|
| Precedente :: Successivo |
| Autore |
Messaggio |
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
 Inviato: 31 Mag 2008 21:47 Oggetto: Virus NaviPromo/CID |
 |
|
proviene da qui
Ciao MISTIC....
Ho lo stesso tuo problema un qualcosa che appena apri Internet Explore mi riempie di roba pubblicitaria.... non riesco a levarlo in nessun modo....
Potresti dirmi come usare questo Navilog??
Io fino ad ora ho usato Avast e mi dice che è tutto ok... poi spyware doctor e ad-aware che continuo a far partire a rotazione e mi trovano sempre roba da cancellare... insomma non so più che fare... ho usato anche panda online... ma niente da fare.... mi trova le cose e poi dice che per levarle devo comprarmi panda antivirus.... poi ho bitdefender ma non fa niente di che... mah...
AIUTOOOOOO!!!! |
|
| Top |
|
 |
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 31 Mag 2008 22:22 Oggetto: |
|
|
ciao ho trovato il modo per usare navilog.... alla fine non era difficile... ora spero in bene.... ma mi sembra impossibile....
Ho fatto ripartire spyware doctor e ad-aware e già mi hanno trovato una 40ina di file infetti... mi chiedo come sia possibile...
Ecco ad-aware non riesce a cancellarmi 10 file....!!! ARG!!
E' proprio vero che.... anche i pinguini ridono ma le finestre no (e poi no e poi no!)!! |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 01 Giu 2008 20:30 Oggetto: |
|
|
ok grazie mille di tutto....
seguirò le tue linee guida....
Cmq il problema sembrava risolto ma è ritornato.... caspioooooooooo
stesso problema con la pubblicità.... formatto? No dai in tanto mi faccio un post tutto mio.... GRAZIE |
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 02 Giu 2008 21:13 Oggetto: spyware pubblicitario... non ne posso più!! |
|
|
Ciao a tutti...
appena apro windows arrivano pubblicità da internet explorer.... nel pc ho anche firefox ma non mi da nessun problema...
Ho avast antivirus se scansiono mi dice che non ho niente....
Ad-aware e Spyware doctor mi trovano roba a rotazione, elimino e faccio ripartire la scansione, al termine ancora file infetti a gogo'....
Questo è un log di HJT che un amico mi ha consigliato di postare qui:
| Codice: | Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.04.14, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
F:\Programmi\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Programmi\Spyware Doctor\pctsTray.exe
F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\Programmi\Java\jre1.6.0_06\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
F:\Programmi\Microsoft ActiveSync\Wcescomm.exe
F:\Programmi\Skype\Phone\Skype.exe
F:\Programmi\Spyware Doctor\pctsAuxs.exe
F:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
F:\Programmi\VIA\RAID\raid_tool.exe
F:\Programmi\Sun\StarOffice 8\program\soffice.exe
F:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\Programmi\Sun\StarOffice 8\program\soffice.BIN
F:\PROGRA~1\MICROS~3\rapimgr.exe
F:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\Programmi\Spyware Doctor\pctsSvc.exe
F:\Programmi\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
F:\Programmi\Spyware Doctor\pctsGui.exe
F:\Programmi\Skype\Plugin Manager\skypePM.exe
F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\System32\alg.exe
F:\Programmi\Windows Live\Messenger\usnsvc.exe
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\Programmi\Trend Micro\HijackThis\HijackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "F:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [meet great active lies] F:\Documents and Settings\All Users\Dati applicazioni\soft chic meet great\Bat program.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programmi\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [sizeseek] F:\DOCUME~1\Alex\DATIAP~1\Drvmix\Sect SPAM.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmi\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "F:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 8.lnk = F:\Programmi\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = F:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Microsoft Office.lnk = F:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = F:\Programmi\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205002560078
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F758FE6D-9949-4D78-B748-97781F55AF19} (TXTDM Control) - http://rivideo.mediaset.it/_res/cab/TXTDMCab.CAB
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Programmi\Spyware Doctor\pctsSvc.exe
--
End of file - 8341 bytes
|
Comunque ho usato anche navilog e momentamente mi risolve il problema, ma ho notato che il giorno dopo quando riaccendo il pc ho di nuovo il pc a pezzi.... oppure anche dopo un'oretta il pc è a pezzi...
Grazie a tutti.
Rap. |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 02 Giu 2008 22:13 Oggetto: |
|
|
Avevo già aperto io il topic a tuo nome. 
Comunque, dal log di hijackthis si nota la presenza di CID.
Fai queste operazioni:
- Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
- Fai una scansione con Norman Malware Cleaner.
- Riavvia il computer in modalità normale
- Segui le istruzioni di questo topic per eseguire combofix.
- Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di Norman Malware Cleaner su WikiSend e posta il Forum Link che ti viene assegnato
- Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio
|
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 03 Giu 2008 02:11 Oggetto: |
|
|
Ciao...
chiedo scusa, non avevo capito avessi aperto il topic per me... perdono... imparerò e non farà più cavolate...
Ecco i risultati:
Norman Malware Cleaner
NFix_2008-06-03_00-30-33.log
Combofix
| Codice: | ComboFix 08-06-01.6 - Alex 2008-06-03 1.58.31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.702 [GMT 2:00]
Eseguito da: F:\Documents and Settings\Alex\Desktop\ciombofis.exe
* Creato nuovo punto di ripristino
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\WINDOWS\winhelp.ini
.
((((((((((((((((((((((((( Files Creati Da 2008-05-02 al 2008-06-02 )))))))))))))))))))))))))))))))))))
.
2008-06-03 00:07 . 2008-06-03 00:07 <DIR> d-------- F:\Documents and Settings\Administrator\Dati applicazioni\Talkback
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> d--h----- F:\Documents and Settings\Administrator\Risorse di stampa
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> d--h----- F:\Documents and Settings\Administrator\Risorse di rete
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> d-------- F:\Documents and Settings\Administrator\Preferiti
2008-06-03 00:06 . 2008-03-08 18:03 <DIR> d--h----- F:\Documents and Settings\Administrator\Modelli
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> dr------- F:\Documents and Settings\Administrator\Menu Avvio
2008-06-03 00:06 . 2008-06-03 01:59 <DIR> d--h----- F:\Documents and Settings\Administrator\Impostazioni locali
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> d-------- F:\Documents and Settings\Administrator\Documenti
2008-06-03 00:06 . 2008-06-03 00:07 <DIR> dr-h----- F:\Documents and Settings\Administrator\Dati applicazioni
2008-06-03 00:06 . 2008-06-03 00:06 <DIR> d-------- F:\Documents and Settings\Administrator
2008-06-02 23:57 . 2008-06-02 23:57 <DIR> d-------- F:\Programmi\CCleaner
2008-05-31 21:28 . 2008-06-01 20:33 <DIR> d-------- F:\Programmi\Navilog1
2008-05-31 16:12 . 2008-05-31 22:06 81,984 --a------ F:\WINDOWS\system32\bdod.bin
2008-05-31 16:07 . 2008-05-31 22:06 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\BitDefender
2008-05-31 16:06 . 2008-05-31 22:07 <DIR> d-------- F:\Programmi\File comuni\Softwin
2008-05-31 14:47 . 2008-05-31 14:47 <DIR> d-------- F:\Programmi\Trend Micro
2008-05-31 14:00 . 2008-05-31 20:49 <DIR> d-------- F:\Programmi\Panda Security
2008-05-31 13:15 . 2008-05-31 13:16 <DIR> d-------- F:\Programmi\Notepad++
2008-05-31 13:15 . 2008-05-31 13:16 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\Notepad++
2008-05-31 12:29 . 2008-05-31 12:29 <DIR> d-------- F:\Documents and Settings\Alex\.netbeans-derby
2008-05-31 12:29 . 2008-05-31 12:29 <DIR> d-------- F:\Documents and Settings\Alex\.netbeans
2008-05-31 12:26 . 2008-05-31 12:26 <DIR> d-------- F:\Documents and Settings\Alex\.netbeans-registration
2008-05-31 12:25 . 2008-05-31 12:29 <DIR> d-------- F:\Programmi\NetBeans 6.1
2008-05-31 01:42 . 2008-03-25 02:37 69,632 --a------ F:\WINDOWS\system32\javacpl.cpl
2008-05-31 01:41 . 2008-05-31 01:49 <DIR> d-------- F:\Programmi\Java
2008-05-31 01:40 . 2008-05-31 01:40 <DIR> d-------- F:\Programmi\File comuni\Java
2008-05-31 01:23 . 2008-05-31 12:27 <DIR> d-------- F:\Documents and Settings\Alex\.nbi
2008-05-31 01:14 . 2008-05-31 02:03 <DIR> d-------- F:\Documents and Settings\Alex\workspace
2008-05-31 01:12 . 2008-05-31 01:59 <DIR> d-------- F:\Programmi\eclipse java
2008-05-30 20:59 . 2008-05-31 00:19 <DIR> d-------- F:\Documents and Settings\Alex\.SunDownloadManager
2008-05-30 20:39 . 2008-05-30 20:39 <DIR> d-------- F:\WINDOWS\Sun
2008-05-30 20:32 . 2008-05-30 21:19 <DIR> d-------- F:\Programmi\I-Droid01
2008-05-30 20:32 . 2005-06-27 19:41 548 --a------ F:\WINDOWS\system32\javaw.exe.manifest
2008-05-27 19:43 . 2008-05-27 19:43 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\dvdcss
2008-05-27 19:37 . 2008-05-27 19:37 <DIR> d-------- F:\Programmi\Drvmix
2008-05-24 18:27 . 2008-05-29 20:32 3,639 --a------ F:\WINDOWS\VGSCDAPI.VXD
2008-05-21 20:29 . 2008-05-21 20:29 19,288 --ah----- F:\WINDOWS\system32\mlfcache.dat
2008-05-21 20:24 . 2008-05-21 20:24 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-05-21 20:16 . 2008-06-03 01:49 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\StarOffice8
2008-05-21 20:13 . 2008-06-03 00:04 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\skypePM
2008-05-21 20:13 . 2008-05-21 20:13 32 --a------ F:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-05-21 20:11 . 2008-05-31 01:49 <DIR> d-------- F:\Programmi\Sun
2008-05-21 20:11 . 2008-06-03 01:50 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\Skype
2008-05-21 19:56 . 2008-05-21 19:57 <DIR> d-------- F:\Programmi\File comuni\Adobe
2008-05-21 19:54 . 2008-05-21 19:54 <DIR> d-------- F:\Programmi\Skype
2008-05-21 19:54 . 2008-05-21 19:54 <DIR> d-------- F:\Programmi\File comuni\Skype
2008-05-21 19:54 . 2008-05-21 19:54 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-05-21 19:52 . 2008-06-03 01:56 <DIR> d-a------ F:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-21 19:52 . 2007-12-10 14:53 81,288 --a------ F:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-21 19:52 . 2007-12-10 14:53 66,952 --a------ F:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-21 19:52 . 2008-02-01 12:55 42,376 --a------ F:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-21 19:52 . 2007-12-10 14:53 29,576 --a------ F:\WINDOWS\system32\drivers\kcom.sys
2008-05-21 19:51 . 2008-06-03 00:54 <DIR> d-------- F:\Programmi\Spyware Doctor
2008-05-21 19:51 . 2008-05-21 19:51 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\PC Tools
2008-05-21 19:51 . 2006-10-05 04:42 2,560 --------- F:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-21 19:51 . 2006-10-05 04:42 2,432 --------- F:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-21 19:50 . 2008-05-21 19:51 <DIR> d-------- F:\Programmi\Picasa2
2008-05-21 19:50 . 2008-05-21 19:50 <DIR> d-------- F:\Programmi\Google
2008-05-21 19:50 . 2008-06-02 20:57 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-05-17 18:49 . 2008-05-17 18:49 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\MSN6
2008-05-17 18:49 . 2008-05-17 18:51 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\MSN6
2008-05-12 00:25 . 2008-05-12 00:25 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\TXT
2008-05-10 01:37 . 2008-05-10 01:37 <DIR> d-------- F:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-05-10 01:32 . 2008-05-10 01:32 <DIR> d-------- F:\Programmi\Lavasoft
2008-05-10 01:32 . 2008-05-10 01:32 <DIR> d-------- F:\Programmi\File comuni\Wise Installation Wizard
2008-05-10 01:32 . 2008-05-10 01:33 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-05-05 22:09 . 2008-05-05 22:09 288 --a------ F:\WINDOWS\ASYM.01
2008-05-05 22:09 . 2008-05-05 22:09 24 --a------ F:\WINDOWS\TB60.01
2008-05-05 22:09 . 2008-05-05 22:09 24 --a------ F:\WINDOWS\TB50.01
2008-05-05 21:59 . 2008-03-08 18:57 <DIR> d--h----- F:\Documents and Settings\Chiara\Risorse di stampa
2008-05-05 21:59 . 2008-03-08 18:57 <DIR> d--h----- F:\Documents and Settings\Chiara\Risorse di rete
2008-05-05 21:59 . 2008-05-05 21:59 <DIR> dr------- F:\Documents and Settings\Chiara\Preferiti
2008-05-05 21:59 . 2008-03-08 18:03 <DIR> d--h----- F:\Documents and Settings\Chiara\Modelli
2008-05-05 21:59 . 2008-03-08 18:57 <DIR> dr------- F:\Documents and Settings\Chiara\Menu Avvio
2008-05-05 21:59 . 2008-06-03 01:59 <DIR> d--h----- F:\Documents and Settings\Chiara\Impostazioni locali
2008-05-05 21:59 . 2008-05-05 21:59 <DIR> dr------- F:\Documents and Settings\Chiara\Documenti
2008-05-05 21:59 . 2008-05-05 21:59 <DIR> dr-h----- F:\Documents and Settings\Chiara\Dati applicazioni
2008-05-05 21:59 . 2008-05-05 21:59 <DIR> d-------- F:\Documents and Settings\Chiara
2008-05-05 21:54 . 2008-05-05 21:54 <DIR> d-------- F:\WINDOWS\asym
2008-05-05 21:54 . 2008-05-05 21:54 <DIR> d-------- F:\Program Files
2008-05-05 21:54 . 2008-05-30 20:26 <DIR> d-------- F:\My Documents
2008-05-05 21:54 . 1998-04-22 13:37 6,112 --a------ F:\WINDOWS\OMNICREG.DLL
2008-05-05 21:54 . 2008-05-05 22:09 288 --a------ F:\WINDOWS\ASYM.INI
2008-05-05 21:53 . 2008-05-05 22:18 869 --a------ F:\WINDOWS\omupdate.ini
2008-05-05 21:50 . 2008-05-05 21:50 <DIR> d-------- F:\Programmi\VideoLAN
2008-05-05 21:50 . 2008-05-05 21:50 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\vlc
2008-05-05 21:23 . 2008-05-05 21:23 <DIR> d-------- F:\Programmi\D-Link
2008-05-05 21:23 . 2004-05-21 16:59 283,392 --a------ F:\WINDOWS\system32\drivers\GPLUS.sys
2008-05-05 21:23 . 2004-05-21 16:59 83,024 --a------ F:\WINDOWS\system32\drivers\FwRad16.bin
2008-05-05 21:06 . 2004-08-20 19:09 62,865 --a------ F:\WINDOWS\system32\drivers\odysseyIM3.sys
2008-05-05 21:06 . 2004-08-20 19:09 61,440 --a------ F:\WINDOWS\system32\W32N50.dll
2008-05-05 21:06 . 2004-08-20 19:09 16,292 --a------ F:\WINDOWS\system32\PCANDIS5.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 22:59 --------- d-----w F:\Programmi\Circle Developement
2008-05-27 17:39 --------- d-----w F:\Documents and Settings\Alex\Dati applicazioni\Drvmix
2008-05-27 17:38 --------- d-----w F:\Documents and Settings\All Users\Dati applicazioni\soft chic meet great
2008-05-21 17:49 --------- d-----w F:\Programmi\OpenOffice.org 2.3
2008-05-21 17:42 --------- d-----w F:\Documents and Settings\Alex\Dati applicazioni\OpenOffice.org2
2008-05-05 19:33 --------- d-----w F:\Programmi\Microsoft ActiveSync
2008-05-05 19:23 --------- d--h--w F:\Programmi\InstallShield Installation Information
2008-04-23 15:17 693,792 ----a-w F:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w F:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w F:\WINDOWS\system32\OGAAddin.dll
2008-04-07 17:18 --------- d-----w F:\Programmi\Messenger Plus! Live
2008-03-25 04:51 621,344 ----a-w F:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w F:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w F:\WINDOWS\system32\win32k.sys
2004-08-20 17:09 62,865 ----a-w F:\WINDOWS\inf\IM\odysseyIM3.sys
2004-08-20 17:09 45,056 ----a-w F:\WINDOWS\inf\IM\imdinst.exe
2004-08-20 17:09 12,739 ----a-w F:\WINDOWS\inf\IM\odNetInstall.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MsnMsgr"="F:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"sizeseek"="F:\DOCUME~1\Alex\DATIAP~1\Drvmix\Sect SPAM.exe" [2008-05-27 19:37 437248]
"H/PC Connection Agent"="F:\Programmi\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:38 1289000]
"Skype"="F:\Programmi\Skype\Phone\Skype.exe" [2008-02-12 20:10 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 67584 F:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 22:05 339968]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"Adobe Reader Speed Launcher"="F:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"meet great active lies"="F:\Documents and Settings\All Users\Dati applicazioni\soft chic meet great\Bat program.exe" [2008-06-03 02:01 2179072]
"SunJavaUpdateSched"="F:\Programmi\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
F:\Documents and Settings\Alex\Menu Avvio\Programmi\Esecuzione automatica\
StarOffice 8.lnk - F:\Programmi\Sun\StarOffice 8\program\quickstart.exe [2007-08-17 21:58:18 122880]
F:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
D-Link AirPlus G+ Wireless Adapter Utility.lnk - F:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE [2008-05-05 21:23:57 671744]
Microsoft Office.lnk - F:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
VIA RAID TOOL.lnk - F:\Programmi\VIA\RAID\raid_tool.exe [2008-03-08 19:10:40 565248]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\Programmi\Microsoft ActiveSync\rapimgr.exe"= F:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"F:\Programmi\Microsoft ActiveSync\wcescomm.exe"= F:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"F:\Programmi\Microsoft ActiveSync\WCESMgr.exe"= F:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"F:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 odysseyIM3;Odyssey Network Services Miniport;F:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-08-20 19:09]
R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;F:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 16:59]
S2 MagnaPci;MagnaPci;F:\WINDOWS\system32\drivers\MagnaPci.sys [1999-05-17 11:26]
*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-03 00:00:11 F:\WINDOWS\Tasks\ABEC82AB918B349B.job"
- f:\docume~1\alex\datiap~1\drvmix\roadeachatom.exe
"2008-05-31 17:44:04 F:\WINDOWS\Tasks\OGADaily.job"
- F:\WINDOWS\system32\OGAVerify.exe
"2008-06-02 23:50:35 F:\WINDOWS\Tasks\OGALogon.job"
- F:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 02:00:00
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-06-03 2.01.55
ComboFix-quarantined-files.txt 2008-06-03 00:01:49
8 Directory 25,910,423,552 byte disponibili
11 Directory 25,898,332,160 byte disponibili
192 --- E O F --- 2008-05-31 21:06:50
|
Nuovo HiJackThis
| Codice: | Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.03.47, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
F:\Programmi\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\Sun\StarOffice 8\program\soffice.exe
F:\Programmi\Java\jre1.6.0_06\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmi\Sun\StarOffice 8\program\soffice.BIN
F:\Programmi\Microsoft ActiveSync\Wcescomm.exe
F:\PROGRA~1\MICROS~3\rapimgr.exe
F:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\Programmi\VIA\RAID\raid_tool.exe
F:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [meet great active lies] F:\Documents and Settings\All Users\Dati applicazioni\soft chic meet great\Bat program.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programmi\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [sizeseek] F:\DOCUME~1\Alex\DATIAP~1\Drvmix\Sect SPAM.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmi\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "F:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 8.lnk = F:\Programmi\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = F:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Microsoft Office.lnk = F:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = F:\Programmi\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205002560078
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F758FE6D-9949-4D78-B748-97781F55AF19} (TXTDM Control) - http://rivideo.mediaset.it/_res/cab/TXTDMCab.CAB
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Programmi\Spyware Doctor\pctsSvc.exe
--
End of file - 7498 bytes
|
Scusa ma dal vecchio HiJackThis... dove hai visto il CID??
Dove s'imparano se cose su windows... devo dire che inizia a piacermi.. anche se w il pinguino forever... 
Speriamo bene....
Grazie a tutti.
Rap.
ps: mi si appena aperta una pubblicità... eccone un altra proprio adesso...  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 03 Giu 2008 08:15 Oggetto: |
|
|
Crea un file di testo con le seguenti istruzioni:
| Codice: | File::
F:\DOCUME~1\Alex\DATIAP~1\Drvmix\Sect SPAM.exe
F:\Documents and Settings\All Users\Dati applicazioni\soft chic meet great\Bat program.exe
F:\WINDOWS\Tasks\ABEC82AB918B349B.job
f:\docume~1\alex\datiap~1\drvmix\roadeachatom.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sizeseek"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"meet great active lies"=- |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
Posta i logs aggiornati di combofix e di hijackthis.
Per rispondere alle tue domande:
- "Scusa ma dal vecchio HiJackThis... dove hai visto il CID?? "
- O4 - HKLM\..\Run: [meet great active lies] F:\Documents and Settings\All Users\Dati applicazioni\soft chic meet great\Bat program.exe
- O4 - HKCU\..\Run: [sizeseek] F:\DOCUME~1\Alex\DATIAP~1\Drvmix\Sect SPAM.exe
- "Dove s'imparano se cose su windows..."
Io ho imparato osservando i maestri precedenti e cercando informazioni in giro per internet. 
Qui trovi anche una guida sull'uso di Hijackthis scritta dalla mitica Holifay.
|
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 03 Giu 2008 19:19 Oggetto: |
|
|
Fatto....
Ecco i log.... 
| Codice: | ComboFix 08-06-01.6 - Alex 2008-06-03 19.08.45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.634 [GMT 2:00]
Eseguito da: F:\Documents and Settings\Alex\Desktop\ciombofis.exe
Command switches used :: F:\Documents and Settings\Alex\Desktop\CFScript.txt.txt
* Creato nuovo punto di ripristino
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Creati Da 2008-05-03 al 2008-06-03 )))))))))))))))))))))))))))))))))))
.
2008-06-03 00:07 . 2008-06-03 00:07 <DIR> d-------- F:\Documents and Settings\Administrator\Dati applicazioni\Talkback
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> d--h----- F:\Documents and Settings\Administrator\Risorse di stampa
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> d--h----- F:\Documents and Settings\Administrator\Risorse di rete
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> d-------- F:\Documents and Settings\Administrator\Preferiti
2008-06-03 00:06 . 2008-03-08 18:03 <DIR> d--h----- F:\Documents and Settings\Administrator\Modelli
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> dr------- F:\Documents and Settings\Administrator\Menu Avvio
2008-06-03 00:06 . 2008-06-03 19:10 <DIR> d--h----- F:\Documents and Settings\Administrator\Impostazioni locali
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> d-------- F:\Documents and Settings\Administrator\Documenti
2008-06-03 00:06 . 2008-06-03 00:07 <DIR> dr-h----- F:\Documents and Settings\Administrator\Dati applicazioni
2008-06-03 00:06 . 2008-06-03 00:06 <DIR> d-------- F:\Documents and Settings\Administrator
2008-06-02 23:57 . 2008-06-02 23:57 <DIR> d-------- F:\Programmi\CCleaner
2008-05-31 21:28 . 2008-06-01 20:33 <DIR> d-------- F:\Programmi\Navilog1
2008-05-31 16:12 . 2008-05-31 22:06 81,984 --a------ F:\WINDOWS\system32\bdod.bin
2008-05-31 16:07 . 2008-05-31 22:06 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\BitDefender
2008-05-31 16:06 . 2008-05-31 22:07 <DIR> d-------- F:\Programmi\File comuni\Softwin
2008-05-31 14:47 . 2008-05-31 14:47 <DIR> d-------- F:\Programmi\Trend Micro
2008-05-31 14:00 . 2008-05-31 20:49 <DIR> d-------- F:\Programmi\Panda Security
2008-05-31 13:15 . 2008-05-31 13:16 <DIR> d-------- F:\Programmi\Notepad++
2008-05-31 13:15 . 2008-05-31 13:16 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\Notepad++
2008-05-31 12:29 . 2008-05-31 12:29 <DIR> d-------- F:\Documents and Settings\Alex\.netbeans-derby
2008-05-31 12:29 . 2008-05-31 12:29 <DIR> d-------- F:\Documents and Settings\Alex\.netbeans
2008-05-31 12:26 . 2008-05-31 12:26 <DIR> d-------- F:\Documents and Settings\Alex\.netbeans-registration
2008-05-31 12:25 . 2008-05-31 12:29 <DIR> d-------- F:\Programmi\NetBeans 6.1
2008-05-31 01:42 . 2008-03-25 02:37 69,632 --a------ F:\WINDOWS\system32\javacpl.cpl
2008-05-31 01:41 . 2008-05-31 01:49 <DIR> d-------- F:\Programmi\Java
2008-05-31 01:40 . 2008-05-31 01:40 <DIR> d-------- F:\Programmi\File comuni\Java
2008-05-31 01:23 . 2008-05-31 12:27 <DIR> d-------- F:\Documents and Settings\Alex\.nbi
2008-05-31 01:14 . 2008-05-31 02:03 <DIR> d-------- F:\Documents and Settings\Alex\workspace
2008-05-31 01:12 . 2008-05-31 01:59 <DIR> d-------- F:\Programmi\eclipse java
2008-05-30 20:59 . 2008-05-31 00:19 <DIR> d-------- F:\Documents and Settings\Alex\.SunDownloadManager
2008-05-30 20:39 . 2008-05-30 20:39 <DIR> d-------- F:\WINDOWS\Sun
2008-05-30 20:32 . 2008-05-30 21:19 <DIR> d-------- F:\Programmi\I-Droid01
2008-05-30 20:32 . 2005-06-27 19:41 548 --a------ F:\WINDOWS\system32\javaw.exe.manifest
2008-05-27 19:43 . 2008-05-27 19:43 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\dvdcss
2008-05-27 19:37 . 2008-05-27 19:37 <DIR> d-------- F:\Programmi\Drvmix
2008-05-24 18:27 . 2008-05-29 20:32 3,639 --a------ F:\WINDOWS\VGSCDAPI.VXD
2008-05-21 20:29 . 2008-05-21 20:29 19,288 --ah----- F:\WINDOWS\system32\mlfcache.dat
2008-05-21 20:24 . 2008-05-21 20:24 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-05-21 20:16 . 2008-06-03 18:51 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\StarOffice8
2008-05-21 20:13 . 2008-06-03 00:04 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\skypePM
2008-05-21 20:13 . 2008-05-21 20:13 32 --a------ F:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-05-21 20:11 . 2008-05-31 01:49 <DIR> d-------- F:\Programmi\Sun
2008-05-21 20:11 . 2008-06-03 18:52 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\Skype
2008-05-21 19:56 . 2008-05-21 19:57 <DIR> d-------- F:\Programmi\File comuni\Adobe
2008-05-21 19:54 . 2008-05-21 19:54 <DIR> d-------- F:\Programmi\Skype
2008-05-21 19:54 . 2008-05-21 19:54 <DIR> d-------- F:\Programmi\File comuni\Skype
2008-05-21 19:54 . 2008-05-21 19:54 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-05-21 19:52 . 2008-06-03 01:56 <DIR> d-a------ F:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-21 19:52 . 2007-12-10 14:53 81,288 --a------ F:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-21 19:52 . 2007-12-10 14:53 66,952 --a------ F:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-21 19:52 . 2008-02-01 12:55 42,376 --a------ F:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-21 19:52 . 2007-12-10 14:53 29,576 --a------ F:\WINDOWS\system32\drivers\kcom.sys
2008-05-21 19:51 . 2008-06-03 00:54 <DIR> d-------- F:\Programmi\Spyware Doctor
2008-05-21 19:51 . 2008-05-21 19:51 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\PC Tools
2008-05-21 19:51 . 2006-10-05 04:42 2,560 --------- F:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-21 19:51 . 2006-10-05 04:42 2,432 --------- F:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-21 19:50 . 2008-05-21 19:51 <DIR> d-------- F:\Programmi\Picasa2
2008-05-21 19:50 . 2008-05-21 19:50 <DIR> d-------- F:\Programmi\Google
2008-05-21 19:50 . 2008-06-02 20:57 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-05-17 18:49 . 2008-05-17 18:49 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\MSN6
2008-05-17 18:49 . 2008-05-17 18:51 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\MSN6
2008-05-12 00:25 . 2008-05-12 00:25 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\TXT
2008-05-10 01:37 . 2008-05-10 01:37 <DIR> d-------- F:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-05-10 01:32 . 2008-05-10 01:32 <DIR> d-------- F:\Programmi\Lavasoft
2008-05-10 01:32 . 2008-05-10 01:32 <DIR> d-------- F:\Programmi\File comuni\Wise Installation Wizard
2008-05-10 01:32 . 2008-05-10 01:33 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-05-05 22:09 . 2008-05-05 22:09 288 --a------ F:\WINDOWS\ASYM.01
2008-05-05 22:09 . 2008-05-05 22:09 24 --a------ F:\WINDOWS\TB60.01
2008-05-05 22:09 . 2008-05-05 22:09 24 --a------ F:\WINDOWS\TB50.01
2008-05-05 21:59 . 2008-03-08 18:57 <DIR> d--h----- F:\Documents and Settings\Chiara\Risorse di stampa
2008-05-05 21:59 . 2008-03-08 18:57 <DIR> d--h----- F:\Documents and Settings\Chiara\Risorse di rete
2008-05-05 21:59 . 2008-05-05 21:59 <DIR> dr------- F:\Documents and Settings\Chiara\Preferiti
2008-05-05 21:59 . 2008-03-08 18:03 <DIR> d--h----- F:\Documents and Settings\Chiara\Modelli
2008-05-05 21:59 . 2008-03-08 18:57 <DIR> dr------- F:\Documents and Settings\Chiara\Menu Avvio
2008-05-05 21:59 . 2008-06-03 19:10 <DIR> d--h----- F:\Documents and Settings\Chiara\Impostazioni locali
2008-05-05 21:59 . 2008-05-05 21:59 <DIR> dr------- F:\Documents and Settings\Chiara\Documenti
2008-05-05 21:59 . 2008-05-05 21:59 <DIR> dr-h----- F:\Documents and Settings\Chiara\Dati applicazioni
2008-05-05 21:59 . 2008-05-05 21:59 <DIR> d-------- F:\Documents and Settings\Chiara
2008-05-05 21:54 . 2008-05-05 21:54 <DIR> d-------- F:\WINDOWS\asym
2008-05-05 21:54 . 2008-05-05 21:54 <DIR> d-------- F:\Program Files
2008-05-05 21:54 . 2008-05-30 20:26 <DIR> d-------- F:\My Documents
2008-05-05 21:54 . 1998-04-22 13:37 6,112 --a------ F:\WINDOWS\OMNICREG.DLL
2008-05-05 21:54 . 2008-05-05 22:09 288 --a------ F:\WINDOWS\ASYM.INI
2008-05-05 21:53 . 2008-05-05 22:18 869 --a------ F:\WINDOWS\omupdate.ini
2008-05-05 21:50 . 2008-05-05 21:50 <DIR> d-------- F:\Programmi\VideoLAN
2008-05-05 21:50 . 2008-05-05 21:50 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\vlc
2008-05-05 21:23 . 2008-05-05 21:23 <DIR> d-------- F:\Programmi\D-Link
2008-05-05 21:23 . 2004-05-21 16:59 283,392 --a------ F:\WINDOWS\system32\drivers\GPLUS.sys
2008-05-05 21:23 . 2004-05-21 16:59 83,024 --a------ F:\WINDOWS\system32\drivers\FwRad16.bin
2008-05-05 21:06 . 2004-08-20 19:09 62,865 --a------ F:\WINDOWS\system32\drivers\odysseyIM3.sys
2008-05-05 21:06 . 2004-08-20 19:09 61,440 --a------ F:\WINDOWS\system32\W32N50.dll
2008-05-05 21:06 . 2004-08-20 19:09 16,292 --a------ F:\WINDOWS\system32\PCANDIS5.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 22:59 --------- d-----w F:\Programmi\Circle Developement
2008-05-27 17:39 --------- d-----w F:\Documents and Settings\Alex\Dati applicazioni\Drvmix
2008-05-27 17:38 --------- d-----w F:\Documents and Settings\All Users\Dati applicazioni\soft chic meet great
2008-05-21 17:49 --------- d-----w F:\Programmi\OpenOffice.org 2.3
2008-05-21 17:42 --------- d-----w F:\Documents and Settings\Alex\Dati applicazioni\OpenOffice.org2
2008-05-05 19:33 --------- d-----w F:\Programmi\Microsoft ActiveSync
2008-05-05 19:23 --------- d--h--w F:\Programmi\InstallShield Installation Information
2008-04-23 15:17 693,792 ----a-w F:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w F:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w F:\WINDOWS\system32\OGAAddin.dll
2008-04-07 17:18 --------- d-----w F:\Programmi\Messenger Plus! Live
2008-03-25 04:51 621,344 ----a-w F:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w F:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w F:\WINDOWS\system32\win32k.sys
2004-08-20 17:09 62,865 ----a-w F:\WINDOWS\inf\IM\odysseyIM3.sys
2004-08-20 17:09 45,056 ----a-w F:\WINDOWS\inf\IM\imdinst.exe
2004-08-20 17:09 12,739 ----a-w F:\WINDOWS\inf\IM\odNetInstall.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-03_ 2.01.40,04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 23:48:10 2,048 --s-a-w F:\WINDOWS\bootstat.dat
+ 2008-06-03 16:47:33 2,048 --s-a-w F:\WINDOWS\bootstat.dat
+ 2008-06-03 16:47:43 16,384 ----atw F:\WINDOWS\Temp\Perflib_Perfdata_c4.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MsnMsgr"="F:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"H/PC Connection Agent"="F:\Programmi\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:38 1289000]
"Skype"="F:\Programmi\Skype\Phone\Skype.exe" [2008-02-12 20:10 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 67584 F:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 22:05 339968]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"Adobe Reader Speed Launcher"="F:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="F:\Programmi\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
F:\Documents and Settings\Alex\Menu Avvio\Programmi\Esecuzione automatica\
StarOffice 8.lnk - F:\Programmi\Sun\StarOffice 8\program\quickstart.exe [2007-08-17 21:58:18 122880]
F:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
D-Link AirPlus G+ Wireless Adapter Utility.lnk - F:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE [2008-05-05 21:23:57 671744]
Microsoft Office.lnk - F:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
VIA RAID TOOL.lnk - F:\Programmi\VIA\RAID\raid_tool.exe [2008-03-08 19:10:40 565248]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\Programmi\Microsoft ActiveSync\rapimgr.exe"= F:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"F:\Programmi\Microsoft ActiveSync\wcescomm.exe"= F:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"F:\Programmi\Microsoft ActiveSync\WCESMgr.exe"= F:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"F:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 odysseyIM3;Odyssey Network Services Miniport;F:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-08-20 19:09]
R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;F:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 16:59]
S2 MagnaPci;MagnaPci;F:\WINDOWS\system32\drivers\MagnaPci.sys [1999-05-17 11:26]
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-03 17:00:00 F:\WINDOWS\Tasks\ABEC82AB918B349B.job"
- f:\docume~1\alex\datiap~1\drvmix\roadeachatom.exe
"2008-05-31 17:44:04 F:\WINDOWS\Tasks\OGADaily.job"
- F:\WINDOWS\system32\OGAVerify.exe
"2008-06-03 16:50:56 F:\WINDOWS\Tasks\OGALogon.job"
- F:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 19:10:15
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-06-03 19.11.48
ComboFix-quarantined-files.txt 2008-06-03 17:11:43
8 Directory 25,872,576,512 byte disponibili
10 Directory 25,864,327,168 byte disponibili
192 --- E O F --- 2008-05-31 21:06:50
|
| Codice: | Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.13.48, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
F:\Programmi\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Programmi\Java\jre1.6.0_06\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmi\Microsoft ActiveSync\Wcescomm.exe
F:\Programmi\Skype\Phone\Skype.exe
F:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
F:\Programmi\VIA\RAID\raid_tool.exe
F:\PROGRA~1\MICROS~3\rapimgr.exe
F:\Programmi\Sun\StarOffice 8\program\soffice.exe
F:\Programmi\Sun\StarOffice 8\program\soffice.BIN
F:\WINDOWS\explorer.exe
F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
F:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programmi\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmi\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "F:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 8.lnk = F:\Programmi\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = F:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Microsoft Office.lnk = F:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = F:\Programmi\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205002560078
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F758FE6D-9949-4D78-B748-97781F55AF19} (TXTDM Control) - http://rivideo.mediaset.it/_res/cab/TXTDMCab.CAB
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Programmi\Spyware Doctor\pctsSvc.exe
--
End of file - 7298 bytes
|
E ora??
Grazie ancoraaaaa!!
Comunque non ho capito niente... di quello che ho fatto... ossia l'ho fatto ma come se avessi ripetuto a pappagallo.... O_O°°
Rap
ps: CID è ritornato.... anzi non se n'è andato...  |
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 04 Giu 2008 00:41 Oggetto: |
|
|
Ciao a tutti....
forse ho risolto....
Sono andato su installazione applicazioni e ho visto che tra i programmi installati c'era "Messenger Plus! Live (CID)"... ho disinstallato il programma e installato di nuovo messenger plus senza il supporto pubblicitario....
Speramo fosse quello.... avevo dato il consenso alla pubblicità perchè essendo io pro open-source mi piaceva dare una mano... ma quella cosa non era pubblicità con qualche banner su msn... era pubblicità invasiva che ti impediva di usare il pc....!!! Roba da matti!!!
Grazie a tutti... e se il problema c'è ancora tornerò su questo topic molto molto presto!!! Se no mi trovere in giro per il forum.
Intanto GRAZIE a tutti.
A distanza di 30 secondi modifico... ecco apparire un'altra pubblicità...  però nella barra in alto di IE non appariva la scritta CID come le altre volte.... Che devo fare?
Ripetere le operazioni fatte in precedenza? Fatemi sapere...
Grazie ancora...
Ritratto quanto detto... non ho risolto un piffero...
spyware doctor me li trova sempre come ad esempio sto adware.advertising...
HiJackThis
ha sempre questa riga:
| Codice: | | O4 - HKCU\..\Run: [sizeseek] F:\DOCUME~1\Alex\DATIAP~1\Drvmix\Sect SPAM.exe |
GRRRR
HELP HELP |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 04 Giu 2008 08:42 Oggetto: |
|
|
E, infatti:
| Citazione: | Contenuto della cartella 'Scheduled Tasks'
"2008-06-03 17:00:00 F:\WINDOWS\Tasks\ABEC82AB918B349B.job"
- f:\docume~1\alex\datiap~1\drvmix\roadeachatom.exe |
C'è ancora nel log di combofix. 
Per cortesia, rifai un log aggiornato solo di combofix. |
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 04 Giu 2008 20:54 Oggetto: |
|
|
Ecco il nuovo log di combofix:
| Codice: | ComboFix 08-06-03.4 - Alex 2008-06-04 20.47.07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.579 [GMT 2:00]
Eseguito da: F:\Documents and Settings\Alex\Desktop\Ciombofis.exe
* Creato nuovo punto di ripristino
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Creati Da 2008-05-04 al 2008-06-04 )))))))))))))))))))))))))))))))))))
.
2008-06-04 01:42 . 2008-06-04 01:42 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-06-03 20:10 . 2008-06-04 00:16 <DIR> d-------- F:\Programmi\Spybot - Search & Destroy
2008-06-03 20:10 . 2008-06-04 00:16 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-03 19:28 . 2008-06-03 19:28 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-06-03 19:28 . 2008-06-03 19:28 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\Malwarebytes
2008-06-03 00:07 . 2008-06-03 00:07 <DIR> d-------- F:\Documents and Settings\Administrator\Dati applicazioni\Talkback
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> d--h----- F:\Documents and Settings\Administrator\Risorse di stampa
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> d--h----- F:\Documents and Settings\Administrator\Risorse di rete
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> d-------- F:\Documents and Settings\Administrator\Preferiti
2008-06-03 00:06 . 2008-03-08 18:03 <DIR> d--h----- F:\Documents and Settings\Administrator\Modelli
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> dr------- F:\Documents and Settings\Administrator\Menu Avvio
2008-06-03 00:06 . 2008-06-04 20:48 <DIR> d--h----- F:\Documents and Settings\Administrator\Impostazioni locali
2008-06-03 00:06 . 2008-03-08 18:57 <DIR> d-------- F:\Documents and Settings\Administrator\Documenti
2008-06-03 00:06 . 2008-06-03 00:07 <DIR> dr-h----- F:\Documents and Settings\Administrator\Dati applicazioni
2008-06-03 00:06 . 2008-06-03 00:06 <DIR> d-------- F:\Documents and Settings\Administrator
2008-05-31 21:28 . 2008-06-01 20:33 <DIR> d-------- F:\Programmi\Navilog1
2008-05-31 16:12 . 2008-05-31 22:06 81,984 --a------ F:\WINDOWS\system32\bdod.bin
2008-05-31 16:07 . 2008-05-31 22:06 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\BitDefender
2008-05-31 16:06 . 2008-05-31 22:07 <DIR> d-------- F:\Programmi\File comuni\Softwin
2008-05-31 14:47 . 2008-05-31 14:47 <DIR> d-------- F:\Programmi\Trend Micro
2008-05-31 14:00 . 2008-05-31 20:49 <DIR> d-------- F:\Programmi\Panda Security
2008-05-31 13:15 . 2008-05-31 13:16 <DIR> d-------- F:\Programmi\Notepad++
2008-05-31 13:15 . 2008-05-31 13:16 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\Notepad++
2008-05-31 12:29 . 2008-05-31 12:29 <DIR> d-------- F:\Documents and Settings\Alex\.netbeans-derby
2008-05-31 12:29 . 2008-05-31 12:29 <DIR> d-------- F:\Documents and Settings\Alex\.netbeans
2008-05-31 12:26 . 2008-05-31 12:26 <DIR> d-------- F:\Documents and Settings\Alex\.netbeans-registration
2008-05-31 12:25 . 2008-05-31 12:29 <DIR> d-------- F:\Programmi\NetBeans 6.1
2008-05-31 01:42 . 2008-03-25 02:37 69,632 --a------ F:\WINDOWS\system32\javacpl.cpl
2008-05-31 01:41 . 2008-05-31 01:49 <DIR> d-------- F:\Programmi\Java
2008-05-31 01:40 . 2008-05-31 01:40 <DIR> d-------- F:\Programmi\File comuni\Java
2008-05-31 01:23 . 2008-05-31 12:27 <DIR> d-------- F:\Documents and Settings\Alex\.nbi
2008-05-31 01:14 . 2008-05-31 02:03 <DIR> d-------- F:\Documents and Settings\Alex\workspace
2008-05-31 01:12 . 2008-05-31 01:59 <DIR> d-------- F:\Programmi\eclipse java
2008-05-30 20:59 . 2008-05-31 00:19 <DIR> d-------- F:\Documents and Settings\Alex\.SunDownloadManager
2008-05-30 20:39 . 2008-05-30 20:39 <DIR> d-------- F:\WINDOWS\Sun
2008-05-30 20:32 . 2008-05-30 21:19 <DIR> d-------- F:\Programmi\I-Droid01
2008-05-30 20:32 . 2005-06-27 19:41 548 --a------ F:\WINDOWS\system32\javaw.exe.manifest
2008-05-27 19:43 . 2008-05-27 19:43 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\dvdcss
2008-05-27 19:37 . 2008-05-27 19:37 <DIR> d-------- F:\Programmi\Drvmix
2008-05-24 18:27 . 2008-05-29 20:32 3,639 --a------ F:\WINDOWS\VGSCDAPI.VXD
2008-05-21 20:29 . 2008-05-21 20:29 19,288 --ah----- F:\WINDOWS\system32\mlfcache.dat
2008-05-21 20:24 . 2008-05-21 20:24 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-05-21 20:16 . 2008-06-04 20:13 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\StarOffice8
2008-05-21 20:13 . 2008-06-04 20:13 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\skypePM
2008-05-21 20:13 . 2008-05-21 20:13 32 --a------ F:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-05-21 20:11 . 2008-05-31 01:49 <DIR> d-------- F:\Programmi\Sun
2008-05-21 20:11 . 2008-06-04 20:49 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\Skype
2008-05-21 19:56 . 2008-05-21 19:57 <DIR> d-------- F:\Programmi\File comuni\Adobe
2008-05-21 19:54 . 2008-05-21 19:54 <DIR> d-------- F:\Programmi\Skype
2008-05-21 19:54 . 2008-05-21 19:54 <DIR> d-------- F:\Programmi\File comuni\Skype
2008-05-21 19:54 . 2008-05-21 19:54 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-05-21 19:52 . 2008-06-04 20:34 <DIR> d-a------ F:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-21 19:52 . 2007-12-10 14:53 81,288 --a------ F:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-21 19:52 . 2007-12-10 14:53 66,952 --a------ F:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-21 19:52 . 2008-02-01 12:55 42,376 --a------ F:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-21 19:52 . 2007-12-10 14:53 29,576 --a------ F:\WINDOWS\system32\drivers\kcom.sys
2008-05-21 19:51 . 2008-06-03 19:43 <DIR> d-------- F:\Programmi\Spyware Doctor
2008-05-21 19:51 . 2008-05-21 19:51 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\PC Tools
2008-05-21 19:51 . 2006-10-05 04:42 2,560 --------- F:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-21 19:51 . 2006-10-05 04:42 2,432 --------- F:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-21 19:50 . 2008-05-21 19:51 <DIR> d-------- F:\Programmi\Picasa2
2008-05-21 19:50 . 2008-05-21 19:50 <DIR> d-------- F:\Programmi\Google
2008-05-21 19:50 . 2008-06-03 21:57 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-05-17 18:49 . 2008-05-17 18:49 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\MSN6
2008-05-17 18:49 . 2008-05-17 18:51 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\MSN6
2008-05-12 00:25 . 2008-05-12 00:25 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\TXT
2008-05-10 01:37 . 2008-05-10 01:37 <DIR> d-------- F:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-05-10 01:32 . 2008-05-10 01:32 <DIR> d-------- F:\Programmi\Lavasoft
2008-05-10 01:32 . 2008-05-10 01:32 <DIR> d-------- F:\Programmi\File comuni\Wise Installation Wizard
2008-05-10 01:32 . 2008-05-10 01:33 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-05-05 22:09 . 2008-05-05 22:09 288 --a------ F:\WINDOWS\ASYM.01
2008-05-05 22:09 . 2008-05-05 22:09 24 --a------ F:\WINDOWS\TB60.01
2008-05-05 22:09 . 2008-05-05 22:09 24 --a------ F:\WINDOWS\TB50.01
2008-05-05 21:59 . 2008-03-08 18:57 <DIR> d--h----- F:\Documents and Settings\Chiara\Risorse di stampa
2008-05-05 21:59 . 2008-03-08 18:57 <DIR> d--h----- F:\Documents and Settings\Chiara\Risorse di rete
2008-05-05 21:59 . 2008-05-05 21:59 <DIR> dr------- F:\Documents and Settings\Chiara\Preferiti
2008-05-05 21:59 . 2008-03-08 18:03 <DIR> d--h----- F:\Documents and Settings\Chiara\Modelli
2008-05-05 21:59 . 2008-03-08 18:57 <DIR> dr------- F:\Documents and Settings\Chiara\Menu Avvio
2008-05-05 21:59 . 2008-06-04 20:48 <DIR> d--h----- F:\Documents and Settings\Chiara\Impostazioni locali
2008-05-05 21:59 . 2008-05-05 21:59 <DIR> dr------- F:\Documents and Settings\Chiara\Documenti
2008-05-05 21:59 . 2008-05-05 21:59 <DIR> dr-h----- F:\Documents and Settings\Chiara\Dati applicazioni
2008-05-05 21:59 . 2008-05-05 21:59 <DIR> d-------- F:\Documents and Settings\Chiara
2008-05-05 21:54 . 2008-05-05 21:54 <DIR> d-------- F:\WINDOWS\asym
2008-05-05 21:54 . 2008-05-05 21:54 <DIR> d-------- F:\Program Files
2008-05-05 21:54 . 2008-05-30 20:26 <DIR> d-------- F:\My Documents
2008-05-05 21:54 . 1998-04-22 13:37 6,112 --a------ F:\WINDOWS\OMNICREG.DLL
2008-05-05 21:54 . 2008-05-05 22:09 288 --a------ F:\WINDOWS\ASYM.INI
2008-05-05 21:53 . 2008-05-05 22:18 869 --a------ F:\WINDOWS\omupdate.ini
2008-05-05 21:50 . 2008-05-05 21:50 <DIR> d-------- F:\Programmi\VideoLAN
2008-05-05 21:50 . 2008-05-05 21:50 <DIR> d-------- F:\Documents and Settings\Alex\Dati applicazioni\vlc
2008-05-05 21:23 . 2008-05-05 21:23 <DIR> d-------- F:\Programmi\D-Link
2008-05-05 21:23 . 2004-05-21 16:59 283,392 --a------ F:\WINDOWS\system32\drivers\GPLUS.sys
2008-05-05 21:23 . 2004-05-21 16:59 83,024 --a------ F:\WINDOWS\system32\drivers\FwRad16.bin
2008-05-05 21:06 . 2004-08-20 19:09 62,865 --a------ F:\WINDOWS\system32\drivers\odysseyIM3.sys
2008-05-05 21:06 . 2004-08-20 19:09 61,440 --a------ F:\WINDOWS\system32\W32N50.dll
2008-05-05 21:06 . 2004-08-20 19:09 16,292 --a------ F:\WINDOWS\system32\PCANDIS5.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 22:33 --------- d-----w F:\Programmi\Messenger Plus! Live
2008-05-27 17:39 --------- d-----w F:\Documents and Settings\Alex\Dati applicazioni\Drvmix
2008-05-27 17:38 --------- d-----w F:\Documents and Settings\All Users\Dati applicazioni\soft chic meet great
2008-05-21 17:49 --------- d-----w F:\Programmi\OpenOffice.org 2.3
2008-05-21 17:42 --------- d-----w F:\Documents and Settings\Alex\Dati applicazioni\OpenOffice.org2
2008-05-05 19:33 --------- d-----w F:\Programmi\Microsoft ActiveSync
2008-05-05 19:23 --------- d--h--w F:\Programmi\InstallShield Installation Information
2008-04-23 15:17 693,792 ----a-w F:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w F:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w F:\WINDOWS\system32\OGAAddin.dll
2008-03-25 04:51 621,344 ----a-w F:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w F:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w F:\WINDOWS\system32\win32k.sys
2004-08-20 17:09 62,865 ----a-w F:\WINDOWS\inf\IM\odysseyIM3.sys
2004-08-20 17:09 45,056 ----a-w F:\WINDOWS\inf\IM\imdinst.exe
2004-08-20 17:09 12,739 ----a-w F:\WINDOWS\inf\IM\odNetInstall.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MsnMsgr"="F:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"H/PC Connection Agent"="F:\Programmi\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:38 1289000]
"Skype"="F:\Programmi\Skype\Phone\Skype.exe" [2008-02-12 20:10 21898024]
"sizeseek"="F:\DOCUME~1\Alex\DATIAP~1\Drvmix\Sect SPAM.exe" [2008-05-27 19:37 437248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 67584 F:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 22:05 339968]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"Adobe Reader Speed Launcher"="F:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="F:\Programmi\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"ISTray"="F:\Programmi\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
F:\Documents and Settings\Alex\Menu Avvio\Programmi\Esecuzione automatica\
StarOffice 8.lnk - F:\Programmi\Sun\StarOffice 8\program\quickstart.exe [2007-08-17 21:58:18 122880]
F:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
D-Link AirPlus G+ Wireless Adapter Utility.lnk - F:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE [2008-05-05 21:23:57 671744]
Microsoft Office.lnk - F:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
VIA RAID TOOL.lnk - F:\Programmi\VIA\RAID\raid_tool.exe [2008-03-08 19:10:40 565248]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\Programmi\Microsoft ActiveSync\rapimgr.exe"= F:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"F:\Programmi\Microsoft ActiveSync\wcescomm.exe"= F:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"F:\Programmi\Microsoft ActiveSync\WCESMgr.exe"= F:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"F:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 odysseyIM3;Odyssey Network Services Miniport;F:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-08-20 19:09]
R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;F:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 16:59]
S2 MagnaPci;MagnaPci;F:\WINDOWS\system32\drivers\MagnaPci.sys [1999-05-17 11:26]
*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-04 00:00:00 F:\WINDOWS\Tasks\ABEC82AB918B349B.job"
- f:\docume~1\alex\datiap~1\drvmix\roadeachatom.exe
"2008-06-03 17:44:04 F:\WINDOWS\Tasks\OGADaily.job"
- F:\WINDOWS\system32\OGAVerify.exe
"2008-06-04 18:12:27 F:\WINDOWS\Tasks\OGALogon.job"
- F:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 20:49:04
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-06-04 20.50.43
ComboFix-quarantined-files.txt 2008-06-04 18:50:38
7 Directory 25,687,261,184 byte disponibili
10 Directory 25,688,821,760 byte disponibili
191 --- E O F --- 2008-05-31 21:06:50
|
Ogni volta che faccio partire combofix alla fine di tutto mi si crea un'icona di internet explorer sul desktop... O_O°
Come mai? |
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 05 Giu 2008 13:55 Oggetto: |
|
|
Niente da consigliarmi da fare questa sera?
Avete perso le speranze anche voi?
Devo pensare a formattare? 
Sigh... |
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 05 Giu 2008 21:34 Oggetto: |
|
|
Ho fatto una scanzione online con BitDefender... ecco il report:
BitDefender Online Scanner - Real Time Virus Report
Generated at: Thu, Jun 05, 2008 - 21:27:30
Scan Info
Scanned Files
385486
Infected Files
1
Virus Detected
Spyware.Pws.A
1
Alla fine di tutto mi ha detto: comprami e risolvo il problema... se no attaccati... O_O°° |
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 06 Giu 2008 11:59 Oggetto: |
|
|
Più nessuno....?
Non capisco se sia perchè magari dovete fare altro (a mi va benissimo)
o se sono un caso disperato e vi siete arresi (e non mi va benissimo)...
E se comprassi avast? Visto che ora ho la versione free... magari se prendo quella a pagamento mi leva sto CID!!! Oppure consigliatemi un'antivirus valido sempre a pagamento e che non abbia niente a che fare con norton e M$....
GRAZIE!!
ps: o formatto? |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 06 Giu 2008 19:22 Oggetto: |
|
|
Devi avere pazienza, bdoriano non può intervenire al momento perchè è impegnato;
appena possibile dò un'occhiata io e ti dico cosa fare... |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 07 Giu 2008 11:29 Oggetto: |
|
|
Dunque, pare che questo CID non vuole andarsene....
fai la scansione con Systemscan e posta il log generato come
indicato quì.. |
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 08 Giu 2008 19:00 Oggetto: |
|
|
Hai ragione non se ne vuole andare... che sfigaaaa!!
Ecco il log...
http://www.freefilehosting.net/download/3i73i
PROBLEMA:
il log non comprende:
- loaded modules
- hidden objects
- network settings
perchè systemscan s'impalla e non risponde più.... che devo fa?
Grazie a tutti... |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 09 Giu 2008 09:55 Oggetto: |
|
|
Apri il blocco note e copia/incolla queste scritte in rosso:
| Citazione: | Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"sizeseek"=-
|
Salva il file col nome di fix.reg in C:\ (IMPORTANTE!)
Apri SystemScan>Clicca su "Removal Script".
All'interno del box bianco copia ed incolla i valori riportati qui sotto in rosso:
| Citazione: | Files to delete:
F:\WINDOWS\tasks\ABEC82AB918B349B.job
f:\docume~1\alex\datiap~1\drvmix\roadeachatom.exe
programs to launch on reboot:
c:\fix.reg
|
ora clicca su "Proceed with removal" e poi su OK.
Il pc dovrebbe riavviarsi da solo, diversamente riavvialo manualmente
Portati in C:\ postami il contenuto del log generato da Avenger (avenger.txt) allega un nuovo report di SystemScan |
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 09 Giu 2008 18:55 Oggetto: |
 |
|
ma quando scrivevi C: intendevi sempre F: ??? perchè invece ho seguito alla lettera le indicazioni....
Cmq da me F:\ è il disco che ha winzoz mentre C:\ è un disco secondario per i dati....
ecco il log:
| Codice: | Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\iobstchl
*******************
Script file located at: \??\F:\Documents and Settings\vbhxuldu.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at F:\Avenger
*******************
Beginning to process script file:
File F:\WINDOWS\tasks\ABEC82AB918B349B.job deleted successfully.
File f:\docume~1\alex\datiap~1\drvmix\roadeachatom.exe deleted successfully.
Could not set up c:\fix.reg to run on reboot
Run on reboot of program c:\fix.reg failed!
Status: 0xc0000034
Could not set up F:\Documents and Settings\Alex\Desktop\sys39502.exe to run on reboot
Run on reboot of program F:\Documents and Settings\Alex\Desktop\sys39502.exe failed!
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate. |
ps: CID c'è ancora.... (io lo dico... tanto perchè si sappia eh... ma non sto pretendendo niente eh ) |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
