Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Analisi LOG...

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Analisi LOG...

Postdi M@rk0 » 17/12/07 16:02

Salve a tutti, sono nuovo, ed ho un problema...;)
da qualche giorno in qua il pc mi si disconnette a tempi irregolari:
ora riesco a navigare 20 min, dopo 3 sec., domani 1 ora.... :evil:
però io uso il pc in continuazione, e questo problema mi irrita non poco...
ho fatto uno scan con HIJACKTHIS, e lo posto di seguito:

Logfile of HijackThis v1.99.1
Scan saved at 15.56.30, on 17/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
D:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\VEXPLITE\viritsvc.exe
D:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
D:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Programmi\MarkAny\ContentSafer\MAAgent.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\D-Link\DSL-200\dslstat.exe
D:\Program Files\D-Link\DSL-200\dslagent.exe
D:\VEXPLITE\MONLITE.EXE
D:\Programmi\BitTorrent_DNA\dna.exe
D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
D:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programmi\Windows Media Player\wmplayer.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\M@rk0\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MAAgent] D:\Programmi\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DSLSTATEXE] D:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] D:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] D:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Programmi\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Google Updater.lnk.disabled
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://D:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://D:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://D:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://D:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2655177968
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{88996E71-9283-4F3B-B936-26FE5F14382A}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: khfddde - D:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - D:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - D:\Programmi\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - D:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - D:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe




spero che voi possiate aiutarmi, questo problema non lo sopporto proprio...
grazie anticipatamente :D
M@rk0
Newbie
 
Post: 8
Iscritto il: 16/12/07 22:35

Sponsor
 

Postdi Luke57 » 17/12/07 16:23

Ciao, apri hijackthis, premi "do a system scan only", cerca e spunta questa voce:
O20 - Winlogon Notify: khfddde - D:\WINDOWS\

premi fix checked.

Nel log non ho visto altro
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi M@rk0 » 17/12/07 16:42

Luke57 ha scritto:Ciao, apri hijackthis, premi "do a system scan only", cerca e spunta questa voce:
O20 - Winlogon Notify: khfddde - D:\WINDOWS\

premi fix checked.

Nel log non ho visto altro


innanzitutto grazie per aver risposto in così poco tempo :D
in secondo luogo, quindi questo può essere un problema legato alla connessione?
M@rk0
Newbie
 
Post: 8
Iscritto il: 16/12/07 22:35

Ecco qui il mio Log...ditemi cosa dovrei fare ç_ç

Postdi snow » 17/12/07 17:13

Aiutatemi, sono invaso anche io da spyware o cmq qualcos'altro ç_ç
Ho fatto vari scan con spybot e continua a trovarmi sempre nuovi spyware e a chiedermi di modificare voci nei registri...
vi posto il mio LOG di hijackthis che ho scaricato oggi mentre ero in preda alla disperazione ç_ç...help...
Codice: Seleziona tutto
Logfile of HijackThis v1.99.1
Scan saved at 17.10.08, on 17/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe
C:\Programmi\Messenger\MSMSGS.EXE
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\File comuni\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programmi\Last.fm\LastFMHelper.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\Kyocera\FS-1016MFP_FS-1116MFP\FS-1016MFP\QLINK.exe
C:\Programmi\MSN Toolbar Suite\DS\02.05.0001.1119\it-it\bin\WindowsSearch.exe
C:\Programmi\MSN Toolbar Suite\DS\02.05.0001.1119\it-it\bin\WindowsSearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\GIUSEPPINA\Desktop\hijackthis_199\HijackThis.exe
C:\Programmi\File comuni\Teleca Shared\Generic.exe
C:\Programmi\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Programmi\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Programmi\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmi\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SeaDrive.lnk = C:\Programmi\ebridge\copia\SeaDrive.bat
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Last.fm Helper.lnk = C:\Programmi\Last.fm\LastFMHelper.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QLink.lnk = C:\Programmi\Kyocera\FS-1016MFP_FS-1116MFP\FS-1016MFP\QLINK.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\MSN Toolbar Suite\DS\02.05.0001.1119\it-it\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Programmi\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://sportelloweb.inpdap.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://follettadispettosa.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {750FE967-4219-46B1-BB55-138F2E2A413B} (OkeyOcx.Okey) - http://sportelloweb.inpdap.it/caf/report/okeyocx.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
O16 - DPF: {8C133BDC-0F73-4124-99D2-FDF3CAF5640E} (CertLogin.CertLoginCtrl) - http://sportelloweb.inpdap.it/caf/report/CertLogin.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{019F10C0-D9D6-499D-A279-DC8E409675CC}: NameServer = 85.37.17.57 85.38.28.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{019F10C0-D9D6-499D-A279-DC8E409675CC}: NameServer = 85.37.17.57 85.38.28.80
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Programmi\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCamSvc - Unknown owner - C:\Programmi\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe


Per qualsiasi chiarimento chiedete pure...anche se non sono molto esperto...
snow
Newbie
 
Post: 6
Iscritto il: 17/12/07 14:28

ecco come è andata

Postdi snow » 17/12/07 17:29

Tra l'altro ora non riesco più a connettermi a messenger, il pc va molto ma molto più lento, ogni tanto mi cade la connessione (ma non so se sia legato a questo motivo visto che ho un modem wi-fi) e per finire poco fa mi si è spento il portatile dopo una Blue Screen of Death...Aiutatemi perchè ho provato in tutti i modi da solo ma sembra che io stia solo peggiorndo le cose ç_ç...
In attesa che qualcuno mi risponda vi racconto la mia storia...
Tutto era cominciato quando l'altro ieri mi accorsi che mi si aprivano da soli dei popup con internet explorer anche se non aprivo IE (visto che di solito uso firefox) allora prendo uno dei link ke si aprivano (un certo zedo.com) e lo cerco su google...fu ieri che scoprii per la prima volta che esistono una razza di parassiti dei pc che nn sono virus (gli spyware appunto).
Allora cercando tra i programmi per rimuovere gli spyware ho trovare "spybot", l'ho lanciato ed altre a zedo.com, mi ha travato altre 21 voci "infette" (naturalmente ho corretto tutto dopo la scansione).
Ero entusiasta di me stesso perchè credevo di aver risolto tutti i miei problemi quando, questa mattina, riaccendo il pc e il mio antivirus (uso NOD32 anche se incomincio a pensare che faccio schifo...) mi segnala a ripetizione trojan..."cominciamo bene" penso...
Allora dopo le varie segnalazioni mi accorgo che mi salta fuori un altro popup...a questo punto ho nuovamente cercato info sul sito linkato nel popup e tra i metodi di risoluzione ho trovato questo Hijackthis...
Ed ecco che sono finito qui perchè quando si tratta di usare programmi troppo complessi o rischiosi attendo sempre il parere di qualcuno più saggio prima di procedere...anche perchè non ho ben capito cosa devo fare con questo LOG... aiuto ç_ç
snow
Newbie
 
Post: 6
Iscritto il: 17/12/07 14:28

ops

Postdi snow » 17/12/07 17:58

scusate apro un nuovo post e ci incollo tutto...non ci sono molto abituato ai forum XD
snow
Newbie
 
Post: 6
Iscritto il: 17/12/07 14:28

Postdi Luke57 » 17/12/07 18:11

M@rk0 ha scritto:
Luke57 ha scritto:Ciao, apri hijackthis, premi "do a system scan only", cerca e spunta questa voce:
O20 - Winlogon Notify: khfddde - D:\WINDOWS\

premi fix checked.

Nel log non ho visto altro


innanzitutto grazie per aver risposto in così poco tempo :D
in secondo luogo, quindi questo può essere un problema legato alla connessione?

Ciao, quel valore è sintomo di infezione, scarica ComboFix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disconettiti da internet
disattiva l'antivirus

Avvia il file ComboFix.exe
- Si aprirà una finestra blu , attendi
- Dopo qualche attimo apparirà un avviso che declina l'autore da ogni responsabilità.
- A questo punto seleziona 1 e premi ENTER per lanciare lo scan.
- Attendere..... (non fare altre operazioni mentre combofix è al lavoro)
Il tool ti avviserà una volta che lo scan è finito e dopo qualche attimo visualizzerà il rapporto con i dettagli. (C:\ComboFix.txt)

Riavvia il pc, riattiva l'antivirus , collegati e incolla il contenuto del file C:\combofix.txt
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi M@rk0 » 17/12/07 19:08

Luke57 ha scritto:Ciao, quel valore è sintomo di infezione, scarica ComboFix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disconettiti da internet
disattiva l'antivirus

Avvia il file ComboFix.exe
- Si aprirà una finestra blu , attendi
- Dopo qualche attimo apparirà un avviso che declina l'autore da ogni responsabilità.
- A questo punto seleziona 1 e premi ENTER per lanciare lo scan.
- Attendere..... (non fare altre operazioni mentre combofix è al lavoro)
Il tool ti avviserà una volta che lo scan è finito e dopo qualche attimo visualizzerà il rapporto con i dettagli. (C:\ComboFix.txt)

Riavvia il pc, riattiva l'antivirus , collegati e incolla il contenuto del file C:\combofix.txt


ok, lo faccio...

PS: ah, prima con spybot ho trovato CleanDriver 2006 e l'ho rimosso, e con SUPERAntiSpyware ho trovato un Vundo Variant [si, da poco mi sono beccato anche il Virtumonde... pensavo di averlo debellato, ma...] e l'ho eliminato...
M@rk0
Newbie
 
Post: 8
Iscritto il: 16/12/07 22:35

Postdi M@rk0 » 17/12/07 19:21

Luke57 ha scritto:Ciao, quel valore è sintomo di infezione, scarica ComboFix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disconettiti da internet
disattiva l'antivirus

Avvia il file ComboFix.exe
- Si aprirà una finestra blu , attendi
- Dopo qualche attimo apparirà un avviso che declina l'autore da ogni responsabilità.
- A questo punto seleziona 1 e premi ENTER per lanciare lo scan.
- Attendere..... (non fare altre operazioni mentre combofix è al lavoro)
Il tool ti avviserà una volta che lo scan è finito e dopo qualche attimo visualizzerà il rapporto con i dettagli. (C:\ComboFix.txt)

Riavvia il pc, riattiva l'antivirus , collegati e incolla il contenuto del file C:\combofix.txt


fatto, ecco il log:

ComboFix 07-12-17.1 - M@rk0 2007-12-17 19.10.42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.2160 [GMT 1:00]
Eseguito da: D:\Documents and Settings\M@rk0\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\cookies.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Creati Da 2007-11-17 al 2007-12-17 )))))))))))))))))))))))))))))))))))
.

2007-12-17 16:14 . 2007-12-17 16:14 <DIR> d-------- D:\Programmi\K-Lite Codec Pack
2007-12-17 16:14 . 2007-12-17 16:14 <DIR> d-------- D:\Documents and Settings\M@rk0\Dati applicazioni\Media Player Classic
2007-12-17 16:07 . 2007-12-17 16:07 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2007-12-16 15:23 . 2007-07-10 11:27 10,752 --a------ D:\WINDOWS\system32\aamd532.dll
2007-12-16 14:40 . 2007-10-10 09:00 36,096 --a------ D:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2007-12-16 14:39 . 2007-12-16 15:22 <DIR> d-------- D:\VEXPLITE
2007-12-16 14:24 . 2007-12-16 14:29 <DIR> d-a------ D:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-12-15 23:16 . 2005-09-07 16:10 173,494 --a------ D:\WINDOWS\system32\drivers\mon_ac_w.bin
2007-12-15 23:16 . 2005-09-22 18:31 158,592 --a------ D:\WINDOWS\system32\drivers\gwausb.sys
2007-12-15 23:16 . 2005-08-25 19:48 25,600 --a------ D:\WINDOWS\system32\CoInst.dll
2007-12-15 23:16 . 2006-01-27 11:58 19,427 --------- D:\WINDOWS\wwdslcfg.ini
2007-12-13 20:18 . 2007-12-13 20:18 0 --a------ D:\WINDOWS\NFS
2007-12-13 18:05 . 2007-12-13 18:05 <DIR> d-------- D:\Programmi\JockerSoft
2007-12-10 18:08 . 2007-12-10 18:10 <DIR> d-------- D:\Programmi\MP3Gain
2007-12-10 17:22 . 2007-12-10 17:22 <DIR> d-------- D:\Programmi\Audacity
2007-12-05 22:28 . 2007-12-16 16:57 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2007-12-05 22:28 . 2007-12-05 22:28 1,409 --a------ D:\WINDOWS\QTFont.for
2007-12-02 20:28 . 2007-12-12 15:38 3,227 --a------ D:\WINDOWS\system32\SHORTCUT.INI
2007-12-02 20:26 . 2007-12-12 22:15 4,335 --a------ D:\WINDOWS\system32\LOCALSERVICE.INI
2007-12-02 20:26 . 2007-12-12 16:33 356 --a------ D:\WINDOWS\system32\REMOTEDEVICE.INI
2007-12-02 20:26 . 2007-12-12 22:15 102 --a------ D:\WINDOWS\system32\LOCALDEVICE.INI
2007-12-02 20:25 . 2007-12-02 20:25 <DIR> d-------- D:\Programmi\IVT Corporation
2007-12-02 20:25 . 2007-12-02 20:25 32 --a------ D:\WINDOWS\0
2007-12-02 20:25 . 2007-12-02 20:25 0 --a------ D:\WINDOWS\system32\BSPRINT.INI
2007-12-02 20:25 . 2007-12-02 20:25 0 --a------ D:\WINDOWS\system32\0
2007-11-30 22:22 . 2007-11-30 22:22 <DIR> d--h----- D:\WINDOWS\PIF
2007-11-28 20:06 . 2007-11-28 20:06 <DIR> d-------- D:\Programmi\PSPad editor
2007-11-28 20:06 . 2007-11-28 21:30 <DIR> d-------- D:\Documents and Settings\M@rk0\Dati applicazioni\PSpad
2007-11-26 22:12 . 2007-12-17 17:37 <DIR> d-------- D:\Programmi\SUPERAntiSpyware
2007-11-26 22:12 . 2007-11-26 22:12 <DIR> d-------- D:\Documents and Settings\M@rk0\Dati applicazioni\SUPERAntiSpyware.com
2007-11-26 22:12 . 2007-11-26 22:12 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2007-11-26 22:08 . 2007-11-26 22:08 <DIR> d-------- D:\VundoFix Backups
2007-11-26 21:46 . 2007-11-26 21:47 <DIR> d-------- D:\Programmi\Windows Live Safety Center
2007-11-26 17:38 . 2007-11-26 17:38 <DIR> d-------- D:\Documents and Settings\NetworkService\Dati applicazioni\AVG7
2007-11-26 17:35 . 2007-12-16 15:06 <DIR> d-------- D:\Documents and Settings\M@rk0\Dati applicazioni\AVG7
2007-11-26 17:35 . 2007-11-26 17:35 <DIR> d-------- D:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2007-11-26 17:35 . 2007-11-26 17:39 39,444 --a------ D:\WINDOWS\system32\qqtwa.tmp
2007-11-26 17:34 . 2007-11-26 17:34 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2007-11-26 17:34 . 2007-11-29 15:57 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\avg7
2007-11-26 17:33 . 2007-11-26 17:33 6,473 --ahs---- D:\WINDOWS\system32\sstwa.bak2
2007-11-25 22:46 . 1999-09-28 16:42 1,050,896 --a------ D:\WINDOWS\system32\msjet35.dll
2007-11-25 22:46 . 1998-04-26 22:00 570,128 --a------ D:\WINDOWS\system32\dao350.dll
2007-11-25 22:46 . 2000-12-06 06:00 415,176 --a------ D:\WINDOWS\system32\comct332.ocx
2007-11-25 22:46 . 2000-05-21 22:00 244,416 --a------ D:\WINDOWS\system32\msflxgrd.ocx
2007-11-25 22:46 . 1998-06-23 21:00 164,144 --a------ D:\WINDOWS\system32\COMCT232.OCX
2007-11-25 22:46 . 1998-04-23 22:00 123,664 --a------ D:\WINDOWS\system32\msjint35.dll
2007-11-25 22:46 . 2004-04-18 10:41 98,304 --a------ D:\WINDOWS\system32\KewlButtonz.ocx
2007-11-25 22:46 . 1998-04-23 22:00 24,848 --a------ D:\WINDOWS\system32\msjter35.dll
2007-11-25 20:44 . 2007-11-25 20:44 6,473 --ahs---- D:\WINDOWS\system32\qqtwa.bak1
2007-11-25 20:38 . 2007-11-25 20:38 <DIR> d-------- D:\Programmi\MessengerDiscovery
2007-11-25 20:38 . 2004-03-09 00:00 212,240 --a------ D:\WINDOWS\system32\richtx32.OCX
2007-11-25 20:38 . 2004-03-09 00:00 124,688 --a------ D:\WINDOWS\system32\MSWINSCK.ocx
2007-11-25 18:49 . 2007-11-25 18:49 <DIR> d-------- D:\FPC
2007-11-25 17:02 . 2004-08-19 14:34 2,151,936 --a------ D:\WINDOWS\system32\kernel1.exe
2007-11-25 17:02 . 2004-08-19 14:34 2,151,936 --a------ D:\WINDOWS\system32\KERNEL.TMP
2007-11-25 16:59 . 2007-11-25 16:59 <DIR> d-------- D:\Programmi\TGTSoft
2007-11-25 00:12 . 2007-11-25 00:12 46,592 --a------ D:\WINDOWS\GAMEBEGINNING.WAV
2007-11-25 00:12 . 2007-11-25 00:12 17,008 --a------ D:\WINDOWS\killed.wav
2007-11-19 19:26 . 2007-11-19 19:27 <DIR> d-------- D:\Documents and Settings\M@rk0\Dati applicazioni\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 18:14 59,967,520 --sha-w D:\WINDOWS\system32\drivers\fidbox.dat
2007-12-17 18:12 707,948 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx
2007-12-17 18:12 --------- d-----w D:\Documents and Settings\M@rk0\Dati applicazioni\BitTorrent DNA
2007-12-17 14:18 --------- d-----w D:\Programmi\Google
2007-12-16 14:35 --------- d-----w D:\Programmi\Free Download Manager
2007-12-13 19:02 --------- d-----w D:\Documents and Settings\M@rk0\Dati applicazioni\BitTorrent
2007-12-12 22:05 --------- d-----w D:\Documents and Settings\M@rk0\Dati applicazioni\Free Download Manager
2007-11-29 15:37 --------- d-----w D:\Documents and Settings\M@rk0\Dati applicazioni\gtk-2.0
2007-11-26 21:12 --------- d-----w D:\Programmi\File comuni\Wise Installation Wizard
2007-11-25 19:38 --------- d-----w D:\Programmi\MSN Messenger
2007-11-21 14:32 --------- d-----w D:\Documents and Settings\M@rk0\Dati applicazioni\.ZMatrix
2007-11-18 22:23 --------- d-----w D:\Documents and Settings\M@rk0\Dati applicazioni\Apple Computer
2007-11-17 18:52 121,038 ----a-w D:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_17_15_43_25_small.dmp.zip
2007-11-17 18:52 116,355 ----a-w D:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_17_15_30_13_small.dmp.zip
2007-11-17 09:22 --------- d-----w D:\Programmi\Java
2007-11-15 18:40 --------- d-----w D:\Programmi\ZMatrix
2007-11-15 18:37 --------- d--h--w D:\Programmi\InstallShield Installation Information
2007-11-08 20:33 --------- dcsh--w D:\Programmi\File comuni\WindowsLiveInstaller
2007-11-08 20:30 --------- d-----w D:\Programmi\Windows Live
2007-11-08 20:30 --------- d-----w D:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-11-01 18:02 --------- d-----w D:\Programmi\QuickTime
2007-11-01 10:10 --------- d-----w D:\Programmi\Pcsx2
2007-10-28 19:13 --------- d-----w D:\Programmi\Messenger Plus! Live
2007-10-26 13:41 --------- d-----w D:\Programmi\iTunes
2007-10-26 13:40 --------- d-----w D:\Programmi\iPod
2007-10-26 13:40 --------- d-----w D:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-10-26 13:39 --------- d-----w D:\Programmi\Apple Software Update
2007-10-26 13:38 --------- d-----w D:\Programmi\File comuni\Apple
2007-10-26 13:38 --------- d-----w D:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-10-20 20:02 --------- d-----w D:\Programmi\DirectX Happy Uninstall
2007-10-20 14:45 --------- d-----w D:\Programmi\UltraISO
2007-10-20 14:45 --------- d-----w D:\Programmi\RegCleaner
2007-10-20 14:45 --------- d-----w D:\Programmi\GThing
2007-10-20 14:45 --------- d-----w D:\Programmi\GTASACenter
2007-10-20 14:45 --------- d-----w D:\Programmi\GIMP-2.0
2007-10-20 14:45 --------- d-----w D:\Programmi\DVD Shrink
2007-10-20 14:45 --------- d-----w D:\Programmi\DVD Decrypter
2007-10-20 14:44 --------- d-----w D:\Programmi\DustBuster 2.6.1
2007-10-20 14:38 --------- d-----w D:\Programmi\CCleaner
2007-10-20 12:33 --------- d-----w D:\Programmi\DirectX Uninstaller v.13
2007-10-20 11:51 --------- d-----w D:\Programmi\Project64 1.6
2007-10-17 19:08 --------- d-----w D:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2007-10-17 15:18 --------- d-----w D:\Programmi\WinDirStat
2006-05-03 09:06 163,328 --sha-r D:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r D:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="D:\Programmi\BitTorrent_DNA\dna.exe" [2007-09-24 12:28]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39]
"SpybotSD TeaTimer"="D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46]
"SUPERAntiSpyware"="D:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32]
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]
"SunJavaUpdateSched"="D:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"StartCCC"="D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"Easy-PrintToolBox"="D:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"MAAgent"="D:\Programmi\MarkAny\ContentSafer\MAAgent.exe" [2006-06-02 13:39]
"ZoneAlarm Client"="D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 14:39 D:\WINDOWS\system32\bthprops.cpl]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-26 17:34]
"DSLSTATEXE"="D:\Program Files\D-Link\DSL-200\dslstat.exe" [2005-12-12 17:44]
"DSLAGENTEXE"="D:\Program Files\D-Link\DSL-200\dslagent.exe" [2005-08-25 19:47]
"VIRIT LITE MONITOR"="D:\VEXPLITE\MONLITE.EXE" [2007-12-16 14:45]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39]
"AVG7_Run"="D:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-26 17:34]

D:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Google Updater.lnk.disabled [2007-09-21 20:58:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Programmi\SUPERAntiSpyware\SASWINLO.dll

La chiave di registro SafeBoot ha bisogno di essere riparata. Questo pc non pu• avviarsi in Modalit… Provvisoria.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Free Download Manager"=D:\Programmi\Free Download Manager\fdm.exe -autorun
"swg"=D:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RTHDCPL"=RTHDCPL.EXE
"SkyTel"=SkyTel.EXE
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SMSTray"=D:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe

R0 VIRAGTLT;VIRAGTLT;D:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2007-10-10 09:00]
R2 BlueSoleilCS;BlueSoleilCS;D:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-09-15 22:31]
R2 viritsvclite;Virit eXplorer Lite;D:\VEXPLITE\viritsvc.exe [2007-12-16 14:45]
R3 BsHelpCS;BsHelpCS;D:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 15:58]
R3 wanusb;D-Link DSL-200 USB ADSL WAN Modem;D:\WINDOWS\system32\DRIVERS\gwausb.sys [2005-09-22 18:31]
S3 USBAAPL;Apple Mobile USB Driver;D:\WINDOWS\system32\Drivers\usbaapl.sys [2007-09-06 12:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b80d143e-6deb-11dc-99e4-00179a300101}]
\Shell\AutoRun\command - M:\ciccio.bat

.
Contenuto della cartella 'Scheduled Tasks'
"2007-11-10 23:00:00 D:\WINDOWS\Tasks\At1.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-09 08:00:00 D:\WINDOWS\Tasks\At10.job"
"2007-11-10 09:00:00 D:\WINDOWS\Tasks\At11.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-11 10:00:00 D:\WINDOWS\Tasks\At12.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-11 11:00:00 D:\WINDOWS\Tasks\At13.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-11 12:00:00 D:\WINDOWS\Tasks\At14.job"
"2007-11-10 13:00:00 D:\WINDOWS\Tasks\At15.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-10 14:00:00 D:\WINDOWS\Tasks\At16.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-12-17 15:00:00 D:\WINDOWS\Tasks\At17.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-12-17 16:00:00 D:\WINDOWS\Tasks\At18.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-12-17 17:00:00 D:\WINDOWS\Tasks\At19.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-07 20:57:42 D:\WINDOWS\Tasks\At2.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-12-17 18:00:00 D:\WINDOWS\Tasks\At20.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-08 19:00:00 D:\WINDOWS\Tasks\At21.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-08 20:00:00 D:\WINDOWS\Tasks\At22.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-08 21:00:00 D:\WINDOWS\Tasks\At23.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-09 22:00:00 D:\WINDOWS\Tasks\At24.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-10 23:00:00 D:\WINDOWS\Tasks\At25.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-08 20:51:02 D:\WINDOWS\Tasks\At26.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-08 20:51:02 D:\WINDOWS\Tasks\At27.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-08 20:51:02 D:\WINDOWS\Tasks\At28.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-08 20:51:02 D:\WINDOWS\Tasks\At29.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-07 20:57:42 D:\WINDOWS\Tasks\At3.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-08 20:51:02 D:\WINDOWS\Tasks\At30.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-08 20:51:02 D:\WINDOWS\Tasks\At31.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-08 20:51:02 D:\WINDOWS\Tasks\At32.job"
"2007-11-08 20:51:02 D:\WINDOWS\Tasks\At33.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-09 08:00:00 D:\WINDOWS\Tasks\At34.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-10 09:00:00 D:\WINDOWS\Tasks\At35.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-11 10:00:00 D:\WINDOWS\Tasks\At36.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-11 11:00:00 D:\WINDOWS\Tasks\At37.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-11 12:00:00 D:\WINDOWS\Tasks\At38.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-10 13:00:00 D:\WINDOWS\Tasks\At39.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-07 20:57:42 D:\WINDOWS\Tasks\At4.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-10 14:00:00 D:\WINDOWS\Tasks\At40.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-12-17 15:00:00 D:\WINDOWS\Tasks\At41.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-12-17 16:00:00 D:\WINDOWS\Tasks\At42.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-12-17 17:00:00 D:\WINDOWS\Tasks\At43.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-12-17 18:00:00 D:\WINDOWS\Tasks\At44.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-08 20:51:02 D:\WINDOWS\Tasks\At45.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-08 20:51:02 D:\WINDOWS\Tasks\At46.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-08 21:00:00 D:\WINDOWS\Tasks\At47.job"
- D:\WINDOWS\system32\5s5R6jkT.exe
"2007-11-09 22:00:00 D:\WINDOWS\Tasks\At48.job"
"2007-11-07 20:57:42 D:\WINDOWS\Tasks\At5.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-07 20:57:42 D:\WINDOWS\Tasks\At6.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-07 20:57:42 D:\WINDOWS\Tasks\At7.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-07 20:57:42 D:\WINDOWS\Tasks\At8.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-11-07 20:57:42 D:\WINDOWS\Tasks\At9.job"
- D:\WINDOWS\system32\3YTa1wDx.exe
"2007-12-17 18:13:59 D:\WINDOWS\Tasks\vtzzdg.job"
- d:\windows\system32\winpdlhy.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 19:14:34
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2007-12-17 19:16:15 - machine was rebooted



ah, come fa notare il programma, devo riparare la chiave per la modalità provvisoria, ma non so come fare... se potete darmi una mano anche per questo... ve ne sarei grato... ;)
M@rk0
Newbie
 
Post: 8
Iscritto il: 16/12/07 22:35

Postdi Luke57 » 17/12/07 21:22

Ciao, per la mod.provvisoria scarica questo file:
http://www.megalab.it/download.php?id=349
cliccaci due volte e aggiungilo al registro.
Inoltre, apri la cartella C:\windows\tasks, dal menu Avanzare, metti la spunta a visualizza operzioni nascoste, elimina tutti i file con estensione .job presenti nella cartella.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi M@rk0 » 17/12/07 22:13

Luke57 ha scritto:Ciao, per la mod.provvisoria scarica questo file:
http://www.megalab.it/download.php?id=349
cliccaci due volte e aggiungilo al registro.
Inoltre, apri la cartella C:\windows\tasks, dal menu Avanzare, metti la spunta a visualizza operzioni nascoste, elimina tutti i file con estensione .job presenti nella cartella.


l'ho fatto... erano tutti file .job , tranne "aggiungi operazione pianificata"... ;)
ora? :neutral:
M@rk0
Newbie
 
Post: 8
Iscritto il: 16/12/07 22:35

Postdi Luke57 » 18/12/07 19:39

Ciao, dal report di combofix non ho rilevato altro di infetto. Hai sempre problemi?
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi M@rk0 » 19/12/07 22:57

Luke57 ha scritto:Ciao, dal report di combofix non ho rilevato altro di infetto. Hai sempre problemi?

mah, per ora va tutto bene :)
grazie a tutti per l'aiuto, e grazie a Luke, sei grande!! :D
M@rk0
Newbie
 
Post: 8
Iscritto il: 16/12/07 22:35


Torna a Sicurezza e Privacy


Topic correlati a "Analisi LOG...":

Analisi log HijackThis
Autore: Sanko
Forum: Sicurezza e Privacy
Risposte: 2
ANALISI COMBOFIX
Autore: giurgeta 72
Forum: Sicurezza e Privacy
Risposte: 13

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti