|
|||||||
|
|
|
 |
|
|
Strumenti |
15-12-2011, 18:57
|
#1 |
|
Senior Member
Iscritto dal: Dec 2000
Città: Trasacco [Marsica AQ]- Montesilvano.
Messaggi: 2521
|
Sono messo male
Ho riacceso il mio desktop dopo molto tempo (circa 1 anno), il tempo di dargli un'occhiata e sistemarlo che ho beccato un worm , avevo kaspersky non aggiornato e con licensa scaduto, non è riuscito a fare nulla, mi dava 3 file .exe uno probabilmente su acr32.exe , avevo la 6.0 molto vecchia, e due file exe in c:\doc...\users ecc ecc.exe
Mi ha installato un'utility di scan e bloccato tutto il pc, non ho più la yzdock nè i programmi, nulla scomparso tutto, tempo che mi abbia cancellato tutto, non ci posso credere che me l'abbiano fatta! Non ho ravviato ma chiuso subito il pc, ho provato subito con Kav rescue disk e con Avira disk ma non mi leggono l'hd dell'os che ho in raid 0 su serial ata! Il 1 problema è quindi far leggere il serial ata raid 0 dell'os a un disco di ripristino! Non ho voglia di far partire l'ìos, potrebbe prendermi lo scoramento, avevo una config fatta davvero bene e non ho voglia di perderla quindi tenterò il tutto per tutto per recuperare e fixare il virus! Vi chiedo come aiuto come poter far partire un tool su raid0 serial ata! thx mille spero mi aiutiate Me l'han fatta grossa 'sti bastardi
__________________
Follow The Sign! LimiT Clan My Secondary Mail -- Search Me On MSN Ora e Per Sempre Forza Toro Fratelli Granata |
|
|
15-12-2011, 19:29
|
#2 |
|
Senior Member
Iscritto dal: Dec 2000
Città: Trasacco [Marsica AQ]- Montesilvano.
Messaggi: 2521
|
Mi sono beccato il system fix
 
__________________
Follow The Sign! LimiT Clan My Secondary Mail -- Search Me On MSN Ora e Per Sempre Forza Toro Fratelli Granata |
|
|
|
15-12-2011, 19:50
|
#3 |
|
Member
Iscritto dal: Jun 2011
Messaggi: 202
|
Ciao, se è system fix segui questa guida:http://www.hwupgrade.it/forum/showthread.php?t=1789446
|
|
|
|
15-12-2011, 20:16
|
#4 |
|
Senior Member
Iscritto dal: Dec 2000
Città: Trasacco [Marsica AQ]- Montesilvano.
Messaggi: 2521
|
Grazie, avevo trovato trojan killer ma costa 29€....
quei prog. li ho tutti, speriamo di risolvere Trojan Killer [ Christmas Edition ] v.2.1.1.3 Report file date: 15/12/2011 20.52.46 Scanning for 476874 virus strains and unwanted programs. Licensed: UNREGISTERED Windows version: Microsoft Windows XP (version 5.1) Username: Kis Computer name: MAD-6JPCCQLT6YH Starting the file scan: Hijack.NoDesktop - fixed Hijack.DisableTaskMgr - fixed Hijack.DisableTaskMgr - fixed Startup collected BHO plugins collected Service collected ActiveX collected Files collected Scanning process... ----- %systemroot%\system32\msjava.dll ---- ActiveX Threat Microsoft VM ----- C:\Documents and Settings\Kis\Menu Avvio\Programmi\system fix\system fix.lnk ---- General Rogue.SystemFix MD5: 52478FF55B29DF5433E0221625DE5286:860 EP: 00 SEC: ----- C:\Documents and Settings\All Users\Dati applicazioni\23jrkOHMbdDCpE.exe ---- General Rogue.SystemFix MD5: CB9A77D964DA4C662C8A7021BE8546D8:351368 RIC: C6C09AC432E1E1F93F80EEC3BDD09BA7:15032 EP: 55 8B EC 6A FF 68 10 51 40 00 68 D4 28 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 5C 50 40 00 33 D2 8A D4 89 15 C0 48 48 00 8B C8 81 E1 FF 00 00 00 89 0D BC SEC: .text:60000020:14CC07C9B59FAA2D0DA79618E611DAE7:14336 .rdata:40000040:E245C4B52A1608CC1BACC318C3A5B805:3584 .data:C0000040:79A74DAEC4BEF3BC24C4B8136AE23955:4608 ukl:C0000040:5A7994A9D64B8AC5CF2A4F5E8898F630:201216 qplsnf:C0000040  DF2EC9D57F74589E81CF4A0F253838F:103936.rsrc:40000040:80C7C6B5F9C72CA8452983C19C7D8418:17408 .reloc:42000040:B49F3750FA66959BBE08726500967336:4096 ----- C:\Documents and Settings\Kis\Menu Avvio\Programmi\system fix\uninstall system fix.lnk ---- General Rogue.SystemFix MD5: 1C1B1D013B4CA513E6DBA968D6FEBB4F:932 EP: 00 SEC: ----- C:\Documents and Settings\All Users\Dati applicazioni\23jrkOHMbdDCpE.exe ---- General Rogue.SystemFix MD5: CB9A77D964DA4C662C8A7021BE8546D8:351368 RIC: C6C09AC432E1E1F93F80EEC3BDD09BA7:15032 EP: 55 8B EC 6A FF 68 10 51 40 00 68 D4 28 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 5C 50 40 00 33 D2 8A D4 89 15 C0 48 48 00 8B C8 81 E1 FF 00 00 00 89 0D BC SEC: .text:60000020:14CC07C9B59FAA2D0DA79618E611DAE7:14336 .rdata:40000040:E245C4B52A1608CC1BACC318C3A5B805:3584 .data:C0000040:79A74DAEC4BEF3BC24C4B8136AE23955:4608 ukl:C0000040:5A7994A9D64B8AC5CF2A4F5E8898F630:201216 qplsnf:C0000040 DF2EC9D57F74589E81CF4A0F253838F:103936.rsrc:40000040:80C7C6B5F9C72CA8452983C19C7D8418:17408 .reloc:42000040:B49F3750FA66959BBE08726500967336:4096 ----- C:\Documents and Settings\Kis\Desktop\system fix.lnk ---- General fakeOptimizer.x.SystemFix MD5: 2934FB338B591EBDEB503F898FF75634:848 EP: 00 SEC: ----- C:\Documents and Settings\All Users\Dati applicazioni\23jrkOHMbdDCpE.exe ---- General fakeOptimizer.x.SystemFix MD5: CB9A77D964DA4C662C8A7021BE8546D8:351368 RIC: C6C09AC432E1E1F93F80EEC3BDD09BA7:15032 EP: 55 8B EC 6A FF 68 10 51 40 00 68 D4 28 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 5C 50 40 00 33 D2 8A D4 89 15 C0 48 48 00 8B C8 81 E1 FF 00 00 00 89 0D BC SEC: .text:60000020:14CC07C9B59FAA2D0DA79618E611DAE7:14336 .rdata:40000040:E245C4B52A1608CC1BACC318C3A5B805:3584 .data:C0000040:79A74DAEC4BEF3BC24C4B8136AE23955:4608 ukl:C0000040:5A7994A9D64B8AC5CF2A4F5E8898F630:201216 qplsnf:C0000040 DF2EC9D57F74589E81CF4A0F253838F:103936.rsrc:40000040:80C7C6B5F9C72CA8452983C19C7D8418:17408 .reloc:42000040:B49F3750FA66959BBE08726500967336:4096 ----- C:\Documents and Settings\Kis\Dati applicazioni\microsoft\internet explorer\quick launch\system fix.lnk ---- General Rogue.Win32g.SystemFix MD5: 147322EB78168219D89D62E5E7578F7C:866 EP: 00 SEC: ----- C:\Documents and Settings\All Users\Dati applicazioni\23jrkOHMbdDCpE.exe ---- General Rogue.Win32g.SystemFix MD5: CB9A77D964DA4C662C8A7021BE8546D8:351368 RIC: C6C09AC432E1E1F93F80EEC3BDD09BA7:15032 EP: 55 8B EC 6A FF 68 10 51 40 00 68 D4 28 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 5C 50 40 00 33 D2 8A D4 89 15 C0 48 48 00 8B C8 81 E1 FF 00 00 00 89 0D BC SEC: .text:60000020:14CC07C9B59FAA2D0DA79618E611DAE7:14336 .rdata:40000040:E245C4B52A1608CC1BACC318C3A5B805:3584 .data:C0000040:79A74DAEC4BEF3BC24C4B8136AE23955:4608 ukl:C0000040:5A7994A9D64B8AC5CF2A4F5E8898F630:201216 qplsnf:C0000040 DF2EC9D57F74589E81CF4A0F253838F:103936.rsrc:40000040:80C7C6B5F9C72CA8452983C19C7D8418:17408 .reloc:42000040:B49F3750FA66959BBE08726500967336:4096 ----- C:\WINDOWS\System32\txpui.dll ---- General Packed.SVKP MD5: 2328B5715AD062277C96F7BB39384F65:107520 EP: 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 9D 42 43 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E SEC: :C0000040:9149681EFDB3BC85672F641DB5EC9CE3:28672 :C0000040:4172F7268F1710F70947BE0F22F5C544:4096 :C0000040:1FC5AA2B8EB89CC6316C5A5D2328558A:4096 :C0000040:8EF2FF3AFE01CF9DDA28D1A23CEEFDDE:4096 .selo:C0000040:5667E8758AFD8F87FEE43BB276B268EC:65536 ----- C:\Documents and Settings\Kis\Menu Avvio\Programmi\Benchmark\AquaMark3\AquaMark3.lnk ---- General Packed.SVKP MD5: C4BE8A1F1309C8B83B1B08030C8D26F2:669 EP: 00 SEC: ----- C:\Documents and Settings\Kis\Menu Avvio\Programmi\Codec\DivX\DivX Player\DivX Player.lnk ---- General Mal/Packer!se2 MD5: 3CF659D7590173192414A2FE30A13AE5:785 EP: 00 SEC: ----- C:\Documents and Settings\Kis\Menu Avvio\Programmi\NNscript.lnk ---- General Trojan.Win32!L MD5: 7ED83EC1A3D6B01A9485D2298812FD3C:630 EP: 00 SEC: ----- C:\Documents and Settings\Kis\Menu Avvio\Programmi\Utility\Tweak-XP Pro 3\Tweak-XP Pro 3.lnk ---- General Packed.SVKP MD5: 48DBC353CEB99AA2E4EBCD3B06B0BC5A:1704 EP: 00 SEC: ----- C:\Programmi\AquaMark3\aquamark.exe ---- General Packed.SVKP ProdVer: 3.00 FileVer: 3.00 Name : AquaMark Company: Massive Development GmbH NAC: 215C78624D266FACF6A538B65266D541:32 MD5: 9E5F46D20823CB05C60E0720ED75EAC8:4125696 RIC: 25D28099FF518EF88BA243867BFD266B:3600 EP: 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 9D 42 43 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E SEC: :C0000040:93C5ADD9375DE02E6A2BAF8914C6FE6D:3457024 :C0000040:C069B093B75614974C811F5A286DA351:331776 :C0000040:510EC50467CBF6BB46EAC64AE024D926:266240 :C0000040:FD40D3916937B059DAAA5EC28E67C24C:8192 .aqua:C0000040:33DCC447F51CC50A0E8B4CC80DD636F4:61440 ----- C:\Programmi\DivX\DivX Player\DivX Player.exe ---- General Mal/Packer!se2 MD5: 7BC32831EAB6F44B64466A7A6CBC5161:2358784 EP: 68 01 90 99 00 E8 01 00 00 00 C3 C3 0D A1 6B 91 A9 57 0E 76 43 7A 24 EA 2A F5 20 40 F7 53 5F 24 49 43 FD A4 DF F3 62 87 53 60 32 E1 43 2A 09 4B A6 73 1E 97 E1 B2 1E 31 65 5B 4A FF 4B 21 18 2B C3 SEC: :C0000040:6D39DC95C8A68696A650876C48930C75:1412608 :C0000040:63E0563546368E12D2BF28564C42B97E:418816 :C0000040:2E74E44DAA46F549BAB5729B8A5DC58C:82432 .rsrc:C0000040 36E775ED8FC3A595E2C5845E41E0041:291840.data:C0000040:AC659960A0C65F81C6A5B6EDDB424DF7:152064 .adata:C0000040:00000000000000000000000000000000:0 ----- C:\Programmi\ICQ\DataFiles\externals.exe ---- General Mal/Fraud!se488 MD5: E99873D205B61C696716720BCBD0CFD0:9848 EP: 55 8B EC 6A FF 68 C8 20 40 00 68 10 1F 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 68 53 56 57 89 65 E8 33 DB 89 5D FC 6A 02 FF 15 A8 20 40 00 59 83 0D 54 32 40 00 FF 83 0D 58 32 40 00 SEC: .text:60000020:BD2312A1096266511DF61BCEB19B98B6:4096 .rdata:40000040:779145A1DB8912239C17F7629AA9E7D0:1536 .data:C0000040:123C2D61DB451122E9B80CF65F059909:512 ----- C:\Programmi\NNScript\mirc.exe ---- General Trojan.Win32!L ProdVer: 6.12 FileVer: 6.12 Name : mIRC Company: mIRC Co. Ltd. NAC: 18D9C6D655F7E4BD67665C78FD7B0629:17 MD5: 8DBD2AF735ABC63AD1A1C60D415A5758:1867776 RIC: C2784DD6AC8B8E8D02FEE19149DD6EBA:1040 EP: 6A 60 68 88 16 58 00 E8 27 75 00 00 BF 94 00 00 00 8B C7 E8 3B E3 FF FF 89 65 E8 8B F4 89 3E 56 FF 15 40 41 57 00 8B 4E 10 89 0D 90 1D 5B 00 8B 46 04 A3 9C 1D 5B 00 8B 56 08 89 15 A0 1D 5B 00 8B SEC: .text:60000020:F6483426BCA736D5AB27CDE1B4D63B5B:1519616 .rdata:40000040:3D06DD617E11F4E8F6EB46576657FEAB:86016 .data:C0000040:03FD13CA97CD8D144966C0E418CCC9BF:16384 .rsrc:40000040:C963DC3646BA0FC23E3F2E15278CD846:241664 ----- C:\Programmi\NNScript\script\dlls\popups.dll ---- General not-a-virus MD5: 485A3AEBD984B1460CB27BDD97DDAC88:22528 EP: 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6 75 09 83 3D 20 7F 00 10 00 EB 26 83 FE 01 74 05 83 FE 02 75 22 A1 30 7F 00 10 85 C0 74 09 57 56 53 FF D0 85 C0 74 0C 57 56 53 E8 15 FF FF FF 85 SEC: .text:60000020:77A55B69A2BFEA575600024AED31BDAC:16896 .rdata:40000040:2B5C5A6EC2C34C529CCF93BD184BA71B:2048 .data:C0000040:0CFBF2DE794D140BA08AEE8420950DFB:1024 .reloc:42000040:58EEEAE87B8DB8CA1DC954AC00246720:1536 ----- C:\Programmi\NNScript\script\kte\Kte.dll ---- General MotherboardMonitor MD5: 73FF6259948E6A6FFE088958415A758E:61440 EP: 55 8B EC 8B 45 08 C7 05 30 01 01 10 00 00 00 00 A3 38 01 01 10 FF 15 E0 C0 00 10 68 02 7F 00 00 6A 00 A3 3C 01 01 10 FF 15 DC C0 00 10 A3 34 01 01 10 B8 01 00 00 00 5D C2 0C 00 90 90 90 90 90 55 SEC: .text:60000020:87D02C4F19C729F68BD5552C25E6CE47:42496 .rdata:40000040:F9332EF3EB658053AD309FDDEFD4FF39:7168 .data:C0000040:0F4C92EBA6F1D690BDB9206D5220AE16:8704 .reloc:42000040:BCAA85336F61B9FF6E7EC316C18901B7:2048 ----- C:\Programmi\NNScript\script\mdx\MDX.DLL ---- General not-a-virus ProdVer: 0.91b FileVer: 0.91b Name : mIRC Dialog eXtension (MDX) Company: DragonZap NAC: 8FC5D3CA3764FFFB0DBAC230128711CE:36 MD5: 901479FCE8B78F9030C20A8F7A236E25:42496 EP: 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6 75 09 83 3D 54 B2 00 10 00 EB 26 83 FE 01 74 05 83 FE 02 75 22 A1 5C B2 00 10 85 C0 74 09 57 56 53 FF D0 85 C0 74 0C 57 56 53 E8 15 FF FF FF 85 SEC: .text:60000020:9C2C27E27BF68DB920CD95EA867E3F87:30208 .rdata:40000040:FEEA5A9818BC9735C0AC7642A87A42E0:3584 .data:C0000040:7475CFB96809D00A45B1C999A3967032:2048 .rsrc:40000040:0651AA252F29B2B1E0D91AE4FE20894C:3072 .reloc:42000040:44A5BB78C4CE109E6DEF4B4EB53FDA1F:2560 ----- C:\Programmi\Tweak-XP Pro 3\tweak-xp.exe ---- General Packed.SVKP ProdVer: 3.00.0002 FileVer: 3.00.0002 Name : Tweak-XP™ Pro Company: Totalidea Software, Germany, New Zealand NAC: 3866F2866E23EF95297B4B446793581C:53 MD5: E641BAD0F873231D488EF7E0E5EB5C81:1061888 RIC: 760B504641510529136FB95761839CA1:25064 EP: 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 9D 42 43 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E SEC: :C0000040:B17CCAB551F330043C9366C3C48E837B:950272 :C0000040:00000000000000000000000000000000:0 :C0000040:3BFC548B82515B010A411F4A4662CE19:45056 .selo:C0000040:F80E5ABE40D250A87C0500C2AD583FD4:65536 Scan completed! Scan result: 19 detected items Scan completed in: Scan completed in 11 minute(s) 43 sec. Files were scanned: 10793
__________________
Follow The Sign! LimiT Clan My Secondary Mail -- Search Me On MSN Ora e Per Sempre Forza Toro Fratelli Granata |
|
|
|
15-12-2011, 20:33
|
#5 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Segui il suggerimento di Riku http://www.hwupgrade.it/forum/showpo...12&postcount=3 chiudo onde evitare doppione.
__________________
Try again and you will be luckier.
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 23:00.
