| Precedente :: Successivo |
| Autore |
Messaggio |
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
 Inviato: 31 Lug 2008 19:10 Oggetto: firefox colpito da CID forse |
 |
|
ciao a tutti....
non ci posso credere.... Ho firefox 3... da i numeri... mi apre pagine di pubblicità...
Ho scansionato con Spyware doctor e con a-squared Free e ho cancellato tutto... scansiono di nuovo e non trovano niente....
Ma firefox è impazzito.... lo disinstallo e lo reinstallo?
posto un log di hijackthis intanto (spero serva se no cancello):
| Codice: | Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.08.08, on 31/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
F:\Programmi\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\a-squared Free\a2service.exe
F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
F:\Programmi\Spyware Doctor\pctsAuxs.exe
F:\Programmi\Spyware Doctor\pctsSvc.exe
F:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\System32\alg.exe
F:\Programmi\Spyware Doctor\pctsTray.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
F:\Programmi\ATI Technologies\ATI.ACE\cli.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmi\Microsoft ActiveSync\wcescomm.exe
F:\documents and settings\alex\impostazioni locali\dati applicazioni\ldcqigdu.exe
F:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
F:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
F:\Programmi\VIA\RAID\raid_tool.exe
F:\PROGRA~1\MICROS~3\rapimgr.exe
F:\Programmi\Sun\StarOffice 8\program\soffice.exe
F:\Programmi\Sun\StarOffice 8\program\soffice.BIN
F:\Programmi\Windows Live\Messenger\usnsvc.exe
F:\Programmi\ATI Technologies\ATI.ACE\cli.exe
F:\Programmi\ATI Technologies\ATI.ACE\cli.exe
F:\Documents and Settings\Alex\Desktop\CID\HiJackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "F:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ATICCC] "F:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "F:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ldcqigdu] f:\documents and settings\alex\impostazioni locali\dati applicazioni\ldcqigdu.exe ldcqigdu
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 8.lnk = F:\Programmi\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = F:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: LG SyncManager.lnk = F:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = F:\Programmi\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - F:\Programmi\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205002560078
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rapture1781.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F758FE6D-9949-4D78-B748-97781F55AF19} (TXTDM Control) - http://rivideo.mediaset.it/_res/cab/TXTDMCab.CAB
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - F:\Programmi\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Programmi\Spyware Doctor\pctsSvc.exe
--
End of file - 8990 bytes
|
Grazie a tutti. |
|
| Top |
|
 |
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 05 Ago 2008 23:49 Oggetto: |
|
|
Ciao ho seguito le istruzioni di bdoriano.... posto i log....
Preciso che il mio disco principale si chiama F:\ (dove ci sta windows) mentre C:\ è un disco dati...
http://wikisend.com/download/612538/NFix_2008-08-05_21-27-49.log
http://wikisend.com/download/522966/ComboFix.txt
Log HiJackThis:
| Codice: | Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.47.10, on 05/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
F:\Programmi\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\a-squared Free\a2service.exe
F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
F:\Programmi\Spyware Doctor\pctsAuxs.exe
F:\Programmi\Spyware Doctor\pctsSvc.exe
F:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
F:\Programmi\Spyware Doctor\pctsTray.exe
F:\Programmi\ATI Technologies\ATI.ACE\cli.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmi\Microsoft ActiveSync\wcescomm.exe
F:\PROGRA~1\MICROS~3\rapimgr.exe
F:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
F:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
F:\Programmi\VIA\RAID\raid_tool.exe
F:\Programmi\Sun\StarOffice 8\program\soffice.exe
F:\Programmi\Sun\StarOffice 8\program\soffice.BIN
F:\Programmi\Mozilla Firefox\firefox.exe
F:\Programmi\ATI Technologies\ATI.ACE\cli.exe
F:\Programmi\ATI Technologies\ATI.ACE\cli.exe
F:\WINDOWS\system32\notepad.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\Documents and Settings\Alex\Desktop\CID\HiJackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "F:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ATICCC] "F:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "F:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 8.lnk = F:\Programmi\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = F:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: LG SyncManager.lnk = F:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = F:\Programmi\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - F:\Programmi\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205002560078
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rapture1781.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F758FE6D-9949-4D78-B748-97781F55AF19} (TXTDM Control) - http://rivideo.mediaset.it/_res/cab/TXTDMCab.CAB
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - F:\Programmi\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Programmi\Spyware Doctor\pctsSvc.exe
--
End of file - 8781 bytes
|
E ora che devo fare???
Grazie in anticipo.... |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 06 Ago 2008 22:12 Oggetto: |
|
|
fatto..... ecco il log....
http://wikisend.com/download/499174/KOS.html
Ha trovato due cose... 1 è un manuale... e non ha niente di che...
L'altro è il log di avenger che sarà rimasto li dall'altra volta quando avevo avuto un problema con un CID rognoso....
Mah....
Attendo notizie....
GRAZIE mille a tutti. |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 07 Ago 2008 13:35 Oggetto: |
|
|
| dice che sono infetti da 2 trojan..io li eliminerei..manualmente..segui il percorso.ciao |
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 07 Ago 2008 13:37 Oggetto: |
|
|
Ma dici che devo eliminare anche il primo che è un pdf????
O________O°
Ma cmq il problema pubblicità non è sparito..... Appena arrivo a casa elimino sti due..... ma poi che faccio??
Grazie. |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 07 Ago 2008 20:53 Oggetto: |
|
|
beh..x sicurezza aspetta che passi uno di quelli bravi  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 07 Ago 2008 22:02 Oggetto: |
|
|
Oh ciao!
Combofix ha eliminato il virus NaviPromo. 
- segui le istruzioni di questo topic per usare MBAM. Carica il log su WikiSend e posta il Forum Link che ti viene assegnato.
- Disabilita il tuo antivirus
- Collegati a BitDefender (con IE) e fai la scansione completa.
- Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato TXT), carica il file su WikiSend e posta qui il Forum Link che ti viene assegnato.
|
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 10 Ago 2008 00:44 Oggetto: |
|
|
Ecco i log....
log MBAM
bitdefender
kaspersky
Ke pacco è stata trovata ancora roba....
Grazie a tutti per l'aiuto.... |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 10 Ago 2008 10:56 Oggetto: |
|
|
BitDefender ha trovato un paio di files infetti e li ha eliminati.
Kaspersky ne ha trovato un altro e lo ha segnalato.
Puoi eliminare manualmente il file segnalato da Kaspersky e poi dovresti essere a posto.
Se riscontri ancora messaggi pubblicitari, fai questa scansione con SystemScan, carica il log su WikiSend e posta il Forum Link che ti viene assegnato. |
|
| Top |
|
|
Rapture
Eroe in grazia degli dei
Registrato: 31/05/08 15:15
Messaggi: 98
|
| Inviato: 15 Ago 2008 18:17 Oggetto: |
|
|
Fatto tutto....
Volevo ora solo ringraziarti... e ringraziare anche chi oltre a te mi ha aiutato...
Grazie di tutto.
Rap. |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
