| Precedente :: Successivo |
| Autore |
Messaggio |
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
 Inviato: 02 Set 2007 19:51 Oggetto: Ad-aware e trojan |
 |
|
ciao ragazzi/e.mi sono iscritto a questo sito perchè vi ho visti in gamba.e anche perchè ho un problema  ho fatto la scansione con hij e con caspersky..l'ultimo on-line..ho windows xp home edition..questa è la scansione con hij
| Codice: | Logfile of HijackThis v1.99.1
Scan saved at 19.40.14, on 02/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\Rar$EX00.703\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = welcome Alex
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Programmi\Ubisoft\Demo\Ghost Recon Advanced Warfighter Demo\Support\Register\RegistrationReminder.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe |
questa e di kaspersky..on-line
| Codice: | <html>
<head>
<title>KASPERSKY ONLINE SCANNER REPORT</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
</head>
<style>
.pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; }
.text { font-size:11px; font-family: Arial, Geneva, sans-serif; }
TD { font-size:11px; font-family: Arial, Geneva, sans-serif; }
</style>
<body>
<table width='100%' height='110' border='0'>
<tr height='30' align='center' bgcolor='#005447'>
<td colspan='2' height='30' class='pagetitle'>
<b>KASPERSKY ONLINE SCANNER REPORT</b>
</td>
</tr>
<tr height='70'>
<td colspan='2' height='70'>
Sunday, September 02, 2007 3:22:42 PM<br>
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)<br>
Kaspersky Online Scanner version: 5.0.93.0<br>
Kaspersky Anti-Virus database last update: 2/09/2007<br>
Kaspersky Anti-Virus database records: 402481<br>
</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
</table>
<table width='100%' height='145' border='0'>
<tr height='20' bgcolor='#EFEBDE'>
<td colspan='2' height='20'><b>Scan Settings</b></td>
</tr>
<tr height='15'>
<td height='15' width='250'>Scan using the following antivirus database</td>
<td>extended</td>
</tr>
<tr height='15'>
<td height='15'>Scan Archives</td>
<td>true</td>
</tr>
<tr height='15'>
<td height='15'>Scan Mail Bases</td>
<td>true</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
<tr height='20' bgcolor='#EFEBDE'>
<td height='20'><b>Scan Target</b></td>
<td>My Computer</td>
</tr>
<tr height='20'>
<td colspan='2' height='20'>
A:\<br>
C:\<br>
D:\<br>
E:\<br>
F:\
</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
<tr height='20' bgcolor='#EFEBDE'>
<td colspan='2' height='20'><b>Scan Statistics</b></td>
</tr>
<tr height='15'>
<td height='15'>Total number of scanned objects</td>
<td>58832</td>
</tr>
<tr height='15'>
<td height='15'>Number of viruses found</td>
<td>1</td>
</tr>
<tr height='15'>
<td height='15'>Number of infected objects</td>
<td>5</td>
</tr>
<tr height='15'>
<td height='15'>Number of suspicious objects</td>
<td>0</td>
</tr>
<tr height='15'>
<td height='15'>Duration of the scan process</td>
<td>01:01:51</td>
</tr>
</table>
<br>
<table width='100%' border='0'>
<tr height='20' bgcolor='#EFEBDE'>
<td height='20'><b>Infected Object Name</b></td>
<td width='200'><b>Virus Name</b></td>
<td width='100'><b>Last Action</b></td>
</tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Dati applicazioni\Symantec\LiveUpdate\2007-09-02_Log.ALUSchedulerSvc.LiveUpdate </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Cookies\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\NTUSER.DAT </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\ntuser.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\NTUSER.DAT </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\ntuser.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Proprietario\Cookies\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Proprietario\Impostazioni locali\Cronologia\History.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Proprietario\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Proprietario\ntuser.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Proprietario\ntuser.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\MountPointManagerRemoteDatabase </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP206\A0028721.exe/WISE0105.BIN/stream/data0005 </td>
<td>Infected: not-a-virus:AdWare.Win32.Mostofate.j </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP206\A0028721.exe/WISE0105.BIN/stream </td>
<td>Infected: not-a-virus:AdWare.Win32.Mostofate.j </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP206\A0028721.exe/WISE0105.BIN </td>
<td>Infected: not-a-virus:AdWare.Win32.Mostofate.j </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP206\A0028721.exe </td>
<td>WiseSFX: infected - 3 </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP206\A0028721.exe </td>
<td>WiseSFX Dropper: infected - 3 </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP222\change.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Debug\PASSWD.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SchedLgU.Txt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SoftwareDistribution\ReportingEvents.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Sti_Trace.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\CatRoot2\edb.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\CatRoot2\tmp.edb </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\ACEEvent.evt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\AppEvent.Evt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\default </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\default.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\Internet.evt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\SAM </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\SAM.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\SecEvent.Evt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\SECURITY </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\SECURITY.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\software </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\software.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\SysEvent.Evt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\system </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\system.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\h323log.txt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\wiadebug.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\wiaservc.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\WindowsUpdate.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>D:\azznonsicancella\System Volume Information\MountPointManagerRemoteDatabase </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>D:\System Volume Information\MountPointManagerRemoteDatabase </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>D:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP222\change.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>E:\System Volume Information\MountPointManagerRemoteDatabase </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>E:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP222\change.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td colspan='3' height='20'><b>Scan process completed.</b></td>
</tr>
</table>
</body>
</html> |
non sono molto esperto e se mi aiutate vi ringrazio |
|
| Top |
|
 |
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 02 Set 2007 19:55 Oggetto: |
|
|
| Citazione: | | R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm |
Questo processo di Hijackthis sembra sospetto...
Ma di preciso quali sintomi riscontri????
Ad ogni modo, aspettiamo il parere dei guru!!
 |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 02 Set 2007 20:01 Oggetto: |
|
|
kaspersky mi ha trovato trojan e ad-aware..che Ad-aware se personal non trova..x ora grazie di avermi risposto 
Rallentava, si impallava e quando facevo le scansioni ed accendevo la web-cam la tower faceva bip strani, brevi e lunghi. |
|
| Top |
|
|
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 02 Set 2007 20:13 Oggetto: |
|
|
In attesa di una risposta, ti consiglio di installare come antispyware anche ASquared e Spybot, che trovi qui assieme ad altri validi software.
Se non usi un firewall (non mi sembra di vederlo nel log) prova Comodo.
Puoi inoltre fare una scansione con Gmer, per cercare eventuali rootkits, e postare il risultato.
 |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 02 Set 2007 20:18 Oggetto: |
|
|
| Io ho windows firewall, cmq faccio la scansione che mi hai consigliato. Xò ho già spybot ed Ad-Aware SE Personal e con quelli non trova niente. Grazie di nuovo |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 02 Set 2007 20:27 Oggetto: |
|
|
Scusa il disturbo, ma quando apro il link che mi hai dato per scaricare a-squared, mi dà alcuni tipi di quel programma, quale devo scaricare?:
a-squared Anti-Malware 3.0
a-squared Free 3.0
a-squared Command Line Scanner 3.0
a-squared HiJackFree 3.0
a-squared Anti-Dialer 3.0
poi mi spiegheresti come si usano? Grazie. |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 02 Set 2007 20:38 Oggetto: |
|
|
Ciao e benvenuto sul Olimpo!
da quel poco che si riesce a capire da log di Kaspersky, ci sono un paio d'infezioni, ma si trovano in C:\System Volume Information\_restore...
quindi disattivando il ripristino di configurazione e successivamente riattivandolo dovresti risolvere 
| Citazione: | Scusa il disturbo, ma quando apro il link che mi hai dato per scaricare a-squared, mi dà alcuni tipi di quel programma, quale devo scaricare?:
|
è a-squared Free 3.0. |
|
| Top |
|
|
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 02 Set 2007 20:39 Oggetto: |
|
|
Scarica ASQUARED free: è una antispyware;
ASQUARED antimalware è la versione a pagamento;
ASQUARED antidialer è un... antidialer (ossia quei malware ched modificano il numero al quale ti connetti e ti fanno arrivare bollette notevoli, ma solo se hai una linea analogica);
ASQUARED Hijacktis è una versione di Hijakthis;
ASQUARED Command line è uno strumento per professionisti.
Scaricato ASQUARED Free, lo aggiorni, e poi effettui una scansione (DEEP) di tutto il sistema.
Poi selezioni eventuasli minacce rilevate e le elimini.
|
|
| Top |
|
|
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 02 Set 2007 20:41 Oggetto: |
|
|
Ooops... è arrivata la splendida Miss Orange... 
Segui le sue direttive!!!
|
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 02 Set 2007 20:57 Oggetto: |
|
|
| Grazie a tutti. Ora provo |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 02 Set 2007 21:44 Oggetto: |
|
|
scusa..volevo sapere se quegli ad-aware che ho contrassegnato in grassetto sono virus..scusa il disturbo
| Citazione: | <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP206\A0028721.exe/WISE0105.BIN/stream/data0005 </td>
<td>Infected: not-a-virus:AdWare.Win32.Mostofate.j </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP206\A0028721.exe/WISE0105.BIN/stream </td>
<td>Infected: not-a-virus:AdWare.Win32.Mostofate.j </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP206\A0028721.exe/WISE0105.BIN </td>
<td>Infected: not-a-virus:AdWare.Win32.Mostofate.j </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP206\A0028721.exe </td>
<td>WiseSFX: infected - 3 </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP206\A0028721.exe </td>
<td>WiseSFX Dropper: infected - 3 </td>
<td>skipped </td>
</tr>
|
ho trovato 2 tracce nel registro..le ho eliminate ma mi sono dimenticato di salvare cmq grazie per il vostro aiuto.ciao |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 03 Set 2007 13:32 Oggetto: |
|
|
| baciami ha scritto: | | scusa..volevo sapere se quegli ad-aware che ho contrassegnato in grassetto sono virus..scusa il disturbo |
sono adware.
| Citazione: | | ho trovato 2 tracce nel registro..le ho eliminate ma mi sono dimenticato di salvare |
traccia di che? salvare cosa? |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 03 Set 2007 13:40 Oggetto: |
|
|
si..ad-aware..ma non si eliminano..le tracce erano 2 files nel registro di root..sono quelle che mi avevi indicato ieri.cmq grazie di tutto..e se hai bisogno del mio aiuto..fammi sapere ..scherzo  ora rifaccio la scansione e salvo il report (o come si chiama) e lo incollo qui. |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 03 Set 2007 14:35 Oggetto: |
|
|
| baciami ha scritto: | | si..ad-aware..ma non si eliminano.. |
disattivando il ripristino di configurazione di sistema si devono eliminare per forza, visto che si trovano proprio lì.
| baciami ha scritto: | ora rifaccio la scansione e salvo il report (o come si chiama) e lo incollo qui.
|
no, non lo incollare qui, si crea parecchia confusione. Carica il report su http://www.freefilehosting.net/ e metti qui solo il link dove poterlo scaricare. |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 03 Set 2007 18:51 Oggetto: |
|
|
ciao orange..ho fatto la scansione con virit e mi ha trovato sta roba..li ha eliminati ma non so' se questo trojan c'è sempre..perchè il driver infetto è stato eliminato..ma l'infettore non so'.. come posso toglierlo.grazie per la pazienza e l'aiuto
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
03/09/2007 - 15:35:44
[SCANSIONE DEL REGISTRO]
{03F998B2-0E00-11D3-A498-00104B6EB52E} Infetto da Spyware.ViewPoint.A
* * * RIMOSSO * * *
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Viewpoint\Viewpoint Media Player\AxMetaStream.dll Infetto da Spyware.ViewPoint.A
* * * RIMOSSO * * *
C:\WINDOWS\system32\drivers\TaskEng.exe Infetto da Trojan.Win32.Banker.AH
* * * RIMOSSO * * *
Chiavi Registro infette: 1.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 44372.
Files Totali: 44372.
Chiavi Registro rimosse: 1.
Virus Rimossi: 2.
|
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 05 Set 2007 13:16 Oggetto: |
|
|
| nessuno sa dirmi qcs? |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 05 Set 2007 14:08 Oggetto: |
|
|
VirIt ha trovato dei virus e te li ha rimossi tranquillamente.
Se tu hai disabilitato il ripristino di sistema e dopo l'hai riabilitato, dovresti essere a posto.
Rilevi ancora problemi? |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 05 Set 2007 19:15 Oggetto: |
|
|
| non mi ha trovato piu' niente avendo eseguito le istruzioni di orange..ma volevo sapere se ha eliminato solo il file infewtto o anche il trojan che l'ha infettato..oppure quello ce l'ho da qlc altra parte pronto a infettare di nuovo...scusate ma quando vedo un virus..mi ammalo :)cmq grazie di tutto..a tutti.ciao |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 06 Set 2007 12:27 Oggetto: |
|
|
bhe, diciamolo: la rete è piena di schifezze varie sempre pronte ad infettarti 
nel caso specifico, direi che sei a posto (almeno per il momento...  ) puoi sempre rifare lo scan con Kaspersky per stare tranquillo. |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 06 Set 2007 12:53 Oggetto: |
 |
|
| Codice: | | grazie orange per la tua disponibilità e aiuto..a te e agli altri :) |
|
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
