Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

scansione da analizzare grazie!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

scansione da analizzare grazie!

Postdi Baxalak » 23/02/08 20:01

ho già avuto il vostro aiuto in passato e sapendo che avete bisogno della scansione con hijackt ve la posto subito qui :D
Grazie per gli aiuti!
penso sia ancora un infezione di spyware

Logfile of HijackThis v1.99.1
Scan saved at 19.58.17, on 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\RAMpage\RAMpage.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Programmi\Real\RealPlayer\realplay.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 193.47.83.154 L2authd.lineage2.com
O1 - Hosts: 193.47.83.154 L2testauthd.lineage2.com
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VisualTooltip] E:\Documenti\file originali setup\Tema Vista\visual-tooltip-crystalxp.net-en-197\VisualToolTip.exe
O4 - HKLM\..\Run: [RAMpage] "C:\Programmi\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Programmi\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BearShare] "C:\Programmi\BearShare Test\BearShare.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/ ... nnerV2.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://baxalak.spaces.live.com//PhotoUp ... nPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5182246437
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://baxalak.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9653422B-B563-4C6A-A8B0-080EACD83EF0}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B34C0B6-4A95-4015-957B-1CB92482CA63}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Dawn of Magic Drivers Auto Removal (pr2ahqjb) (pr2ahqjb) - Koch Media - C:\WINDOWS\system32\pr2ahqjb.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Sponsor
 

Re: scansione da analizzare grazie!

Postdi Luke57 » 24/02/08 10:42

Ciao, apri hijackthis, premi "do a system scan only", cerca e spunta le voci seguenti:
O1 - Hosts: 193.47.83.154 L2authd.lineage2.com
O1 - Hosts: 193.47.83.154 L2testauthd.lineage2.com

premi fix checked.

Conosci questo?:
O23 - Service: Dawn of Magic Drivers Auto Removal (pr2ahqjb) (pr2ahqjb) - Koch Media - C:\WINDOWS\system32\pr2ahqjb.exe

in un forum straniero è stato fatto analizzare il file da virus total ed è risultato negativo.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: scansione da analizzare grazie!

Postdi Baxalak » 24/02/08 13:00

ciao grazie per la risposta
sei sicuro che i due file da fixare siano dannosi?perchè dovrebbero essere i collegamenti alle porta di un server di un gioco online che ho installato da prima che succedessero queste cose :neutral:
anche l'altro file di dawn of magic riguarda un gioco che ho installato da molto tempo.
se ti puo' essere d'aiuto le finsetre che mi si aprono riguardono una fantomatica analisi di un antivirus da un sito online.
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Re: scansione da analizzare grazie!

Postdi Baxalak » 24/02/08 13:12

riposto una nuova scansione dato che ho notato la comparsa di (file missing)

Logfile of HijackThis v1.99.1
Scan saved at 13.11.32, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\RAMpage\RAMpage.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 193.47.83.154 L2authd.lineage2.com
O1 - Hosts: 193.47.83.154 L2testauthd.lineage2.com
O2 - BHO: (no name) - {307860E1-BA2B-404F-8F21-769657195CF7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85EF3346-907A-4781-957C-74321E1CBDC2} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: (no name) - {8D8410E5-6481-4751-83F4-D8558449D48A} - (no file)
O2 - BHO: (no name) - {BBE91CAF-99CC-489F-AF0C-34E0CEC6BAF9} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - C:\WINDOWS\system32\ddcdcyv.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VisualTooltip] E:\Documenti\file originali setup\Tema Vista\visual-tooltip-crystalxp.net-en-197\VisualToolTip.exe
O4 - HKLM\..\Run: [RAMpage] "C:\Programmi\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Programmi\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BearShare] "C:\Programmi\BearShare Test\BearShare.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/ ... nnerV2.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://baxalak.spaces.live.com//PhotoUp ... nPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5182246437
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://baxalak.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9653422B-B563-4C6A-A8B0-080EACD83EF0}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B34C0B6-4A95-4015-957B-1CB92482CA63}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcdcyv - ddcdcyv.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Dawn of Magic Drivers Auto Removal (pr2ahqjb) (pr2ahqjb) - Koch Media - C:\WINDOWS\system32\pr2ahqjb.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Re: scansione da analizzare grazie!

Postdi Luke57 » 24/02/08 15:16

Ciao, scarica questi 2 files sul desktop
ComboFix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
VundoFix
http://www.atribune.org/ccount/click.php?id=4

Disconettiti da internet
disattiva l'antivirus



Esegui vundofix
VundoFix si chiuderà e si riaprirà da solo, una volta riaperto, clicca sul pulsante "Scan for Vundo" quando la scansione è finita, clicca sul pulsante "Remove Vundo" a questo punto ti chiederà se vuoi eliminare i files, rispondi Yes una volta cliccato su Yes, non preoccuparti se il desktop scompare, è normale dato che è iniziata la procedura di eliminazione, finito la rimozione ti chiederà se vuoi riavviare, rispondi Yes e si riavvierà il pc.
E' possibile che vundofix non riesca ad eliminare alcuni files, in questo caso, vedrai vundofix apparire al riavvio basta che premi il pulsante Remove vundo per continuare la rimoazione.
Finito tutto, riavvia il pc

Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione)
Segui le instruzioni e alla fine verrà generato un log.

Riavvia il pc, collegati e posta questi 2 logs (copiandoli e incollandoli in un post)
C:\vundofix.txt
C:\combofix.txt
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: scansione da analizzare grazie!

Postdi Baxalak » 24/02/08 18:29

con vundofix non è stato trovato nulla di infetto. con combofix invece si posto qui il report


ComboFix 08-02-24.4 - computers 2008-02-24 18.12.49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.612 [GMT 1:00]
Eseguito da: C:\Documents and Settings\computers\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\messenger\msnmsgr.exe
C:\Programmi\winpop
C:\WINDOWS\services.exe
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NTMLSVC
-------\NtmlSvc


((((((((((((((((((((((((( Files Creati Da 2008-01-24 al 2008-02-24 )))))))))))))))))))))))))))))))))))
.

2008-02-22 20:16 . 2008-02-22 20:11 691,545 --a------ C:\WINDOWS\unins001.exe
2008-02-22 20:16 . 2008-02-22 20:16 2,549 --a------ C:\WINDOWS\unins001.dat
2008-02-17 22:57 . 2008-02-23 16:10 <DIR> d-------- C:\Documents and Settings\computers\Dati applicazioni\Nokia Multimedia Player
2008-02-17 17:25 . 2008-02-17 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nokia
2008-02-17 16:42 . 2006-08-29 15:56 32,377 --a------ C:\WINDOWS\system32\drivers\prodigy.sys
2008-02-17 16:41 . 2008-02-17 16:42 <DIR> d-------- C:\Programmi\NSS
2008-02-16 16:04 . 2008-02-16 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-02-16 15:59 . 2008-02-16 15:59 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-02-16 15:59 . 2008-02-17 17:22 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-02-16 15:59 . 2008-02-18 12:57 <DIR> d-------- C:\Documents and Settings\computers\Dati applicazioni\Nokia
2008-02-16 15:58 . 2008-02-16 15:58 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-02-16 15:58 . 2008-02-17 17:22 <DIR> d-------- C:\Programmi\Nokia
2008-02-16 15:58 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-02-16 15:58 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-02-16 15:58 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-02-16 15:58 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-02-16 15:58 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-02-16 15:57 . 2008-02-17 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-02-16 15:49 . 2008-02-16 15:49 <DIR> d-------- C:\Programmi\DIFX
2008-02-16 15:49 . 2008-02-16 16:16 <DIR> d-------- C:\Documents and Settings\computers\Dati applicazioni\PC Suite
2008-02-16 15:46 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-02-14 01:14 . 2008-02-14 01:14 1,374 --a------ C:\WINDOWS\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 13:45 --------- d-----w C:\Programmi\Lineage II
2008-02-23 14:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-02-23 11:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-23 11:44 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-01-19 00:17 --------- d-----w C:\Programmi\DivX
2008-01-18 23:07 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ATI
2008-01-18 22:53 --------- d-----w C:\Programmi\ATI Technologies
2008-01-13 16:04 --------- d-----w C:\Programmi\Smallvideosoft
2008-01-13 15:52 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-01-13 15:39 --------- d-----w C:\Documents and Settings\computers\Dati applicazioni\AVS4YOU
2008-01-13 15:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2007-01-26 13:27 610 ----a-w C:\Programmi\INSTALL.LOG
.
Codice: Seleziona tutto
<pre>
----a-w           524,288 2007-06-19 13:24:53  C:\Programmi\Thoosje Sidebar V2.0\Thoosje Sidebar .exe
</pre>



((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{307860E1-BA2B-404F-8F21-769657195CF7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85EF3346-907A-4781-957C-74321E1CBDC2}]
C:\WINDOWS\system32\jkhfe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D8410E5-6481-4751-83F4-D8558449D48A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBE91CAF-99CC-489F-AF0C-34E0CEC6BAF9}]
C:\WINDOWS\system32\ssqrs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D85530E8-D39D-49D0-9F36-300D594556D2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 20:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"VisualTooltip"="E:\Documenti\file originali setup\Tema Vista\visual-tooltip-crystalxp.net-en-197\VisualToolTip.exe" [ ]
"RAMpage"="C:\Programmi\RAMpage\RAMpage.exe" [2001-01-06 04:00 10784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 17:51 579072]
"BearShare"="C:\Programmi\BearShare Test\BearShare.exe" [2005-09-06 13:49 3223552]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-09-12 17:33 185896]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 14:39 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-29 17:28 219136]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdcyv]
ddcdcyv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Utilità di pianificazione di LiveUpdate automatico"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BearShare"="C:\Programmi\BearShare Test\BearShare.exe" /pause
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Starcraft\\StarCraft.exe"=
"C:\\Programmi\\Diablo II\\Diablo II.exe"=
"C:\\Programmi\\BearShare Test\\BearShare.exe"=
"C:\\Programmi\\Deep Silver\\Dawn Of Magic\\DawnOfMagic.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\T4CI\\T4CI IRC Script.exe"=
"C:\\Programmi\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"C:\\Programmi\\GameSpy Arcade\\Aphex.exe"=
"C:\\Programmi\\Black Isle\\BGII - SoA\\BGMain.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6348:TCP"= 6348:TCP:Bearshera(messo io)
"6348:UDP"= 6348:UDP:bersheare 2
"4000:TCP"= 4000:TCP:Diablo II - Lord of Destruction
"6112:UDP"= 6112:UDP:Diablo II - Lord of Destruction

R0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys [2007-03-29 12:25]
R0 ps6ahqjb;Dawn of Magic Synchronization Driver (ps6ahqjb);C:\WINDOWS\system32\drivers\ps6ahqjb.sys [2007-03-29 12:25]
R2 NwSapAgent;Agente SAP;C:\WINDOWS\System32\svchost.exe [2004-08-19 14:39]
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-17 13:48]
S0 wivbajly;wivbajly;C:\WINDOWS\system32\drivers\pqdxtjja.sys []
S2 pr2ahqjb;Dawn of Magic Drivers Auto Removal (pr2ahqjb);C:\WINDOWS\system32\pr2ahqjb.exe svc []
S3 pwalker;Process Walker Driver;C:\DOCUME~1\COMPUT~1\IMPOST~1\Temp\nsy3.tmp\pwalker.sys []
S4 USB XR Adapter WLService;USB XR Adapter WLService;C:\Programmi\WLANClient\AWLL5025\WLService.exe []

.
Contenuto della cartella 'Scheduled Tasks'
"2007-08-30 07:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-02-24 17:23:09 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 18:21:01
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-24 18:26:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-24 17:26:12
.
2008-02-24 02:37:03 --- E O F ---
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Re: scansione da analizzare grazie!

Postdi Luke57 » 25/02/08 08:24

Ciao, copia questo codice:

registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{307860E1-BA2B-404F-8F21-769657195CF7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85EF3346-907A-4781-957C-74321E1CBDC2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D8410E5-6481-4751-83F4-D8558449D48A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBE91CAF-99CC-489F-AF0C-34E0CEC6BAF9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D85530E8-D39D-49D0-9F36-300D594556D2}]

incollalo in un fle di testo che salverai chiamandolo obbligatoriamente CFScript.txt, con il puntatore del mouse trascinalo sull'icona di combofix per una nuova scansione. Dovrebbe eliminare le voci suddette.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: scansione da analizzare grazie!

Postdi Baxalak » 25/02/08 13:06

ok fatto ti posto la nuova scansione

ComboFix 08-02-24.4 - computers 2008-02-25 12.37.14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.503 [GMT 1:00]
Eseguito da: C:\Documents and Settings\computers\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\computers\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-01-25 al 2008-02-25 )))))))))))))))))))))))))))))))))))
.

2008-02-22 20:16 . 2008-02-22 20:11 691,545 --a------ C:\WINDOWS\unins001.exe
2008-02-22 20:16 . 2008-02-22 20:16 2,549 --a------ C:\WINDOWS\unins001.dat
2008-02-17 22:57 . 2008-02-23 16:10 <DIR> d-------- C:\Documents and Settings\computers\Dati applicazioni\Nokia Multimedia Player
2008-02-17 17:25 . 2008-02-17 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nokia
2008-02-17 16:42 . 2006-08-29 15:56 32,377 --a------ C:\WINDOWS\system32\drivers\prodigy.sys
2008-02-17 16:41 . 2008-02-17 16:42 <DIR> d-------- C:\Programmi\NSS
2008-02-16 16:04 . 2008-02-16 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-02-16 15:59 . 2008-02-16 15:59 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-02-16 15:59 . 2008-02-17 17:22 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-02-16 15:59 . 2008-02-18 12:57 <DIR> d-------- C:\Documents and Settings\computers\Dati applicazioni\Nokia
2008-02-16 15:58 . 2008-02-16 15:58 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-02-16 15:58 . 2008-02-17 17:22 <DIR> d-------- C:\Programmi\Nokia
2008-02-16 15:58 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-02-16 15:58 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-02-16 15:58 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-02-16 15:58 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-02-16 15:58 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-02-16 15:57 . 2008-02-17 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-02-16 15:49 . 2008-02-16 15:49 <DIR> d-------- C:\Programmi\DIFX
2008-02-16 15:49 . 2008-02-16 16:16 <DIR> d-------- C:\Documents and Settings\computers\Dati applicazioni\PC Suite
2008-02-16 15:46 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-02-14 01:14 . 2008-02-14 01:14 1,374 --a------ C:\WINDOWS\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 20:51 --------- d-----w C:\Programmi\Lineage II
2008-02-23 14:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-02-23 11:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-23 11:44 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-01-19 00:17 --------- d-----w C:\Programmi\DivX
2008-01-18 23:07 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ATI
2008-01-18 22:53 --------- d-----w C:\Programmi\ATI Technologies
2008-01-13 16:04 --------- d-----w C:\Programmi\Smallvideosoft
2008-01-13 15:52 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-01-13 15:39 --------- d-----w C:\Documents and Settings\computers\Dati applicazioni\AVS4YOU
2008-01-13 15:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2007-12-07 02:04 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:40 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-01-26 13:27 610 ----a-w C:\Programmi\INSTALL.LOG
.
Codice: Seleziona tutto
<pre>
----a-w           524,288 2007-06-19 13:24:53  C:\Programmi\Thoosje Sidebar V2.0\Thoosje Sidebar .exe
</pre>



((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 20:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"VisualTooltip"="E:\Documenti\file originali setup\Tema Vista\visual-tooltip-crystalxp.net-en-197\VisualToolTip.exe" [ ]
"RAMpage"="C:\Programmi\RAMpage\RAMpage.exe" [2001-01-06 04:00 10784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 17:51 579072]
"BearShare"="C:\Programmi\BearShare Test\BearShare.exe" [2005-09-06 13:49 3223552]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-09-12 17:33 185896]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 14:39 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-29 17:28 219136]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdcyv]
ddcdcyv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Utilità di pianificazione di LiveUpdate automatico"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BearShare"="C:\Programmi\BearShare Test\BearShare.exe" /pause
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Starcraft\\StarCraft.exe"=
"C:\\Programmi\\Diablo II\\Diablo II.exe"=
"C:\\Programmi\\BearShare Test\\BearShare.exe"=
"C:\\Programmi\\Deep Silver\\Dawn Of Magic\\DawnOfMagic.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\T4CI\\T4CI IRC Script.exe"=
"C:\\Programmi\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"C:\\Programmi\\GameSpy Arcade\\Aphex.exe"=
"C:\\Programmi\\Black Isle\\BGII - SoA\\BGMain.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6348:TCP"= 6348:TCP:Bearshera(messo io)
"6348:UDP"= 6348:UDP:bersheare 2
"4000:TCP"= 4000:TCP:Diablo II - Lord of Destruction
"6112:UDP"= 6112:UDP:Diablo II - Lord of Destruction

R0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys [2007-03-29 12:25]
R0 ps6ahqjb;Dawn of Magic Synchronization Driver (ps6ahqjb);C:\WINDOWS\system32\drivers\ps6ahqjb.sys [2007-03-29 12:25]
R2 NwSapAgent;Agente SAP;C:\WINDOWS\System32\svchost.exe [2004-08-19 14:39]
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-17 13:48]
S0 wivbajly;wivbajly;C:\WINDOWS\system32\drivers\pqdxtjja.sys []
S2 pr2ahqjb;Dawn of Magic Drivers Auto Removal (pr2ahqjb);C:\WINDOWS\system32\pr2ahqjb.exe svc []
S3 pwalker;Process Walker Driver;C:\DOCUME~1\COMPUT~1\IMPOST~1\Temp\nsy3.tmp\pwalker.sys []
S4 USB XR Adapter WLService;USB XR Adapter WLService;C:\Programmi\WLANClient\AWLL5025\WLService.exe []

.
Contenuto della cartella 'Scheduled Tasks'
"2007-08-30 07:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-02-25 11:32:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 12:41:55
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-25 12.42.24
ComboFix-quarantined-files.txt 2008-02-25 11:42:15
ComboFix2.txt 2008-02-24 17:26:15
.
2008-02-25 00:57:29 --- E O F ---
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Re: scansione da analizzare grazie!

Postdi Luke57 » 25/02/08 15:24

Ciao, apri hijackthis, premi "do a system scan only", cerca e spunta la voce seguente:
O20 - Winlogon Notify: ddcdcyv - ddcdcyv.dll (file missing)

premi fix checked.

Se trovi altre anomalie nel log, fammelo sapere.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: scansione da analizzare grazie!

Postdi Baxalak » 25/02/08 21:32

graizie mille!!!!ora non vedo + anomalie...mi viene solo un dubbio su dei (no name) all'interno della scansione riga 02 è normale?

Logfile of HijackThis v1.99.1
Scan saved at 21.30.26, on 25/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\RAMpage\RAMpage.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {307860E1-BA2B-404F-8F21-769657195CF7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85EF3346-907A-4781-957C-74321E1CBDC2} - (no file)
O2 - BHO: (no name) - {8D8410E5-6481-4751-83F4-D8558449D48A} - (no file)
O2 - BHO: (no name) - {BBE91CAF-99CC-489F-AF0C-34E0CEC6BAF9} - (no file)
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VisualTooltip] E:\Documenti\file originali setup\Tema Vista\visual-tooltip-crystalxp.net-en-197\VisualToolTip.exe
O4 - HKLM\..\Run: [RAMpage] "C:\Programmi\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Programmi\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BearShare] "C:\Programmi\BearShare Test\BearShare.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/ ... nnerV2.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://baxalak.spaces.live.com//PhotoUp ... nPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5182246437
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://baxalak.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9653422B-B563-4C6A-A8B0-080EACD83EF0}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B34C0B6-4A95-4015-957B-1CB92482CA63}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Dawn of Magic Drivers Auto Removal (pr2ahqjb) (pr2ahqjb) - Koch Media - C:\WINDOWS\system32\pr2ahqjb.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Re: scansione da analizzare grazie!

Postdi Luke57 » 26/02/08 08:31

Ciao, spunta le voci seguenti e premi fix checked. Sono voci di registro rimaste dopo l'eliminazione dei file:
O2 - BHO: (no name) - {85EF3346-907A-4781-957C-74321E1CBDC2} - (no file)
O2 - BHO: (no name) - {8D8410E5-6481-4751-83F4-D8558449D48A} - (no file)
O2 - BHO: (no name) - {BBE91CAF-99CC-489F-AF0C-34E0CEC6BAF9} - (no file)
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - (no file)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: scansione da analizzare grazie!

Postdi Baxalak » 27/02/08 12:38

grazie ho fatto tutto e non compaiono + finestre,ho notato però che con firefox per passare da una scheda all' altra ci mette 2 secondi mentre prima era un cosa immediata e usando tasck manager si nota un picco nell' utilizzo del pc del 100% esattamente nel momento in cui cambio scheda...sai qualcosa riguardo anche a questo?
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Re: scansione da analizzare grazie!

Postdi Baxalak » 27/02/08 12:55

problema risolto ora è tutto perfetto
Grazie mille ancora per l'aiuto!!!
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35


Torna a Sicurezza e Privacy


Topic correlati a "scansione da analizzare grazie!":

grazie in anticipo
Autore: Tarek
Forum: Discussioni
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti