Il mio pc scambia sempre dati con la rete internet!

[VINICIUS]

Ecco invece il log della scansione con F-Secure
http://utenti.lycos.it/vinicius2003/ols_report.html

[Chill-Out]

Quote:

Originariamente inviato da VINICIUS

Ormai ho i 2 file segnalati sopra in quarantena, per farglieli rilevare di nuovo li dovrei ripristinare e fare una nuova scansione di 1 oretta... E' proprio necessario?

All'interno della cartella Documenti dovresti trovare la cartella A-Squared Free all'inteno dovresti trovare il log dell'ultima scansione

[VINICIUS]

Quote:

Originariamente inviato da Chill-Out

All'interno della cartella Documenti dovresti trovare la cartella A-Squared Free all'inteno dovresti trovare il log dell'ultima scansione

Certelle vuote

[xcdegasp]

Quote:

Originariamente inviato da Chill-Out

All'interno della cartella Documenti dovresti trovare la cartella A-Squared Free all'inteno dovresti trovare il log dell'ultima scansione

lì compare quando lo salvi altrimenti lo elimina dalla temp alla chiusura dello scanner

[Chill-Out]

Quote:

Originariamente inviato da xcdegasp

lì compare quando lo salvi altrimenti lo elimina dalla temp alla chiusura dello scanner

evidentemente ricordavo male

[VINICIUS]

Ecco il log d gmer. Qualcuno mi aiuta?

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-05-06 22:48:26
Windows 6.0.6001 Service Pack 1


---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwQueryLicenseValue + D41 81C62BB9 1 Byte [ 06 ]
_PAGELK C:\Windows\system32\ntkrnlpa.exe entry point in "_PAGELK" section [0x81CF74B0]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\Explorer.EXE[1860] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [03E42E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[1860] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [03E42C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[1860] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [03E42C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[1860] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [03E42C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00172E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00172C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00172C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00172C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00352E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00352C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00352C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00352C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Users\Ra\Documents\pulizia\gmer\gmer.exe[3976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Users\Ra\Documents\pulizia\gmer\gmer.exe[3976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Users\Ra\Documents\pulizia\gmer\gmer.exe[3976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Users\Ra\Documents\pulizia\gmer\gmer.exe[3976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

[juninho85]

una scansione degli ads l'hai già fatta?

[VINICIUS]

Infine segnalo che Prevx non ha trovato alcuna infezione...

[VINICIUS]

Quote:

Originariamente inviato da juninho85

una scansione degli ads l'hai già fatta?

Che programma free?

[VINICIUS]

DrWeb ha trovato e mi ha fatto spostare i seguenti trojan. Ma dove li mette quando li sposta? Come faccio ad eliminarli definitivamente?

esimgdet.dll (Trojan.DownLoader.origin) C:\Windows\System32\DriverStore\FileRepository\es27.inf_513c5c6c

esimgdet.dll (Trojan.DownLoader.origin) C:\Windows\twain_32\escndv\es0027

[VINICIUS]

Volevo comunicare che ho lanciato nuovamente Currports e adesso sembra non ci siano processi che comunicano con internet in modo anomalo.

Comincio col ringraziare tutti e attendo di sapere i file spostati da drweb che fine fanno.