Visualizza messaggio singolo
Vecchio 03-04-2008, 20.04.56   #1
sikano
Newbie
 
L'avatar di sikano
 
Registrato: 03-04-2008
Messaggi: 3
sikano promette bene
Norman Malware Cleaner - AIUTO

Ciao a tutto il forum ed allo staff di wintricks... vi seguo da una vita
Non so se č questo il thread adatto.. nel caso mi scuso se ho sbagliato a postare.
Detto questo Vi pongo il mio problema:
ho eseguito il norman malware cleaner ed ho avuto la disattenzione di eseguirlo in modalitą normale (non provvisoria)
nella scansione ha rilevato un trojan che secondo lui andava cancellato (allego log) e nel contempo ha disabilitato alcune chiavi di registro
premetto che il nod32 non ha mai rilevato quel trojan e nessun altro tipo di trojan...
PROBLEMA... la connessione o almeno l'apertura della pagine di internet č lentissima. .spesso non si aprono, preciso che la pagina di WT mi si apriva la volo
allego il log dell'operazione effettuata dal Norman in modalita normale (non provvisoria). C'č UN MODO PER RIPRISTINARE TUTTO COME PRIMA?

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/03/09 20:10:13

Norman Scanner Engine Version: 5.91.10
Nvcbin.def Version: 5.90.00, Date: 2008/03/09 20:10:13, Variants: 1383781

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user:

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "D:\WINDOWS\system32\perfc000.dat" -> ""
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System -> DisableTaskMgr = 0x00000000
Removed registry value: HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\Policies\System -> DisableTaskMgr = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System -> NoDispAppearancePage = 0x00000000
Removed registry value: HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\Policies\System -> NoDispAppearancePage = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System -> NoDispBackgroundPage = 0x00000000
Removed registry value: HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\Policies\System -> NoDispBackgroundPage = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer -> NoActiveDesktopChanges = 0x00000000
Removed registry value: HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\Policies\Explorer -> NoActiveDesktopChanges = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer -> NoFolderOptions = 0x00000000
Removed registry value: HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\Policies\Explorer -> NoFolderOptions = 0x00000000

Scan started: 01/04/2008 18:27:07


Scanning running processes and process memory...

D:\WINDOWS\system32\winlogon.exe(1424) (d:\windows\system32\dataservice.dll!0x01C80000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\WINDOWS\system32\Ati2evxx.exe(1652) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe(908) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\WINDOWS\system32\svchost.exe(744) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\ESET\ESET Smart Security\ekrn.exe(1372) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE(388) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\WINDOWS\system32\oodag.exe(508) (d:\windows\system32\dataservice.dll!0x003D0000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\CyberLink\Shared Files\RichVideo.exe(396) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\WINDOWS\system32\Ati2evxx.exe(1048) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\WINDOWS\Explorer.EXE(1364) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\WINDOWS\system32\taskswitch.exe(2508) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\Creative\WebCam Control\CAMTRAY.EXE(2616) (d:\windows\system32\dataservice.dll!0x00950000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\ASUS\Ai Booster\OverClk.exe(2652) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\Java\jre1.6.0_05\bin\jusched.exe(2832 ) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE(2852) (d:\windows\system32\dataservice.dll!0x00C90000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\VistaDriveIcon\DrvIcon.exe(2864) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\IVT Corporation\BlueSoleil\BtTray.exe(2896) (d:\windows\system32\dataservice.dll!0x02090000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe(2908) (d:\windows\system32\dataservice.dll!0x01040000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe(2916) (d:\windows\system32\dataservice.dll!0x00A10000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\WINDOWS\system32\Rundll32.exe(3012) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\ESET\ESET Smart Security\egui.exe(3184) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\Messenger\msmsgs.exe(3228) (d:\windows\system32\dataservice.dll!0x10000000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\Windows Live\Messenger\MsnMsgr.Exe(3412) (d:\windows\system32\dataservice.dll!0x01A20000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

D:\Programmi\NLauncher\NLauncher.exe(3432) (d:\windows\system32\dataservice.dll!0x00B50000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

..seguono altri programmi rilevati con lo stesso trojan

D:\Programmi\JGsoft\EditPadLite\EditPad.exe(1100) (d:\windows\system32\dataservice.dll!0x00C00000) (Infected with W32/Agent.EAZV)
File marked for defered cleaning (reboot required)

Number of processes/threads found: 3411
Number of processes/threads scanned: 3410
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 0
Total scanning time: 1m 45s


Scanning file system...

Scanning: C:\*.*

C:\System Volume Information\_RESTO~1\RP353\A0144530.EXE (Infected with W32/DLoader.AISD)
Deleted file

C:\System Volume Information\_RESTO~1\RP353\A0144735.exe (Infected with Suspicious_F.gen)
Deleted file

C:\System Volume Information\_RESTO~1\RP358\A0166017.EXE (Infected with W32/DLoader.AISD)
Deleted file

C:\System Volume Information\_RESTO~1\RP358\A0166222.exe (Infected with Suspicious_F.gen)
Deleted file


Running post-scan cleanup routine:

Number of files found: 1799
Number of archives unpacked: 0
Number of files scanned: 1799
Number of files not scanned: 0
Number of files skipped due to exclude list: 0
Number of infected files found: 4
Number of infected files repaired/deleted: 4
Number of infections removed: 4
Total scanning time: 1m 40s

chiedo scusa per la lunghezza del post

PS
ho un portatile e l'apertura delle pagine č normale, quindi escludo un problema di connessione.

il file dataservice.ddl cosa č?

Grazie
sikano non č collegato   Rispondi citando