| Precedente :: Successivo |
| Autore |
Messaggio |
DURACELL
Mortale pio
Registrato: 13/01/08 02:14
Messaggi: 20
|
 Inviato: 13 Gen 2008 03:01 Oggetto: * [Risolto] Problema con il virus doginhispen |
 |
|
ciao e grazie in anticipo ho gli stessi problemi che ho letto nel forum vi
Posto il logfile di Hijack..
Logfile of HijackThis v1.99.1
Scan saved at Giorgio sono le 2.03.59, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\hplampc.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\bak\hplampc.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Preferiti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.ddmind.com
O15 - Trusted Zone: http://www.unicreditbanca.it
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1192735755031
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127675745620
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133111442765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B923C8C-BA78-47E7-80D4-22104520BC7D}: NameServer = 85.37.17.52 85.38.28.92
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
di seguito anche quella di awf
Find AWF report by noahdfear ©2006
Version 1.40
bak folders found
~~~~~~~~~~~
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\PROGRA~1\WINDOW~2\BAK
02/11/2006 Giorgio sono le 22.56 204.288 WMPNSCFG.exe
1 File 204.288 byte
2 Directory 282.145.423.360 byte disponibili
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\WINDOWS\SYSTEM32\BAK
19/08/2004 Giorgio sono le 13.00 15.360 ctfmon.exe
17/01/2002 Giorgio sono le 9.40 40.448 hplampc.exe
2 File 55.808 byte
2 Directory 282.145.419.264 byte disponibili
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\PROGRA~1\ADOBE
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\PROGRA~1\FILECO~1\LOGITECH\QCDRIVER\BAK
0 File 0 byte
2 Directory 282.145.419.264 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
14348 6 Jan 2008 "C:\Programmi\Windows Media Player\WMPNSCFG.exe"
204288 2 Nov 2006 "C:\Programmi\Windows Media Player\bak\WMPNSCFG.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
40448 17 Jan 2002 "C:\SCANJET\sj655\hplampc.exe"
14348 6 Jan 2008 "C:\WINDOWS\system32\hplampc.exe"
40448 17 Jan 2002 "C:\WINDOWS\system32\bak\hplampc.exe"
end of report
grazie aspetto con ansia vostre notizie CIAO |
|
| Top |
|
 |
ste_95
Dio maturo
Registrato: 03/08/07 14:41
Messaggi: 1920
Residenza: Italy
|
| Inviato: 13 Gen 2008 09:23 Oggetto: |
|
|
Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:
Files to delete:
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hplampc.exe
Files to move:
C:\Programmi\Windows Media Player\bak\WMPNSCFG.exe | C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\hplampc.exe | C:\WINDOWS\system32\hplampc.exe
Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
edit by bdoriano: prima è meglio cancellare i files infetti e poi spostare i files sani.  |
|
| Top |
|
|
DURACELL
Mortale pio
Registrato: 13/01/08 02:14
Messaggi: 20
|
| Inviato: 13 Gen 2008 12:48 Oggetto: VIRUS DOGINHISPEN |
|
|
CIAO grazie della vostra tempestivoità nella risposta
EKKO IL RISULTATO
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gcdyumlv
*******************
Script file located at: \??\C:\WINDOWS\system32\fdnokbhn.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Programmi\Windows Media Player\WMPNSCFG.exe deleted successfully.
File C:\WINDOWS\system32\ctfmon.exe deleted successfully.
File C:\WINDOWS\system32\hplampc.exe deleted successfully.
File move operation C:\Programmi\Windows Media Player\bak\WMPNSCFG.exe|C:\Programmi\Windows Media Player\WMPNSCFG.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\hplampc.exe|C:\WINDOWS\system32\hplampc.exe completed successfully.
Completed script processing.
*******************
Finished! Terminate.
scansione con awf
Find AWF report by noahdfear ©2006
Version 1.40
bak folders found
~~~~~~~~~~~
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\PROGRA~1\WINDOW~2\BAK
0 File 0 byte
2 Directory 282.149.634.048 byte disponibili
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\WINDOWS\SYSTEM32\BAK
0 File 0 byte
2 Directory 282.149.634.048 byte disponibili
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\PROGRA~1\ADOBE
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\PROGRA~1\FILECO~1\LOGITECH\QCDRIVER\BAK
0 File 0 byte
2 Directory 282.149.629.952 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report |
|
| Top |
|
|
ste_95
Dio maturo
Registrato: 03/08/07 14:41
Messaggi: 1920
Residenza: Italy
|
| Inviato: 13 Gen 2008 12:51 Oggetto: |
|
|
Tutto è stato correttamente eliminato.
Come ti trovi? |
|
| Top |
|
|
DURACELL
Mortale pio
Registrato: 13/01/08 02:14
Messaggi: 20
|
| Inviato: 13 Gen 2008 12:51 Oggetto: |
|
|
posto anche il file di HIJ
Logfile of HijackThis v1.99.1
Scan saved at Giorgio sono le 11.41.56, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\hplampc.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\notepad.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Preferiti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.ddmind.com
O15 - Trusted Zone: http://www.unicreditbanca.it
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kasperskyitalia.it/servizi/kavscanner/kavwebscan_unicode.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1192735755031
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127675745620
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133111442765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe |
|
| Top |
|
|
ste_95
Dio maturo
Registrato: 03/08/07 14:41
Messaggi: 1920
Residenza: Italy
|
| Inviato: 13 Gen 2008 12:53 Oggetto: |
|
|
Il log è pulito.  |
|
| Top |
|
|
DURACELL
Mortale pio
Registrato: 13/01/08 02:14
Messaggi: 20
|
| Inviato: 13 Gen 2008 12:59 Oggetto: |
|
|
GRAZIE  SIETE VERAMENTE FANTASTICI
ANCHE DI DOMENICA IL PRONTO SOCCORSO NON CHIUDE MEI 
Ultima cosa da controllare devo capite xè si connette da solo quando si avvia . |
|
| Top |
|
|
ste_95
Dio maturo
Registrato: 03/08/07 14:41
Messaggi: 1920
Residenza: Italy
|
| Inviato: 13 Gen 2008 12:59 Oggetto: |
|
|
| Ti connetti a un router via LAN o WLAN? |
|
| Top |
|
|
DURACELL
Mortale pio
Registrato: 13/01/08 02:14
Messaggi: 20
|
| Inviato: 13 Gen 2008 13:00 Oggetto: |
|
|
| modem adsl |
|
| Top |
|
|
DURACELL
Mortale pio
Registrato: 13/01/08 02:14
Messaggi: 20
|
| Inviato: 13 Gen 2008 15:47 Oggetto: |
|
|
ho fatto una scansione on line con Kasper
ekko il risultatoScan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics:
Total number of scanned objects: 48072
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:37:54
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Cronologia\History.IE5\MSHist012008011320080114\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows Defender\FileTracker\{14A213A2-1F41-45A2-A42A-231BC26141F6} Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFF88A.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFF89F.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\UserData\index.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.81.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.81.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wsb Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy43.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_a08.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Support\MPLog-12252007-200546.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010003.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A7DBB15F-226A-40E8-A4BD-C794FE4C8738}\RP1\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3f4.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_564.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed. |
|
| Top |
|
|
DURACELL
Mortale pio
Registrato: 13/01/08 02:14
Messaggi: 20
|
| Inviato: 13 Gen 2008 22:54 Oggetto: |
|
|
ciao grazie ancora della vostra disponibilità, ho ancora dei problemi: la connessione con modem si attiva da sola,mi compare ancora nella
C:\Documents and Settings\Administrator\Impostazioni locali\Temp, due file-DF2DBtemp,DF391.temp,ed un file 4084160308.exe che non riesco a cancellare quando sono collegato , mentre se mi scollego riesco a cancellare tutto ma poi alla prima connessione ricompare tutto.
ALLEGO LINK SCANSIONE GMER
ROOTKIT.log
Documento1.rtf
ALLEGO FILE DI HIJAC
Logfile of HijackThis v1.99.1
Scan saved at Giorgio sono le 21.57.02, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\hplampc.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Preferiti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1192735755031
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127675745620
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133111442765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B923C8C-BA78-47E7-80D4-22104520BC7D}: NameServer = 85.37.17.52 85.38.28.92
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
awf
Find AWF report by noahdfear ©2006
Version 1.40
bak folders found
~~~~~~~~~~~
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\PROGRA~1\WINDOW~2\BAK
0 File 0 byte
2 Directory 282.145.820.672 byte disponibili
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\WINDOWS\SYSTEM32\BAK
0 File 0 byte
2 Directory 282.145.820.672 byte disponibili
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\PROGRA~1\ADOBE
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\PROGRA~1\FILECO~1\LOGITECH\QCDRIVER\BAK
0 File 0 byte
2 Directory 282.145.816.576 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 15 Gen 2008 23:59 Oggetto: |
|
|
| Segui le istruzioni di questo topic per postare il log di combofix. |
|
| Top |
|
|
DURACELL
Mortale pio
Registrato: 13/01/08 02:14
Messaggi: 20
|
| Inviato: 16 Gen 2008 01:44 Oggetto: |
|
|
CIAO Doriano e grazie
ekko il log. combofix
ComboFix 08-01-09.2 - Administrator 2008-01-16 0 30 39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.2541 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\install.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Creati Da 2007-12-15 al 2008-01-15 )))))))))))))))))))))))))))))))))))
.
2008-01-16 00:34 . 2008-01-16 00:35 356,277 --a------ C:\Ntf3.tmp
2008-01-16 00:34 . 2008-01-16 00:34 67 --a------ C:\Ntf4.tmp
2008-01-16 00:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 23:24 . 2008-01-15 23:24 67 --a------ C:\Ntf2.tmp
2008-01-15 23:24 . 2008-01-15 23:24 67 --a------ C:\Ntf1.tmp
2008-01-14 22:32 . 2008-01-14 22:35 <DIR> d-------- C:\REGSEEKER
2008-01-13 22:06 . 2008-01-13 22:45 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-13 21:13 . 2008-01-13 21:13 250 --a------ C:\WINDOWS\gmer.ini
2008-01-13 17:47 . 2008-01-13 17:50 <DIR> d-------- C:\Programmi\AusLogics Registry Defrag
2008-01-13 16:56 . 2008-01-13 17:01 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-01-13 13:45 . 2008-01-13 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-13 02:15 . 2008-01-13 13:45 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-12 22:09 . 2008-01-15 21:24 <DIR> d-------- C:\findAWF
2008-01-12 22:07 . 2008-01-15 22:55 <DIR> d-------- C:\hijackthis
2008-01-11 22:58 . 2008-01-11 23:35 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-01-11 21:59 . 2008-01-11 21:59 <DIR> d-------- C:\Programmi\Avira
2008-01-11 21:59 . 2008-01-11 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-01-10 19:31 . 2008-01-10 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-06 22:20 . 2008-01-13 11:32 <DIR> d-------- C:\WINDOWS\system32\bak
2007-12-25 20:05 . 2008-01-08 20:07 <DIR> d-------- C:\Programmi\Windows Defender
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 20:52 --------- d-----w C:\Programmi\GDPWebChat
2008-01-13 18:26 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-01-11 22:41 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-10 19:49 --------- d-----w C:\Programmi\RegistryFix
2008-01-06 21:27 --------- d-----w C:\Programmi\QuickTime
2007-12-31 09:59 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Image Zone Express
2007-12-09 15:06 28,672 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-12-06 08:51 285,952 ----a-w C:\WINDOWS\system32\drivers\yk51x86.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-29 20:24 --------- d-----w C:\Programmi\Windows Installer Clean Up
2007-11-29 20:24 --------- d-----w C:\Programmi\MSECACHE
2007-11-27 21:11 --------- d-----w C:\Programmi\Google
2007-11-25 22:40 --------- d-----w C:\Programmi\Lavasoft
2007-11-25 22:07 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2006-01-08 21:03 345 -c--a-w C:\Documents and Settings\Administrator\ADSL_FAST_XP.reg
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00 15360]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:56 204288]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 22:25 14348]
"LVCOMS"="C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 08:39 98304]
"hplampc"="C:\WINDOWS\system32\hplampc.exe" [2002-01-17 09:40 40448]
"GSICONEXE"="GSICON.EXE" [2001-09-10 21:10 90112 C:\WINDOWS\system32\gsicon.exe]
"Cmaudio"="cmicnfg.cpl" []
"QuickTime Task"="C:\Programmi\QuickTime\bak\qttask.exe" [2006-06-04 20:05 98304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 22:25 14348]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-11 22:03 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 18:29 39264]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - C:\Programmi\Logitech\SetPoint\SetPoint.exe [2007-05-29 18:38:49]
Windows Desktop Search.lnk - C:\Programmi\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Corel MEDIA FOLDERS INDEXER 8.LNK]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^RAID Manager.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-07-07 18:41 57344 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 4200C]
R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-06-01 09:19]
R0 ub1394;Unibrain 1394 Class Driver;C:\WINDOWS\system32\DRIVERS\ub1394.sys [2004-06-01 06:51]
R0 ubsbm;Unibrain 1394 SBM Driver;C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2004-06-01 06:51]
R2 ubumapi;Unibrain 1394 FireAPI Driver;C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2004-06-01 06:51]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]
R3 hp4200c;%usbscan.SvcDesc%;C:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-18 09:09]
R3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\system32\DRIVERS\p35u.sys [2001-09-24 08:42]
R3 ubohci;Unibrain 1394 OHCI Driver;C:\WINDOWS\system32\DRIVERS\ubohci.sys [2004-06-01 06:50]
R3 ubsbp2;Unibrain SBP2 Bus Driver;C:\WINDOWS\system32\DRIVERS\ubsbp2.sys [2004-06-01 06:50]
R3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;C:\WINDOWS\system32\DRIVERS\mrv8ka51.sys [2004-05-20 18:47]
S2 gafwload;Modem ADSL B-QUICK Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2001-09-28 17:07]
S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 18:54]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\6E.tmp []
S3 p2pgasvc;Autenticazione gruppo rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 13:00]
S3 p2pimsvc;Gestione identità rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 13:00]
S3 p2psvc;Rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 13:00]
S3 PNRPSvc;Peer Name Resolution Protocol (PNRP);C:\WINDOWS\system32\svchost.exe [2004-08-19 13:00]
S3 scsiscan;Driver scanner SCSI;C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2001-08-17 21:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-15 23:37:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 00:35:31
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-01-16 0:37:57 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-01-15 23:37:54
.
2008-01-11 22:30:48 --- E O F ---
e quello di hijac
Logfile of HijackThis v1.99.1
Scan saved at Giorgio sono le 0.49.13, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\WINDOWS\system32\hplampc.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Preferiti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} -
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1192735755031
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127675745620
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133111442765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B923C8C-BA78-47E7-80D4-22104520BC7D}: NameServer = 85.37.17.52 85.38.28.92
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe |
|
| Top |
|
|
DURACELL
Mortale pio
Registrato: 13/01/08 02:14
Messaggi: 20
|
| Inviato: 16 Gen 2008 02:04 Oggetto: |
|
|
scusa dimenticavo mi compaiono sempre nella cronologia di IE due siti che non ho mai visitato : www.b.skitodayplease.com e www.88.80.7.66.com se clikko compare una pagina bianca con il numero14400.
mentre nel C:\Documents and Settings\Administrator\Impostazioni locali\Temp si installa un programma 2572183543.exe che non posso cancellare quando sono connesso, mi sconnetto lo cancello e poi alla prima connessione si ricrea???????
ciao e buonanotte. |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 16 Gen 2008 09:56 Oggetto: |
|
|
- Scarica FixWareOut da uno di questi siti:
Sito 1
Sito 2
Sito 3
- Salvalo sul desktop
- Avvialo
- Clicca Next
- Clicca Install
- Assicurati che ci sia il segno di spunta su "Run fixit"
- Clicca Finish.
- Segui le indicazioni.
- Ti chiederà di riavviare il pc, fallo.
- Ci metterà parecchio a riavviarsi. Sii paziente.
- Alla fine dell'operazione, riavvia ancora il pc.
- Rifai il log di hijackthis e postalo insieme al file C:\fixwareout\report.txt
|
|
| Top |
|
|
DURACELL
Mortale pio
Registrato: 13/01/08 02:14
Messaggi: 20
|
| Inviato: 16 Gen 2008 21:58 Oggetto: |
|
|
ciao ekko il log di FIXWAREOUT
Username "Administrator" - 16/01/2008 19 56 58 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
Svuotata la cache del resolver DNS.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"SunJavaUpdateSched"="\"C:\\Programmi\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"LVCOMS"="C:\\Programmi\\File comuni\\Logitech\\QCDriver\\LVCOMS.EXE"
"hplampc"="C:\\WINDOWS\\system32\\hplampc.exe"
"GSICONEXE"="GSICON.EXE"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"QuickTime Task"="\"C:\\Programmi\\QuickTime\\bak\\qttask.exe\" -atboottime"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Adobe Reader Speed Launcher"="\"C:\\Programmi\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"Windows Defender"="\"C:\\Programmi\\Windows Defender\\MSASCui.exe\" -hide"
"avgnt"="\"C:\\Programmi\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Programmi\\Windows Media Player\\WMPNSCFG.exe"
"SpybotSD TeaTimer"="C:\\Programmi\\Spybot - Search & Destroy\\TeaTimer.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
LOG DI HIJAC
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Preferiti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} -
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1192735755031
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127675745620
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133111442765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
Purtroppo al riavvio il pc cerca di connettersi da solo, nella cronologia IE compaiono sempre i siti www.b.skitodayplease.com e www.88.80.7.66.com,
nel C:\Documents and Settings\Administrator\Impostazioni locali\Temp c'è un file abc.123.pid ed un file exe 3101250957.exe
non so cosa fare help me |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 17 Gen 2008 14:05 Oggetto: |
|
|
Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:
| Citazione: | O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ |
clicca fix checked
Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo
Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Rifai la scansione con FindAWF. |
|
| Top |
|
|
DURACELL
Mortale pio
Registrato: 13/01/08 02:14
Messaggi: 20
|
| Inviato: 17 Gen 2008 22:22 Oggetto: |
|
|
doriano Ekko fatto
2 voci fixate
log di hijac
Logfile of HijackThis v1.99.1
Scan saved at Giorgio sono le 19.03.13, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\hplampc.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Preferiti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.ddmind.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1192735755031
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127675745620
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133111442765
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
log di awf
Find AWF report by noahdfear ©2006
Version 1.40
bak folders found
~~~~~~~~~~~
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\PROGRA~1\WINDOW~2\BAK
0 File 0 byte
2 Directory 281.994.768.384 byte disponibili
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\WINDOWS\SYSTEM32\BAK
0 File 0 byte
2 Directory 281.994.768.384 byte disponibili
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\PROGRA~1\ADOBE
Il volume nell'unit? C ? PRIMARIO
Numero di serie del volume: 3086-77D4
Directory di C:\PROGRA~1\FILECO~1\LOGITECH\QCDRIVER\BAK
0 File 0 byte
2 Directory 281.994.764.288 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report
log di Kasper 1 virus trovato
<a href="http://www.freefilehosting.net/files/3afgj">KASPER.txt</a>
resto a tua disposizione sul dafarsi ciao
e ancora
GRAZIE di cuore |
|
| Top |
|
|
DURACELL
Mortale pio
Registrato: 13/01/08 02:14
Messaggi: 20
|
| Inviato: 17 Gen 2008 22:30 Oggetto: |
|
|
rimando il link di Kasper
KASPER1.txt |
|
| Top |
|
|
DURACELL
Mortale pio
Registrato: 13/01/08 02:14
Messaggi: 20
|
| Inviato: 17 Gen 2008 22:33 Oggetto: |
 |
|
scusa ho fatto casino ekko il log
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
giovedì 17 gennaio 2008 Giorgio sono le 21.14.53
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/01/2008
Kaspersky Anti-Virus database records: 515845
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics:
Total number of scanned objects: 48179
Number of viruses found: 1
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 00:35:42
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows Defender\FileTracker\{03DF9C6E-CDA7-4581-9059-5B24A5CC21DA} Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\1081596580.exe Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF9ECD.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF9EE4.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.85.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.85.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.ci Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wsb Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy47.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Support\MPLog-12252007-200546.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Ntf5.tmp Object is locked skipped
C:\Ntf6.tmp Object is locked skipped
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe Infected: Trojan.Win32.Agent.dxh skipped
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe Infected: Trojan.Win32.Agent.dxh skipped
C:\Programmi\QuickTime\qttask.exe Infected: Trojan.Win32.Agent.dxh skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\usgthrsvc\Perflib_Perfdata_8bc.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed. |
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
