Il ritorno del virus chiudi finestre.
Ho un problema abbastanza serio: da qualche giorno qualche bacillo infame sta appestando il mio computer (xp pro sp2 ).
Impossibile usare hijack o cclean : me li chiude subito.
se cerco di digitare su google paroline come hijack idem.
Debbo arrendermi e abbraccaiare il fatal formattone o co sonno vie differenti?
Vi prego di darmi una mano.
Re: Il ritorno del virus chiudi finestre.
no, con molta probabilità sei affetto da qualche rootkit.Originariamente Scritto da windigo
scaricati questo tool dal seguente indirizzo http://depositfiles.com/files/704543
riavvia in modalità provvisoria e fai una scansione.
Re: Il ritorno del virus chiudi finestre.
NON TROVA NIENTE:
Launching Scan
Removing rootkit file...
Gromozon rootkit component not detected - searching for other components
Scanning: D:\Programmi\File comuni
Scanning Windows Directory...
Scanning Temporary files...
Trojan.Gromozon does not exist on the system.
Scan finished normally
For a detailed log, please refer to \gromozon_removal.log
ho fatto anche uno scan con rootkit revealer,che trova un pò di roba e parla di una API di windows che nasconde qualcosa, ecco il risultato:
HKU\S-1-5-21-1614895754-152049171-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\14 19\Shell\MinPos1024x768(1).x 15/03/2007 19.45 4 bytes Data mismatch between Windows API and raw hive data.
HKU\S-1-5-21-1614895754-152049171-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\14 19\Shell\MinPos1024x768(1).y 15/03/2007 19.45 4 bytes Data mismatch between Windows API and raw hive data.
HKU\S-1-5-21-1614895754-152049171-725345543-500\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 28/08/2006 21.46 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAC* 27/08/2006 22.28 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 27/08/2006 22.28 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 08/10/2006 10.10 0 bytes Access is denied.
D:\Documents and Settings\Administrator\Cookies\administrator@media .pc.ign[1].txt 10/03/2007 18.39 344 bytes Visible in Windows API, but not in MFT or directory index.
D:\Documents and Settings\Administrator\Cookies\administrator@media .pc.ign[2].txt 16/03/2007 22.24 379 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Cookies\administrator@stude nti.adbureau[1].txt 16/03/2007 21.27 287 bytes Visible in Windows API, but not in MFT or directory index.
D:\Documents and Settings\Administrator\Cookies\administrator@stude nti.adbureau[2].txt 16/03/2007 22.21 286 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Cookies\administrator@tgmon line.futuregamer[1].txt 16/03/2007 22.18 221 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Cookies\administrator@tgmon line.futuregamer[2].txt 16/03/2007 10.13 110 bytes Visible in Windows API, but not in MFT or directory index.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\15[1].gif 16/03/2007 22.19 209 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\CA09YTXA.gif 16/03/2007 22.18 43 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\club_icon[1].gif 16/03/2007 22.23 2.34 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\diva_728x90_mar07[1].swf 16/03/2007 22.18 14.27 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\header_search_google[1].gif 16/03/2007 22.23 3.55 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\img28.thumb[1].jpg 16/03/2007 22.18 6.13 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\img7.thumb[1].jpg 16/03/2007 22.18 3.07 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\loginbox[1].js 16/03/2007 22.23 3.37 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\mv_colcenter_bg[1].gif 16/03/2007 22.23 1.08 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\narutomania[1].htm 16/03/2007 22.19 46.19 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\pageid=1474321[1] 16/03/2007 22.21 3.28 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\related_tit[1].gif 16/03/2007 22.18 250 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\showthread[1].php 16/03/2007 22.21 31.82 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\showthread[3].htm 16/03/2007 22.21 175.00 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\27U7A1ER\the-witcher-20061222090103597_thumb[1].jpg 16/03/2007 22.24 21.98 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\20070316112144[1].htm 16/03/2007 22.18 47.53 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\avatar3882_1[1].gif 16/03/2007 22.21 4.67 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\button17_bg[1].gif 16/03/2007 22.23 855 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\content-multimedia,manga%20volume%2036%20to%2040[2].htm 16/03/2007 21.58 22.40 KB Visible in Windows API, but not in MFT or directory index.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\fimserve.ign[1].htm 16/03/2007 22.23 1.94 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\gametabs_gamenav_bg[1].gif 16/03/2007 22.24 77 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\ign_tmp_mediaimglist[1].css 16/03/2007 22.23 4.61 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\img12.thumb[1].jpg 16/03/2007 22.18 4.54 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\img21.thumb[1].jpg 16/03/2007 22.18 4.62 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\img31.thumb[1].jpg 16/03/2007 22.18 5.31 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\imgs_1[1].htm 16/03/2007 22.23 50.13 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\index3_02[1].jpg 16/03/2007 22.19 5.15 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\index_39[1].gif 16/03/2007 22.19 80 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\news_box_staffa1[1].gif 16/03/2007 22.18 222 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\news_box_staffa2[1].gif 16/03/2007 22.18 222 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\RTFM[1].jpg 16/03/2007 22.21 50.38 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\spacer[1].gif 16/03/2007 22.19 49 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\3P9BUEQ1\xbox_masseffect_030607_ thum[1].jpg 16/03/2007 22.23 3.02 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\1x1transparent[1].gif 16/03/2007 22.24 43 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\banner_top_valentino[1].jpg 16/03/2007 22.21 11.98 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\body_bg[1].gif 16/03/2007 22.23 1.07 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\icewind_160tgm_mar07[1].swf 16/03/2007 22.19 21.63 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\ico_info[1].gif 16/03/2007 22.23 248 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\icon_arrow[1].gif 16/03/2007 22.21 275 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\img10.thumb[1].jpg 16/03/2007 22.18 4.58 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\img20.thumb[1].jpg 16/03/2007 22.18 3.53 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\img30.thumb[1].jpg 16/03/2007 22.18 6.12 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\index3_03[1].jpg 16/03/2007 22.19 6.45 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\index_41[1].gif 16/03/2007 22.19 79 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\mv_colcenter_bg_title_t op[1].gif 16/03/2007 22.23 648 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\news_titolo[1].jpg 16/03/2007 22.18 12.97 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\the-witcher-20070315005710498_thumb[1].jpg 16/03/2007 22.24 20.18 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\4DO3GNKJ\trackmania_160tgm_mar07[1].swf 16/03/2007 22.22 21.70 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\f[1].js 16/03/2007 22.18 275 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\icon_biggrin[1].gif 16/03/2007 22.21 215 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\icon_club_list1100[1].gif 16/03/2007 22.23 374 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\ienefuturamasm5[1].jpg 16/03/2007 22.21 21.07 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\ign_grp_3[1].css 16/03/2007 22.23 87 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\img0.thumb[1].jpg 16/03/2007 22.18 4.33 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\img11.thumb[1].jpg 16/03/2007 22.18 4.68 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\img22.thumb[1].jpg 16/03/2007 22.18 4.49 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\img32.thumb[1].jpg 16/03/2007 22.18 5.51 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\index_22[1].gif 16/03/2007 22.19 73 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\index_42[1].gif 16/03/2007 22.20 114 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\leaderboard_bg[1].gif 16/03/2007 22.23 2.90 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\mv_colcenter_bg_title[1].gif 16/03/2007 22.23 351 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\sanremo_728x90_mar07[1].swf 16/03/2007 22.19 14.87 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\the-witcher-20070315005708811_thumb[1].jpg 16/03/2007 22.24 17.58 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\8L6J4PEJ\xml[1].gif 16/03/2007 22.24 429 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\avatar856_0[1].gif 16/03/2007 22.21 10.37 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\fable2_051106_thumb[1].jpg 16/03/2007 22.23 3.05 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\framebottom[1].gif 16/03/2007 22.24 2.35 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\hotbutton_6[1].js 16/03/2007 22.23 315 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\ign_chn_pc[1].css 16/03/2007 22.23 4.89 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\img13.thumb[1].jpg 16/03/2007 22.18 5.42 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\img24.thumb[1].jpg 16/03/2007 22.18 4.46 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\img3.thumb[1].jpg 16/03/2007 22.18 4.00 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\index_45[1].gif 16/03/2007 22.20 112 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\pageid=48156771[1] 16/03/2007 22.19 3.27 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\pageid=53599007[1] 16/03/2007 22.18 3.27 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\ps3_warhawk_030607_thum b[1].jpg 16/03/2007 22.23 2.89 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\sirotola[1].gif 16/03/2007 22.21 14.33 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\the-witcher-20070206112005230_thumb[1].jpg 16/03/2007 22.24 20.31 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\ultime10_tit[1].gif 16/03/2007 22.18 899 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C1QJC5QZ\vbulletin_md5[1].js 16/03/2007 22.19 9.75 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\CWM27[1].gif 16/03/2007 22.21 2.53 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\donatenow[1].jpg 16/03/2007 22.19 28.06 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\f[3].js 16/03/2007 22.20 275 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\gametabs_btn_images_on[1].gif 16/03/2007 22.23 2.84 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\hotbuttons_bg[1].gif 16/03/2007 22.23 2.86 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\ichhabs07g_2007-kleidung-g-star_an-nj_120x600[1].gif 16/03/2007 22.18 17.92 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\icon9[1].gif 16/03/2007 22.19 1.03 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\img17.thumb[1].jpg 16/03/2007 22.18 4.58 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\img6.thumb[1].jpg 16/03/2007 22.18 3.74 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\index_12[1].gif 16/03/2007 22.19 111 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\locked_pages[1].js 16/03/2007 22.23 45.77 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\m=1174080065233&PageId= 1174080065233&ct=js&r=http$3A$2F$2Fforumtgmonline$ 2Efuturegamer$2Eit$2Fvb$2Fshowthread$2Ephp$3Ft$3D3 1875$26page$3D4&property=i 16/03/2007 22.23 2 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\pageid=1474321[1] 16/03/2007 22.21 3.96 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\tgmonline.futuregamer[1].htm 16/03/2007 22.17 47.14 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\FXEIWTAW\the-witcher-20061222090101972_thumb[1].jpg 16/03/2007 22.24 19.39 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\flashwrite_1_2[1].js 16/03/2007 22.23 801 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\icon_rolleyes[1].gif 16/03/2007 22.21 307 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\ign[1].css 16/03/2007 22.23 33.68 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\ignent_footer_333333[1].gif 16/03/2007 22.24 843 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\img15.thumb[1].jpg 16/03/2007 22.18 4.48 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\img26.thumb[1].jpg 16/03/2007 22.18 5.50 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\img4.thumb[1].jpg 16/03/2007 22.18 4.46 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\index_31[1].gif 16/03/2007 22.19 81 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\littelbigplanet_flash[1].jpg 16/03/2007 22.23 1.94 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\nmanga[1].htm 16/03/2007 22.20 24.99 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\pageid=53599007[1] 16/03/2007 22.18 3.28 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\sigpic33683_2[1].gif 16/03/2007 22.21 44.14 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\the-witcher-20061222090100519_thumb[1].jpg 16/03/2007 22.24 20.54 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\the-witcher-20070315005705030_thumb[1].jpg 16/03/2007 22.23 23.49 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KX8PUPCL\vb[1].htm 16/03/2007 22.19 215.89 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\4[1].gif 16/03/2007 22.19 167 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\content-multimedia,manga%20volume%2036%20to%2040[1].htm 16/03/2007 22.18 22.38 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\f[1].js 16/03/2007 22.21 275 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\frame_bg[1].gif 16/03/2007 22.23 1.23 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\gametabs_btn_videos[1].gif 16/03/2007 22.23 4.17 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\icewind_300tgm_mar07[1].swf 16/03/2007 22.18 18.65 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\img18.thumb[1].jpg 16/03/2007 22.18 5.12 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\img29.thumb[1].jpg 16/03/2007 22.18 5.98 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\img8.thumb[1].jpg 16/03/2007 22.18 4.94 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\index_16[1].gif 16/03/2007 22.19 100 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\mv_colcenter_bg_top[1].gif 16/03/2007 22.23 7.37 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\nav_arrow[1].gif 16/03/2007 22.23 46 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\sanremo_728x90_mar07[1].swf 16/03/2007 22.22 14.87 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\style[1].css 16/03/2007 22.19 1.92 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\the-witcher-20061222090105066_thumb[1].jpg 16/03/2007 22.24 19.32 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5OPABKH\zanichelli[1].gif 16/03/2007 22.21 9.04 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\355dl[1].jpg 16/03/2007 22.21 81.29 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\ad_advertisementtxt[1].gif 16/03/2007 22.23 386 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\avatar19803_0[1].gif 16/03/2007 22.21 4.71 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\avatar33683_1[1].gif 16/03/2007 22.21 3.20 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\CACTIBO9.gif 16/03/2007 22.18 43 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\crysis_050406_thumb[1].jpg 16/03/2007 22.23 3.44 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\donatenow2[1].jpg 16/03/2007 22.20 21.17 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\EVE_IntQ107_728x90b[1].swf 16/03/2007 22.23 48.39 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\f[2].js 16/03/2007 22.19 275 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\img1.thumb[1].jpg 16/03/2007 22.18 3.04 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\img23.thumb[1].jpg 16/03/2007 22.18 4.37 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\img33.thumb[1].jpg 16/03/2007 22.18 5.56 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\index3_04[1].jpg 16/03/2007 22.19 13.33 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\index_23[1].gif 16/03/2007 22.19 73 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\mv_colcenter_bg_bot[1].gif 16/03/2007 22.24 931 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\the-witcher-20070315005712123_thumb[1].jpg 16/03/2007 22.24 19.50 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\O5Y34HI3\vb[1].htm 16/03/2007 19.37 218.76 KB Visible in Windows API, but not in MFT or directory index.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\468x60(2)[1].gif 16/03/2007 22.18 7.49 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\CAXSCF1H.php%3Ft%3D3187 5%26page%3D4&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw =1024&u_cd=32&u_tz=60&u_java=true 16/03/2007 22.24 3.34 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\f[2].js 16/03/2007 22.17 275 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\firmasakkiotiammazzorth 9[1].gif 16/03/2007 22.21 10.45 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\header_search_bg_pc[1].gif 16/03/2007 22.23 3.53 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\icon_club_list0[1].gif 16/03/2007 22.23 321 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\img19.thumb[1].jpg 16/03/2007 22.18 3.24 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\img9.thumb[1].jpg 16/03/2007 22.18 4.58 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\index_18[1].gif 16/03/2007 22.19 99 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\index_33[1].gif 16/03/2007 22.19 81 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\logoufficialeforumyb8[1].gif 16/03/2007 22.21 9.41 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\mastheadnav_bg[1].gif 16/03/2007 22.23 1.40 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\okka8[1].gif 16/03/2007 22.21 230.79 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\pageid=48156771[1] 16/03/2007 22.19 3.96 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\tgmonline.futuregamer[1].htm 16/03/2007 21.27 47.14 KB Visible in Windows API, but not in MFT or directory index.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\trackmania_160tgm_mar07[1].swf 16/03/2007 22.18 21.70 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9CJM165\trackmania_160tgm_mar07[2].swf 16/03/2007 22.18 21.70 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\UPW18B27\85percent[1].gif 16/03/2007 22.19 1.65 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\UPW18B27\avatar18921_0[1].gif 16/03/2007 22.21 4.23 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\UPW18B27\B2199652[2].5;sz=728x90;ord=bKzcAsA,bcWwcsbeutfhm 16/03/2007 22.23 3.31 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\UPW18B27\footernav_bg[1].gif 16/03/2007 22.24 202 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\UPW18B27\icon_cool[1].gif 16/03/2007 22.21 221 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\UPW18B27\ignweekly_060206_thumb[1].jpg 16/03/2007 22.23 3.46 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\UPW18B27\img14.thumb[1].jpg 16/03/2007 22.18 4.42 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\UPW18B27\img2.thumb[1].jpg 16/03/2007 22.18 5.08 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\UPW18B27\img25.thumb[1].jpg 16/03/2007 22.18 6.25 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\UPW18B27\index3_05[1].jpg 16/03/2007 22.19 10.82 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\UPW18B27\news_box_down[1].gif 16/03/2007 22.19 1.72 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\UPW18B27\pageid=53599007[1] 16/03/2007 22.18 348 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\UPW18B27\the-witcher-20070206112007840_thumb[1].jpg 16/03/2007 22.24 14.86 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\UPW18B27\tools[1].js 16/03/2007 22.23 8.91 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\1x1transparent[1].png 16/03/2007 22.23 153 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\avatar22481_8[1].gif 16/03/2007 22.21 19.28 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\bg_img1[1].jpg 16/03/2007 22.19 60.11 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\data[1].js 16/03/2007 22.23 11.78 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\forumdisplay[1].htm 16/03/2007 18.41 112.26 KB Visible in Windows API, but not in MFT or directory index.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\forumdisplay[2].htm 16/03/2007 22.20 112.05 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\icewind_728tgm_mar07[1].swf 16/03/2007 22.18 20.46 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\icon14[1].gif 16/03/2007 22.19 1023 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\img16.thumb[1].jpg 16/03/2007 22.18 4.50 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\img27.thumb[1].jpg 16/03/2007 22.18 5.39 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\img5.thumb[1].jpg 16/03/2007 22.18 3.76 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\index_10[1].gif 16/03/2007 22.19 111 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\lookaround[1].gif 16/03/2007 22.21 223 bytes Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\masthead[1].gif 16/03/2007 22.23 26.17 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\the-witcher-20070206112009761_thumb[1].jpg 16/03/2007 22.24 20.05 KB Hidden from Windows API.
D:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\VTV8KYEA\the-witcher-20070315005707030_thumb[1].jpg 16/03/2007 22.23 17.81 KB Hidden from Windows API.
Re: Il ritorno del virus chiudi finestre.
prova questo http://info.prevx.com/downloadprevx1.asp
e anche avg antirootkit
al posto di rootkitrevealer prova gmer.
Re: Il ritorno del virus chiudi finestre.
istallando prevx1 il computer non parte : avevo istallati virit e panda , sarà stato questo?
Cmq ti ringrazio per l'assistenza : sei davvero gentilissimo!
Re: Il ritorno del virus chiudi finestre.
nel frattempo sono riuscito con un trucchetto a far girare icesword, purtroppo non riesco a tirare fuori un report, ma ecco tre "istantanee" dell'analisi:
Re: Il ritorno del virus chiudi finestre.
di nulla figurati: probabile che siano entrati in conflitto
Re: Il ritorno del virus chiudi finestre.
sembra pulito il log di icesword.
e se provassi a fare una scansione da qui http://www.ewido.net/en/onlinescan/
Re: Il ritorno del virus chiudi finestre.
ma ho avg anti-spyware 7.5 installato, non è lo stesso?sembra pulito il log di icesword.
e se provassi a fare una scansione da qui http://www.ewido.net/en/onlinescan/
Re: Il ritorno del virus chiudi finestre.
Cmq ho usato un programmino molto interessante si chiama Rootkit Hook Analyzer ( http://www.resplendence.com/hookanalyzer ) che mi ha dato iuna serie positivi nel report, che si riconducono a dei moduli (sptd.sys, guard.sys , PavSRK.sys ).
Ora , assodato che non sono impazzito, come elimino il problema?
Re: Il ritorno del virus chiudi finestre.
teoricamente sì, ma nei fatti dovrebbe essere leggermente più aggiornato.
Re: Il ritorno del virus chiudi finestre.
il punto è che se non troviamo il nome di ciò che ti ha infettato non ne usciamoCmq ho usato un programmino molto interessante si chiama Rootkit Hook Analyzer ( http://www.resplendence.com/hookanalyzer ) che mi ha dato iuna serie positivi nel report, che si riconducono a dei moduli (sptd.sys, guard.sys , PavSRK.sys ).
Ora , assodato che non sono impazzito, come elimino il problema?
fai girare anche queto tool http://depositfiles.com/files/706238 metti la spunta a elimina ficheros.
Re: Il ritorno del virus chiudi finestre.
Alla fine ho risolto formattando.
grazie cmq per l'aiuto!
Re: Il ritorno del virus chiudi finestre.
ok di nulla
Permessi di Scrittura
Rispondi Citando
