Condividi:        

Trojan

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Trojan

Postdi ros75 » 17/09/06 19:03

Ciao a tutti! Di recente ho problemi con internet, devo fare diversi tentativi prima che la connessione regga e inoltre la navigazione è molto lenta! Così leggendo qua e là per venirne a capo ho trovato questo forum e mi è piaciuto davvero :D
Ho letto un pò prima di scrivere per vedere se riuscivo da sola ma ahimè non ho capito un'acca! Ho fatto una scansione on line con kaspersky e il report è:

Infected Object Name Virus Name Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Rosalia\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Rosalia\Dati applicazioni\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped

C:\Documents and Settings\Rosalia\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-3c1abd11-20f14b73.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Rosalia\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\file\omfge.class-2ce291f0-27999984.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Rosalia\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Rosalia\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Rosalia\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Rosalia\Impostazioni locali\Temp\Perflib_Perfdata_8c.dat Object is locked skipped

C:\Documents and Settings\Rosalia\Impostazioni locali\Temp\winsyst32.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped

C:\Documents and Settings\Rosalia\Impostazioni locali\Temp\~DF1.tmp Infected: Trojan-Downloader.Win32.Setial.b skipped

C:\Documents and Settings\Rosalia\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Rosalia\ntuser.dat Object is locked skipped

C:\Documents and Settings\Rosalia\ntuser.dat.LOG Object is locked skipped

C:\Programmi\ESET\cache\CACHE.NDB Object is locked skipped

C:\Programmi\ESET\infected\N0NB4VDA.NQF Infected: Trojan-Clicker.Win32.Small.kj skipped

C:\Programmi\ESET\logs\virlog.dat Object is locked skipped

C:\Programmi\ESET\logs\warnlog.dat Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{BA311EA0-88A6-483F-9B17-13BE584864F3}\RP78\A0044371.exe Infected: Trojan-Downloader.Win32.Setial.b skipped

C:\System Volume Information\_restore{BA311EA0-88A6-483F-9B17-13BE584864F3}\RP79\A0046776.dll Infected: Trojan-Downloader.Win32.Bomka.r skipped

C:\System Volume Information\_restore{BA311EA0-88A6-483F-9B17-13BE584864F3}\RP90\A0055328.exe Infected: Trojan-Downloader.Win32.Setial.b skipped

C:\System Volume Information\_restore{BA311EA0-88A6-483F-9B17-13BE584864F3}\RP92\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{0E1F5159-F4D0-4E5E-885C-0FC8BC84A26B}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped


Ho anche scaricato hijackthis e il report è:

unning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SpeedFan\speedfan.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rosalia\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tiscali.it/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\__p9hEPQkbj.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14D1A72D-8705-11D8-B120-0040F46CB696} - (no file)
O2 - BHO: Duplex - {4D8603D1-E19F-4DB9-B841-CF0B3AECF967} - C:\WINDOWS\system32\Apparat.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: SpeedFan.lnk = C:\Programmi\SpeedFan\speedfan.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F9C5556-90E4-4D37-9138-AD0E31CE4E16}: NameServer = 85.37.17.52 85.38.28.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9FBA633-D693-4DB4-8E2A-77AF2EF894C0}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

Grazie mille
ros75
Utente Junior
 
Post: 19
Iscritto il: 17/09/06 15:59

Sponsor
 

Postdi andorra24 » 17/09/06 19:22

Ciao, metti la spunta nella casellina accanto alle seguenti voci e dopo esserti disconnesso da internet ed aver chiuso tutti i programmi aperti premi fix checked:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\__p9hEPQkbj.exe
O2 - BHO: (no name) - {14D1A72D-8705-11D8-B120-0040F46CB696} - (no file)
O2 - BHO: Duplex - {4D8603D1-E19F-4DB9-B841-CF0B3AECF967} - C:\WINDOWS\system32\Apparat.dll

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui: http://www.killbox.net/downloads/KillBox.exe
con killbox elimina i seguenti files:
C:\WINDOWS\system32\Apparat.dll
C:\WINDOWS\__p9hEPQkbj.exe

Scarica ATF Cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
(per eliminare file temporanei di windows e IE)
Avvia ATF cleaner, clicca sul menu "main" e poi seleziona la casella "Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!".

Inoltre ti consiglio di disattivare il ripristino di sistema perche' dal log del kaspersky vedo che ti ha trovato delle infezioni nella cartella del ripristino. Se non sai disattivarlo segui le indicazioni del link:
http://service1.symantec.com/SUPPORT/IN ... 3151930924

Svuota anche la cache di Java Sun: vai su start/pannello di controllo, a destra clicca su ''passa alla visualizzazione classica'', poi individua l'icona java a forma di tazzina di caffe', ti apparira' una schermata chiamata ''pannello di controllo java''. Entra nel tab ''generale'' e in basso clicca su ''elimina file...''.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi ros75 » 17/09/06 20:24

Grazie per la velocità con cui mi hai risposto! Ho fatto tutto quello che mi hai detto però quando vado a eliminare i due file con KillBox mi dice che non esistono!
ros75
Utente Junior
 
Post: 19
Iscritto il: 17/09/06 15:59

Postdi andorra24 » 17/09/06 20:31

Posta un nuovo log di hijackthis.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi ros75 » 17/09/06 20:46

Ecco:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SpeedFan\speedfan.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tiscali.it/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: SpeedFan.lnk = C:\Programmi\SpeedFan\speedfan.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F9C5556-90E4-4D37-9138-AD0E31CE4E16}: NameServer = 85.37.17.52 85.38.28.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9FBA633-D693-4DB4-8E2A-77AF2EF894C0}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe


Poi ho un'altra domanda... ho guardato il Task manager e vedo che sono in esecuzione due processi
explore.exe e IEXPLRORE.EXE...
è normale?
ros75
Utente Junior
 
Post: 19
Iscritto il: 17/09/06 15:59

Postdi andorra24 » 17/09/06 20:58

Ciao, il tuo log e' pulito. Per quanto riguarda quei 2 processi sono legittimi:

explorer.exe e' Microsoft Windows Explorer
iexplore.exe e' il browser microsoft internet explorer. ;)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi ros75 » 17/09/06 21:00

Ecco dimostrata la mia ignoranza in materia :lol:
Grazie mille per l'aiuto
ros75
Utente Junior
 
Post: 19
Iscritto il: 17/09/06 15:59

Postdi andorra24 » 17/09/06 21:02

ros75 ha scritto:Ecco dimostrata la mia ignoranza in materia :lol:
Grazie mille per l'aiuto

Lieta di averti aiutato. ;)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi ros75 » 18/09/06 19:38

Grazie... tutto funziona alla perfezione :)
Avrei una domanda da fare... ma tutte quelle schifezze che ho in quarantena con Ad-Aware è possibile rimuoverle in qualche modo o devo tenerle lì?
Non so se dovevo aprire un altro topic... nel caso mi scuso!
ros75
Utente Junior
 
Post: 19
Iscritto il: 17/09/06 15:59

Postdi andorra24 » 18/09/06 19:42

ros75 ha scritto:Grazie... tutto funziona alla perfezione :)
Avrei una domanda da fare... ma tutte quelle schifezze che ho in quarantena con Ad-Aware è possibile rimuoverle in qualche modo o devo tenerle lì?
Non so se dovevo aprire un altro topic... nel caso mi scuso!

Gli elementi nella quarantena di Adware puoi eliminarli. Clicca su ''open quarantine list'' e poi su ''delete''.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo


Torna a Sicurezza e Privacy


Topic correlati a "Trojan":

trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27

Chi c’è in linea

Visitano il forum: Nessuno e 106 ospiti