problema urgentissimo - Sicurezza Informatica pagina 4 NoTrace Security Forum

NoTrace Security Forum

Nome Utente:	Password:
Salva Password
Password Dimenticata?

Tutti i Forum

Off-Topic

Altre Discussioni

problema urgentissimo

Forum Bloccato

Versione Stampabile

Aggiungi Segnalibro

Pagina Precedente | Pagina Successiva

Autore

Discussione

Pagina: di 5

n/a
deleted

Città: eh eh ti piacerebbe saperlo

2419 Messaggi

Inserito il - 21/11/2005 : 16:39:06

avvia il pc normalmente...e poi

pannello di controllo..ecc..ecc..-->servizi..e lasci windows installer in manuale e provi ad avviarlo.....con me ha funzionato...ma non devi fare niente altro chiudi tutto mentre attivi il servizio...

ciaooo

n/a
deleted

1470 Messaggi

Inserito il - 21/11/2005 : 16:54:37

se win installer ti dà errore prova così

Start - esegui digita cmd e invio
nel Prompt dei comandi digita msiexec /unregister e INVIO
poi
digita msiexec /regserver e INVIO

rikkkardo
Average Member

Città: e

79 Messaggi

Inserito il - 21/11/2005 : 17:01:33

ho provato a caricarlo manualmente ma nulla se scrivo msiexec /unregister e INVIO mi compare un pagina d windows istaller e se scrivo digita msiexec /regserver e INVIO stessa pagina io ho premuto ok ma il problema persiste

n/a
deleted

1470 Messaggi

Inserito il - 21/11/2005 : 18:02:09

forse ti sei sbagliato a digitare prima fai così
Start - Esegui - digita cmd e premi invio

ti compare la finestra del prompt (quella nera) lì digita questo

msiexec /unregister e premi invio

dopo digita

msiexec /regserver e premi invio

Ma adesso non vorrei che tu abbia scaricato una versione non compatibile con il tuo win (hai il 2000 vero)
vedo cosa trovo e poi ti faccio sapere

rikkkardo
Average Member

Città: e

79 Messaggi

Inserito il - 21/11/2005 : 18:12:47

ho xp home edition cmq ho scritto bene :D

rikkkardo
Average Member

Città: e

79 Messaggi

Inserito il - 21/11/2005 : 18:20:17

finalmente funziona alleluja :D

rikkkardo
Average Member

Città: e

79 Messaggi

Inserito il - 21/11/2005 : 18:36:43

però tutti i virus che elimino o le spy con ad aware difender o fixxare con hjk sembra si ricreino ieri era tutto perfetto e oggi hjk da modalità normale mi dc questo:
Logfile of HijackThis v1.99.1
Scan saved at 18.35.15, on 21/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\dfrgfat32.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\msdt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\nvideogui.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\pnpmgr.exe
C:\WINDOWS\System32\Rpcmon.exe
C:\WINDOWS\shost.exe
C:\WINDOWS\system32\pnpsp2fix.exe
C:\WINDOWS\system32\wincntrl.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\msnull.exe
C:\WINDOWS\System32\notepaad.exe
C:\WINDOWS\TEMP\MG.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
c:\progra~1\mozill~1\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\rik\Impostazioni locali\Temp\Directory temporanea 3 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt*://runonce.msn[.com]/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt*://gw.aliceadsl.it/home
O1 - Hosts: 255.255.255.255 ar.atwola[.com] atdmt[.com] avp.ch avp[.com] avp.ru awaps.net ca[.com] dispatch.mcafee[.com] download.mcafee[.com] download.microsoft[.com] downloads.microsoft[.com] engine.awaps.net f-secure[.com] ftp.f-secure[.com] ftp.sophos[.com] go.microsoft[.com] liveupdate.symantec[.com] mast.mcafee[.com] mcafee[.com] msdn.microsoft[.com] my-etrust[.com] nai[.com] networkassociates[.com] office.microsoft[.com] phx.corporate-ir.net secure.nai[.com] securityresponse.symantec[.com] service1.symantec[.com] sophos[.com] spd.atdmt[.com] support.microsoft[.com] symantec[.com] update.symantec[.com] updates.symantec[.com] us.mcafee[.com] vil.nai[.com] viruslist.ru windowsupdate.microsoft[.com] [www].avp.ch [www].avp[.com] [www].avp.ru [www].awaps.net [www].ca[.com] [www].f-secure[.com] [www].kaspersky.ru [www].mcafee[.com] [www].my-etrust[.com] [www].nai[.com] [www].networkassociates[.com] [www].sophos[.com] [www].symantec[.com] [www].trendmicro[.com] [www].viruslist[.com] [www].viruslist.ru [www]3.ca[.com]
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\vturp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\pmkjj.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sqsoizlspP`T\wsjuzkv] C:\WINDOWS\System32\johjfcpftwddj.exe
O4 - HKLM\..\Run: [odtjyr] C:\WINDOWS\System32\ywdblr.exe
O4 - HKLM\..\Run: [Microsoft SDKb] msnull.exe
O4 - HKLM\..\Run: [Audio Driver] C:\WINDOWS\System32\msadrv.exe
O4 - HKLM\..\Run: [notes] notepaad.exe
O4 - HKLM\..\Run: [Media Gateway] C:\WINDOWS\TEMP\MG.exe
O4 - HKLM\..\RunServices: [sqsoizlspP`T\wsjuzkv] C:\WINDOWS\System32\johjfcpftwddj.exe
O4 - HKLM\..\RunServices: [odtjyr] C:\WINDOWS\System32\ywdblr.exe
O4 - HKLM\..\RunServices: [Microsoft SDKb] msnull.exe
O4 - HKLM\..\RunServices: [notes] notepaad.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft SDKb] msnull.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - htt*://housecall60.trendmicro[.com]/housecall/xscan60 .cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - htt*://go.microsoft[.com]/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A8D361D-34F6-4100-8DE9-DCD9F0186A57}: NameServer = 85.37.17.57 151.99.125.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\System32\pmkjj.dll
O20 - Winlogon Notify: vturp - C:\WINDOWS\SYSTEM32\vturp.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Managing FAT and NTFS partitions (Defragmentation Manager) - Unknown owner - C:\WINDOWS\System32\dfrgfat16.exe (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: Microsoft Distributed Transaction (MSDT) - Unknown owner - C:\WINDOWS\msdt.exe
O23 - Service: NetBIOS Helper Service (NetBIOS Helper) - Unknown owner - C:\WINDOWS\System32\nbthlp.exe (file missing)
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)
O23 - Service: Nvidia Graphic Displacement (nvideoGUI) - Unknown owner - C:\WINDOWS\nvideogui.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Universal Plug and Play Manager (PnP Manager) - Unknown owner - C:\WINDOWS\System32\pnpmgr.exe
O23 - Service: Remote Procedure Call (RPC) Monitoring (RpcMon) - Unknown owner - C:\WINDOWS\System32\Rpcmon.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe
O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe
O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINDOWS\System32\upnpdrv.exe (file missing)
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
poi ieri con ad aware avevo 0 spy oggi 60 e manco son andato molto su internet su difender ricompaioni i soliti 3-4 virus d prima anche si dice che li ha eliminati come mai?:(

n/a
deleted

1470 Messaggi

Inserito il - 21/11/2005 : 20:06:14

Riavvia dalla provvisoria,disabilita ripristino sistema e lancia HJK fixa le voci qui sotto riportate

C:\WINDOWS\System32\dfrgfat32.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\msdt.exe
C:\WINDOWS\nvideogui.exe
C:\WINDOWS\System32\pnpmgr.exe
C:\WINDOWS\System32\Rpcmon.exe
C:\WINDOWS\shost.exe
C:\WINDOWS\system32\pnpsp2fix.exe
C:\WINDOWS\system32\wincntrl.exe
C:\WINDOWS\System32\msnull.exe
C:\WINDOWS\System32\notepaad.exe
C:\WINDOWS\TEMP\MG.exe

O1 - Hosts: 255.255.255.255 ar.atwola[.com] atdmt[.com] avp.ch avp[.com] avp.ru awaps.net ca[.com] dispatch.mcafee[.com] download.mcafee[.com] download.microsoft[.com] downloads.microsoft[.com] engine.awaps.net f-secure[.com] ftp.f-secure[.com] ftp.sophos[.com] go.microsoft[.com] liveupdate.symantec[.com] mast.mcafee[.com] mcafee[.com] msdn.microsoft[.com] my-etrust[.com] nai[.com] networkassociates[.com] office.microsoft[.com] phx.corporate-ir.net secure.nai[.com] securityresponse.symantec[.com] service1.symantec[.com] sophos[.com] spd.atdmt[.com] support.microsoft[.com] symantec[.com] update.symantec[.com] updates.symantec[.com] us.mcafee[.com] vil.nai[.com] viruslist.ru windowsupdate.microsoft[.com] [www].avp.ch [www].avp[.com] [www].avp.ru [www].awaps.net [www].ca[.com] [www].f-secure[.com] [www].kaspersky.ru [www].mcafee[.com] [www].my-etrust[.com] [www].nai[.com] [www].networkassociates[.com] [www].sophos[.com] [www].symantec[.com] [www].trendmicro[.com] [www].viruslist[.com] [www].viruslist.ru [www]3.ca[.com]
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\vturp.dll
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\pmkjj.dll
O4 - HKLM\..\Run: [odtjyr] C:\WINDOWS\System32\ywdblr.exe
O4 - HKLM\..\Run: [Microsoft SDKb] msnull.exe
O4 - HKLM\..\Run: [Audio Driver] C:\WINDOWS\System32\msadrv.exe
O4 - HKLM\..\Run: [notes] notepaad.exe
O4 - HKLM\..\Run: [Media Gateway] C:\WINDOWS\TEMP\MG.exe
O4 - HKLM\..\RunServices: [sqsoizlspP`T\wsjuzkv] C:\WINDOWS\System32\johjfcpftwddj.exe
O4 - HKLM\..\RunServices: [odtjyr] C:\WINDOWS\System32\ywdblr.exe
O4 - HKLM\..\RunServices: [Microsoft SDKb] msnull.exe
O4 - HKLM\..\RunServices: [notes] notepaad.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft SDKb] msnull.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - htt*://housecall60.trendmicro[.com]/housecall/xscan60 .cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - htt*://go.microsoft[.com]/fwlink/?linkid=39204
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\System32\pmkjj.dll
O20 - Winlogon Notify: vturp - C:\WINDOWS\SYSTEM32\vturp.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Managing FAT and NTFS partitions (Defragmentation Manager) - Unknown owner - C:\WINDOWS\System32\dfrgfat16.exe (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Microsoft Distributed Transaction (MSDT) - Unknown owner - C:\WINDOWS\msdt.exe
O23 - Service: NetBIOS Helper Service (NetBIOS Helper) - Unknown owner - C:\WINDOWS\System32\nbthlp.exe (file missing)
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)
O23 - Service: Nvidia Graphic Displacement (nvideoGUI) - Unknown owner - C:\WINDOWS\nvideogui.exe
O23 - Service: Universal Plug and Play Manager (PnP Manager) - Unknown owner - C:\WINDOWS\System32\pnpmgr.exe
O23 - Service: Remote Procedure Call (RPC) Monitoring (RpcMon) - Unknown owner - C:\WINDOWS\System32\Rpcmon.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe
O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe
O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINDOWS\System32\upnpdrv.exe (file missing)
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Sempre dalla provvisoria lancia una scansione con spyboot dopo lancia regedit e controlla queste chiavi

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunEx
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

guarda nel pannello di destra se c'è una chiave che richiama qualcuno dei file nelle prime righe

se c'è qualcuno fai clik sopra col dx e sul menù a tendina clikka "Elimina"

dopo riavvia lancia una scansione con bitdefender , lancia anche reegseeker e dopo rifai un log con HJK

Però dopo lo posti perchè dalle ultime info che ti ho dato ho solo visto una scansione con bit defender in cui si nota (disinfect failed...move failed pertanto non ha rimosso niente).
Attendo il tuo Log

rikkkardo
Average Member

Città: e

79 Messaggi

Inserito il - 05/12/2005 : 19:00:33

scusate l'assenza ma il lavoro mi uccide;D pultroppo ogni volta che elimino un problema ne viene fuori un altro ora ogni volta che mi connetto ad internet si apre una pagina dos cmd.exe e mi scrive:
c:\>winapi32.exe
c:\>winapi64.exe
dopo di che tutto il pc va lentissimo ho provato col dos del/q ma mi dicon accesso negato manualmente nemmeno con tutti gli antipy o antivirus nulla :|

n/a
deleted

1470 Messaggi

Inserito il - 05/12/2005 : 19:59:08

Vai quì htt*://[www].notrace.it/forum2/topic.asp?TOPIC_ID=4901 e segui le istruzioni.
dopo posta un log di HJK

rikkkardo
Average Member

Città: e

79 Messaggi

Inserito il - 05/12/2005 : 20:25:53

fatto tutto anke da prima ma il problema persiste comunque ecco il log:
Logfile of HijackThis v1.99.1
Scan saved at 20.24.39, on 05/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wuapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\rik\Impostazioni locali\Temp\Directory temporanea 6 per hijackthis.zip\HijackThis.exe

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\vturp.dll
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\pmkjj.dll
O4 - HKLM\..\Run: [Compaqs Service Driver] copypad32.exe
O4 - HKLM\..\Run: [Microsoft SDKb] mswinsdl.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Programmi\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [notes] notes.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe
O4 - HKLM\..\RunServices: [notes] notes.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft SDKb] msnull.exe
O4 - HKCU\..\Run: [MSN Checker] msnchecker.exe
O4 - HKCU\..\Run: [Norton Antivirus] nortonav.exe
O4 - HKCU\..\Run: [Compaqs Service Driver] copypad32.exe
O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe
O4 - HKCU\..\RunServices: [Norton Antivirus] nortonav.exe
O4 - HKCU\..\RunServices: [Compaqs Service Driver] copypad32.exe
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\System32\pmkjj.dll
O20 - Winlogon Notify: vturp - C:\WINDOWS\SYSTEM32\vturp.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cmlr\command.exe
O23 - Service: Managing FAT and NTFS partitions (Defragmentation Manager) - Unknown owner - C:\WINDOWS\System32\dfrgfat16.exe (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe (file missing)
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Microsoft Distributed Transaction (MSDT) - Unknown owner - C:\WINDOWS\msdt.exe
O23 - Service: NetBIOS Helper Service (NetBIOS Helper) - Unknown owner - C:\WINDOWS\System32\nbthlp.exe (file missing)
O23 - Service: Nvidia Graphic Displacement (nvideoGUI) - Unknown owner - C:\WINDOWS\nvideogui.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Universal Plug and Play Manager (PnP Manager) - Unknown owner - C:\WINDOWS\System32\pnpmgr.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Monitoring (RpcMon) - Unknown owner - C:\WINDOWS\System32\Rpcmon.exe (file missing)
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe
O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe (file missing)
O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINDOWS\System32\upnpdrv.exe (file missing)
O23 - Service: Windows Logon (winlog) - Unknown owner - C:\WINDOWS\winlog.exe (file missing)
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

n/a
deleted

1470 Messaggi

Inserito il - 05/12/2005 : 20:43:04

E' infernale riccardo. scarica questo prog. da quì htt*://[www].h3.dion.ne.jp/~sole/Yoghi/Guide/Files/Escan/escan.html e vediamo cosa ti toglie (c'è anche una guida per usarlo) e dopo posta un'altro log

n/a
deleted

Città: eh eh ti piacerebbe saperlo

2419 Messaggi

Inserito il - 05/12/2005 : 22:06:38

uauu riki..ma li produci anche o tu sei solo il vettore di tutti sti virus????

come fai a prenderti sempre tutte ste schifezze..e il bello è che ne hai sempre di nuove..incredibile..
segui il consiglio di alex..e poi bisogna rivedere le tue difese che non sono proprio delle migliori....

ciaoooooooo

rikkkardo
Average Member

Città: e

79 Messaggi

Inserito il - 06/12/2005 : 01:45:03

e si me li becco tutti io comunque il log di questo antivirus è gigantesco nn me lo fà ne allegare ne incollare però ora il pc va normale ho fatto la scansione con tutto sempre che solo wuapi.exe sia rimasto

rikkkardo
Average Member

Città: e

79 Messaggi

Inserito il - 07/12/2005 : 01:37:12

questo è quello ke mi preoccupa sul log
Mon Dec 05 22:53:30 2005 => ***** Scanning Memory Files *****
Mon Dec 05 22:53:30 2005 => Scanning File C:\WINDOWS\system32\services.exe
Mon Dec 05 22:53:31 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Mon Dec 05 22:53:31 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Dec 05 22:53:31 2005 => Scanning File C:\WINDOWS\System32\wuapi.exe
Mon Dec 05 22:53:31 2005 => Process C:\WINDOWS\system32\wuapi.exe Found running in Memory...
Mon Dec 05 22:53:31 2005 => *** Killing Infected Process C:\WINDOWS\System32\wuapi.exe...
Mon Dec 05 22:53:32 2005 => *** Process still running!!! Trying again to kill C:\WINDOWS\System32\wuapi.exe...
Mon Dec 05 22:53:34 2005 => *** Process still running!!! Trying again to kill C:\WINDOWS\System32\wuapi.exe...
Mon Dec 05 22:53:35 2005 => *** Process still running!!! Trying again to kill C:\WINDOWS\System32\wuapi.exe...
Mon Dec 05 22:53:36 2005 => *** Process still running!!! Trying again to kill C:\WINDOWS\System32\wuapi.exe...
Mon Dec 05 22:53:37 2005 => *** Process still running!!! Trying again to kill C:\WINDOWS\System32\wuapi.exe...
Mon Dec 05 22:53:39 2005 => *** Process still running!!! Trying again to kill C:\WINDOWS\System32\wuapi.exe...
Mon Dec 05 22:53:40 2005 => *** Process still running!!! Trying again to kill C:\WINDOWS\System32\wuapi.exe...
Mon Dec 05 22:53:41 2005 => *** Process still running!!! Trying again to kill C:\WINDOWS\System32\wuapi.exe...
Mon Dec 05 22:53:42 2005 => *** Process still running!!! Trying again to kill C:\WINDOWS\System32\wuapi.exe...
Mon Dec 05 22:53:43 2005 => *** Process still running!!! Trying again to kill C:\WINDOWS\System32\wuapi.exe...
Mon Dec 05 22:53:43 2005 => *** Unable to kill process :-( Virus still in memory!
Mon Dec 05 22:53:43 2005 => File C:\WINDOWS\System32\wuapi.exe infected by "Backdoor.Win32.Codbot.az" Virus. Action Taken: File Renamed.

Pagina: di 5

Discussione

Pagina Precedente | Pagina Successiva

Forum Bloccato

Versione Stampabile

Aggiungi Segnalibro

Vai a:

NoTrace Security Forum

Pagina generata in 0,27 secondi.

TargatoNA | SuperDeeJay | Snitz Forums 2000