NoTrace Security Forum

NoTrace Security Forum
Home | Discussioni Attive | Discussioni Recenti | Segnalibro | Msg privati | Utenti | Download | cerca | faq | RSS | Security Chat
Nome Utente:
 Password:
Salva Password
Password Dimenticata?

 Tutti i Forum
 Off-Topic
 Altre Discussioni
 problema urgentissimo		  Forum Bloccato
 Versione Stampabile Bookmark this Topic Aggiungi Segnalibro
I seguenti utenti stanno leggendo questo Forum Qui c'è:
Pagina Precedente
Autore Discussione Precedente Discussione Discussione Successiva
Pagina: di 5

n/a
deleted



1470 Messaggi

Inserito il - 07/12/2005 : 09:07:43  Mostra Profilo
Avvia in provvisoria e lancia task manager. seleziona il servizio C:\WINDOWS\System32\wuapi.exe e fai clik su termina processo.

poi Start-esegui e digira CMD e invio
digita poi C:\WINDOWS\System32 e invio.
dopo digita del wuapi.exe.

Vediamo a questo punto se ti permette di cancellarlo. se l'operazione riesce rilancia una scansione per eliminare i residui del virus.

Posta come è andata
Torna all'inizio della Pagina

rikkkardo
Average Member

Città: e


79 Messaggi
Inserito il - 07/12/2005 : 21:22:16  Mostra Profilo
allora se lo elimino con task si ricrea immediatamente dopo poi piu passa il tempo piu cresce (velocemente) di dimensione nel task in quanto memoria utilizzata con cmd mi dà accesso negato
Torna all'inizio della Pagina

rikkkardo
Average Member

Città: e


79 Messaggi
Inserito il - 07/12/2005 : 22:50:12  Mostra Profilo
ho fatto una scansione cn biidefender e semrba ke ogni volta ke rimuove un irus si ricrea:
//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 07/12/2005 21:25:34
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\
Folders : 3666
Files : 220100
Archives : 7779
Packed files : 10579
Identified viruses : 26
Infected files : 117
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 18
Copied files : 0
Moved files : 79
Renamed files : 0
I/O errors : 26
Scan time : 01:03:35
Scan speed (files/sec) : 57

Virus definitions : 232757
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\p.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\p.exe Disinfection failed
C:\p.exe Moved
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\4ZYJADKP\Z12123-A[1].exe=>(RAR Sfx o)=>G1.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\4ZYJADKP\Z12123-A[1].exe=>(RAR Sfx o)=>G1.reg=>(unicode) Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\4ZYJADKP\Z12123-A[1].exe=>(RAR Sfx o)=>D3.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\4ZYJADKP\Z12123-A[1].exe=>(RAR Sfx o)=>D3.reg=>(unicode) Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\4ZYJADKP\Z12123-A[1].exe=>(RAR Sfx o)=>F2.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\4ZYJADKP\Z12123-A[1].exe=>(RAR Sfx o)=>F2.reg=>(unicode) Disinfection failed
C:\WINDOWS\system32\i Infected Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\system32\i Deleted
C:\WINDOWS\system32\dllsys64.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\WINDOWS\system32\dllsys64.exe Disinfection failed
C:\WINDOWS\system32\dllsys64.exe Moved
C:\WINDOWS\system32\wincntrl.exe Infected Backdoor.RBot.FBU
C:\WINDOWS\system32\wincntrl.exe Disinfection failed
C:\WINDOWS\system32\wincntrl.exe Moved
C:\WINDOWS\system32\wuapi.exe Infected GenPack:Backdoor.SDBot.89EA8A4D
C:\WINDOWS\system32\wuapi.exe Disinfection failed
C:\WINDOWS\system32\wuapi.exe Move failed
C:\WINDOWS\system32\notes.exe Infected Backdoor.SDBot.1F291570
C:\WINDOWS\system32\notes.exe Deleted
C:\WINDOWS\system32\MSFW2.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\WINDOWS\system32\MSFW2.exe Disinfection failed
C:\WINDOWS\system32\MSFW2.exe Moved
C:\WINDOWS\system32\notes.exe.mwt Infected Backdoor.SDBot.1F291570
C:\WINDOWS\system32\notes.exe.mwt Deleted
C:\WINDOWS\system32\wuamkp.exe.mwt Infected Backdoor.RBot.B075A784
C:\WINDOWS\system32\wuamkp.exe.mwt Deleted
C:\WINDOWS\system32\notepaad.exe Infected Backdoor.SDBot.99D12D38
C:\WINDOWS\system32\notepaad.exe Deleted
C:\WINDOWS\system32\crease.exe Infected Backdoor.RBot.B7E61FFA
C:\WINDOWS\system32\crease.exe Deleted
C:\WINDOWS\system32\servic.exe Infected GenPack:Backdoor.RBot.5075F4D2
C:\WINDOWS\system32\servic.exe Disinfection failed
C:\WINDOWS\system32\servic.exe Moved
C:\WINDOWS\system32\netdrvr.exe Infected GenPack:Backdoor.SDBot.D30CD0BC
C:\WINDOWS\system32\netdrvr.exe Disinfection failed
C:\WINDOWS\system32\netdrvr.exe Moved
C:\WINDOWS\system32\dfrgfat32.exe Infected Backdoor.SdBot.AFU
C:\WINDOWS\system32\dfrgfat32.exe Disinfection failed
C:\WINDOWS\system32\dfrgfat32.exe Move failed
C:\WINDOWS\system32\eraseme_68453.exe Infected Backdoor.SDBot.6E2373D1
C:\WINDOWS\system32\eraseme_68453.exe Deleted
C:\WINDOWS\system32\pnpmgr.exe Infected GenPack:Backdoor.SDBot.76EA9D9D
C:\WINDOWS\system32\pnpmgr.exe Disinfection failed
C:\WINDOWS\system32\pnpmgr.exe Moved
C:\WINDOWS\system32\wuapi.exe.mwt Infected GenPack:Backdoor.SDBot.89EA8A4D
C:\WINDOWS\system32\wuapi.exe.mwt Disinfection failed
C:\WINDOWS\system32\wuapi.exe.mwt Moved
C:\WINDOWS\system32\eraseme_33087.exe.mwt Infected Backdoor.SDBot.6E2373D1
C:\WINDOWS\system32\eraseme_33087.exe.mwt Deleted
C:\WINDOWS\system32\netdrvr.exe.mwt Infected GenPack:Backdoor.SDBot.D30CD0BC
C:\WINDOWS\system32\netdrvr.exe.mwt Disinfection failed
C:\WINDOWS\system32\netdrvr.exe.mwt Moved
C:\WINDOWS\sysmgr64.exe Infected Backdoor.SDBot.6E2373D1
C:\WINDOWS\sysmgr64.exe Deleted
C:\WINDOWS\dllmgr64.exe Infected GenPack:Backdoor.SDBot.03BF8965
C:\WINDOWS\dllmgr64.exe Disinfection failed
C:\WINDOWS\dllmgr64.exe Moved
C:\WINDOWS\MsHS64.exe Infected GenPack:Backdoor.SDBot.68391002
C:\WINDOWS\MsHS64.exe Disinfection failed
C:\WINDOWS\MsHS64.exe Moved
C:\WINDOWS\G1.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\WINDOWS\G1.reg=>(unicode) Disinfection failed
C:\WINDOWS\G1.reg Moved
C:\WINDOWS\D3.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\WINDOWS\D3.reg=>(unicode) Disinfection failed
C:\WINDOWS\D3.reg Moved
C:\WINDOWS\F2.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\WINDOWS\F2.reg=>(unicode) Disinfection failed
C:\WINDOWS\F2.reg Moved
C:\WINDOWS\sysmgr64.exe.mwt Infected Backdoor.SDBot.6E2373D1
C:\WINDOWS\sysmgr64.exe.mwt Deleted
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\Y0PV8VK0\msutil64[1].exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\Y0PV8VK0\msutil64[1].exe Disinfection failed
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\Y0PV8VK0\msutil64[1].exe Moved
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\Y0PV8VK0\send_car_int[1].htm.mwt Infected Exploit.Html.Codebase.Exec.Gen
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\Y0PV8VK0\send_car_int[1].htm.mwt Disinfection failed
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\Y0PV8VK0\send_car_int[1].htm.mwt Moved
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\GXQRSXMR\p[1].exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\GXQRSXMR\p[1].exe Disinfection failed
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\GXQRSXMR\p[1].exe Moved
C:\Documents and Settings\rik\Impostazioni locali\Temporary Internet Files\Content.IE5\05Q7496N\servic[1].exe Infected GenPack:Backdoor.RBot.5075F4D2
C:\Documents and Settings\rik\Impostazioni locali\Temporary Internet Files\Content.IE5\05Q7496N\servic[1].exe Disinfection failed
C:\Documents and Settings\rik\Impostazioni locali\Temporary Internet Files\Content.IE5\05Q7496N\servic[1].exe Moved
C:\Documents and Settings\rik\Impostazioni locali\Temporary Internet Files\Content.IE5\9VQ3SEL4\Z12123-A[1].exe=>(RAR Sfx o)=>G1.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\Documents and Settings\rik\Impostazioni locali\Temporary Internet Files\Content.IE5\9VQ3SEL4\Z12123-A[1].exe=>(RAR Sfx o)=>G1.reg=>(unicode) Disinfection failed
C:\Documents and Settings\rik\Impostazioni locali\Temporary Internet Files\Content.IE5\9VQ3SEL4\Z12123-A[1].exe=>(RAR Sfx o)=>D3.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\Documents and Settings\rik\Impostazioni locali\Temporary Internet Files\Content.IE5\9VQ3SEL4\Z12123-A[1].exe=>(RAR Sfx o)=>D3.reg=>(unicode) Disinfection failed
C:\Documents and Settings\rik\Impostazioni locali\Temporary Internet Files\Content.IE5\9VQ3SEL4\Z12123-A[1].exe=>(RAR Sfx o)=>F2.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\Documents and Settings\rik\Impostazioni locali\Temporary Internet Files\Content.IE5\9VQ3SEL4\Z12123-A[1].exe=>(RAR Sfx o)=>F2.reg=>(unicode) Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP55\A0108878.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP55\A0108878.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP55\A0108878.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP55\A0108879.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP55\A0108879.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP55\A0108879.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP55\A0108880.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP55\A0108880.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP55\A0108880.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP55\A0108882.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP55\A0108882.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP55\A0108882.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118146.exe.mwt Infected GenPack:Backdoor.SDBot.89EA8A4D
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118146.exe.mwt Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118146.exe.mwt Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118149.exe.mwt Infected GenPack:Backdoor.SDBot.D30CD0BC
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118149.exe.mwt Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118149.exe.mwt Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118151.exe.mwt Infected Backdoor.SDBot.6E2373D1
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118151.exe.mwt Deleted
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118204.exe.mwt Infected Backdoor.RBot.B075A784
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118204.exe.mwt Deleted
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118230.exe.mwt Infected Backdoor.SDBot.1F291570
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118230.exe.mwt Deleted
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118312.exe.mwt Infected Backdoor.SDBot.6E2373D1
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118312.exe.mwt Deleted
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118362.exe.mwt Infected GenPack:Backdoor.SDBot.89EA8A4D
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118362.exe.mwt Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118362.exe.mwt Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118363.exe.mwt Infected Dropped:Trojan.Deletme.A
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118363.exe.mwt Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118363.exe.mwt Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118364.exe.mwt Infected Backdoor.SDBot.BAH
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118364.exe.mwt Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118364.exe.mwt Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118366.exe.mwt Infected Backdoor.RBot.FBU
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118366.exe.mwt Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118366.exe.mwt Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118367.exe.mwt Infected GenPack:Backdoor.RBot.CD19010A
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118367.exe.mwt Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118367.exe.mwt Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118369.exe.mwt Infected Backdoor.SDBot.BBB
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118369.exe.mwt Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118369.exe.mwt Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118370.exe.mwt Infected Backdoor.SdBot.AFU
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118370.exe.mwt Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118370.exe.mwt Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118371.exe.mwt Infected GenPack:Backdoor.SDBot.76EA9D9D
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118371.exe.mwt Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118371.exe.mwt Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118373.exe.mwt Infected GenPack:Backdoor.SDBot.D30CD0BC
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118373.exe.mwt Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118373.exe.mwt Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>is.exe Infected Trojan.Dropper.ConHook.N
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>is.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>is.exe Move failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>low.exe Infected Trojan.LowZones.C
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>low.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>low.exe Move failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>xe.exe Infected Trojan.Downloader.Adload.J
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>xe.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>xe.exe Move failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>tb.exe Infected Trojan.Muldrop.Lomix
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>tb.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>tb.exe Move failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>mmxateam.exe Infected Trojan.Muldrop.Lomix
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>mmxateam.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>mmxateam.exe Move failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>IELower.exe Infected BehavesLike:Trojan.LowZones
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>IELower.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118376.exe=>(RAR Sfx o)=>IELower.exe Move failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118398.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118398.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118398.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118399.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118399.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0118399.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0119398.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0119398.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0119398.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120404.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120404.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120404.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120412.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120412.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120412.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120432.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120432.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120432.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120436.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120436.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120436.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120462.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120462.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120462.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120478.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120478.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120478.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120496.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120496.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0120496.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0121495.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0121495.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0121495.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0121508.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0121508.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0121508.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0121512.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0121512.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0121512.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122509.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122509.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122509.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122510.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122510.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122510.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122511.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122511.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122511.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122512.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122512.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122512.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122517.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122517.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122517.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122518.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122518.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP61\A0122518.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122525.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122525.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122525.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122526.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122526.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122526.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122541.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122541.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122541.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122542.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122542.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122542.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122549.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122549.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122549.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122550.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122550.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0122550.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123546.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123546.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123546.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123547.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123547.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123547.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123559.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123559.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123559.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123560.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123560.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123560.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123569.exe=>(RAR Sfx o)=>G1.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123569.exe=>(RAR Sfx o)=>G1.reg=>(unicode) Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123569.exe=>(RAR Sfx o)=>D3.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123569.exe=>(RAR Sfx o)=>D3.reg=>(unicode) Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123569.exe=>(RAR Sfx o)=>F2.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123569.exe=>(RAR Sfx o)=>F2.reg=>(unicode) Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123570.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123570.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123570.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123571.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123571.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123571.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123586.exe=>(RAR Sfx o)=>G1.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123586.exe=>(RAR Sfx o)=>G1.reg=>(unicode) Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123586.exe=>(RAR Sfx o)=>D3.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123586.exe=>(RAR Sfx o)=>D3.reg=>(unicode) Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123586.exe=>(RAR Sfx o)=>F2.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123586.exe=>(RAR Sfx o)=>F2.reg=>(unicode) Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123587.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123587.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123587.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123588.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123588.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0123588.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124592.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124592.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124592.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124594.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124594.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124594.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124595.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124595.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124595.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124596.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124596.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124596.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124602.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124602.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124602.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124603.exe Infected Backdoor.SDBot.1F291570
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124603.exe Deleted
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124604.exe Infected Backdoor.SDBot.99D12D38
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124604.exe Deleted
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124605.exe Infected Backdoor.RBot.B7E61FFA
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124605.exe Deleted
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124606.exe Infected GenPack:Backdoor.RBot.5075F4D2
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124606.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124606.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124607.exe Infected Backdoor.SDBot.6E2373D1
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124607.exe Deleted
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124608.exe Infected GenPack:Backdoor.SDBot.76EA9D9D
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124608.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124608.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124609.exe Infected GenPack:Backdoor.SDBot.03BF8965
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124609.exe Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124609.exe Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124610.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124610.reg=>(unicode) Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124610.reg Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124611.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124611.reg=>(unicode) Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124611.reg Moved
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124612.reg=>(unicode) Infected Trojan.WinREG.LowZones.H
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124612.reg=>(unicode) Disinfection failed
C:\System Volume Information\_restore{F654BAED-B614-4C31-8A5A-E05538ED0DC9}\RP62\A0124612.reg Moved
C:\msutil64.exe Infected GenPack:Trojan.Proxy.Ranky.Gen
C:\msutil64.exe Disinfection failed
C:\msutil64.exe Moved
C:\sp.exe Infected GenPack:Backdoor.RBot.5075F4D2
C:\sp.exe Disinfection failed
C:\sp.exe Moved
Torna all'inizio della Pagina

n/a
deleted



1470 Messaggi
Inserito il - 07/12/2005 : 23:04:17  Mostra Profilo
Posta subito un log di HJK che togliamo quella chiamata
Torna all'inizio della Pagina

rikkkardo
Average Member

Città: e


79 Messaggi
Inserito il - 08/12/2005 : 00:28:48  Mostra Profilo
Logfile of HijackThis v1.99.1
Scan saved at 0.27.28, on 08/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\rik\Impostazioni locali\Temp\Directory temporanea 7 per hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt*://gw.aliceadsl.it/home
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\pmkjj.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\System32\pmkjj.dll
O20 - Winlogon Notify: vturp - vturp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Managing FAT and NTFS partitions (Defragmentation Manager) - Unknown owner - C:\WINDOWS\System32\dfrgfat16.exe (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe (file missing)
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: MsHS64 - Unknown owner - C:\WINDOWS\MsHS64.exe (file missing)
O23 - Service: NetBIOS Helper Service (NetBIOS Helper) - Unknown owner - C:\WINDOWS\System32\nbthlp.exe (file missing)
O23 - Service: Network DRV (NTDRV) - Unknown owner - C:\WINDOWS\system32\netdrvr.exe (file missing)
O23 - Service: Nvidia Graphic Displacement (nvideoGUI) - Unknown owner - C:\WINDOWS\nvideogui.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPC) Monitoring (RpcMon) - Unknown owner - C:\WINDOWS\System32\Rpcmon.exe (file missing)
O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe (file missing)
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)
O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINDOWS\System32\upnpdrv.exe (file missing)
O23 - Service: Windows Logon (winlog) - Unknown owner - C:\WINDOWS\winlog.exe (file missing)
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Torna all'inizio della Pagina

n/a
deleted



1470 Messaggi
Inserito il - 08/12/2005 : 09:46:45  Mostra Profilo
Avvia normalmente e vai in Start-programmi-strumenti di amministrazione-servizi.

cerca "Aggiornamenti Automatici" lo selezioni e in alto a Sx compare un link con "Arresta il servizio" cliccaci sopra e lo fermi,dopo fai doppio clik sulla riga del servizio e nella finestra che ti compare al centro seleziona "Tipo di avvio" su Manuale
La stessa cosa la devi fare per questi servizi
"NetBIOS Helper Service"
Per gli altri servizi vai quì e scarica il file PDF e setta i servizi come indicato htt*://rapidshare.de/files/7936725/Processi_e_servizi_da_disabilitare.pdf.html
vai in fondo alla pagina e clikka su FREE, dopo ti appare una schermata e sempre in fondo devi inserire delle lettere (in rosso) e clikka su start download. Scaricato il file metti a posto i servizi come indicato.(vai sicuro l'ho fatto io è pulito),per mettere a posto i servizi fai come hai fatto poco sopra.(attento a disabilitare solo i servizi che sono specificati nel file che scarichi)

Dopo riavvia in provvisoria, Disabilita ripristino di configurazione e lancia HJK, fixa queste voci.

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\pmkjj.dll
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\System32\pmkjj.dll
O20 - Winlogon Notify: vturp - vturp.dll (file missing)
O23 - Service: Managing FAT and NTFS partitions (Defragmentation Manager) - Unknown owner - C:\WINDOWS\System32\dfrgfat16.exe (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe (file missing)
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: MsHS64 - Unknown owner - C:\WINDOWS\MsHS64.exe (file missing)
O23 - Service: Network DRV (NTDRV) - Unknown owner - C:\WINDOWS\system32\netdrvr.exe (file missing)
O23 - Service: Nvidia Graphic Displacement (nvideoGUI) - Unknown owner - C:\WINDOWS\nvideogui.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Monitoring (RpcMon) - Unknown owner - C:\WINDOWS\System32\Rpcmon.exe (file missing)
O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe (file missing)
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)
O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINDOWS\System32\upnpdrv.exe (file missing)
O23 - Service: Windows Logon (winlog) - Unknown owner - C:\WINDOWS\winlog.exe (file missing)
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe
adesso vai in Start-esegui e digita Regedit
naviga fino a queste chiavi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunEx
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

cerca se ci sono chiamate a pmkjj.dll , vturp.dll.(guarda se hai altre chiamate di prog. che non conosci,eventualmente postale)

svuota il cestino,vai in impostazioni internet (pannello di controllo) e svuota cookies e file temp.

Riavvia il sistema. lancia una scansione con SpybootS&D e dopo pulisci il registro con Regseeker.

Disinstalla Bitdefender lancia Regseeker e dopo reinstallalo,aggiornalo e lancia una scansione. sposta HJK in una cartella a lui dedicata (C:\Hujacthis) sopratutto se usi P2P,Chat & Co., (dentro al log hai un Dos Exploit) per cui devi mettere IMMEDIATAMENTE un FW., metti quello che vuoi ma mettilo.

finito tutto questo posta un nuovo log.
Torna all'inizio della Pagina
Pagina: di 5 Discussione Precedente Discussione Discussione Successiva  
Pagina Precedente

 Forum Bloccato
 Versione Stampabile Bookmark this Topic Aggiungi Segnalibro
Vai a:
NoTrace Security Forum
 © Nazzareno Schettino
RSS NEWS 		Torna all'inizio della Pagina
Pagina generata in 0,32 secondi. TargatoNA | SuperDeeJay | Snitz Forums 2000