pedeolo

Utenti
  • Numero contenuti

    2
  • Iscritto

  • Ultima visita

Su pedeolo

  • Livello
    Iniziato
  • Compleanno 10/21/1980

Contact Methods

  • Website URL
    http://www.spilimbergo2.org
  1. Well, ho seguito le tue istruzioni :leggi: , ma il risultato finale è decisamente identico alla situazione iniziale! Di seguito il log del Gromozon Rootkit Removal Tool Removal tool loaded into memory Gromozon rootkit component not detected - searching for other components Scanning: C:\WINDOWS Scanning: C:\Programmi\File comuni Trojan.Gromozon does not exist - your system is clean. che mi smentisce clamorosamente! il Trojan.Linkoptimizer Removal Tool non funziona, nel senso che vuole girare solo in safe mode... ma in safe mode c'ero già, e non girava uguale! Infine, il Panda vede e rimuove il Rootkit, individuandolo come C:\WINDOWS\system32:lzx32.sys, ma ad ogni rimozione avverte che lo stesso è di nuovo presente e quindi consiglia di fare un'altra scansione... fatto, uguale a prima <_< e adesso?
  2. Salve! da diversi giorni il mio pc è "posseduto" verosimilmente dal Trojan.Win32.Rootkit.D Ho cercato e provato alcune procedure per disinfestare il computer, ma nonostante alcuni messaggi di successo a ogni riavvio VirIt mi comunica garrulo che il problema è sempre lì, con un file sospetto dal nome tipo \\?\C:\WINDOWS\system32:*** Se gentilmente qualcuno potesse aiutarmi... di seguito Hijackthis log Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 13.17.57, on 26/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Prevx1\PXAgent.exe C:\WINDOWS\System32\snmp.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\VEXPLITE\viritsvc.exe C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\VEXPLITE\MONLITE.EXE C:\Programmi\Prevx1\PXConsole.exe C:\virus\Softwin\BitDefender8\bdnagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\virus\Spybot - Search & Destroy\TeaTimer.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\eMule\emule.exe C:\Programmi\Microsoft Office\OFFICE11\EXCEL.EXE C:\PROGRA~1\MICROS~2\OFFICE11\OIS.EXE C:\Programmi\ABBYY FineReader 5.0 Sprint\Sprint.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe c:\virus\softwin\bitdefender8\bdmcon.exe C:\Documents and Settings\Giulio\Desktop\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O1 - Hosts: AmsServer O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\virus\SPYBOT~1\SDHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ppmate] C:\Programmi\PPMate\PPMate\ppmate.exe -autoplay O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe" O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Programmi\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe" O4 - HKLM\..\Run: [bDMCon] "C:\virus\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [bDNewsAgent] "C:\virus\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\virus\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [RoboForm] "C:\Programmi\Siber Systems\AI RoboForm\identities.exe" -fr O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Compila Modulo - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Personalizza - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RF Barra strumenti - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Salva Moduli - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF Barra strumenti - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\InterCAP\ActiveCGM\ActiveX\Acgm.cab O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing) O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Programmi\Prevx1\PXAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 9286 bytes