| Precedente :: Successivo |
| Autore |
Messaggio |
Jack Opus
Mortale pio
Registrato: 28/03/07 22:53
Messaggi: 24
|
 Inviato: 16 Set 2008 18:57 Oggetto: aiuto |
 |
|
ho tutti i virus del mondo nel computer.. sono disperato.. mi è sparito il desktop e mi è comparsa una scritta "warning, spyware detected in your computer".. si aprono finestre web ogni minuto.. non si vedono più le immagini.. non funzione più task manager..
ecco il log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.49.11, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\runsql.exe
C:\WINDOWS\sv.exe
C:\WINDOWS\svzip.exe
C:\WINDOWS\svhoster.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\vlc.exe
C:\WINDOWS\wdmon.exe
C:\WINDOWS\svx.exe
C:\WINDOWS\svw.exe
C:\WINDOWS\svc.exe
C:\WINDOWS\system32\lphc3c8j0e177.exe
C:\Programmi\Microsoft Security Adviser\msctrl.exe
C:\Programmi\Microsoft Security Adviser\msavsc.exe
C:\Programmi\Microsoft Security Adviser\msscan.exe
C:\Programmi\Microsoft Security Adviser\msiemon.exe
C:\Programmi\Microsoft Security Adviser\msfw.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\GetRight\getright.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmi\OpenOffice.org 2.4\program\soffice.exe
C:\Programmi\OpenOffice.org 2.4\program\soffice.BIN
C:\Programmi\Microsoft Security Adviser\mssadv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dwwin.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\ad\IMPOST~1\Temp\Rar$EX00.922\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IE - {D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E} - C:\Programmi\eSoftware\studio.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\advpackt.exe
O4 - HKLM\..\Run: [runsql] C:\WINDOWS\runsql.exe
O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe
O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe
O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe
O4 - HKLM\..\Run: [vlc] C:\WINDOWS\vlc.exe
O4 - HKLM\..\Run: [wdmon] C:\WINDOWS\wdmon.exe
O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe
O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe
O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
O4 - HKLM\..\Run: [lphc3c8j0e177] C:\WINDOWS\system32\lphc3c8j0e177.exe
O4 - HKLM\..\Run: [msctrl.exe] C:\Programmi\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Programmi\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Programmi\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Programmi\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Programmi\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\advpackt.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Programmi\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Programmi\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Programmi\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Programmi\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Programmi\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\advpackt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmi\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 8404 bytes |
|
| Top |
|
 |
chemicalbit
Dio maturo
Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
|
| Inviato: 16 Set 2008 19:40 Oggetto: |
|
|
Che antivirus e altri programmi simili hai?
Hanno trovato qualcosa? |
|
| Top |
|
|
Jack Opus
Mortale pio
Registrato: 28/03/07 22:53
Messaggi: 24
|
| Inviato: 16 Set 2008 19:49 Oggetto: |
|
|
| antivir dice shellcode.gen e malicious.activeX.gen |
|
| Top |
|
|
Jack Opus
Mortale pio
Registrato: 28/03/07 22:53
Messaggi: 24
|
| Inviato: 16 Set 2008 19:52 Oggetto: |
|
|
| e crypted.gen, agent.vgo.. ogni minuto me ne segnala uno |
|
| Top |
|
|
Jack Opus
Mortale pio
Registrato: 28/03/07 22:53
Messaggi: 24
|
| Inviato: 16 Set 2008 21:04 Oggetto: |
|
|
questo è il risultato dello scan con antivir:
Avira AntiVir Personal
Report file date: martedì 16 settembre 2008 19:51
Scanning for 1619498 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: SN580297739543
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 16:40:00
ANTIVIR3.VDF : 7.0.6.166 109056 Bytes 16/09/2008 16:40:03
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 16/09/2008 16:40:11
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 16/09/2008 16:40:10
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 16/09/2008 16:40:09
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 16/09/2008 16:40:08
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 16/09/2008 16:40:06
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 16/09/2008 16:40:04
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 16/09/2008 16:40:03
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: martedì 16 settembre 2008 19:51
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'USBDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mssadv.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Programmi\Microsoft Security Adviser\mssadv.exe'
Scan process 'o2flash.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'WkCalRem.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'getright.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'msfw.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Programmi\Microsoft Security Adviser\msfw.exe'
Scan process 'msiemon.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Programmi\Microsoft Security Adviser\msiemon.exe'
Scan process 'msscan.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Programmi\Microsoft Security Adviser\msscan.exe'
Scan process 'msavsc.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Programmi\Microsoft Security Adviser\msavsc.exe'
Scan process 'msctrl.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Programmi\Microsoft Security Adviser\msctrl.exe'
Scan process 'lphc3c8j0e177.exe' - '1' Module(s) have been scanned
Scan process 'svc.exe' - '1' Module(s) have been scanned
Scan process 'svw.exe' - '1' Module(s) have been scanned
Scan process 'svx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wdmon.exe' - '1' Module(s) have been scanned
Scan process 'vlc.exe' - '1' Module(s) have been scanned
Scan process 'svhoster.exe' - '1' Module(s) have been scanned
Scan process 'svzip.exe' - '1' Module(s) have been scanned
Scan process 'sv.exe' - '1' Module(s) have been scanned
Scan process 'runsql.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'mssadv.exe' has been terminated
Process 'msfw.exe' has been terminated
Process 'msiemon.exe' has been terminated
Process 'msscan.exe' has been terminated
Process 'msavsc.exe' has been terminated
Process 'msctrl.exe' has been terminated
C:\Programmi\Microsoft Security Adviser\mssadv.exe
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '4942f2a4.qua'!
C:\Programmi\Microsoft Security Adviser\msfw.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '4935f2b2.qua'!
C:\Programmi\Microsoft Security Adviser\msiemon.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '4938f2b5.qua'!
C:\Programmi\Microsoft Security Adviser\msscan.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '4942f2bb.qua'!
C:\Programmi\Microsoft Security Adviser\msavsc.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '4930f2be.qua'!
C:\Programmi\Microsoft Security Adviser\msctrl.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '4932f2c0.qua'!
72 processes with 66 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\advpackt.exe
[WARNING] The file could not be opened!
The registry was scanned ( '75' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\APPS\TISCALI\data\tiscaliDialer.exe
[DETECTION] Contains recognition pattern of the DIAL/Generic dialer
[NOTE] The file was moved to '4942f304.qua'!
C:\Documents and Settings\ad\Desktop\msavsc.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '4930f377.qua'!
C:\Documents and Settings\ad\Desktop\msctrl.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '4932f379.qua'!
C:\Documents and Settings\ad\Desktop\msfw.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '4935f37b.qua'!
C:\Documents and Settings\ad\Desktop\msiemon.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '4938f37d.qua'!
C:\Documents and Settings\ad\Desktop\mssadv.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '4942f37f.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temp\.tt2.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '4943f615.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temp\.tt311.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '4943f618.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temp\.tt4.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '4943f61b.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temp\.tt6.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '4943f61c.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temp\.ttBC.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '4943f61e.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temp\Acr262.tmp
[0] Archive type: PDF Stream
--> Object
[DETECTION] Contains recognition pattern of the HTML/Shellcode.Gen HTML script virus
[NOTE] The file was moved to '4941f61a.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temp\Acr26B.tmp
[0] Archive type: PDF Stream
--> Object
[DETECTION] Contains recognition pattern of the HTML/Shellcode.Gen HTML script virus
[NOTE] The file was moved to '48e7b543.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temp\Acr310.tmp
[0] Archive type: PDF Stream
--> Object
[DETECTION] Contains recognition pattern of the HTML/Shellcode.Gen HTML script virus
[NOTE] The file was moved to '4941f61b.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temp\nsj31B.tmp\euladlg.dll
[DETECTION] Is the TR/FakeAV.AM Trojan
[NOTE] The file was moved to '493bf6bc.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\5YVOO9B7\06dd1987317f6e7e1946f51f73befe3e46be532fdaca126df227342b43d1d0174e69206fb4fb21c50d43c2be61356394bccbfichef890a1c76a3f2f8130b7385432c1f37c860749bb20d70d9b00[1].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4933f909.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\5YVOO9B7\intersexxx[1].htm
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '4943f957.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\5YVOO9B7\intersexxx[2].htm
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '4943f958.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\8MQJCLHG\78.157.142[1].htm
[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus
[NOTE] The file was moved to '48fdf93d.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\8MQJCLHG\78.157.142[2].htm
[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus
[NOTE] The file was moved to '48fdf93e.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\8MQJCLHG\barrymovies[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '4941f96e.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\8MQJCLHG\greatladymovies[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '4934f98a.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\8MQJCLHG\index[4].htm
[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus
[NOTE] The file was moved to '4933f989.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\8MQJCLHG\interno-porn[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '4943f98a.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\8MQJCLHG\search[3].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4930f989.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\KPUZWX6F\greatladymovies[1].com
[0] Archive type: GZ
--> greatladymovies[1]
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '4934f9e2.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\NTIYAYS9\78.157.142[2].htm
[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus
[NOTE] The file was moved to '48fdf9b7.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\NTIYAYS9\search[6].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4930f9f6.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\NTIYAYS9\timeforfuck[1].htm
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '493cf9fd.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\NTIYAYS9\xmoviesday[1].htm
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '493efa03.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\Q1J5KYU1\flow[1].htm
[DETECTION] Contains recognition pattern of the HTML/Shellcode.Gen HTML script virus
[NOTE] The file was moved to '493efa19.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\Q1J5KYU1\search[6].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4930fa1a.qua'!
C:\Documents and Settings\ad\Impostazioni locali\Temporary Internet Files\Content.IE5\S96V45YR\greatladymovies[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '4934fa4a.qua'!
C:\Programmi\d3lOo's MSN Block Checker v1.09\d3loo_msn_block_checker_v1.09.exe
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The file was moved to '493bfb0e.qua'!
C:\Programmi\WinBudget\bin\matrix.dll
[DETECTION] Is the TR/Dldr.286732 Trojan
[NOTE] The file was moved to '4943fe21.qua'!
C:\RECYCLER\S-1-5-21-3618378306-2591655167-323628768-1005\Dc10.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.fwe back-door program
[NOTE] The file was moved to '4900fe38.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000005.exe
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '48fffe08.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000006.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '495ac5b1.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000007.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '48fffe09.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000008.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '495ac5b2.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000009.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '48fffe0b.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000010.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '495ac5b4.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000011.exe
[DETECTION] Contains recognition pattern of the DIAL/Generic dialer
[NOTE] The file was moved to '48fffe0a.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000012.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '495ac5b3.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000013.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '48fffe0c.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000014.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '48fffe0d.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000015.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '495ac5b6.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000016.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '48fffe0f.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000017.exe
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The file was moved to '495ac5b5.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000020.dll
[DETECTION] Is the TR/Dldr.286732 Trojan
[NOTE] The file was moved to '48fffe0e.qua'!
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP3\A0000021.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.fwe back-door program
[NOTE] The file was moved to '495ac5b7.qua'!
C:\WINDOWS\system32\phc3c8j0e177.bmp
[DETECTION] Is the TR/Fakealert.AAF Trojan
[NOTE] The file was moved to '49330180.qua'!
End of the scan: martedì 16 settembre 2008 20:57
Used time: 1:06:03 Hour(s)
The scan has been done completely.
7109 Scanning directories
371112 Files were scanned
62 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
58 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
371045 Files not concerned
8222 Archives were scanned
3 Warnings
58 Notes |
|
| Top |
|
|
chemicalbit
Dio maturo
Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
|
| Inviato: 16 Set 2008 21:41 Oggetto: |
|
|
In attesa di qualcuno di più esperto che legga i log che hai postato,
iniiza a fare queste pulizie generiche:
- Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
- Segui le istruzioni di questo topic per usare MBAM.
- Segui le istruzioni di questo topic per eseguire combofix.
- Segui le istruzioni di questo topic per postare il log di HiJackThis.
- Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di MBAM su WikiSend e posta il Forum Link che ti viene assegnato.
- Carica il log di Combofix su WikiSend e posta il Forum Link che ti viene assegnato.
- Carica il log di HiJackThis su WikiSend e posta il Forum Link che ti viene assegnato.
|
|
| Top |
|
|
Jack Opus
Mortale pio
Registrato: 28/03/07 22:53
Messaggi: 24
|
| Inviato: 16 Set 2008 21:50 Oggetto: |
|
|
| ok grazie mille.. procedo.. |
|
| Top |
|
|
Jack Opus
Mortale pio
Registrato: 28/03/07 22:53
Messaggi: 24
|
| Inviato: 17 Set 2008 21:28 Oggetto: |
|
|
ecco i log....
mbam http://wikisend.com/download/960834/mbam-log-2008-09-17 (20-42-58).txt
combofix http://wikisend.com/download/621654/log combofix.txt
hijackthis http://wikisend.com/download/950506/hijackthis.txt
per adesso la situazione sembra già migliorata.. la scritta sul desktop è scomparsa, adesso è tutto blu.. sarà un buon segno? |
|
| Top |
|
|
Jack Opus
Mortale pio
Registrato: 28/03/07 22:53
Messaggi: 24
|
| Inviato: 17 Set 2008 21:30 Oggetto: |
 |
|
riposto i link.. questi sono corretti..
http://wikisend.com/download/537976/mbam-log-2008-09-17.txt
http://wikisend.com/download/584774/log_combofix.txt
http://wikisend.com/download/950506/hijackthis.txt |
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
