Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Test Log..
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
RackBelt
Comune mortale
Comune mortale


Registrato: 22/10/07 11:59
Messaggi: 4
MessaggioInviato: 22 Ott 2007 12:17    Oggetto: Test Log.. Rispondi citando
Salve a Tutti....Ecco Il Mio Test Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.55.41, on 22/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\lkcitdl.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\lkads.exe
D:\WINDOWS\system32\lktsrv.exe
D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Programmi\National Instruments\Shared\Security\nidmsrv.exe
D:\WINDOWS\system32\nisvcloc.exe
D:\Programmi\Eset\nod32krn.exe
D:\Programmi\OO Software\CleverCache\ooccag.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\msmssgs.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\VTtrayp.exe
D:\Programmi\Eset\nod32kui.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Programmi\OO Software\CleverCache\ooccctrl.exe
D:\Program Files\Process Lasso\processgovernor.exe
D:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Programmi\iTunes\iTunesHelper.exe
D:\Programmi\Winamp\winampa.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Process Lasso\ProcessSupervisor.exe
D:\Programmi\PC Connectivity Solution\ServiceLayer.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Programmi\iPod\bin\iPodService.exe
D:\Documents and Settings\GIA\Documenti\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Coolstreaming_Tool-Bar_v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - D:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Coolstreaming_Tool-Bar_v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - D:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Coolstreaming_Tool-Bar_v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - D:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SiS Tray] E:\SIS\305\NT40\UTILITY\SISTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [msmssgs.exe] D:\WINDOWS\system32\msmssgs.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [drvgqpmn] "d:\windows\system32\drvgqpmn.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [nod32kui] "D:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ooccctrl.exe] D:\Programmi\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [ProcessGovernor] D:\Program Files\Process Lasso\processgovernor.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LCD Clock] <NonRun>
O4 - HKLM\..\Run: [WinampAgent] D:\Programmi\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Programmi\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ProcessSupervisorGUI] D:\Program Files\Process Lasso\ProcessSupervisor.exe /tray
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] D:\Programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://giammybest.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://giammybest.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E053040-412D-4E8B-98B7-81AFA0FEF842}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{653B747D-1340-4588-A694-8FC791464B40}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B31B83B6-484E-450A-8F29-1E23E104D29F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB903DF1-EE3D-49A2-8106-61C2D6AF8960}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8DE8C2E-F123-4005-A555-B68B088F1792}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - D:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - D:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - D:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - D:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - D:\Programmi\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - D:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - D:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - D:\Programmi\OO Software\CleverCache\ooccag.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - D:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10670 bytes
Top
Profilo Invia messaggio privato
Smjert
Dio maturo
Dio maturo


Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
MessaggioInviato: 22 Ott 2007 13:21    Oggetto: Rispondi citando
Benvenuto RackBelt!

Hai solo un file di dubbia provenienza.

Rifai la scansione con HijackThis ma stavolta premi Do a system scan only, dopodichè seleziona questa voce
O4 - HKLM\..\Run: [drvgqpmn] "d:\windows\system32\drvgqpmn.exe"
e poi premi Fix Checked.

Citazione:
Apri una cartella qualunque, vai su
Strumenti->Opzioni Cartella->scheda Visualizzazione,
spunta la voce "Visualizza cartelle e file nascosti", togli la spunta a
"Nascondi file protetti di sistema" (digli di sì).


Carica il file d:\windows\system32\drvgqpmn.exe su www.virustotal.com (premi su Sfoglia, seleziona il file, premi Invia File e poi aspetta che finisca la scansione, alla fine copiami il risultato delle scansioni degli antivirus).
Top
Profilo Invia messaggio privato HomePage
RackBelt
Comune mortale
Comune mortale


Registrato: 22/10/07 11:59
Messaggi: 4
MessaggioInviato: 23 Ott 2007 17:11    Oggetto: Rispondi citando
Salve...Io Provo a Caricare Il File Dopo Aver Fatto quello che mi hai detto di fare


Apri una cartella qualunque, vai su
Strumenti->Opzioni Cartella->scheda Visualizzazione,
spunta la voce "Visualizza cartelle e file nascosti", togli la spunta a
"Nascondi file protetti di sistema" (digli di sì).

poi ho caricato il file su virustotal e mi dice

0 bytes size received / Se ha recibido un archivo vacio....

Come Risolvo?
Top
Profilo Invia messaggio privato
Smjert
Dio maturo
Dio maturo


Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
MessaggioInviato: 23 Ott 2007 17:29    Oggetto: Rispondi citando
Beh allora cancellalo dal pc.
Strano che sia vuoto...

Forse è meglio che tu ti faccia una scansione con Kaspersky con database esteso
(dopo che ha scaricato gli aggiornamenti appare il pulsante Next,
premilo poi premi Scan Settings e spunta la voce Extended, dai ok e inizia la scansione scegliendo My Computer).
Quando ha finito la scansione appare il pulsante Save Report As per salvare il report, posta il suo contenuto.
Top
Profilo Invia messaggio privato HomePage
RackBelt
Comune mortale
Comune mortale


Registrato: 22/10/07 11:59
Messaggi: 4
MessaggioInviato: 23 Ott 2007 22:18    Oggetto: Rispondi citando
Ecco Qui' Lo Scan Come Mi Hai Detto Di Fare...

Tuesday, October 23, 2007 10:16:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/10/2007
Kaspersky Anti-Virus database records: 443468
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 116829
Number of viruses found 17
Number of infected objects 36
Number of suspicious objects 0
Duration of the scan process 02:09:29

Infected Object Name Virus Name Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\Documents and Settings\GIA\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\GIA\Dati applicazioni\Fouraxisloud\DentPileTray.exe Object is locked skipped
D:\Documents and Settings\GIA\Dati applicazioni\Fouraxisloud\HECK DRAW FACE 16.exe Object is locked skipped
D:\Documents and Settings\GIA\Documenti\Image.nrg/CrxDialUp.exe;1 Infected: HackTool.Win32.VB.kc skipped
D:\Documents and Settings\GIA\Documenti\Image.nrg ISO image: infected - 1 skipped
D:\Documents and Settings\GIA\Documenti\warrock\hack_attack.zip/hack attack/jesse's bypass.exe Infected: Virus.Win32.Parite.b skipped
D:\Documents and Settings\GIA\Documenti\warrock\hack_attack.zip ZIP: infected - 1 skipped
D:\Documents and Settings\GIA\Documenti\warrock\ZTX SPECIAL EDITOIN V2!.zip/ZTX SPECAIL EDITOIN V2!.exe Infected: Virus.Win32.Parite.b skipped
D:\Documents and Settings\GIA\Documenti\warrock\ZTX SPECIAL EDITOIN V2!.zip ZIP: infected - 1 skipped
D:\Documents and Settings\GIA\Documenti\Yahoo\Krakkare\Asphyxiation.exe Infected: HackTool.Win32.VB.js skipped
D:\Documents and Settings\GIA\Documenti\Yahoo\Krakkare\CrxDialUp.exe Infected: HackTool.Win32.VB.kc skipped
D:\Documents and Settings\GIA\Documenti\Yahoo\Krakkare\Nick.rar/CrxDialUp.exe Infected: HackTool.Win32.VB.kc skipped
D:\Documents and Settings\GIA\Documenti\Yahoo\Krakkare\Nick.rar RAR: infected - 1 skipped
D:\Documents and Settings\GIA\Documenti\Yahoo\Nuova cartella\Scanneration By CustomV2.1\Nuovo Archivio WinRAR ZIP.zip/CrxDialUp.exe Infected: HackTool.Win32.VB.kc skipped
D:\Documents and Settings\GIA\Documenti\Yahoo\Nuova cartella\Scanneration By CustomV2.1\Nuovo Archivio WinRAR ZIP.zip ZIP: infected - 1 skipped
D:\Documents and Settings\GIA\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\GIA\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\GIA\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\GIA\Impostazioni locali\Temp\9BF.tmp Infected: Trojan.Win32.Agent.amf skipped
D:\Documents and Settings\GIA\Impostazioni locali\Temp\bis90.exe Infected: Trojan.Win32.Obfuscated.en skipped
D:\Documents and Settings\GIA\Impostazioni locali\Temp\Habbo moedas.exe Infected: Trojan-PSW.Win32.VB.lh skipped
D:\Documents and Settings\GIA\Impostazioni locali\Temp\Install.exe Infected: Trojan-Spy.Win32.Ardamax.e skipped
D:\Documents and Settings\GIA\Impostazioni locali\Temp\sta47.exe Infected: Trojan.Win32.Obfuscated.en skipped
D:\Documents and Settings\GIA\Impostazioni locali\Temp\~DF2FC1.tmp Object is locked skipped
D:\Documents and Settings\GIA\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
D:\Documents and Settings\GIA\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\GIA\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\GIA\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\GIA\Shared\_\ZoneAlarm Pro 6.0.591.002 beta.exe Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Programmi\eMule\Incoming\! habbo artmoney cheats.ZIP/! habbo artmoney cheats/habbo artmoney cheats.exe Infected: not-a-virus:AdWare.Win32.Stud.d skipped
D:\Programmi\eMule\Incoming\! habbo artmoney cheats.ZIP ZIP: infected - 1 skipped
D:\Programmi\eMule\Incoming\Badoo Password Xxx updated-fixed Release 07-2007.rar/setup.exe Infected: P2P-Worm.Win32.Kapucen.ac skipped
D:\Programmi\eMule\Incoming\Badoo Password Xxx updated-fixed Release 07-2007.rar RAR: infected - 1 skipped
D:\Programmi\ESET\cache\CACHE.NDB Object is locked skipped
D:\Programmi\ESET\infected\0IRMVLAA.NQF Infected: Trojan.Win32.VB.ayh skipped
D:\Programmi\ESET\infected\0MEO3OCA.NQF Infected: HackTool.Win32.VB.kc skipped
D:\Programmi\ESET\infected\223IANDA.NQF Infected: P2P-Worm.Win32.VB.dw skipped
D:\Programmi\ESET\infected\3A5KEECA.NQF Infected: Trojan-Dropper.Win32.VB.lu skipped
D:\Programmi\ESET\infected\3ZL4INCA.NQF Infected: not-a-virus:PSWTool.Win32.Messen.a skipped
D:\Programmi\ESET\infected\FPVPPDAA.NQF Infected: Virus.Win32.Parite.b skipped
D:\Programmi\ESET\infected\K5WJHOAA.NQF Infected: Trojan.Win32.Agent.ani skipped
D:\Programmi\ESET\infected\NGVY1SBA.NQF Infected: Constructor.Win32.VB.aa skipped
D:\Programmi\ESET\infected\OGFCRSBA.NQF Infected: Trojan.Win32.Obfuscated.en skipped
D:\Programmi\ESET\infected\Q30PC1CA.NQF Infected: P2P-Worm.Win32.Kapucen.ac skipped
D:\Programmi\ESET\infected\UU0MQABA.NQF Infected: Trojan-Dropper.Win32.Agent.blv skipped
D:\Programmi\ESET\infected\UX0Q4EAA.NQF Infected: HackTool.Win32.HotmailHack.b skipped
D:\Programmi\ESET\infected\ZEBKXSAA.NQF/mspass.exe Infected: not-a-virus:PSWTool.Win32.Messen.a skipped
D:\Programmi\ESET\infected\ZEBKXSAA.NQF ZIP: infected - 1 skipped
D:\Programmi\ESET\infected\ZEBKXSAA.NQF PE-Crypt.XorPE: infected - 1 skipped
D:\Programmi\ESET\logs\virlog.dat Object is locked skipped
D:\Programmi\ESET\logs\warnlog.dat Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\Internet.evt Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
D:\WINDOWS\system32\drvgqpmn.exe Object is locked skipped
D:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\system32\wmp33a.dll Object is locked skipped
D:\WINDOWS\Tasks\drniuzh.job Object is locked skipped
D:\WINDOWS\Tasks\teexjju.job Object is locked skipped
D:\WINDOWS\Tasks\wieyre.job Object is locked skipped
D:\WINDOWS\Tasks\wuycz.job Object is locked skipped
D:\WINDOWS\Tasks\ypsthn.job Object is locked skipped
D:\WINDOWS\Temp\Perflib_Perfdata_200.dat Object is locked skipped
D:\WINDOWS\Temp\Perflib_Perfdata_25c.dat Object is locked skipped
D:\WINDOWS\Temp\Perflib_Perfdata_548.dat Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Top
Profilo Invia messaggio privato
Smjert
Dio maturo
Dio maturo


Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
MessaggioInviato: 24 Ott 2007 12:08    Oggetto: Rispondi
Uh vedo che "un po'" di schifezze.

Riavvia il pc in Modalità Provvisoria (premi continuamente F8 al riavvio finchè non appare un menu, da lì scegli la voce giusta).

Cancella i file/cartelle che ti metto in questa lista, fai attenzione a quelli/e in rosso, non cancellarli se sai cosa sono.

Citazione:
D:\Documents and Settings\GIA\Dati applicazioni\Fouraxisloud\
D:\Documents and Settings\GIA\Documenti\warrock\
D:\Documents and Settings\GIA\Documenti\Yahoo\Krakkare
D:\Documents and Settings\GIA\Documenti\Yahoo\Nuova cartella\Scanneration By CustomV2.1
D:\Documents and Settings\GIA\Impostazioni locali\Temp\9BF.tmp
D:\Documents and Settings\GIA\Impostazioni locali\Temp\bis90.exe
D:\Documents and Settings\GIA\Impostazioni locali\Temp\Habbo moedas.exe
D:\Documents and Settings\GIA\Impostazioni locali\Temp\Install.exe
D:\Documents and Settings\GIA\Impostazioni locali\Temp\sta47.exe
D:\WINDOWS\Tasks\drniuzh.job
D:\WINDOWS\Tasks\teexjju.job
D:\WINDOWS\Tasks\wieyre.job
D:\WINDOWS\Tasks\wuycz.job
D:\WINDOWS\Tasks\ypsthn.job


Poi ti consiglio di svuotare il contenuto della cartella D:\WINDOWS\Tasks\ (se ci sono altri .job) e di controllare quei file che hai scaricato con emule.. perchè se noti l'antivirus li vede come infetti.

Forse conviene fare pure una scansione con Panda (una volta scaricati gli aggiornamenti scegli di scansionare il tuo pc, alla fine posta il risultato).
Top
Profilo Invia messaggio privato HomePage
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi