i server della rete. Se il servizio viene interrotto, la sincronizzazione data e ora non sar? disponibile. Se questo servizio ? disattivato, non potr? essere avviato alcun servizio che dipende direttamente da esso. Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd\Security Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet004\Services\SecLwd@Type 16 Reg HKLM\SYSTEM\ControlSet004\Services\SecLwd@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\SecLwd@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\SecLwd@ImagePath "C:\Programmi\File comuni\Services\Obo.exe" Reg HKLM\SYSTEM\ControlSet004\Services\SecLwd@DisplayName SecLwd Reg HKLM\SYSTEM\ControlSet004\Services\SecLwd@ObjectName .\BCMwuscaUfcganXx Reg HKLM\SYSTEM\ControlSet004\Services\SecLwd@Description Assicura la sincronizzazione data e ora su tutti i client e i server della rete. Se il servizio viene interrotto, la sincronizzazione data e ora non sar? disponibile. Se questo servizio ? disattivato, non potr? essere avviato alcun servizio che dipende direttamente da esso. Reg HKLM\SYSTEM\ControlSet004\Services\SecLwd\Security Reg HKLM\SYSTEM\ControlSet004\Services\SecLwd\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet004\Services\zdebv@DisplayName Config Server Reg HKLM\SYSTEM\ControlSet004\Services\zdebv@Type 32 Reg HKLM\SYSTEM\ControlSet004\Services\zdebv@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\zdebv@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\zdebv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet004\Services\zdebv@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet004\Services\zdebv@Description Archivia le informazioni di protezione per gli account utenti locali. Reg HKLM\SYSTEM\ControlSet004\Services\zdebv\Parameters Reg HKLM\SYSTEM\ControlSet004\Services\zdebv\Parameters@ServiceDll C:\WINDOWS\system32\axwskll.dll Reg HKLM\SOFTWARE\Classes\Applications\AcroRd32.exe\shell\open Reg HKLM\SOFTWARE\Classes\Applications\AcroRd32.exe\shell\open\command Reg HKLM\SOFTWARE\Classes\Applications\AcroRd32.exe\shell\open\command@ "C:\Programmi\Adobe\Acrobat 5.0\Reader\AcroRd32.exe" "%1" Reg HKLM\SOFTWARE\Classes\Applications\AcroRd32.exe\shell\print Reg HKLM\SOFTWARE\Classes\Applications\AcroRd32.exe\shell\printto Reg HKLM\SOFTWARE\Classes\Applications\openfile.bat\shell\open Reg HKLM\SOFTWARE\Classes\Applications\openfile.bat\shell\open\command Reg HKLM\SOFTWARE\Classes\Applications\openfile.bat\shell\open\command@ e:\Program Files\s1studio\me\bin\openfile.bat "%1" Reg HKLM\SOFTWARE\Classes\Applications\PBE.exe\shell\open Reg HKLM\SOFTWARE\Classes\Applications\PBE.exe\shell\open\command Reg HKLM\SOFTWARE\Classes\Applications\PBE.exe\shell\open\command@ "C:\Programmi\PhotoDeluxe VA 1.0\PBE.exe" "%1" Reg HKLM\SOFTWARE\Classes\Applications\Poseidon for UML.exe\shell\open Reg HKLM\SOFTWARE\Classes\Applications\Poseidon for UML.exe\shell\open\command Reg HKLM\SOFTWARE\Classes\Applications\Poseidon for UML.exe\shell\open\command@ "C:\Programmi\PoseidonCE2\Poseidon for UML.exe" "%1" Reg HKLM\SOFTWARE\Classes\CLSID\{119F01C5-E62B-11d2-AB3E-00C04FA3014E}\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb} Reg HKLM\SOFTWARE\Classes\MSWC.PageCounter\CLSID@ {EF88CA72-B840-11D0-8B40-00C0F00AE35A} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop@Upgrade 1 Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@Mode 1 Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos1024x768(1).x 0 Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos1024x768(1).y 0 Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@Sort 0 Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@SortDir 1 Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@Col 0 Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ColInfo 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@FFlags 548 Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos800x600(1).x 0 Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos800x600(1).y 0 Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ItemPos1024x768(1) 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ItemPos800x600(1) 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos1152x864(1).x 0 Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos1152x864(1).y 0 Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ItemPos1152x864(1) 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos640x480(1).x 0 Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos640x480(1).y 0 Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ItemPos640x480(1) 0x00 0x00 0x00 0x00 ... ---- EOF - GMER 1.0.15 ----
__________________
Su questo forum mi aspetterei che tutti siano disposti a scambiare con Bitcoin e .tu no?!?! |
|
|
|
13-05-2009, 11:07
|
#6 | |
|
Senior Member
Iscritto dal: Dec 2007
Città: Brianza
Messaggi: 14704
|
Quote:
__________________
fattoebloggato.com • Trattamento post disinfezione • Recupero dati, RAID e Partizioni • Guida UBCD4Win • Test RAM • Controllo Disco • TestDisk • Operazioni di emergenza • Live cd Linux • UBCD • Backup • Gestione ISO & immagini virtuali • Partizionare un disco • Sardu • ScreenRecording • |
|
|
|
|
13-05-2009, 11:24
|
#7 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Nello Script alla voce Registry mancano queste chiavi (per il momento)
Quote:
__________________
Try again and you will be luckier.
|
|
|
|
|
13-05-2009, 11:40
|
#8 | |
|
Utente sospeso
Iscritto dal: Jul 2002
Città: Avellino
Messaggi: 1784
|
Quote:
__________________
Su questo forum mi aspetterei che tutti siano disposti a scambiare con Bitcoin e .tu no?!?! |
|
|
|
|
13-05-2009, 11:44
|
#9 |
|
Senior Member
Iscritto dal: Dec 2007
Città: Brianza
Messaggi: 14704
|
queste forse potresti conoscerla vedendo i 2 eseguibili che vengono richiamati
Codice:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.0.0.28#f] \Shell\AutoRun\command - X:\showme1.exe \Shell\install\command - X:\Setup.exe questa secondo me è sicuramente infetta Codice:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##server_tc2120#C$] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
__________________
fattoebloggato.com • Trattamento post disinfezione • Recupero dati, RAID e Partizioni • Guida UBCD4Win • Test RAM • Controllo Disco • TestDisk • Operazioni di emergenza • Live cd Linux • UBCD • Backup • Gestione ISO & immagini virtuali • Partizionare un disco • Sardu • ScreenRecording • |
|
|
|
13-05-2009, 12:17
|
#10 | ||
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
Quote:
__________________
Try again and you will be luckier.
Ultima modifica di Chill-Out : 13-05-2009 alle 12:22. |
||
|
|
|
13-05-2009, 13:12
|
#11 | ||
|
Utente sospeso
Iscritto dal: Jul 2002
Città: Avellino
Messaggi: 1784
|
Quote:
e non trovo questi file nè su 10.0.0.28 ne nel vecchio percorso di X: Quote:
anche questa macchina è infetta! Ok Chill-Out, eseguo!
__________________
Su questo forum mi aspetterei che tutti siano disposti a scambiare con Bitcoin e .tu no?!?! |
||
|
|
|
13-05-2009, 16:29
|
#12 | |
|
Utente sospeso
Iscritto dal: Jul 2002
Città: Avellino
Messaggi: 1784
|
Quote:
ed il nuovo log di Gmer, che non presenta linee rosse, infatti il sito Microsoft è nuovamente raggiungibile GRAZIE!!! : Codice:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-13 16:29:31
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code \??\C:\DOCUME~1\romano\IMPOST~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
? Combo-Fix.sys Impossibile trovare il file specificato. !
? C:\DOCUME~1\romano\IMPOST~1\Temp\catchme.sys Impossibile trovare il file specificato. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Impossibile trovare il file specificato. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd@Type 16
Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd@ImagePath "C:\Programmi\File comuni\Services\prF.exe"
Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd@DisplayName SecLwd
Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd@ObjectName .\BCMwuscaUfcganXx
Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd@Description Assicura la sincronizzazione data e ora su tutti i client e i server della rete. Se il servizio viene interrotto, la sincronizzazione data e ora non sar? disponibile. Se questo servizio ? disattivato, non potr? essere avviato alcun servizio che dipende direttamente da esso.
Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd\Security
Reg HKLM\SYSTEM\ControlSet002\Services\SecLwd\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Current State 0
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Log Type 0
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Collection Name Anteprima di sistema
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Collection Name Indirect @C:\WINDOWS\System32\smlogcfg.dll,-731
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Counter List \Processor(_Total)\% Processor Time?\Memory\Pages/sec?\PhysicalDisk(_Total)\Avg. Disk Queue Length?
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Comment Il registro campione presenta un'anteprima delle prestazioni del sistema.
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Commento indiretto @C:\WINDOWS\System32\smlogcfg.dll,-735
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@RealTime DataSource 1
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Log File Max Size -1
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Attributi archivio dati 33
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Log File Base Name System_Overview
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Nome di base del file di registro indiretto @C:\WINDOWS\System32\smlogcfg.dll,-744
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Sql Log Base Name SQL:!Anteprima di sistema
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Log File Serial Number 1
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Log File Folder C:\PerfLogs
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Log File Auto Format -1
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@Log File Type 2
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{220582b5-a05e-423b-a0bd-3af2f27aa2cf}@ExecuteOnly 1
Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd@Type 16
Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd@ImagePath "C:\Programmi\File comuni\Services\Obo.exe"
Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd@DisplayName SecLwd
Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd@ObjectName .\BCMwuscaUfcganXx
Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd@Description Assicura la sincronizzazione data e ora su tutti i client e i server della rete. Se il servizio viene interrotto, la sincronizzazione data e ora non sar? disponibile. Se questo servizio ? disattivato, non potr? essere avviato alcun servizio che dipende direttamente da esso.
Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd\Security
Reg HKLM\SYSTEM\ControlSet003\Services\SecLwd\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SOFTWARE\Classes\Applications\AcroRd32.exe\shell\open
Reg HKLM\SOFTWARE\Classes\Applications\AcroRd32.exe\shell\open\command
Reg HKLM\SOFTWARE\Classes\Applications\AcroRd32.exe\shell\open\command@ "C:\Programmi\Adobe\Acrobat 5.0\Reader\AcroRd32.exe" "%1"
Reg HKLM\SOFTWARE\Classes\Applications\AcroRd32.exe\shell\print
Reg HKLM\SOFTWARE\Classes\Applications\AcroRd32.exe\shell\printto
Reg HKLM\SOFTWARE\Classes\Applications\openfile.bat\shell\open
Reg HKLM\SOFTWARE\Classes\Applications\openfile.bat\shell\open\command
Reg HKLM\SOFTWARE\Classes\Applications\openfile.bat\shell\open\command@ e:\Program Files\s1studio\me\bin\openfile.bat "%1"
Reg HKLM\SOFTWARE\Classes\Applications\PBE.exe\shell\open
Reg HKLM\SOFTWARE\Classes\Applications\PBE.exe\shell\open\command
Reg HKLM\SOFTWARE\Classes\Applications\PBE.exe\shell\open\command@ "C:\Programmi\PhotoDeluxe VA 1.0\PBE.exe" "%1"
Reg HKLM\SOFTWARE\Classes\Applications\Poseidon for UML.exe\shell\open
Reg HKLM\SOFTWARE\Classes\Applications\Poseidon for UML.exe\shell\open\command
Reg HKLM\SOFTWARE\Classes\Applications\Poseidon for UML.exe\shell\open\command@ "C:\Programmi\PoseidonCE2\Poseidon for UML.exe" "%1"
Reg HKLM\SOFTWARE\Classes\CLSID\{119F01C5-E62B-11d2-AB3E-00C04FA3014E}\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\MSWC.PageCounter\CLSID@ {EF88CA72-B840-11D0-8B40-00C0F00AE35A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop@Upgrade 1
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@Mode 1
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos1024x768(1).x 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos1024x768(1).y 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@Sort 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@SortDir 1
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@Col 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ColInfo 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@FFlags 548
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos800x600(1).x 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos800x600(1).y 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ItemPos1024x768(1) 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ItemPos800x600(1) 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos1152x864(1).x 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos1152x864(1).y 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ItemPos1152x864(1) 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos640x480(1).x 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos640x480(1).y 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ItemPos640x480(1) 0x00 0x00 0x00 0x00 ...
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\KB960803.log 2931 bytes
File C:\WINDOWS\LastGood 0 bytes
File C:\WINDOWS\LastGood\INF 0 bytes
File C:\WINDOWS\LastGood\INF\oem47.inf 0 bytes
File C:\WINDOWS\LastGood\INF\oem47.PNF 0 bytes
---- EOF - GMER 1.0.15 ----
__________________
Su questo forum mi aspetterei che tutti siano disposti a scambiare con Bitcoin e .tu no?!?! Ultima modifica di LAj : 13-05-2009 alle 16:32. |
|
|
|
|
13-05-2009, 16:43
|
#13 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Ciao, riallega il log di Combo perchè è un geroglifico ed anche quello di Gmer altrimenti divento matto a controllarlo, thx
__________________
Try again and you will be luckier.
Ultima modifica di Chill-Out : 13-05-2009 alle 17:05. |
|
|
|
13-05-2009, 18:10
|
#14 |
|
Utente sospeso
Iscritto dal: Jul 2002
Città: Avellino
Messaggi: 1784
|
ComboFix.txt
Rootkit scan 2009-05-13.txt Questi dovrebbero andar bene. Una domanda, anzi due: posso far girare ComboFix e Gmer su Windows 2003 Server? e quale dei tool indicati sopra posso evitare per ridurre al minimo i tempi di inattività/disconnessione del server? ( va be', a questa mi sa che mi rispondo da solo: "ditemi pure cos'altro mi consigliate di far girare  )
__________________
Su questo forum mi aspetterei che tutti siano disposti a scambiare con Bitcoin e .tu no?!?! Ultima modifica di LAj : 13-05-2009 alle 18:31. |
|
|
|
13-05-2009, 21:30
|
#15 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Adesso è necessario installare la Patch correttiva http://www.microsoft.com/technet/sec.../ms08-068.mspx, successivamente fai girare Prevx 3.0 come indicato al Punto 9 della presente Guida http://www.hwupgrade.it/forum/showthread.php?t=1599737 in quanto non credo che Kido sia l'unico opsite illustre di questo PC
Su Win Server 2003 puoi seguire la stessa Guida
__________________
Try again and you will be luckier.
Ultima modifica di Chill-Out : 14-05-2009 alle 09:03. |
|
|
|
14-05-2009, 10:25
|
#16 |
|
Utente sospeso
Iscritto dal: Jul 2002
Città: Avellino
Messaggi: 1784
|
[B]SECONDO PC CON WIN-XP SP3[/B]
Buongiorno Chill-Out, buongiorno wjmat,
pur essendo tremendamente impressionato ed affascinato dalle vostre capacità di risoluzione e padroneggiare situazioni critiche non ho ancora le competenze per pensare di fare da solo. Ora vado ad eseguire PREVEX come da te consigliato, nel frattempo, però sono alle prese con un altro PC che non vuole eseguire f-donwadup e Gmer. Sperando che non si generi confusione lascio qui il log di ComboFix del secondo PC ComboFix.txt
__________________
Su questo forum mi aspetterei che tutti siano disposti a scambiare con Bitcoin e .tu no?!?! Ultima modifica di LAj : 14-05-2009 alle 10:28. |
|
|
|
14-05-2009, 10:28
|
#17 |
|
Senior Member
Iscritto dal: Dec 2007
Città: Brianza
Messaggi: 14704
|
non vedo i link
__________________
fattoebloggato.com • Trattamento post disinfezione • Recupero dati, RAID e Partizioni • Guida UBCD4Win • Test RAM • Controllo Disco • TestDisk • Operazioni di emergenza • Live cd Linux • UBCD • Backup • Gestione ISO & immagini virtuali • Partizionare un disco • Sardu • ScreenRecording • |
|
|
|
14-05-2009, 10:36
|
#18 |
|
Utente sospeso
Iscritto dal: Jul 2002
Città: Avellino
Messaggi: 1784
|
per la seconda volta ho perso il log di a-squared
__________________
Su questo forum mi aspetterei che tutti siano disposti a scambiare con Bitcoin e .tu no?!?! |
|
|
|
14-05-2009, 11:01
|
#19 | |
|
Utente sospeso
Iscritto dal: Jul 2002
Città: Avellino
Messaggi: 1784
|
Quote:
__________________
Su questo forum mi aspetterei che tutti siano disposti a scambiare con Bitcoin e .tu no?!?! |
|
|
|
|
14-05-2009, 11:03
|
#20 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 22:28.
