|
|||||||
|
|
|
 |
|
|
Strumenti |
25-08-2006, 20:47
|
#81 | |
|
Senior Member
Iscritto dal: May 2006
Città: Vasto
Messaggi: 462
|
Quote:
Prova a creare un qualsiasi file con il nome prn.* o lpt1.*vedi se è possibile? Non è possibile perchè sono nomi riservati di windows. Rintraccia tramite il pannello di controllo ->strumenti di amministrazione->servizi i sevizzi che fanno capo agli account fittizzi con nome random, cliccaci due volte sopra il servizio e in Percorso file eseguibile vedi a che file fanno capo e segnati il percorso, in tipo di avvio metti disattivato non tutti si possono disattivare ma solitamente almeno uno sì. Solitamente nella cartella c:\windows\temp\ ci potrebbero essere dei file con numeri al posto del nome ed estensione tmp tipo 1.tmp elimina questi file e ci potrebbe anche essere un file con mome random un numero con estensione eseguibile tipo ****1.exe poi in windows\system32\ cerca un file di nome bwaa.dll e il file che esegue l'infezione che solitamente si chiama FreeAccess.ocx e si trova in Downloaded Program Files Rintraccia questi file e dopo vediamo 
__________________
:--->:--->:---) Ultima modifica di kmarraff : 25-08-2006 alle 21:01. |
|
|
quando dici solo in system ed in shared vuol dire appena klikkato il " + ke diventa - " senza andare a spulciare nelle loro sottocartelle, e cosa significa avere nomi esclusivi di windows??? |
25-08-2006, 22:18
|
#82 | |
|
Senior Member
Iscritto dal: Sep 2004
Città: Vittorio Veneto TV
Messaggi: 444
|
Quote:
allora: in servizi nessuno con nome random; in C:\Windows\Temp c'era xwxe1.exe, ma come ho già scritto, subito eliminato. in windows\system32\ niente file bwaa.dll e neanche FreeAccess.ocx Downloaded Program Files vuoto. avevo in Documenti il file9e13c2.exe = eliminato. in Documents and Setting tra l'account NetworkService e Server Administrator era apparso l'account ReiMktirSZahrQR ke ho eliminato ma riapparso al seguente riavvio, scomparso quando con NOD32 ho cancellato il file Wronxi.exe nella cartella File Comuni\System in C:\Documents and Setting\Server Administrator\Impostazioni Locali\Temp ho eliminato questo: 009e29c8.bat MS DOS in qualche parte, ma non ricordo di preciso ho eliminato Fvw,EXE prova leggere il post N° 44 qui:http://www.hwupgrade.it/forum/showth...1254788&page=3 grazie ancora Bye
__________________
valter ------------------- |
|
|
|
|
26-08-2006, 10:10
|
#83 |
|
Junior Member
Iscritto dal: Aug 2006
Messaggi: 1
|
Aiuto !!!!
Ciao a tutti, e' al prima volta che partecipo ad un forum e sono nella m...a + totale
 Vi chiedo un aiuto per favore: Avevo LinkOptimizer, ho seguito la guida alla rimozione di Suspectfile, ed andato tutto bene (credevo), poi non contento ho pensato adesso faccio una scansione online con Bitdefender e mi ha trovato altri virus e li ha rimossi. Siccome non ero soddisfatto ho scaricato Virit e qui forse ho fatto un casino:1) non ho fatto la scansione in modalita' provvisoria come suggerito 2) dopo la scansione, ho pensato, forse penso troppo, ora rimuovo Virit. L'ho rimosso, ho riavvito e il PC si pianta.. Si riavvia solo in modalita' provvisoria. Ho una copia del registro di config. di 2 settimane fa, quando non sapevo di avere ancora LinkOptimizer. Secondo che cosa succede se importo questo registro?? Grazie per tutti i suggerimenti che vorrete darmi. Fabrizio |
|
|
|
26-08-2006, 11:48
|
#84 |
|
Member
Iscritto dal: Aug 2006
Messaggi: 60
|
Ciao a tutti,
Chi mi può dare una mano? Dopo una serie di letture di cui ho capito veramente poco, ho postato il log di GMER su http://www.hwupgrade.it/forum/showth...wpost&t=937676. Sono stato colpito in modo violento da LINKOPTIMIZER,  Help me!!! GGD |
|
|
|
26-08-2006, 11:55
|
#85 | |
|
Senior Member
Iscritto dal: Feb 2002
Città: Discovery
Messaggi: 34710
|
Quote:
__________________
Good afternoon, gentlemen, I'm a H.A.L. computer. |
|
|
|
|
26-08-2006, 11:57
|
#86 | |
|
Senior Member
Iscritto dal: Feb 2002
Città: Discovery
Messaggi: 34710
|
Quote:
__________________
Good afternoon, gentlemen, I'm a H.A.L. computer. |
|
|
|
|
26-08-2006, 12:00
|
#87 |
|
Member
Iscritto dal: Aug 2006
Messaggi: 60
|
GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-26 11:07:04 Windows 5.1.2600 Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>> Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe, Windows@AppInit_DLLs = C:\:c_85m.nls HKLM\SYSTEM\CurrentControlSet\Services\ >>> aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe" avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe" avast! Mail Scanner /*avast! Mail Scanner*/@ = "C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service avast! Web Scanner /*avast! Web Scanner*/@ = "C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service CiSvc /*Servizio di indicizzazione*/@ = %SystemRoot%\system32\cisvc.exe EPSONStatusAgent2 /*EPSON Printer Status Agent2*/@ = C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe HWt /*HWt*/@ = "C:\Programmi\File comuni\System\lkw.exe" ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @AdslTaskBarrundll32.exe stmctrl.dll,TaskBar = rundll32.exe stmctrl.dll,TaskBar @Logitech UtilityLogi_MwX.Exe = Logi_MwX.Exe @zBrowser LauncherC:\PROGRA~1\Logitech\iTouch\iTouch.exe = C:\PROGRA~1\Logitech\iTouch\iTouch.exe @NeroCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe @PCSuiteTrayApplicationC:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray /*file not found*/ @DataLayerC:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe = C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe @avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> @CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe @PcSyncC:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/ @MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/ @{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) = @{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll @{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll @{40950107-FEA6-4d53-A65F-B2DCBA57DD58} /*Nokia Phone Browser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll @{FBFE7864-D495-41f0-B7DC-4BB601CC295E} /*Contact View*/C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll @{C0C4375A-5B72-4efe-929D-3B848C3A1E91} /*Message View*/C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll @{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>> avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>> WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll MS@{1457A8BB-D8BF-4C0F-B249-3CCFE652CE44}} = WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKCU\Control Panel\[email protected] = C:\WINDOWS\System32\logon.scr HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://gw.aliceadsl.it/home = http://gw.aliceadsl.it/home @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome @Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm HKLM\Software\Classes\PROTOCOLS\Handler\ >>> dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll its@CLSID = C:\WINDOWS\System32\itss.dll mctp@CLSID = C:\Programmi\Microsoft ActiveSync\aatp.dll mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll ms-its@CLSID = C:\WINDOWS\System32\itss.dll tv@CLSID = C:\WINDOWS\system32\msvidctl.dll wia@CLSID = C:\WINDOWS\System32\wiascr.dll HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{80354C0E-DEB3-468E-A4AB-5EF9B1424E71} /*Connessione alla rete locale (LAN) 2*/ >>> @IPAddress169.254.138.203 = 169.254.138.203 @NameServer = @DefaultGateway = @Domain = C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = EPSON Status Monitor 3 Environment Check 2.lnk ---- EOF - GMER 1.0.10 ---- GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-08-26 11:21:30 Windows 5.1.2600 Service Pack 2 ---- Registry - GMER 1.0.10 ---- Reg \Registry\USER\S-1-5-21-1214440339-725345543-839522115-500\Software\Zepter Software\RegLib ---- Files - GMER 1.0.10 ---- File C:\System Volume Information\catalog.wci File C:\System Volume Information\MountPointManagerRemoteDatabase File C:\System Volume Information\tracking.log File C:\System Volume Information\_restore{F75B4D87-B80D-46F5-82BE-6523D27D97F5} File C:\WINDOWS\kevad1.dll File F:\System Volume Information\MountPointManagerRemoteDatabase File F:\System Volume Information\tracking.log File F:\System Volume Information\_restore{F75B4D87-B80D-46F5-82BE-6523D27D97F5} ---- EOF - GMER 1.0.10 ---- Postato, e cancellato dall'altradiscussione. Help. |
|
|
|
26-08-2006, 12:27
|
#88 |
|
Member
Iscritto dal: Aug 2006
Messaggi: 60
|
up!?
C'è nessuno???? Ultima modifica di gigidan : 26-08-2006 alle 12:49. |
|
|
|
26-08-2006, 13:12
|
#89 |
|
Member
Iscritto dal: Aug 2006
Messaggi: 60
|
Vi allego il log di EVIDIO dopo aver eseguito la scansione, che ne pensate?
--------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 13.10.02 26/08/2006 + Scan result: C:\Documents and Settings\Administrator\Impostazioni locali\Temp\DelC8.tmp -> Adware.180Solutions : Cleaned. C:\Programmi\180search Assistant -> Adware.180Solutions : Cleaned. C:\Programmi\180search Assistant\180sahook.dll.$$$ -> Adware.180Solutions : Cleaned. HKU\.DEFAULT\Software\sais -> Adware.180Solutions : Cleaned. HKU\S-1-5-18\Software\sais -> Adware.180Solutions : Cleaned. C:\Programmi\BullsEye Network -> Adware.BargainBuddy : Cleaned. C:\Programmi\BullsEye Network\2005_05_21.data.zip -> Adware.BargainBuddy : Cleaned. C:\Programmi\BullsEye Network\Uninstall.exe -> Adware.BargainBuddy : Cleaned. C:\Programmi\BullsEye Network\ad.dat -> Adware.BargainBuddy : Cleaned. C:\Programmi\BullsEye Network\adp8049.exe -> Adware.BargainBuddy : Cleaned. C:\Programmi\BullsEye Network\bin -> Adware.BargainBuddy : Cleaned. C:\Programmi\BullsEye Network\bin\adv.exe -> Adware.BargainBuddy : Cleaned. C:\Programmi\BullsEye Network\bin\adx.exe -> Adware.BargainBuddy : Cleaned. C:\Programmi\BullsEye Network\index.dat -> Adware.BargainBuddy : Cleaned. C:\Programmi\BullsEye Network\t1131602173.dec -> Adware.BargainBuddy : Cleaned. C:\Programmi\BullsEye Network\ub.dat -> Adware.BargainBuddy : Cleaned. HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Adware.BargainBuddy : Cleaned. HKLM\SOFTWARE\Classes\ADP.UrlCatcher.1 -> Adware.BargainBuddy : Cleaned. HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Adware.BargainBuddy : Cleaned. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Adware.BargainBuddy : Cleaned. HKLM\SOFTWARE\eXactUtil -> Adware.BargainBuddy : Cleaned. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned. HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned. HKU\.DEFAULT\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned. HKU\.DEFAULT\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned. HKU\S-1-5-18\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned. HKU\S-1-5-18\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned. HKU\S-1-5-21-1214440339-725345543-839522115-500\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned. C:\Programmi\ISTbar -> Adware.ISTBar : Cleaned. C:\Programmi\ISTbar\imagemap_normal.bmp -> Adware.ISTBar : Cleaned. C:\Programmi\ISTbar\imagemap_over.bmp -> Adware.ISTBar : Cleaned. C:\Programmi\ISTbar\version.txt -> Adware.ISTBar : Cleaned. C:\Programmi\ISTbar\xml_istbar.xml -> Adware.ISTBar : Cleaned. C:\Programmi\ISTsvc -> Adware.ISTBar : Cleaned. C:\Programmi\ISTsvc\istsvc.exe -> Adware.ISTBar : Cleaned. HKLM\SOFTWARE\Classes\ISTbar.BarObj -> Adware.ISTBar : Cleaned. HKLM\SOFTWARE\Classes\ISTbar.BarObj\CLSID -> Adware.ISTBar : Cleaned. HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag -> Adware.ISTBar : Cleaned. HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag.1 -> Adware.ISTBar : Cleaned. HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CLSID -> Adware.ISTBar : Cleaned. HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CurVer -> Adware.ISTBar : Cleaned. HKLM\SOFTWARE\ISTsvc -> Adware.ISTBar : Cleaned. HKLM\SOFTWARE\ISTsvc\history -> Adware.ISTBar : Cleaned. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar -> Adware.ISTBar : Cleaned. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Adware.ISTBar : Cleaned. HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Cleaned. HKLM\SOFTWARE\YourSiteBar\Historycompare_item -> Adware.ISTBar : Cleaned. HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Adware.ISTBar : Cleaned. HKU\S-1-5-21-1214440339-725345543-839522115-500\Software\IST -> Adware.ISTBar : Cleaned. C:\Programmi\NewDotNet -> Adware.NewDotNet : Cleaned. C:\Programmi\NewDotNet\newdotnet7_22.dll.$$$ -> Adware.NewDotNet : Cleaned. C:\Programmi\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned. C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned. C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned. C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned. C:\Programmi\Power Scan -> Adware.PowerScan : Cleaned. HKLM\SOFTWARE\PowerScan -> Adware.PowerScan : Cleaned. HKU\.DEFAULT\Software\PowerScan -> Adware.PowerScan : Cleaned. HKU\S-1-5-18\Software\PowerScan -> Adware.PowerScan : Cleaned. HKU\S-1-5-21-1214440339-725345543-839522115-500\Software\PowerScan -> Adware.PowerScan : Cleaned. C:\Documents and Settings\Administrator\Menu Avvio\Programmi\WhenU -> Adware.SaveNow : Cleaned. C:\Documents and Settings\Administrator\Menu Avvio\Programmi\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned. C:\Documents and Settings\Administrator\Menu Avvio\Programmi\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned. C:\Programmi\SideFind -> Adware.SideFind : Cleaned. C:\Programmi\SideFind\sfbho13.dll -> Adware.SideFind : Cleaned. C:\Programmi\SideFind\sfexd001 -> Adware.SideFind : Cleaned. C:\Programmi\SideFind\update -> Adware.SideFind : Cleaned. HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper -> Adware.SideFind : Cleaned. HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 -> Adware.SideFind : Cleaned. HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CLSID -> Adware.SideFind : Cleaned. HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CurVer -> Adware.SideFind : Cleaned. HKLM\SOFTWARE\Classes\SideFind.Finder -> Adware.SideFind : Cleaned. HKLM\SOFTWARE\Classes\SideFind.Finder.1 -> Adware.SideFind : Cleaned. HKLM\SOFTWARE\Classes\SideFind.Finder\CLSID -> Adware.SideFind : Cleaned. HKLM\SOFTWARE\Classes\SideFind.Finder\CurVer -> Adware.SideFind : Cleaned. HKLM\SOFTWARE\Microsoft\SideFind -> Adware.SideFind : Cleaned. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind -> Adware.SideFind : Cleaned. HKLM\SOFTWARE\SideFind -> Adware.SideFind : Cleaned. HKLM\SOFTWARE\SideFind\History -> Adware.SideFind : Cleaned. C:\Documents and Settings\Administrator\Impostazioni locali\Temp\uninstall.exe -> Adware.SurfAcc : Cleaned. C:\Programmi\YourSiteBar -> Adware.YourSiteBar : Cleaned. C:\Programmi\YourSiteBar\imagemap_normal.bmp -> Adware.YourSiteBar : Cleaned. C:\Programmi\YourSiteBar\yoursitebar.xml -> Adware.YourSiteBar : Cleaned. C:\Programmi\YourSiteBar\ysb.dll -> Adware.YourSiteBar : Cleaned. HKLM\SOFTWARE\Classes\Ysb.YsbObj -> Adware.YourSiteBar : Cleaned. HKLM\SOFTWARE\Classes\Ysb.YsbObj.1 -> Adware.YourSiteBar : Cleaned. HKLM\SOFTWARE\Classes\Ysb.YsbObj\CLSID -> Adware.YourSiteBar : Cleaned. HKLM\SOFTWARE\Classes\Ysb.YsbObj\CurVer -> Adware.YourSiteBar : Cleaned. HKU\S-1-5-21-1214440339-725345543-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} -> Adware.ZangoSearch : Cleaned. F:\Documents and Settings\Administrator\Impostazioni locali\Temp\istsv_.exe -> Downloader.IstBar : Cleaned. C:\Documents and Settings\Administrator\Impostazioni locali\Temp\istsv_.exe -> Downloader.IstBar.pk : Cleaned. C:\RECYCLER\S-1-5-21-1214440339-725345543-839522115-500\Dc69.exe -> Dropper.Small.aqj : Cleaned. C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1K34H01\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned. C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\GHIJKLMN\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned. :mozilla.295:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.74:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.75:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.76:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.77:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.102:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.103:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.104:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.121:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.122:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.123:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.124:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.125:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.287:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.288:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.207:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.147:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.148:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.149:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. C:\RECYCLER\S-1-5-21-1214440339-725345543-839522115-500\Dc46.txt -> TrackingCookie.Casinolasvegas : Cleaned. C:\RECYCLER\S-1-5-21-1214440339-725345543-839522115-500\Dc47.txt -> TrackingCookie.Casinolasvegas : Cleaned. :mozilla.118:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned. :mozilla.119:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned. :mozilla.236:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.237:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Com : Cleaned. C:\RECYCLER\S-1-5-21-1214440339-725345543-839522115-500\Dc49.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.61:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.6:F:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\448k5rl3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. C:\RECYCLER\S-1-5-21-1214440339-725345543-839522115-500\Dc50.txt -> TrackingCookie.Doubleclick : Cleaned. F:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. F:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned. :mozilla.146:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.22:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.154:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.155:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.156:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.262:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.263:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.291:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.292:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.16:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.24:F:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\448k5rl3.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.25:F:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\448k5rl3.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.54:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.55:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Overture : Cleaned. F:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt -> TrackingCookie.Overture : Cleaned. :mozilla.46:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.47:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.48:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. C:\RECYCLER\S-1-5-21-1214440339-725345543-839522115-500\Dc60.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.133:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Sidefind : Cleaned. F:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Sidefind : Cleaned. F:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Sidefind : Cleaned. :mozilla.136:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.93:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.94:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.37:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.38:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.39:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.227:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.228:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.70:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.71:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.15:F:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\448k5rl3.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.289:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.86:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Xxxtoolbar : Cleaned. C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Xxxtoolbar : Cleaned. F:\Documents and Settings\Administrator\Cookies\administrator@xxxtoolbar[2].txt -> TrackingCookie.Xxxtoolbar : Cleaned. F:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Xxxtoolbar : Cleaned. F:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Xxxtoolbar : Cleaned. :mozilla.107:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.108:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.31:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.32:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.33:C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\s8n7thvp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. C:\Documents and Settings\Administrator\Desktop\Papà Luigi\Programmi\clone dvd\Slysoft.CloneDVD.mobile.v1.0.7.1.WinAll.Cracked-CRD\setup\CloneDVDmobile.exe -> Trojan.Agent.sk : Cleaned. C:\WINDOWS\system32:elaa.dll -> Trojan.Agent.vp : Cleaned. ::Report end Per cortesia, attendo risposta Grazie GGD |
|
|
|
26-08-2006, 17:33
|
#90 |
|
Member
Iscritto dal: Aug 2006
Messaggi: 60
|
Ciao a tutti,
sembra che sia riuscito a debellare linkoptimizer tutto da solo e con la guida di suspectfile.... non dico che sia stata una cosa facile, in quanto sono solo un utilizzatore e non un programmatore, ma sembra (e dico sembra) la memoria virtuale non tira ad aumentare più di tanto (picco max 302) con qualche applicazione aperta. Visto l'enorme collaborazione avuta nel debellare il virus  ,e visto i lunghi monologhi da me effettuati in questa discussione  ....ci sentiamo al prossimo virus che ciappo GGD |
|
|
|
29-08-2006, 16:37
|
#91 |
|
Junior Member
Iscritto dal: Aug 2006
Messaggi: 4
|
ciao a tutti, approfitto di questo topic per presentare il mio problema con linkoptimizer(premetto ke nn appare in "istallazioni e applicazioni")
come leggevo anke io nella cartella C:\programmi\filecomuni\system ho dei file di colore verde ke nn riesco a togliere.. o meglio tutti tranne 1. ho scaricato GMER e Avenger ma aprendoli entrambi nn partono. Allora ho scaricato GMER in versione modificata e sembra andare. ho fatto lo scan sia autostart che rootkit e ricavato il log. Pero c'è un problema:la versione modificata di GMER funziona mentre quelle di avenger nn ne parte nessuna delle 2 in pratica ho il log fatto con GMER ma il dannato virus (linkoptimizer) ke mi tormenta. Se qualcuno puo essermi di aiuto ne sarei debitore Saluti |
|
|
|
29-08-2006, 17:37
|
#92 | |
|
Senior Member
Iscritto dal: Feb 2004
Messaggi: 451
|
Quote:
__________________
|
|
|
|
|
29-08-2006, 17:58
|
#93 |
|
Junior Member
Iscritto dal: Aug 2006
Messaggi: 4
|
amara sorpresa
ok capisco ma anke tu sei affatto da qsto trojan ??
ke fare..... lasciare il virus agire nn mi sembra una buona idea, tra l 'altro ho notato ke i file con la scritta di colore verde nella cartella C:\programmi\filecomuni\system stanno aumentando sempre e con nomi diversi..... in attessa di maggiori info a riguardo di questo dannato linkoptimizer vi saluto |
|
|
|
29-08-2006, 18:05
|
#94 | |
|
Senior Member
Iscritto dal: Sep 2004
Città: Vittorio Veneto TV
Messaggi: 444
|
Quote:
Prova leggerti i miei post, se ricordo bene cominciano dal n° 27 e il 3D ha solo poche pagine. dovrei aver avuto un problema simile e lucas84 con bReAkDoWn sono riusciti a farmelo debellare.  Bye
__________________
valter ------------------- |
|
|
|
|
29-08-2006, 22:04
|
#95 |
|
Senior Member
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
|
se volete postare il log sono ancora qua per dargli un'occhiata.. in questi gg sono un pò preso, proprio dietro a questo famigerato virus.. lo sto studiando da vicino..
__________________
Without Contraries is no Progression... |
|
|
|
29-08-2006, 22:32
|
#96 | |
|
Senior Member
Iscritto dal: Feb 2004
Messaggi: 451
|
Quote:
anke se nn è definitivo xkè si ricreano ad ogni avvio...
__________________
|
|
|
|
|
30-08-2006, 00:27
|
#97 |
|
Senior Member
Iscritto dal: Aug 2006
Messaggi: 936
|
ciao a tutti,
mi faccio risentire dopo qualche giorno perchè solo ora mi sono accorto di avere "linkoptimizer" nel pannello di controllo-installazione applicazioni La situazione non sembra cambiata, non sono apparsi file strani nè user nascosti. Il log di Hijack è pulito così come services.msc. Posto qui sotto i log di gmer appena incollati. GMER 1.0.10.10122 - http://www.gmer.net Autostart 2006-08-30 00:08:07 Windows 5.1.2600 Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe, HKLM\SYSTEM\CurrentControlSet\Services\ >>> AntiVirScheduler /*AntiVir Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe AntiVirService /*AntiVir PersonalEdition Classic Service*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe @TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot @NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe @avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min @SpywareTerminator"C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" = "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" @NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup @nwiznwiz.exe /install = nwiz.exe /install @NvMediaCenterRunDLL32.exe NvMCTray.dll,NvTaskbarInit = RunDLL32.exe NvMCTray.dll,NvTaskbarInit HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Steam = /*file not found*/ HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/ @{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) = @{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL @{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll @{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll @{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll @{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll @{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll @{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll @{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v8*/(null) = HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>> Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>> WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll HKCU\Control Panel\[email protected] = C:\WINDOWS\System32\ssbezier.scr HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm HKLM\Software\Classes\PROTOCOLS\Handler\ >>> cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll its@CLSID = C:\WINDOWS\System32\itss.dll lid@CLSID = C:\WINDOWS\System32\msvidctl.dll mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll ms-its@CLSID = C:\WINDOWS\System32\itss.dll mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL tv@CLSID = C:\WINDOWS\system32\msvidctl.dll wia@CLSID = C:\WINDOWS\System32\wiascr.dll HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B86DEE5C-8E28-45EB-A2E2-A785F5BC624B} /*Connessione alla rete locale (LAN)*/ >>> @IPAddress10.0.0.1 = 10.0.0.1 @NameServer = @DefaultGateway10.0.0.138 = 10.0.0.138 @Domain = C:\Documents and Settings\Admin\Menu Avvio\Programmi\Esecuzione automatica = Reboot.exe C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>> Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk Microsoft Office.lnk = Microsoft Office.lnk ---- EOF - GMER 1.0.10 ---- GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-08-30 00:16:05 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.10 ---- SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwClose SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwCreateFile SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwCreateKey SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwCreateSection SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwDeleteKey SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwDeleteValueKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwLoadDriver SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwOpenFile SSDT sptd.sys ZwOpenKey SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwSetValueKey SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwTerminateProcess SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwWriteFile ---- Devices - GMER 1.0.10 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86FDB0E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86CECC20 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 86F91A40 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 86F91A40 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 86F91A40 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 86F91A40 Device \Driver\00000109 \Device\00000045 IRP_MJ_SYSTEM_CONTROL [F7546A26] sptd.sys Device \Driver\00000109 \Device\00000045 IRP_MJ_DEVICE_CHANGE [F755ABD8] sptd.sys Device \Driver\00000109 \Device\00000045 IRP_MJ_PNP_POWER [F755354E] sptd.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{B86DEE5C-8E28-45EB-A2E2-A785F5BC624B} IRP_MJ_CREATE 86E2AEB0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 86F91C78 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 86F91C78 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86D70CF0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 86E04518 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 86E04518 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86D70CF0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN [F764F8B4] sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN [F764F8B4] sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN [F764F8B4] sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN [F764F8B4] sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN [F764F8B4] sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN [F764F8B4] sfsync02.sys Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86D70CF0 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86E2AEB0 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86E2AEB0 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 86F91550 Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 86F91550 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86CC6A60 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 86CC6A60 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 86C7F0E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 86C7F0E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 86C7F0E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 86C7F0E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 86C7F0E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 86C7F0E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 86C7F0E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 86F91C78 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 86C881E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 86E4B5A8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN [F764F8B4] sfsync02.sys Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 86E4B5A8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SHUTDOWN [F764F8B4] sfsync02.sys Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 86CECC20 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86CF2338 ---- Files - GMER 1.0.10 ---- File C:\System Volume Information\MountPointManagerRemoteDatabase File C:\System Volume Information\tracking.log File D:\System Volume Information\MountPointManagerRemoteDatabase File D:\System Volume Information\tracking.log File D:\System Volume Information\_restore{8CA1F334-BDBA-4083-BC27-5793702CF21D} ---- EOF - GMER 1.0.10 ---- Spero che l'unico problema sia la rimozione del link Grazie per l'eventuale aiuto, so che siete molto impegnati nello studio del trojan. |
|
|
|
30-08-2006, 13:55
|
#98 |
|
Member
Iscritto dal: Aug 2006
Messaggi: 170
|
questi virus si rigenerano ad ogni avvio, ho provato di tutto ma ogni volta ke si riavvia sempre la stessa cosa, quello ke appare sempre è qbrd1.exe ma anche altri ep poi in installazione/applicazioni ho link optimizer fisso. Ho seguito capendoci poco o nulla di come fare a toglierlo, spero qualcuno mi aiuti!
|
|
|
|
30-08-2006, 16:30
|
#99 |
|
Senior Member
Iscritto dal: Jul 2006
Messaggi: 1072
|
io tempo fà (ma parecchio) lo beccai sto linoptimizer (sarebbe quello con la faccina sorridente???). ma l'ho cacciato senza tool o robe varie! sn andato in modalità provvisoria e l'ho cancellato dal registro e dalle cartelle manualmente!
|
|
|
|
30-08-2006, 18:28
|
#100 |
|
Senior Member
Iscritto dal: Jul 2006
Messaggi: 1072
|
__________________
desktop: AMD Ryzen7 5700x 8-core skt AM4 - dissipatore Artic Freezer A35 CO- Gigabyte B550-AORUS ELITE ax v2 - DDR4 32GB G.Skill PC 3200- SSD WD_Black NS770 1Tb - HD 1Tb - SAPPHIRE Radeon RX 580 NITRO+ 8 GB GDDR5 - monitor: Asus VS248HR 24" - case: Corsair 200R - alimentatore: XFX PRO650W 80 plus bronze modulare |
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 10:20.
