Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Virus su PC ufficio

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Virus su PC ufficio

Postdi prof2000 » 07/05/08 09:03

Ciao come va? Ho fatto la scansione con antivir dei 3 pc in ufficio che chiamo P1e P4, ti allego i file log:

Scansione P1 dove non ho la connessione ad internet:



AntiVir PersonalEdition Classic
Report file date: mercoledì 7 maggio 2008 09:17

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: P1

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercoledì 7 maggio 2008 09:17

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CDANTSRV.EXE' - '1' Module(s) have been scanned
Scan process 'WATCH.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'MyTraveler.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'Knight.exe' - '1' Module(s) have been scanned
Scan process 'fppdis2a.exe' - '1' Module(s) have been scanned
Scan process 'Gtwatch.exe' - '1' Module(s) have been scanned
Scan process 'Gtwatch.exe' - '1' Module(s) have been scanned
Scan process 'SMax4.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '38' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{C78746BE-91FB-4738-9428-7D9346F3B2F1}\RP188\A0128593.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.bbl.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{C78746BE-91FB-4738-9428-7D9346F3B2F1}\RP188\A0128594.com
[DETECTION] Is the Trojan horse TR/Dldr.VB.bbl.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{C78746BE-91FB-4738-9428-7D9346F3B2F1}\RP188\A0128595.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.bbl.2
[INFO] The file was moved to '48525ee4.qua'!
C:\WINDOWS\regedit.com
[DETECTION] Is the Trojan horse TR/Dldr.VB.bbl.2
[INFO] The file was moved to '48885f36.qua'!
C:\WINDOWS\spolis.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.bbl.2
[INFO] The file was moved to '48905f47.qua'!


End of the scan: mercoledì 7 maggio 2008 09:51
Used time: 33:55 min

The scan has been done completely.

6528 Scanning directories
190085 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
190080 Files not concerned
2029 Archives were scanned
1 Warnings
0 Notes



Scansione P4 dove ho la connessione:



AntiVir PersonalEdition Classic
Report file date: mercoledì 7 maggio 2008 09:27

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: stars
Computer name: P4

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Programmi\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercoledì 7 maggio 2008 09:27

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'fsguidll.exe' - '1' Module(s) have been scanned
Scan process 'FSAW.exe' - '1' Module(s) have been scanned
Scan process 'FSAV32.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'FIH32.exe' - '1' Module(s) have been scanned
Scan process 'fsdfwd.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'FNRB32.exe' - '1' Module(s) have been scanned
Scan process 'FSRW.exe' - '1' Module(s) have been scanned
Scan process 'FAMEH32.EXE' - '1' Module(s) have been scanned
Scan process 'fsqh.exe' - '1' Module(s) have been scanned
Scan process 'FCH32.EXE' - '1' Module(s) have been scanned
Scan process 'fssm32.exe' - '1' Module(s) have been scanned
Scan process 'FSMB32.EXE' - '1' Module(s) have been scanned
Scan process 'FSMA32.EXE' - '1' Module(s) have been scanned
Scan process 'F-Secure Automatic Update.exe' - '1' Module(s) have been scanned
Scan process 'fsgk32.exe' - '1' Module(s) have been scanned
Scan process 'fsbwsys.exe' - '1' Module(s) have been scanned
Scan process 'fsgk32st.exe' - '1' Module(s) have been scanned
Scan process 'SERVIC~1.EXE' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'hzgmaa.exe' - '1' Module(s) have been scanned
Scan process 'FSM32.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'lsadvfpc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '31' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\lsadvfpc.exe
[WARNING] The file could not be opened!


End of the scan: mercoledì 7 maggio 2008 09:33
Used time: 07:06 min

The scan has been done completely.

143 Scanning directories
5984 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
5984 Files not concerned
4 Archives were scanned
1 Warnings
0 Notes

Su questo pc mi compare una finestra di f-secure che mi dice:
nuovo tentativo di connessione: HZGMAA.EXE

Mi aiuti?
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48

Sponsor
 

Re: Virus su PC ufficio

Postdi prof2000 » 07/05/08 14:11

Come ho acceso il pc mi si è aperta la finestra di f-secure dicendo che il pc è infetto da:
Worm.win32.autorun.aul, oltre a quello di sopra, aspetto tue notizie!
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48

Re: Virus su PC ufficio

Postdi prof2000 » 13/05/08 09:37

Mi aiuta qualcuno x favore?
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48

Re: Virus su PC ufficio

Postdi Dylan666 » 13/05/08 10:39

da modalità provvisoria riesci a rinominare lsadvfpc.exe?
Avatar utente
Dylan666
Moderatore
 
Post: 38040
Iscritto il: 18/11/03 16:46

Re: Virus su PC ufficio

Postdi Luke57 » 13/05/08 12:05

Ciao, scarica ComboFix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconettiti da internet

Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione, se le icone del desktop spariscono è normale)
Segui le istruzioni e alla fine verrà generato un log.
collegati e posta il report (C:\combofix.txt)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Virus su PC ufficio

Postdi prof2000 » 13/05/08 17:44

Dylan666 ha scritto:da modalità provvisoria riesci a rinominare lsadvfpc.exe?


Come devo fare?
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48

Re: Virus su PC ufficio

Postdi prof2000 » 14/05/08 10:46

Ciao ho avviato combofix, mentre faceco la scansione mi è apparsa la finestra di f-secure dicendomi che è pre sente il virus : EICARTEST FILE.
Alla fine della scansione nella finestra blu di combofix diceva: ACCESSO NEGATO.
COSA DEVO FARE?
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48


Torna a Sicurezza e Privacy


Topic correlati a "Virus su PC ufficio":


Chi c’è in linea

Visitano il forum: Nessuno e 13 ospiti