|
| Precedente :: Successivo |
| Autore |
Messaggio |
bastardinside
Eroe in grazia degli dei
Registrato: 22/01/08 01:50
Messaggi: 132
Residenza: A casa mia...di solito...
|
 Inviato: 19 Giu 2008 16:04 Oggetto: Virus che apre pagine d'internet con pubblicità d'improvviso |
 |
|
 a tutti,
Ho un problema col mio PC perchè mentre navigo su internet d'improvviso, senza che io clicchi niente, mi si aprono delle pagine d'internet contenenti pubblicità di vario genere...
Questo è il log di hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.00.39, on 19/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\CONITECH\CN405WLUSB54.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Supino\Documenti\File ricevuti\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?sourceid=navclient&hl=it&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66005
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_SE3.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [poke mp3 cdrom meta] C:\Documents and Settings\All Users\Dati applicazioni\Jump Poll Poke Mp3\knob bash.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tool creative] C:\DOCUME~1\Supino\DATIAP~1\PROCDR~1\meal face.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - Startup: Alice.lnk = ?
O4 - Global Startup: CN405WLUSB54 Utility LAN wireless.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .UVR: C:\Programmi\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
--
End of file - 7307 bytes
Fatemi sapere...grazie... |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 19 Giu 2008 19:52 Oggetto: |
|
|
Ciao bastardinside,
- Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
- Fai una scansione con Norman Malware Cleaner.
- Riavvia il computer in modalità normale
- Segui le istruzioni di questo topic per eseguire combofix.
- Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di Norman Malware Cleaner su WikiSend e posta il Forum Link che ti viene assegnato
- Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio
|
|
| Top |
|
|
bastardinside
Eroe in grazia degli dei
Registrato: 22/01/08 01:50
Messaggi: 132
Residenza: A casa mia...di solito...
|
| Inviato: 20 Giu 2008 18:28 Oggetto: |
|
|
Ciao bdoriano,
Volevo dirti che dato che il problema non riguarda prettamente me, ma una mia amica, tutte queste cose suggeritemi da te, sono state suggerite da me a lei via msn e quindi fatte da lei,che non è molto brava sul computer, infatti, so che nel log di Norman Malware Cleaner troverai, perchè l'ho visto, cose che secondo me riguardano quarantena di antivirus o non so, mentre per il log di combofix sono riuscito a farle capire che doveva disattivare gli antivirus e chiudere tutti i programmi...mi sono fatto inviare i 2 log e quello di Norman Malware Cleaner l'ho postato in WikiSend, eccoti i 2 link:
Download link: http://forum.zeusnews.com/link/34015
Forum link: NFix_2008-06-20_15-29-12.log
Mentre per combofix lo posto qui di seguito:
ComboFix 08-06-19.4 - Supino 2008-06-20 17:29:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.247 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Supino\Documenti\ComboFix-exe.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-05-20 al 2008-06-20 )))))))))))))))))))))))))))))))))))
.
2008-06-20 15:01 . 2008-06-20 15:01 <DIR> d-------- C:\Programmi\CCleaner
2008-06-11 23:42 . 2008-06-11 23:42 <DIR> d-------- C:\Programmi\procdrive
2008-06-11 23:42 . 2008-06-11 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Jump Poll Poke Mp3
2008-06-11 23:41 . 2008-06-11 23:41 <DIR> d-------- C:\Programmi\Circle Developement
2008-06-11 23:41 . 2008-06-11 23:43 <DIR> d-------- C:\Documents and Settings\Supino\Dati applicazioni\procdrive
2008-06-11 21:56 . 2008-05-08 14:14 203,008 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 21:55 . 2008-04-14 17:51 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 21:55 . 2008-04-14 17:51 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 17:27 . 2008-06-11 17:27 <DIR> d-------- C:\Programmi\CONITECH
2008-06-11 17:27 . 2008-06-11 17:27 <DIR> d-------- C:\Documents and Settings\Supino\Dati applicazioni\InstallShield
2008-06-11 17:27 . 2007-04-19 10:16 450,560 --a------ C:\WINDOWS\system32\drivers\WlanUZXP.SYS
2008-06-11 17:27 . 2007-04-19 10:16 102,400 --a------ C:\WINDOWS\system32\ZDCN50.dll
2008-06-11 17:27 . 2007-04-19 10:16 19,072 --a------ C:\WINDOWS\system32\ZDCndis5.sys
2008-06-03 16:31 . 2008-06-03 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-06-03 14:57 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-06-01 16:34 . 2008-06-01 16:34 <DIR> d-------- C:\WINDOWS\Cache
2008-06-01 03:08 . 2008-06-01 03:08 445,454 --a------ C:\WINDOWS\PE30.bmp
2008-05-31 12:15 . 2008-05-31 12:15 <DIR> d-------- C:\Documents and Settings\Supino\Dati applicazioni\Samsung
2008-05-31 10:10 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-05-31 10:09 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-05-31 09:14 . 2008-05-31 09:14 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-05-31 09:14 . 2008-05-31 09:14 <DIR> d-------- C:\Programmi\Samsung
2008-05-31 09:14 . 2007-05-02 11:11 109,704 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2008-05-31 09:14 . 2007-05-02 11:11 83,592 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2008-05-31 09:14 . 2007-05-02 11:11 15,112 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2008-05-31 09:14 . 2007-05-02 11:11 12,424 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2008-05-31 09:14 . 2007-05-02 11:11 12,424 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2008-05-31 09:14 . 2007-05-02 11:11 12,424 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2008-05-31 09:14 . 2007-05-02 11:11 12,424 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2008-05-31 09:14 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-05-28 00:26 . 2008-02-26 13:48 297,984 --------- C:\WINDOWS\system32\dllcache\msctf.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 21:17 --------- d-----w C:\Programmi\eMule
2008-06-19 20:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-06-14 15:13 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-06-13 13:25 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-12 13:28 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-11 21:41 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-06-11 18:10 --------- d-----w C:\Documents and Settings\Supino\Dati applicazioni\ArcSoft
2008-06-11 09:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-17 14:08 --------- d-----w C:\Programmi\File comuni\ArcSoft
2008-05-17 14:08 --------- d-----w C:\Programmi\ArcSoft
2008-05-17 14:06 --------- d-----w C:\Programmi\Trust
2008-05-17 14:06 --------- d-----w C:\Programmi\File comuni\PAC207
2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,292,800 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-30 20:15 --------- d-----w C:\Documents and Settings\Supino\Dati applicazioni\Motive
2008-04-30 18:11 --------- d-----w C:\Programmi\File comuni\Motive
2008-04-30 18:10 155,995 ----a-w C:\WINDOWS\java\Packages\57ZBHV7Z.ZIP
2008-04-30 18:10 --------- d-----w C:\Programmi\Common Files
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 16:11 --------- d-----w C:\Programmi\ESET
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-16 17:11 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-25 08:20 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 183,072 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 07:57 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 07:57 1,845,888 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2002-04-03 14:01 286,720 ------w C:\Programmi\internet explorer\plugins\PanoViewer.dll
1999-04-30 15:00 98,304 ------w C:\Programmi\internet explorer\plugins\UPjpeg.dll
2008-03-04 20:32 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-03-04 20:32 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
2008-02-26 16:57 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008022620080227\index.dat
2008-03-04 20:32 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"tool creative"="C:\DOCUME~1\Supino\DATIAP~1\PROCDR~1\meal face.exe" [2008-06-11 23:41 433152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-04-16 19:11 949376]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"poke mp3 cdrom meta"="C:\Documents and Settings\All Users\Dati applicazioni\Jump Poll Poke Mp3\knob bash.exe" [2008-06-20 16:39 2243072]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
CN405WLUSB54 Utility LAN wireless.lnk - C:\Programmi\CONITECH\CN405WLUSB54.exe [2008-06-11 17:27:22 704512]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-02-27 22:45:51 125624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
-ra------ 2007-08-09 16:48 528384 C:\Programmi\VIA\VIAudioi\SBADeck\ADeck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\ZDCNDIS5.sys [2007-04-19 10:16]
R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 10:26]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 XG762_XP;CONITECH 802.11g XG762N Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2007-04-19 10:16]
*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-20 15:00:01 C:\WINDOWS\Tasks\AEBB990591481001.job"
- c:\docume~1\supino\datiap~1\procdr~1\HOLE THE CAKE.exe
"2008-06-20 12:57:02 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-06-20 12:31:15 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 17:31:02
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-06-20 17:31:49
ComboFix-quarantined-files.txt 2008-06-20 15:31:38
5 Directory 69,933,117,440 byte disponibili
8 Directory 70,023,675,904 byte disponibili
149 --- E O F --- 2008-06-11 22:39:34
Grazie mille per l'aiuto... |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 20 Giu 2008 18:42 Oggetto: |
|
|
Norman ha eliminato le voci impostate da Spybot e alcuni virus. 
Ora, falle creare un file di testo con le seguenti istruzioni:
| Codice: | File::
C:\WINDOWS\Tasks\AEBB990591481001.job
c:\docume~1\supino\datiap~1\procdr~1\HOLE THE CAKE.exe
C:\Documents and Settings\All Users\Dati applicazioni\Jump Poll Poke Mp3\knob bash.exe
C:\DOCUME~1\Supino\DATIAP~1\PROCDR~1\meal face.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"poke mp3 cdrom meta"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tool creative"=- |
Falle salvare il file sul desktop con il nome CFScript.txt e dille di trascinarlo sull'icona di ComboFix, come indicato in seguito:
Attendere pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. 
Dopo,
- falle disabilitare l'antivirus
- Dille di collegarsi a BitDefender (con IE) e fare la scansione completa.
- Dille di collegarsi a Kaspersky on-line scanner e fare la scansione estesa, come indicato qui.
Deve salvare il risultato della scansione in un file (in formato TXT), caricare il file su WikiSend e postare qui il Forum Link che le viene assegnato.
Dille di postare anche il log aggiornato di combofix |
|
| Top |
|
|
bastardinside
Eroe in grazia degli dei
Registrato: 22/01/08 01:50
Messaggi: 132
Residenza: A casa mia...di solito...
|
| Inviato: 13 Lug 2008 16:41 Oggetto: |
|
|
| Problema più grave, si era risolto il vecchio problema delle pubblicità ed adesso è nato quello della mancata connessione. Msn va bene ma ci mette un sacco di tempo per aprire IE7 e comunque anche quando finisce di caricare esce la scritta control page senza che si apra la pagina iniziale di google, cosa fare? |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
