|
|||||||
|
|
|
 |
|
|
Strumenti |
23-08-2006, 15:10
|
#1 |
|
Member
Iscritto dal: Aug 2004
Messaggi: 287
|
problema strano satura memoria.....
Salve,
da qualche giorno mi accade una cosa strana quando accendo skype piano piano satura la memoria ram... insomma arrivo al picco della memoria virtuale e devo spegne e riaccende skype!! Arriva a occupare più di 250 MB di ram mi sembra assurdo!! Ho fatto scansioni in modalità provvisoria sia con Adware che con SPyboot che con Trend micro antispireware ma nulla ho eliminato quello che c'era da eliminare ma il problema nn è risolto. Ho anche disinstallato skype e rimesso ma nulla da fare!! Devo formattare??? Grazie per aiuto!! |
|
|
|
23-08-2006, 15:13
|
#2 |
|
Senior Member
Iscritto dal: Aug 2005
Messaggi: 1267
|
Di solito il problema di memoria virtuale insufficente lo da il linkoptimizer,vediamo se dico bene.
Scarica gmer sul desktop http://www.gmer.net/gmer110.zip - decomprimi l'archivio sul desktop - avvi gmer.exe - clicca sul tab "Autostart" ed esegui la scansione e clicca su "Scan" - finita la scansione clicca su "Copy", apri il Notepad ed incolla il risultato, salvalo sul desktop - esegui nuovamente gmer.exe, clicca sul tab "Rootkit" clicca su Scan - finita la scansione clicca su "Copy", apri il Notepad ed incolla il risultato, salvalo sul desktop Gentilmente posta entrambi i log Merci |
|
|
|
|
23-08-2006, 15:22
|
#3 | |
|
Member
Iscritto dal: Aug 2004
Messaggi: 287
|
1° LOG
Quote:
a breve..... (ma è normale che ci mette tanto???) Ultima modifica di scarzo : 23-08-2006 alle 15:36. |
|
|
|
|
|
23-08-2006, 15:48
|
#4 |
|
Senior Member
Iscritto dal: Aug 2005
Messaggi: 1267
|
Si ci mette tanto,comunque ti confermo che sei infetta/o da linkoptimizer,spero solo che riusciamo a debbelarlo completamente
|
|
|
|
|
23-08-2006, 15:50
|
#5 |
|
Member
Iscritto dal: Aug 2004
Messaggi: 287
|
che cosa è un linkoptimizer? e perchè il macello succede solo con skype??
Ancora nn finisce .... Grazie cmq |
|
|
|
|
23-08-2006, 15:54
|
#6 |
|
Senior Member
Iscritto dal: Aug 2005
Messaggi: 1267
|
Prego,sinceramente non so perchè propio con skype,ad alcuni da quel messaggio solo aprendo il block notes di windows,linkoptimizer è un malware difficile da eliminare per via delle tecniche che usa,ciao
|
|
|
|
|
23-08-2006, 15:56
|
#7 |
|
Member
Iscritto dal: Aug 2004
Messaggi: 287
|
ecco il secondo log
[quote] GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-08-23 15:54:12 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.10 ---- SSDT Vax347b.sys ZwClose SSDT Vax347b.sys ZwCreateKey SSDT Vax347b.sys ZwCreatePagingFile SSDT Vax347b.sys ZwEnumerateKey SSDT Vax347b.sys ZwEnumerateValueKey SSDT Vax347b.sys ZwOpenKey SSDT Vax347b.sys ZwQueryKey SSDT Vax347b.sys ZwQueryValueKey SSDT Vax347b.sys ZwSetSystemPowerState ---- Devices - GMER 1.0.10 ---- Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 824AB4D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 824AB4D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 824AB4D0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 824A3D38 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 824A3D38 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 824A3D38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 824A3D38 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_NAMED_PIPE 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLOSEIRP_MJ_READ 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_WRITE 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_INFORMATION 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_INFORMATION 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_EA 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_EA 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FLUSH_BUFFERS 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_VOLUME_INFORMATION 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_VOLUME_INFORMATION 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DIRECTORY_CONTROL 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FILE_SYSTEM_CONTROL 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CONTROL 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_INTERNAL_DEVICE_CONTROL 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SHUTDOWN 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_LOCK_CONTROL 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLEANUP 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_MAILSLOT 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_SECURITY 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_SECURITY 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_POWER 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SYSTEM_CONTROL 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CHANGE 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_QUOTA 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_QUOTA 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_PNP 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_PNP_POWER 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CREATE 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_WRITE 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_EA 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_POWER 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_PNP 824757B0 Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 824757B0 ---- Modules - GMER 1.0.10 ---- Module _________ BAF1C000 ---- Registry - GMER 1.0.10 ---- Reg \Registry\USER\S-1-5-21-1708537768-1580818891-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{944B59D3-472C-FDE5-A597-B20DD753B648}@kajbalgiobfmnjllnedbhe 0x62 0x61 0x6C 0x6B ... Reg \Registry\USER\S-1-5-21-1708537768-1580818891-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A85AE12A-A0B0-47EB-AF23-D8483DCD82F2}@kafdgbdjnbenbannjffemg 0x62 0x61 0x6C 0x66 ... ---- Files - GMER 1.0.10 ---- File C:\System Volume Information\MountPointManagerRemoteDatabase File C:\System Volume Information\tracking.log File C:\WINDOWS\system32\clock$.sve File D:\System Volume Information\MountPointManagerRemoteDatabase File D:\System Volume Information\tracking.log File D:\System Volume Information\_restore{0C4225A8-0BC9-4F35-A500-29EFB5732EB1} File D:\System Volume Information\_restore{4540C112-5E04-4FE9-BF85-BCB6BF154F46} File D:\System Volume Information\_restore{D40FE6BC-E6CA-41E8-B2A5-A5E757FA04C5} File D:\System Volume Information\_restore{E18508D0-EFFF-49EC-87BD-684F01FC5002} ---- EOF - GMER 1.0.10 ---- |
|
|
|
|
23-08-2006, 16:14
|
#8 | |
|
Senior Member
Iscritto dal: Aug 2005
Messaggi: 1267
|
Ciao,esegui queste operazioni
scarica avenger sul desktop http://swandog46.geekstogo.com/avenger.zip Decomprimi l'archivio Avvia il file avenger.exe Seleziona l'opzione "Input Script Manually" Clicca sulla lente di ingrandimento Ti si apre una finestra "View/edit script" All'interno del box bianco,copia e incolla le scritte in rosso Quote:
Clicca sull'icona del semaforo verde Rispondi Yes Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente Una volta riavviato il pc,collegati e posta il contenuto del file C:\Avenger.txt Una volta riavviato,apri il prompt dos(start>esegui digita cmd nella casella e clicca ok) digita: cd C:\programmi\file comuni\system <----dai l'invio dir > c:\files.txt <----dai l'invio cd C:\Programmi\File comuni\Microsoft Shared <----dai l'invio dir > c:\files1.txt <----dai l'invio Apri C:\ dovresti avere il file files.txt e files1.txt per piacere posta il contenuto dei 2 files |
|
|
|
|
|
23-08-2006, 16:26
|
#9 | |||
|
Member
Iscritto dal: Aug 2004
Messaggi: 287
|
file avenger
Quote:
Quote:
Quote:
|
|||
|
|
|
|
23-08-2006, 16:33
|
#10 |
|
Senior Member
Iscritto dal: Aug 2005
Messaggi: 1267
|
Ciao,scarica questo tool da qui
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP Avvia il programma,clicca su Start Attendi e si apre una finestra(tipo risorse del computer) Clicca sul disco C:\ scorri l'albero fino a questo percorso C:\Programmi\File comuni\System Adesso seleziona il file Aku.exe Una finestra si aprirà "File LvY.exe selected for cleaning." Do you want to continue?" Clicca su Yes Ripeti la medesima operazione per questi files aQOUib.exe fzq.exe gNQ.exe MVtO.exe qHs.exe wpgw.exe xubYB.exe Riavvia il pc Al riavvio,clicca su start>esegui nella casellina digita control userpasswords2 clicca su ok Ti si apre una schermata,mi dici i nomi presenti(aspnet,administrator ecc) Un piccolo piacere(se puoi) Mi ca potresti inviarmi l'archivio in rosso C:\Avenger\backup.zip lo puoi inviare qui http://www.suspectfile.com/ Grazie |
|
|
|
|
23-08-2006, 17:12
|
#11 |
|
Member
Iscritto dal: Aug 2004
Messaggi: 287
|
mi appaiono i seguenti nomi
Administrator Alessandro Guest rSDYOK Immagino di dover eliminare quest'ultimo... Eccoti il file che mi hai chiesto... http://www.megaupload.com/?d=JJDY0HJM Senti mi potresti spiegare cosa abbiamo fatto?? Mi piacerebbe capire così magari posso aiutare anche io... Grazie |
|
|
|
|
23-08-2006, 17:15
|
#12 |
|
Senior Member
Iscritto dal: Aug 2005
Messaggi: 1267
|
Si,devi selezionare l'account ed cliccare su "Rimuovi",abbiamo eliminato il servizio aggiunto dal malware e tutti i files a lui collegati,grazie mille per il file
|
|
|
|
|
23-08-2006, 17:20
|
#13 | |
|
Member
Iscritto dal: Aug 2004
Messaggi: 287
|
Quote:
Grazie |
|
|
|
|
|
23-08-2006, 17:21
|
#14 |
|
Senior Member
Iscritto dal: Aug 2005
Messaggi: 1267
|
Bellissima domanda
 Purtroppo la risposta c'è ma è molto vaga,google è un buon amico in questi casi |
|
|
|
|
23-08-2006, 17:26
|
#15 |
|
Member
Iscritto dal: Aug 2004
Messaggi: 287
|
Ok grazie lo stesso... cmq nel mio log quali sono le righe di troppo?? Dal primo log come hai fatto a capire che sono infetto da linkoptimizer
Ultima modifica di scarzo : 23-08-2006 alle 17:45. |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 09:34.
