Pagina 1 di 2 12 UltimaUltima
Risultati da 1 a 10 di 11

Discussione: Browser bloccato - infezione in corso

  1. #1
    Data Registrazione
    07 2008
    Messaggi
    5

    Predefinito Browser bloccato - infezione in corso

    Ciao,
    ho Internet Explorer praticamente inutilizzabile. All'apertura del programma apare una finestra con la scritta:
    "Un sito web sta tentando di aprire contenuto web utilizzando questo programma. Questo programma verrà aperto al di fuori della modalità protetta.
    Nome del processo host di Windows (rundll32)
    c:\windows\system32\MSCTX32.dll "

    E qui il programma si blocca.

    Ho già effettuato la scansione con Antivir, ma senza risolvere il problema.

    Ecco il log di Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19.05.57, on 18/07/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\WgaTray.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lol-online.info/websearch/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.htpgoogle.com/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search4top.net/0410/ie.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: as Class - {95B187DB-43C8-4AC7-AF7F-C93B79D21F1A} - C:\Windows\system32\MSCTX32.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: pp Class - {89286D74-1E06-4AE0-8AEE-4D4363D5D814} - C:\Windows\system32\MSCTX32.dll
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://elefilippi.spaces.live.com/Ph...PUpldit-it.cab
    O16 - DPF: {95B187DB-43C8-4AC7-AF7F-C93B79D21F1A} (as Class) - http://www.lol-online.info/websearch/MSCTX32.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHan dler.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8827 bytes


    Grazie per l'aiuto!

  2. #2

    Predefinito

    scarica ATF cleaner
    http://www.atribune.org/ccount/click.php?id=1

    scarica avenger
    http://swandog46.geekstogo.com/avenger2/download.php
    estrai lo zip dove vuoi

    apri the avenger, Togli la spunta da "scan for rootkits"
    e scrivi:
    files to delete:
    C:\Windows\system32\SearchFilterHost.exe


    e premi excute. Rispondi affermativamente ad entrambi gli avvisi. Se il pc non si riavvia fallo te.

    avvia ATF cleaner premi su "select all" e poi premi "empty selected".

    dopo scrivi nel forum il contenuto del file di testo C:\avenger.txt
    in C:\ si crea anche la cartella avenger con i backup di ciò che ha eliminato

    P.S. disconnettiti da internet e disattiva tutti i programmi (antivirus incluso) quando esegui queste operazioni inoltre invia questo file:
    C:\Windows\system32\conime.exe
    qui
    http://www.virustotal.com/it/
    e riporta eventuali rilevazioni

    ciao

  3. #3
    Data Registrazione
    07 2008
    Messaggi
    5

    Predefinito

    Ho eseguito le tue indicazioni, il problema persiste.

    Ecco il contenuto del file avenger.txt

    <<<<<<<<<<<<<<<<!!!!!!!!!!!!!!!!!!!!

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File "C:\Windows\system32\SearchFilterHost.exe" deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    <<<<<<<<<<<<<<<<<<<<<<!!!!!!!!

    E questo è il report di virustotal.com


    File conime.exe ricevuto il 2008.07.23 11:57:36 (CET)
    Stato corrente: finito

    Risultato: 0/35 (0%)

    Informazioni addizionali
    File size: 68608 bytes
    MD5...: 05cb3da78a4bbd9b799a5957f9d101cc
    SHA1..: a012c3a14e8117d3b68c215101a84de10b33e0f5
    SHA256: 1448b75e3921e0f3f20949b7db089a392c30e1c22275ee3fdd 3fa9824cc08433
    SHA512: 2df27b6ad1585ff00392173d81ad39aeea213f897fdc5b88e9 b84fcbcaa6ad06
    581af3409e4476f21fa920fedd8fa7f1dc782b2be8dc7e1c00 3b1f0cce8878fe
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x100eace
    timedatestamp.....: 0x4549ae78 (Thu Nov 02 08:38:16 2006)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0xf026 0xf200 6.57 7ae3bb5d5b355e5b762a724216c3f620
    .data 0x11000 0x56c 0x200 3.36 7cfde319aae420bde9bc45b57c06e8bf
    .rsrc 0x12000 0x8d0 0xa00 2.88 bcf997ca70576d60c5fec089748b0126
    .reloc 0x13000 0x9ae 0xa00 5.77 16276b8751326a8b42850e5ecd78bb87

    ( 10 imports )
    > ADVAPI32.dll: RegQueryValueExW, RegOpenKeyExW, RegCloseKey
    > KERNEL32.dll: lstrlenA, RegisterConsoleIME, InterlockedExchange, MultiByteToWideChar, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, GetVersionExW, InterlockedDecrement, InterlockedIncrement, lstrlenW, WideCharToMultiByte, GetCommandLineW, RegisterApplicationRestart, HeapSetInformation, OpenEventW, SetEvent, CloseHandle, GetCurrentThreadId, GetACP, LocalAlloc, LocalReAlloc, LocalFree, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedCompareExchange, Sleep, UnregisterConsoleIME
    > GDI32.dll: GetStockObject, TranslateCharsetInfo
    > USER32.dll: UnregisterClassW, CreateWindowExW, RegisterClassW, LoadCursorW, LoadIconW, EnableWindow, DispatchMessageW, TranslateMessage, GetMessageW, GetKeyState, GetKeyboardLayoutNameW, IsWindow, IsWindowEnabled, SetForegroundWindow, PostQuitMessage, DefWindowProcW, DestroyWindow, PostMessageW, RegisterWindowMessageW, ActivateKeyboardLayout, SendMessageTimeoutW, KillTimer, AttachThreadInput, SetTimer
    > msvcrt.dll: memset, _amsg_exit, malloc, free, __getmainargs, _local_unwind4, memcpy, _vsnwprintf, _cexit, _exit, _XcptFilter, _ismbblead, exit, _initterm, _controlfp, [email protected]@YAXXZ, _onexit, _lock, __dllonexit, _unlock, _except_handler4_common, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, memmove, _acmdln
    > ole32.dll: CoUninitialize, CoCreateInstance, CoInitializeEx
    > OLEAUT32.dll: -, -, -, -, -, -, -
    > UxTheme.dll: SetThemeAppProperties
    > IMM32.dll: ImmCreateContext, ImmReleaseContext, ImmGetContext, ImmGetGuideLineW, ImmGetConversionStatus, ImmGetOpenStatus, ImmSetConversionStatus, ImmGetProperty, ImmAssociateContext, ImmSimulateHotKey, ImmTranslateMessage, ImmCallImeConsoleIME, ImmGetIMEFileNameW, ImmEscapeW, ImmNotifyIME, ImmGetCandidateListW, ImmGetCompositionStringW, ImmGetHotKey, ImmSetActiveContextConsoleIME, ImmDestroyContext, ImmSetOpenStatus
    > MSCTF.dll: TF_IsCtfmonRunning, TF_Notify

    ( 0 exports )


    Grazie!

  4. #4

    Predefinito

    ok. hai ancora problemi?

    ciao

  5. #5
    Data Registrazione
    07 2008
    Messaggi
    5

    Predefinito

    Beh, sì, il problema è ancora irrisolto. Deve esserci qualcos'altro.

  6. #6
    Data Registrazione
    04 2007
    Località
    napoli
    Messaggi
    1,646

    Predefinito

    Invia il file c:\windows\system32\MSCTX32.dll su www.virustotal.com e posta i risultati.
    Da hijakthis fixa:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lol-online.info/websearch/
    ...

  7. #7
    Data Registrazione
    01 2006
    Messaggi
    224

    Predefinito

    Per lorenzog
    Ciao,
    scarica VirIt , installalo e aggiornalo. Fai due scansioni in modalità provvisoria e pubblica il rapporto. Non serve disattivare il tuo antivirus residente.

    Scarica Combofix , salvalo sul desktop, disabilita l'antivirus e chiudi la connessione a internet.
    Lancialo in mod normale e segui scrupolosamente le istruzioni a video.
    Al termine, verrà creato un file log in C:\ComboFix.txt che tu pubblicherai.
    Ultima modifica di pidue; 23-07-08 alle 23:11

  8. #8
    Data Registrazione
    07 2008
    Messaggi
    5

    Predefinito

    grazie ad entrambi, stasera farò queste prove.

  9. #9
    Data Registrazione
    04 2007
    Località
    napoli
    Messaggi
    1,646

    Predefinito

    Citazione Originariamente Scritto da lorenzog Visualizza Messaggio
    grazie ad entrambi, stasera farò queste prove.
    Ok, però fai le procedure in ordine di come ti sono state dette, posti i risultati e se con le relative risposte non risolvi provi l'altra procedura in modo da non mischiare troppe cose
    ...

  10. #10
    Data Registrazione
    07 2008
    Messaggi
    5

    Predefinito

    Scusate il ritardo, non ho avuto molto tempo in questo periodo.

    Ho fatto le prove secondo il consiglio di Giò. Ecco il risultato di virustotal.com

    File MSCTX32.dll ricevuto il 2008.07.30 18:22:37 (CET)
    Stato corrente: finito


    Risultato: 4/35 (11.43%)


    Antivirus Versione Ultimo aggiornamento Risultato
    AhnLab-V3 2008.7.29.1 2008.07.30 -
    AntiVir 7.8.1.12 2008.07.30 -
    Authentium 5.1.0.4 2008.07.30 -
    Avast 4.8.1195.0 2008.07.30 -
    AVG 8.0.0.130 2008.07.30 -
    BitDefender 7.2 2008.07.30 -
    CAT-QuickHeal 9.50 2008.07.30 -
    ClamAV 0.93.1 2008.07.30 -
    DrWeb 4.44.0.09170 2008.07.30 -
    eSafe 7.0.17.0 2008.07.29 Suspicious File
    eTrust-Vet 31.6.5995 2008.07.30 -
    Ewido 4.0 2008.07.30 -
    F-Prot 4.4.4.56 2008.07.30 -
    F-Secure 7.60.13501.0 2008.07.30 -
    Fortinet 3.14.0.0 2008.07.30 -
    GData 2.0.7306.1023 2008.07.30 -
    Ikarus T3.1.1.34.0 2008.07.30 Trojan.Win32.Bocata.A
    Kaspersky 7.0.0.125 2008.07.30 -
    McAfee 5349 2008.07.29 -
    Microsoft 1.3704 2008.07.28 Trojan:Win32/Bocata.A
    NOD32v2 3310 2008.07.30 -
    Norman 5.80.02 2008.07.30 -
    Panda 9.0.0.4 2008.07.29 -
    PCTools 4.4.2.0 2008.07.30 -
    Prevx1 V2 2008.07.30 -
    Rising 20.55.22.00 2008.07.30 -
    Sophos 4.31.0 2008.07.30 -
    Sunbelt 3.1.1537.1 2008.07.29 -
    Symantec 10 2008.07.30 -
    TheHacker 6.2.96.389 2008.07.25 -
    TrendMicro 8.700.0.1004 2008.07.30 PAK_Generic.001
    VBA32 3.12.8.1 2008.07.29 -
    ViRobot 2008.7.30.1317 2008.07.30 -
    VirusBuster 4.5.11.0 2008.07.30 -
    Webwasher-Gateway 6.6.2 2008.07.30 -
    Informazioni addizionali
    File size: 70136 bytes
    MD5...: 74422a01f61c9ce0c5a7d4380fdfbc96
    SHA1..: 304d563970c83f274be6e69514b54a7e26cfe189
    SHA256: b11bcb13ebf47bbe4a363297106465070e650f0c9b065b4a9f fb115028073963
    SHA512: 4c62e6aeff0ae4acaa04675dd56bce554d9c0387f9a1a996af 13784970a92606
    8c89744517074b1702da65515e877a6b20a2450c1bd2540a02 ed82725540aed3
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x1002a520
    timedatestamp.....: 0x4828982d (Mon May 12 19:19:09 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    UPX0 0x1000 0x1e000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    UPX1 0x1f000 0xc000 0xb800 7.90 3448acac8adf9aabb4f7924876cf4937
    .rsrc 0x2b000 0x4000 0x4000 6.15 fcc0c0efab3b5a1d70658fc7d962d9c4

    ( 7 imports )
    > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect
    > ADVAPI32.dll: RegOpenKeyA
    > ole32.dll: CoTaskMemFree
    > OLEAUT32.dll: -
    > SHLWAPI.dll: SHDeleteKeyA
    > USER32.dll: SetTimer
    > WS2_32.dll: -

    ( 5 exports )
    DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, MSCTX32

    packers (Kaspersky): PE_Patch.UPX, UPX
    packers (F-Prot): UPX

    ------
    Ho fixato la riga indicata, ma il problema non è risolto.

Segnalibri

Permessi di Scrittura

  • Tu non puoi inviare nuove discussioni
  • Tu non puoi inviare risposte
  • Tu non puoi inviare allegati
  • Tu non puoi modificare i tuoi messaggi
  •  
Title
Enter your content here