Condividi:        

PROBLEMA V.IRUS ODIOSO

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi ...:::lukino:::... » 08/05/07 18:26

cmq il regedit fa lo stesso lavoro che con hijackthis. l'ho dovuto aprire in modalità provvisoria
...:::lukino:::...
Utente Junior
 
Post: 33
Iscritto il: 07/05/07 12:52

Sponsor
 

Postdi edo_aol » 08/05/07 20:29

cmq il link no n valido vuol dire che non e dispponibile al momento il link era quella di trend micro.cmq prova con il disattivare il ripristino di configurazione di sistema io ho il tool nel cd ma non lo trovo piu!!!mi disp :mmmh:
Avatar utente
edo_aol
Utente Senior
 
Post: 415
Iscritto il: 13/04/07 14:26

Postdi ...:::lukino:::... » 08/05/07 20:38

ok penso che abbia funzionato, come faccio ad accertarmene??
...:::lukino:::...
Utente Junior
 
Post: 33
Iscritto il: 07/05/07 12:52

Postdi ...:::lukino:::... » 08/05/07 20:42

ok allora avast è partito e ho fatto la scanzione, ma itunes non mi parte più, nemmeno hijackthis, cosa faccio??? luke aiutami tu
...:::lukino:::...
Utente Junior
 
Post: 33
Iscritto il: 07/05/07 12:52

Postdi Luke57 » 08/05/07 20:47

...:::lukino:::... ha scritto:ok allora avast è partito e ho fatto la scanzione, ma itunes non mi parte più, nemmeno hijackthis, cosa faccio??? luke aiutami tu

Che cosa ha trovato avast?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Luke57 » 08/05/07 20:55

Ciao, francamente non è facile.
Prova a scaricare SDFIX: http://downloads.andymanchesta.com/Remo ... /SDFix.exe

CITAZIONE:
- Doppio click su SDFix.exe e il tool andrà ad estrarsi in C:\SDFix
- avvia il sistema in modalità provvisoria
- Apri la cartella SDFix situata in C:\ e fai un doppio click su RunThis.bat per lanciare lo script
- seleziona Y per avviare la pulizia
- Quando te lo chiederà premi un tasto per riavviare(il sistema sarà piu lungo nell'avviarsi perchè lo script eseguirà l'eliminazione dei file trovati)
- Quando apparirà il desktop il tool terminerà il suo lavoro e visualizzerà il messaggio "Finished"
- Premi un tasto per terminare lo script e ricaricare le icone del desktop
- Il log sarà visualizzato automaticamente,altrimenti potrai trovarlo in C:\SDFix\Report.txt
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi ...:::lukino:::... » 08/05/07 20:55

conta che non facevo la scanzione da molti mesi per colpa di questo virus, cmq mi ha trovato diversi trojan e worm e poi almeno 50 virus di tutti i tipi nei *.tmp, ecco la lista



28/10/2006 11.48.10 querzola 648 Sign of "Win32:Swizzor-gen [Trj]" has been found in "c:\documents and settings\all users\dati applicazioni\site okay 64 wait\ante4.exe" file.
28/10/2006 11.48.53 querzola 648 Sign of "Win32:Swizzor-gen [Trj]" has been found in "c:\documents and settings\querzola\dati applicazioni\meow camp deaf\blah long.exe" file.
28/10/2006 11.49.02 querzola 648 Sign of "Win32:Swizzor-gen [Trj]" has been found in "c:\documents and settings\querzola\dati applicazioni\plusspam\firstboob32.exe" file.
28/10/2006 11.49.06 querzola 648 Sign of "Win32:Swizzor-gen [Trj]" has been found in "c:\documents and settings\querzola\dati applicazioni\plusspam\loveonlinedefy.exe" file.
28/10/2006 11.49.09 querzola 648 Sign of "Win32:Swizzor-gen [Trj]" has been found in "c:\docume~1\querzola\datiap~1\meowca~1\blah long.exe" file.
28/10/2006 11.49.12 querzola 648 Sign of "Win32:Swizzor-gen [Trj]" has been found in "c:\docume~1\querzola\datiap~1\plusspam\firstb~1.exe" file.
28/10/2006 11.49.33 querzola 648 Sign of "Win32:Kuang2" has been found in "c:\programmi\panda software\panda platinum internet security\pavdll.dll" file.
28/10/2006 11.53.22 SYSTEM 1896 Sign of "Win32:Agent-CJJ [Trj]" has been found in "http://code.trasferimento.biz/l/cd66846009d7ca5129e6df7c1b68e8bc_35.exe" file.
24/11/2006 0.23.02 SYSTEM 1580 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
24/11/2006 0.23.06 SYSTEM 1580 An error has occured while attempting to update. Please check the logs.
24/11/2006 4.29.15 SYSTEM 1580 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
24/11/2006 4.29.16 SYSTEM 1580 An error has occured while attempting to update. Please check the logs.
09/12/2006 10.59.03 querzola 1580 Sign of "EICAR Test-NOT virus!!" has been found in "C:\Documents and Settings\querzola\Desktop\cccc.com" file.
23/01/2007 13.32.44 SYSTEM 1576 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
23/01/2007 13.32.46 SYSTEM 1576 An error has occured while attempting to update. Please check the logs.
23/01/2007 18.15.41 SYSTEM 1576 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
23/01/2007 18.16.42 SYSTEM 1576 An error has occured while attempting to update. Please check the logs.
23/01/2007 18.26.18 SYSTEM 1584 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
23/01/2007 18.26.20 SYSTEM 1584 An error has occured while attempting to update. Please check the logs.
23/01/2007 21.03.09 SYSTEM 1564 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
23/01/2007 21.03.29 SYSTEM 1564 An error has occured while attempting to update. Please check the logs.
24/01/2007 19.57.06 SYSTEM 1560 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
24/01/2007 19.57.07 SYSTEM 1560 An error has occured while attempting to update. Please check the logs.
25/01/2007 18.37.14 SYSTEM 1564 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
25/01/2007 18.37.15 SYSTEM 1564 An error has occured while attempting to update. Please check the logs.
25/01/2007 18.40.44 SYSTEM 1564 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
25/01/2007 18.40.45 SYSTEM 1564 An error has occured while attempting to update. Please check the logs.
25/01/2007 21.07.53 SYSTEM 1564 Sign of "Win32:VB-K [Trj]" has been found in "C:\Programmi\WinRAR\Temporary files\Rar$DR00.844\ExeJoiner.exe\[ASPack]" file.
26/01/2007 11.03.01 SYSTEM 1564 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
26/01/2007 11.03.52 SYSTEM 1564 An error has occured while attempting to update. Please check the logs.
26/01/2007 15.08.13 SYSTEM 1564 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
26/01/2007 15.08.18 SYSTEM 1564 An error has occured while attempting to update. Please check the logs.
26/01/2007 16.11.46 querzola 3388 Function setifaceUpdatePackages() has failed. Return code is 0xC0000005, dwRes is C0000005.
26/01/2007 19.26.32 SYSTEM 1552 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
26/01/2007 19.26.36 SYSTEM 1552 An error has occured while attempting to update. Please check the logs.
27/01/2007 9.14.56 SYSTEM 1552 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
27/01/2007 9.14.56 SYSTEM 1552 An error has occured while attempting to update. Please check the logs.
27/01/2007 9.55.19 SYSTEM 1552 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
27/01/2007 9.55.20 SYSTEM 1552 An error has occured while attempting to update. Please check the logs.
27/01/2007 10.32.12 SYSTEM 1560 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
27/01/2007 10.32.40 SYSTEM 1560 An error has occured while attempting to update. Please check the logs.
27/01/2007 10.55.55 SYSTEM 1560 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
27/01/2007 10.56.21 SYSTEM 1560 An error has occured while attempting to update. Please check the logs.
27/01/2007 14.58.56 SYSTEM 1560 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
27/01/2007 14.59.00 SYSTEM 1560 An error has occured while attempting to update. Please check the logs.
27/01/2007 20.59.39 SYSTEM 1560 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
27/01/2007 20.59.40 SYSTEM 1560 An error has occured while attempting to update. Please check the logs.
28/01/2007 10.32.39 SYSTEM 1560 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
28/01/2007 10.32.41 SYSTEM 1560 An error has occured while attempting to update. Please check the logs.
28/01/2007 15.52.06 SYSTEM 1568 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
28/01/2007 15.52.07 SYSTEM 1568 An error has occured while attempting to update. Please check the logs.
28/01/2007 20.22.12 SYSTEM 1568 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
28/01/2007 20.22.15 SYSTEM 1568 An error has occured while attempting to update. Please check the logs.
29/01/2007 13.31.31 SYSTEM 1564 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
29/01/2007 13.31.32 SYSTEM 1564 An error has occured while attempting to update. Please check the logs.
29/01/2007 18.09.05 SYSTEM 1564 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
29/01/2007 18.09.07 SYSTEM 1564 An error has occured while attempting to update. Please check the logs.
30/01/2007 14.00.11 SYSTEM 1572 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
30/01/2007 14.00.14 SYSTEM 1572 An error has occured while attempting to update. Please check the logs.
30/01/2007 18.02.04 SYSTEM 1552 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
30/01/2007 18.02.05 SYSTEM 1552 An error has occured while attempting to update. Please check the logs.
31/01/2007 9.02.51 SYSTEM 1572 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
31/01/2007 9.02.52 SYSTEM 1572 An error has occured while attempting to update. Please check the logs.
31/01/2007 15.06.29 SYSTEM 1572 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
31/01/2007 15.06.33 SYSTEM 1572 An error has occured while attempting to update. Please check the logs.
31/01/2007 21.07.27 SYSTEM 1572 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
31/01/2007 21.07.31 SYSTEM 1572 An error has occured while attempting to update. Please check the logs.
01/02/2007 7.39.40 SYSTEM 1564 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
01/02/2007 7.39.45 SYSTEM 1564 An error has occured while attempting to update. Please check the logs.
01/02/2007 11.52.50 SYSTEM 1564 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
01/02/2007 11.52.52 SYSTEM 1564 An error has occured while attempting to update. Please check the logs.
01/02/2007 17.54.16 SYSTEM 1564 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
01/02/2007 17.54.18 SYSTEM 1564 An error has occured while attempting to update. Please check the logs.
02/02/2007 9.12.31 SYSTEM 1580 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
02/02/2007 9.12.33 SYSTEM 1580 An error has occured while attempting to update. Please check the logs.
02/02/2007 13.48.29 SYSTEM 1564 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
02/02/2007 13.48.31 SYSTEM 1564 An error has occured while attempting to update. Please check the logs.
02/02/2007 17.55.49 SYSTEM 1564 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
02/02/2007 17.55.50 SYSTEM 1564 An error has occured while attempting to update. Please check the logs.
02/02/2007 22.01.05 SYSTEM 1564 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
02/02/2007 22.01.15 SYSTEM 1564 An error has occured while attempting to update. Please check the logs.
03/02/2007 9.10.47 SYSTEM 1568 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
03/02/2007 9.10.50 SYSTEM 1568 An error has occured while attempting to update. Please check the logs.
03/02/2007 13.17.21 SYSTEM 1568 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
03/02/2007 13.17.24 SYSTEM 1568 An error has occured while attempting to update. Please check the logs.
03/02/2007 19.45.29 SYSTEM 1568 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
03/02/2007 19.45.35 SYSTEM 1568 An error has occured while attempting to update. Please check the logs.
03/02/2007 23.47.53 SYSTEM 1568 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
03/02/2007 23.47.56 SYSTEM 1568 An error has occured while attempting to update. Please check the logs.
04/02/2007 10.09.45 SYSTEM 1568 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
04/02/2007 10.09.46 SYSTEM 1568 An error has occured while attempting to update. Please check the logs.
04/02/2007 14.15.11 SYSTEM 1568 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
04/02/2007 14.15.15 SYSTEM 1568 An error has occured while attempting to update. Please check the logs.
04/02/2007 20.13.04 SYSTEM 1568 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
04/02/2007 20.13.13 SYSTEM 1568 An error has occured while attempting to update. Please check the logs.
17/02/2007 22.33.30 SYSTEM 1556 Sign of "Win32:SdBot-4145 [Trj]" has been found in "http://www.stfup.eu/valentine_card.zip\valentine_card.jpg .ScR" file.
04/04/2007 17.16.25 querzola 1560 Sign of "Win32:Kuang2" has been found in "C:\DOCUME~1\querzola\IMPOST~1\Temp\{e91563b4-d9ec-11d5-a2bb-00606771b69d}\Inst881c.rra" file.
04/04/2007 17.17.05 querzola 1560 Sign of "Win32:Kuang2" has been found in "C:\DOCUME~1\querzola\IMPOST~1\Temp\{e91563b4-d9ec-11d5-a2bb-00606771b69d}\Inst2824.rra" file.
04/04/2007 17.17.23 querzola 1560 Sign of "Win32:Kuang2" has been found in "C:\DOCUME~1\querzola\IMPOST~1\Temp\{e91563b4-d9ec-11d5-a2bb-00606771b69d}\Inst6d4c.rra" file.
04/04/2007 17.18.09 querzola 1560 Sign of "Win32:Kuang2" has been found in "C:\DOCUME~1\querzola\IMPOST~1\Temp\{e91563b4-d9ec-11d5-a2bb-00606771b69d}\Inst20cd.rra" file.
04/04/2007 17.18.15 querzola 1560 Sign of "Win32:Kuang2" has been found in "C:\DOCUME~1\querzola\IMPOST~1\Temp\{e91563b4-d9ec-11d5-a2bb-00606771b69d}\InstDll.dll" file.
04/04/2007 17.18.18 querzola 1560 Sign of "Win32:Nimda [Drp]" has been found in "C:\DOCUME~1\querzola\IMPOST~1\Temp\{e91563b4-d9ec-11d5-a2bb-00606771b69d}\PAVC44a1.rra\[UPX]" file.
04/04/2007 17.18.21 querzola 1560 Sign of "Win32:Nimda [Drp]" has been found in "C:\DOCUME~1\querzola\IMPOST~1\Temp\{e91563b4-d9ec-11d5-a2bb-00606771b69d}\PAVCL.COM\[UPX]" file.
14/04/2007 15.24.01 querzola 3192 Function setifaceUpdatePackages() has failed. Return code is 0xC0000005, dwRes is C0000005.
14/04/2007 15.24.25 querzola 3192 Function setifaceUpdatePackages() has failed. Return code is 0xC0000005, dwRes is C0000005.
14/04/2007 15.24.42 querzola 3192 Function setifaceUpdatePackages() has failed. Return code is 0xC0000005, dwRes is C0000005.
08/05/2007 19.46.37 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc103.tmp" file.
08/05/2007 19.46.53 querzola 1448 Sign of "Win32:Delfr [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc104.tmp" file.
08/05/2007 19.46.58 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc105.tmp" file.
08/05/2007 19.47.02 querzola 1448 Sign of "Win32:Delfr [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc106.tmp" file.
08/05/2007 19.47.08 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc107.tmp" file.
08/05/2007 19.47.13 querzola 1448 Sign of "Win32:NetBus-17 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc108.tmp" file.
08/05/2007 19.47.18 querzola 1448 Sign of "Win32:NetBus-17 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc109.tmp" file.
08/05/2007 19.47.21 querzola 1448 Sign of "Win32:SdBot-3462 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc110.tmp" file.
08/05/2007 19.47.25 querzola 1448 Sign of "Win32:Delfr [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc111.tmp" file.
08/05/2007 19.47.28 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc112.tmp" file.
08/05/2007 19.47.32 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc113.tmp" file.
08/05/2007 19.47.34 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc114.tmp" file.
08/05/2007 19.47.40 querzola 1448 Sign of "Win32:Netbus-Q [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc115.tmp" file.
08/05/2007 19.47.43 querzola 1448 Sign of "Win32:Netbus-Q [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc116.tmp" file.
08/05/2007 19.47.46 querzola 1448 Sign of "Win32:SdBot-3462 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc117.tmp" file.
08/05/2007 19.47.50 querzola 1448 Sign of "Win32:SdBot-3462 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc118.tmp" file.
08/05/2007 19.47.54 querzola 1448 Sign of "Win32:NetBus-17 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc119.tmp" file.
08/05/2007 19.47.57 querzola 1448 Sign of "Win32:SdBot-3462 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc120.tmp" file.
08/05/2007 19.48.04 querzola 1448 Sign of "Win32:Netbus-Q [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc121.tmp" file.
08/05/2007 19.48.10 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc122.tmp" file.
08/05/2007 19.48.15 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc123.tmp" file.
08/05/2007 19.48.19 querzola 1448 Sign of "Win32:SdBot-3462 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc124.tmp" file.
08/05/2007 19.48.25 querzola 1448 Sign of "Win32:Delfr [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc125.tmp" file.
08/05/2007 19.49.01 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc126.tmp" file.
08/05/2007 19.49.08 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc127.tmp" file.
08/05/2007 19.49.12 querzola 1448 Sign of "Win32:SdBot-3462 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc128.tmp" file.
08/05/2007 19.49.16 querzola 1448 Sign of "Win32:Netbus-Q [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc129.tmp" file.
08/05/2007 19.49.20 querzola 1448 Sign of "Win32:Netbus-Q [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc130.tmp" file.
08/05/2007 19.49.28 querzola 1448 Sign of "Win32:NetBus-17 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc131.tmp" file.
08/05/2007 19.49.32 querzola 1448 Sign of "Win32:NetBus-17 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc132.tmp" file.
08/05/2007 19.49.35 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc133.tmp" file.
08/05/2007 19.49.39 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc134.tmp" file.
08/05/2007 19.49.43 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc135.tmp" file.
08/05/2007 19.49.48 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc136.tmp" file.
08/05/2007 19.49.52 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc137.tmp" file.
08/05/2007 19.49.55 querzola 1448 Sign of "Win32:SdBot-3462 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc138.tmp" file.
08/05/2007 19.49.58 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc139.tmp" file.
08/05/2007 19.50.02 querzola 1448 Sign of "Win32:Netbus-Q [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc140.tmp" file.
08/05/2007 19.50.06 querzola 1448 Sign of "Win32:NetBus-17 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc141.tmp" file.
08/05/2007 19.50.10 querzola 1448 Sign of "Win32:Netbus-Q [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc142.tmp" file.
08/05/2007 19.50.13 querzola 1448 Sign of "Win32:Trhunter [Tool]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc143.tmp\[ASPack]" file.
08/05/2007 19.50.18 querzola 1448 Sign of "Win32:Trhunter [Tool]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc144.tmp\[ASPack]" file.
08/05/2007 19.50.22 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc145.tmp" file.
08/05/2007 19.50.25 querzola 1448 Sign of "Win32:Trojan-gen. {Delphi}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc146.tmp" file.
08/05/2007 19.50.51 querzola 1448 Sign of "Win32:Trhunter [Tool]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc147.tmp\[ASPack]" file.
08/05/2007 19.50.59 querzola 1448 Sign of "Win32:NetBus-17 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc148.tmp" file.
08/05/2007 19.51.05 querzola 1448 Sign of "Win32:NetBus-17 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc149.tmp" file.
08/05/2007 19.51.25 querzola 1448 Sign of "Win32:Trojan-gen. {Delphi}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc150.tmp" file.
08/05/2007 19.53.57 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc151.tmp" file.
08/05/2007 19.54.08 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc152.tmp" file.
08/05/2007 19.54.13 querzola 1448 Sign of "Win32:Amitis-D [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc153.tmp" file.
08/05/2007 19.54.18 querzola 1448 Sign of "Win32:NetBus-17 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc154.tmp" file.
08/05/2007 19.54.22 querzola 1448 Sign of "Win32:Delfr [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc155.tmp" file.
08/05/2007 19.54.26 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc156.tmp" file.
08/05/2007 19.54.30 querzola 1448 Sign of "Win32:Amitis-D [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc157.tmp" file.
08/05/2007 19.54.34 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc158.tmp" file.
08/05/2007 19.54.38 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc159.tmp" file.
08/05/2007 19.54.42 querzola 1448 Sign of "Win32:Mhtplo-26 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc160.tmp" file.
08/05/2007 19.54.46 querzola 1448 Sign of "Win32:Delf-BIR [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc161.tmp" file.
08/05/2007 19.54.56 querzola 1448 Sign of "Win32:Prorat-B [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc162.tmp" file.
08/05/2007 19.55.00 querzola 1448 Sign of "Win32:Delf-BIR [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc163.tmp" file.
08/05/2007 19.55.05 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc164.tmp" file.
08/05/2007 19.57.50 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc387.tmp" file.
08/05/2007 19.58.05 querzola 1448 Sign of "Win32:NetBus-17 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc389.tmp" file.
08/05/2007 19.58.17 querzola 1448 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc390.tmp" file.
08/05/2007 19.58.21 querzola 1448 Sign of "Win32:SdBot-3462 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc391.tmp" file.
08/05/2007 19.58.32 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc392.tmp" file.
08/05/2007 19.58.36 querzola 1448 Sign of "Win32:Delfr [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc393.tmp" file.
08/05/2007 19.58.47 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc394.tmp" file.
08/05/2007 19.58.52 querzola 1448 Sign of "Win32:NetBus-17 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc395.tmp" file.
08/05/2007 19.59.18 querzola 1448 Sign of "JS:Gummy [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc401.tmp" file.
08/05/2007 19.59.25 querzola 1448 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc402.tmp" file.
08/05/2007 20.00.10 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc414.tmp" file.
08/05/2007 20.00.14 querzola 1448 Sign of "Win32:Prorat-B [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc415.tmp" file.
08/05/2007 20.00.17 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc416.tmp" file.
08/05/2007 20.00.23 querzola 1448 Sign of "Win32:Trojan-gen. {VB}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc417.tmp" file.
08/05/2007 20.00.29 querzola 1448 Sign of "HLLPc-Viropedia-7200" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc418.tmp" file.
08/05/2007 20.00.35 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc419.tmp" file.
08/05/2007 20.00.41 querzola 1448 Sign of "Win32:Mhtplo-26 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc420.tmp" file.
08/05/2007 20.00.57 querzola 1448 Sign of "Win32:NetBus-17 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc421.tmp" file.
08/05/2007 20.01.01 querzola 1448 Sign of "MS06-001 WMF Exploit" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc422.tmp" file.
08/05/2007 20.01.07 querzola 1448 Sign of "Win32:VB-AMN [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc423.tmp" file.
08/05/2007 20.01.13 querzola 1448 Sign of "HLLPc-Viropedia-7200" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc424.tmp" file.
08/05/2007 20.01.18 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc425.tmp" file.
08/05/2007 20.01.24 querzola 1448 Sign of "Win32:SdBot-3462 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc426.tmp" file.
08/05/2007 20.01.31 querzola 1448 Sign of "JS:Gummy [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc427.tmp" file.
08/05/2007 20.01.37 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc428.tmp" file.
08/05/2007 20.01.43 querzola 1448 Sign of "Win32:SdBot-3462 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc429.tmp" file.
08/05/2007 20.01.49 querzola 1448 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc430.tmp" file.
08/05/2007 20.01.55 querzola 1448 Sign of "Win32:SdBot-3462 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1060284298-789336058-682003330-1003\Dc431.tmp" file.
08/05/2007 20.35.05 querzola 73612 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\Documents and Settings\querzola\Impostazioni locali\Temp\D3E12.tmp\LMSetup2.exe" file.
08/05/2007 20.40.14 querzola 73612 Sign of "Win32:Perfloger-V [Trj]" has been found in "C:\Documents and Settings\querzola\Impostazioni locali\Temp\WER5552.dir00\EXCEL.EXE.hdmp" file.
08/05/2007 20.42.08 querzola 73612 Sign of "Win32:NGVCK-E" has been found in "C:\Documents and Settings\querzola\Impostazioni locali\Temp\WZSE0.TMP\Pav.sig" file.
08/05/2007 20.43.06 querzola 73612 Sign of "Win32:Kuang2" has been found in "C:\Documents and Settings\querzola\Impostazioni locali\Temp\{e91563b4-d9ec-11d5-a2bb-00606771b69d}\Inst6d4c.rra.vir" file.
08/05/2007 21.53.37 querzola 1804 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
...:::lukino:::...
Utente Junior
 
Post: 33
Iscritto il: 07/05/07 12:52

Postdi ...:::lukino:::... » 08/05/07 21:00

HKEY_LOCAL_MACHINE
Software
Microsof
Windows NT
CurrentVersion
Image file execution options
dopo aver cliccato sul segno + accanto alla voce in neretto, controlla tra le varie sottovoci dell'elenco a discesa la presenza di
explorer.exe



non c'è explorer.exe
...:::lukino:::...
Utente Junior
 
Post: 33
Iscritto il: 07/05/07 12:52

Postdi ...:::lukino:::... » 09/05/07 10:40

ecco il log di SDFix, cosa dice???



SDFix: Version 1.83

Run by querzola - 09/05/2007 - 11.18.08,78

Microsoft Windows XP [Versione 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Microsoft Workstation Services

ImagePath:
"C:\WINDOWS\system32\dllcache\wks-nt-xp.exe"

Microsoft Workstation Services - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\DOCUME~1\querzola\IMPOST~1\Temp\hdk4B.tmp - Deleted
C:\DOCUME~1\querzola\IMPOST~1\Temp\hdo4D.tmp - Deleted
C:\DOCUME~1\querzola\IMPOST~1\Temp\tmp*.tmp - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\BearShare\\BearShare.exe"="C:\\Programmi\\BearShare\\BearShare.exe:*:Disabled:BearShare"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\\Documents and Settings\\querzola\\Desktop\\DCPlusPlus.exe"="C:\\Documents and Settings\\querzola\\Desktop\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Programmi\\eMule\\emule.exe"="C:\\Programmi\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programmi\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Programmi\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\Programmi\\DC++\\DCPlusPlus.exe"="C:\\Programmi\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Programmi\\EA GAMES\\La Battaglia per la Terra di Mezzo(tm)\\game.dat"="C:\\Programmi\\EA GAMES\\La Battaglia per la Terra di Mezzo(tm)\\game.dat:*:Enabled:La Battaglia per la Terra di Mezzo™"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Esplora risorse"
"C:\\Programmi\\game.dat"="C:\\Programmi\\game.dat:*:Enabled:La Battaglia per la Terra di Mezzo™"
"C:\\Programmi\\iMesh5\\iMesh.exe"="C:\\Programmi\\iMesh5\\iMesh.exe:*:Enabled:iMesh 5"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.844\\WinMX.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.844\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Programmi\\iDC++\\iDCPlusPlus.exe"="C:\\Programmi\\iDC++\\iDCPlusPlus.exe:*:Enabled:iDC++"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.437\\WinMX.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.437\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.782\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.782\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX11.672\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX11.672\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.094\\Habbo Plus.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.094\\Habbo Plus.exe:*:Enabled:Habbo Plus"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.344\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.344\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX20.688\\Habbo Plus.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX20.688\\Habbo Plus.exe:*:Enabled:Habbo Plus"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX14.953\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX14.953\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"D:\\my download\\Habbo Plus 2.3.exe"="D:\\my download\\Habbo Plus 2.3.exe:*:Enabled:Habbo Plus 2.3"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX10.421\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX10.421\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.047\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.047\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.907\\Habbo Plus.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.907\\Habbo Plus.exe:*:Enabled:Habbo Plus"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.265\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.265\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX03.687\\Habbo Plus.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX03.687\\Habbo Plus.exe:*:Enabled:Habbo Plus"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.453\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.453\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.922\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.922\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX04.610\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX04.610\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"D:\\my download\\habbo\\Habbo Plus 2.3.exe"="D:\\my download\\habbo\\Habbo Plus 2.3.exe:*:Enabled:Habbo Plus 2.3"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.531\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.531\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"D:\\my download\\Habbo Plus.exe"="D:\\my download\\Habbo Plus.exe:*:Enabled:Habbo Plus"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.906\\Habbo Plus.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.906\\Habbo Plus.exe:*:Enabled:Habbo Plus"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.391\\Habbo Plus.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.391\\Habbo Plus.exe:*:Enabled:Habbo Plus"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.453\\Habbo Plus.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.453\\Habbo Plus.exe:*:Enabled:Habbo Plus"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.766\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.766\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.750\\Habbo Plus.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.750\\Habbo Plus.exe:*:Enabled:Habbo Plus"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX01.640\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX01.640\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.641\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.641\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.297\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.297\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.953\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.953\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.125\\Habbo Plus 2.4.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.125\\Habbo Plus 2.4.exe:*:Enabled:Habbo Plus 2.4"
"C:\\Documents and Settings\\querzola\\Desktop\\habbax\\Habbax.exe"="C:\\Documents and Settings\\querzola\\Desktop\\habbax\\Habbax.exe:*:Enabled:Habbax"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX04.109\\ValeX v2.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX04.109\\ValeX v2.exe:*:Enabled:Hacking Habbo"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.344\\ValeX v2.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.344\\ValeX v2.exe:*:Enabled:Hacking Habbo"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.657\\Habbax.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.657\\Habbax.exe:*:Enabled:Habbax"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.953\\ValeX v2.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.953\\ValeX v2.exe:*:Enabled:Hacking Habbo"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.391\\Habbax.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.391\\Habbax.exe:*:Enabled:Habbax"
"C:\\Documents and Settings\\querzola\\Desktop\\habax\\Habbax.exe"="C:\\Documents and Settings\\querzola\\Desktop\\habax\\Habbax.exe:*:Enabled:Habbax"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.547\\ValeX v2.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.547\\ValeX v2.exe:*:Enabled:Hacking Habbo"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.984\\Scriptox V12.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.984\\Scriptox V12.exe:*:Enabled:A Habbo Scripting Program™"
"D:\\my download\\Habbo Hotel - Scriptox V8.exe"="D:\\my download\\Habbo Hotel - Scriptox V8.exe:*:Enabled:A Habbo Hacking Program™"
"C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.782\\Scriptox V12.exe"="C:\\Documents and Settings\\querzola\\Impostazioni locali\\Temp\\Rar$EX00.782\\Scriptox V12.exe:*:Enabled:A Habbo Scripting Program™"
"C:\\Programmi\\BitTorrent\\bittorrent.exe"="C:\\Programmi\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Programmi\\Empire Earth II\\EE2.exe"="C:\\Programmi\\Empire Earth II\\EE2.exe:*:Enabled:Empire Earth II"
"C:\\WINDOWS\\Rar$EX00.797\\NetBuster.exe"="C:\\WINDOWS\\Rar$EX00.797\\NetBuster.exe:*:Enabled:NetBuster"
"C:\\WINDOWS\\TEMP$01.EXE"="C:\\WINDOWS\\TEMP$01.EXE:*:Enabled:TEMP$01"
"C:\\Documents and Settings\\querzola\\Desktop\\trojan\\Patch.bat.exe"="C:\\Documents and Settings\\querzola\\Desktop\\trojan\\Patch.bat.exe:*:Enabled:Patch.bat"
"C:\\WINDOWS\\Patch.bat.exe"="C:\\WINDOWS\\Patch.bat.exe:*:Disabled:Patch.bat"
"C:\\WINDOWS\\Rar$EX00.313\\Genius2\\Genius2.exe"="C:\\WINDOWS\\Rar$EX00.313\\Genius2\\Genius2.exe:*:Enabled:Genius 2"
"C:\\Programmi\\Internet Explorer\\iexplore.exe"="C:\\Programmi\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"D:\\my download\\hack\\proxyht.exe"="D:\\my download\\hack\\proxyht.exe:*:Enabled:ProxyHunter"
"C:\\Programmi\\Torque Game Engine Demo\\demo.exe"="C:\\Programmi\\Torque Game Engine Demo\\demo.exe:*:Enabled:demo"
"C:\\Programmi\\Remote-Anything\\Master.exe"="C:\\Programmi\\Remote-Anything\\Master.exe:*:Enabled:http://www.twd-industries.com"
"C:\\Programmi\\La Battaglia per la Terra di Mezzo(tm)\\game.dat"="C:\\Programmi\\La Battaglia per la Terra di Mezzo(tm)\\game.dat:*:Enabled:La Battaglia per la Terra di Mezzo"
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Programmi\\MSN Messenger\\msncall.exe"="C:\\Programmi\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programmi\\Electronic Arts\\La Battaglia per la Terra di Mezzo II\\game.dat"="C:\\Programmi\\Electronic Arts\\La Battaglia per la Terra di Mezzo II\\game.dat:*:Enabled:La Battaglia per la Terra di Mezzo™ II"
"C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programmi\\Empire Earth II\\Game Spy\\Aphex.exe"="C:\\Programmi\\Empire Earth II\\Game Spy\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Documents and Settings\\querzola\\Desktop\\Xfire\\Xfire.exe"="C:\\Documents and Settings\\querzola\\Desktop\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"D:\\Medal of Honor\\MOHAA.exe"="D:\\Medal of Honor\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"D:\\Condition Zero\\czero.exe"="D:\\Condition Zero\\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\\WINDOWS\\system32\\dllcache\\fswitch.exe"="C:\\WINDOWS\\system32\\dllcache\\fswitch.exe:*:Enabled:Fast Switching Compatibility"
"C:\\WINDOWS\\system32\\dllcache\\wks-nt-xp.exe"="C:\\WINDOWS\\system32\\dllcache\\wks-nt-xp.exe:*:Enabled:Microsoft Workstation Services"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmi\\MSN Messenger\\livecall.exe"="C:\\Programmi\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\dllcache\\Azureus.exe"="C:\\WINDOWS\\system32\\dllcache\\Azureus.exe:*:Enabled:Azureus Service"
"C:\\Programmi\\Skype\\Phone\\Skype.exe"="C:\\Programmi\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Programmi\\File comuni\\System\\skypetalk.exe"="C:\\Programmi\\File comuni\\System\\skypetalk.exe:*:Enabled:Windows Update"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\MSN Messenger\\msncall.exe"="C:\\Programmi\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmi\\MSN Messenger\\livecall.exe"="C:\\Programmi\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\!KillBox\fswitch.exe
C:\!KillBox\wks-nt-xp.exe
C:\WINDOWS\system32\dllcache\Azureus.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\cb8ec78c987a1d01b538e6d8b8eb987f\BIT1.tmp

Finished
...:::lukino:::...
Utente Junior
 
Post: 33
Iscritto il: 07/05/07 12:52

Postdi ...:::lukino:::... » 09/05/07 10:45

oltre al report ho notato che nella catella C:\!KillBox sono presenti fswitch e wks-nt-xp, se li elimino mi dice che sono file di sistema e che potri compromettere tutto, che faccio???
...:::lukino:::...
Utente Junior
 
Post: 33
Iscritto il: 07/05/07 12:52

Postdi ...:::lukino:::... » 09/05/07 10:51

e se può essere utile sono presenti anche in C:\WINDOWS\Prefetch però non sono .exe ma .Pf
...:::lukino:::...
Utente Junior
 
Post: 33
Iscritto il: 07/05/07 12:52

Postdi Luke57 » 09/05/07 12:02

Ciao, nella cartella di killbox sono inoffensivi, quelli nella cartella Prefetch eliminali, Ma adesso cme va il computer? Puoi postare un log di hijackthis dalla modalità normale?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi ...:::lukino:::... » 09/05/07 12:54

si però adesso si è creato un'altro problema, il pc funziona benissimo solo che dopo la scanzione con avasta ho notato che c'erano molti virus nella cartella in cui è istallato un'altro antivirus, panda.

allora sono andato ad eliminare panda da disinstallazione applicazioni e non me lo rimuove, così ho preferito fare manualmente con unlocker ho eliminato gli unici 3 file nella cartella, file dll, ora però non c'è più la linea di fastweb sul mio pc mentre su l'altro dei miei c'è, sto scrivendo da quello, come faccio a ripristinarlo, eliminando quei file devo aver fatto qualcosa, ma ora non li posso recuperare, che faccio???
...:::lukino:::...
Utente Junior
 
Post: 33
Iscritto il: 07/05/07 12:52

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "PROBLEMA V.IRUS ODIOSO":

problema blocco note
Autore: carlin
Forum: Software Windows
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 34 ospiti

cron