|
|||||||
|
|
|
 |
|
|
Strumenti |
17-07-2007, 08:50
|
#1 |
|
Member
Iscritto dal: Apr 2006
Messaggi: 143
|
(non Virgilio.it) - installato EXE maligno
Mio fratello usando il pc (con Firefox/2.0.0.4) è andato per errore sul sito www . viEgilio . it (sfruttano il fatto che la R e la E sono vicine sulla tastiera e cercando di andare su Virgilio.it a volte si sbaglia ... e proprio mio fratello doveva sbagliare!!!###$$$)
Ad ogni modo compare una foto "sexy" e ci sono diversi link FALSI in cui credi di accedere a qualche risorsa utile ma in realtà avviano dei file eseguibili (.EXE). Mio fratello si è spaventato vedendo apparire una finestra tipo windows di 'Cancellazione in corso' ... con tanto di barra stato avanzamento (ne pensano di tutti i colori!). Purtroppo credendo di fermare la cancellazione ha cliccato sul relativo tasto 'Cancel', avviando il seguente eseguibile: (www . viEgilio . it/Ripristino Documenti.exe) http://www . viEgilio . it/Ripristino%20Documenti.exe Non ero a casa quindi non so cosa sia successo. Lui mi dice che non è successo nulla e poi ha chiuso a mano la pagina del sito senza problemi ... solo che ora i problemi ce li ho io che sto cercando di ripulire il pc ma senza esito positivo. Ho cercato (ovviamente inutilmente) la presenza del file 'Ripristino Documenti.exe' ma nulla da fare. Ho fatto la scansione dell'intero pc con Avast-antivirus ed anche con AVG-anti-spyware, ma non mi trovano nulla. Chi saprebbe aiutarmi a ripulire il pc?? A vedere dal sito sembra un dialer ma è solo una mia ipotesi. Che diavolo combina sto file 'Ripristino Documenti.exe' ?? Ps. la prima volta che entrate su appare la foto e tutti i link "maligni", ma se tentate di rientraci una seconda volta dice pagina Not Found. Basta ripulire i cookies e riavviare il browser per far riapparire la pagina originale. Ultima modifica di mrmaxi : 17-07-2007 alle 23:18. |
|
|
17-07-2007, 08:57
|
#2 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Spira, Zanarkand
Messaggi: 394
|
Sito typosquatter abbastanza bastardo tipo alialia.it & company. Non so se sei stato infettato...cioé tuo fratello ha detto che si è chiuso, ma il pc ha problemi? Dovrebbe essere gromozon, quindi se riesci a postare qui non penso che sei stato infettato...
Per sicurezza fai una scansione con GMER e vedi se ci sono voci in rosso E posta un log di hijackthis. P.s. oscura i link infetti. es scrivi hxxp://www.viegilio.it |
|
|
|
17-07-2007, 09:07
|
#3 |
|
Registered User
Iscritto dal: May 2007
Messaggi: 64
|
.ok
Ultima modifica di pcì : 17-07-2007 alle 09:57. |
|
|
|
17-07-2007, 09:35
|
#4 |
|
Senior Member
Iscritto dal: Apr 2006
Messaggi: 22462
|
poi dove virus che a me danno tutti notfound
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza |
|
|
|
17-07-2007, 11:34
|
#5 |
|
Member
Iscritto dal: Apr 2006
Messaggi: 143
|
@ stesio54
mi ha segato tutti i rifermimenti al sito, pure nel titolo se qualcuno che sa smanettare su ste cose si guarda l'EXE e se lo apre almeno so che cosa combina sto ##### di EXE !!! ... mi hai fatto + danni tu nel post che il malware  
|
|
|
|
17-07-2007, 11:48
|
#6 | |
|
Member
Iscritto dal: Apr 2006
Messaggi: 143
|
Quote:
http://www.hwupgrade.it/news/sicurez...ore_18390.html A quanto pare visto che usava Firefox non dovrei essere esposto, ma credo non si tratti di gromozon, anche xè qui se non fai nulla non scarica niente .. almeno credo .. e spero Mi sono scaricato GMER e hijackthis. Questa sera li provo e posto altre info. Come faccio a oscurare i link infetti?? |
|
|
|
|
17-07-2007, 11:58
|
#7 |
|
Senior Member
Iscritto dal: Aug 2005
Città: Genova
Messaggi: 3397
|
se fosse gromozon non saresti qui
 comunque posta nella sezione delle infezioni includendo un log di hijackthis e riportando eventuali voci in rosso di gmer.
__________________
Rimozione Worm/Rootkit Bagle - Rimozione Trojan Vundo - Rimozione virus MSN Messenger -Rimozione virus su chiavetta o errori di file mancante all'apertura del disco fisso - NT AUTHORITY SYSTEM spegne il pc ad ogni avvio. Cosa fare?(worm sasser/blaster/rustock) - Thread Ufficiale firewall software |
|
|
|
17-07-2007, 12:15
|
#8 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Spira, Zanarkand
Messaggi: 394
|
Quote:
i link infetti te li ha già oscurati stesio... è per evitare che qualche utOntO ci clicchi sopra e si infetti senza le protezioni adeguate. |
|
|
|
|
17-07-2007, 14:17
|
#9 |
|
Senior Member
Iscritto dal: Apr 2006
Messaggi: 22462
|
si basa su controllo active x: è un virus talemtne scemo che una scansione con kaspersky dovrebbe bastare
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza |
|
|
|
17-07-2007, 14:47
|
#10 | |
|
Member
Iscritto dal: Apr 2006
Messaggi: 143
|
Quote:
e cosa fa di preciso sto controllo active x?? |
|
|
|
|
17-07-2007, 14:51
|
#11 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Spira, Zanarkand
Messaggi: 394
|
Quote:
|
|
|
|
|
17-07-2007, 14:54
|
#12 | |
|
Senior Member
Iscritto dal: Mar 2006
Messaggi: 22114
|
Quote:
http://www.pinkopallino.it diventerebbe h**p://www.pinkopallino.it |
|
|
|
|
17-07-2007, 15:16
|
#13 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
Quote:
__________________
Opera disabilitazione script ed iframe  Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
17-07-2007, 16:24
|
#14 |
|
Member
Iscritto dal: Apr 2006
Messaggi: 94
|
Ecco cosa scarica:
Antivirus Version Last Update Result AhnLab-V3 2007.7.14.0 2007.07.17 no virus found AntiVir 7.4.0.42 2007.07.17 TR/Dldr.Agent.bux Authentium 4.93.8 2007.07.17 no virus found Avast 4.7.997.0 2007.07.16 Win32:Agent-ITQ AVG 7.5.0.476 2007.07.16 Downloader.Agent.MMF BitDefender 7.2 2007.07.17 no virus found CAT-QuickHeal 9.00 2007.07.16 no virus found ClamAV devel-20070416 2007.07.17 Trojan.Downloader-10575 DrWeb 4.33 2007.07.17 Trojan.DownLoader.24242 eSafe 7.0.15.0 2007.07.17 suspicious Trojan/Worm eTrust-Vet 30.8.3789 2007.07.17 no virus found Ewido 4.0 2007.07.17 Downloader.Agent.bux FileAdvisor 1 2007.07.17 no virus found Fortinet 2.91.0.0 2007.07.17 Adware/Agent F-Prot 4.3.2.48 2007.07.17 no virus found Ikarus T3.1.1.8 2007.07.17 no virus found Kaspersky 4.0.2.24 2007.07.17 Trojan-Downloader.Win32.Agent.bux McAfee 5075 2007.07.16 no virus found Microsoft 1.2704 2007.07.17 no virus found NOD32v2 2402 2007.07.17 probably unknown NewHeur_PE virus Norman 5.80.02 2007.07.17 no virus found Panda 9.0.0.4 2007.07.17 Suspicious file Sophos 4.19.0 2007.07.16 no virus found Sunbelt 2.2.907.0 2007.07.16 no virus found Symantec 10 2007.07.17 no virus found TheHacker 6.1.7.148 2007.07.16 Trojan/Downloader.Agent.bux VBA32 3.12.2 2007.07.16 Trojan.DownLoader.24242 VirusBuster 4.3.23:9 2007.07.16 no virus found Webwasher-Gateway 6.0.1 2007.07.17 Trojan.Dldr.Agent.bux |
|
|
|
17-07-2007, 16:40
|
#15 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
|
|
|
|
|
17-07-2007, 23:13
|
#16 | |
|
Member
Iscritto dal: Apr 2006
Messaggi: 143
|
Quote:
Codice:
GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-07-17 23:59:35 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.13 ---- SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess ---- Devices - GMER 1.0.13 ---- AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BAB2DF74] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BAB2C812] aswMon2.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F76762C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F76762C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F76762C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F76762C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F76768E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F76768E6] aswTdi.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [BAB2DF74] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [BAB2C812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [BAB2C812] aswMon2.SYS ---- EOF - GMER 1.0.13 ---- |
|
|
|
|
17-07-2007, 23:14
|
#17 | |
|
Member
Iscritto dal: Apr 2006
Messaggi: 143
|
Quote:
Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.04.33, on 18/07/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183925613703
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3E181DE-2FC8-45FD-9A06-C68B535C1562}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 4221 bytes
|
|
|
|
|
18-07-2007, 00:05
|
#18 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
il log sembra a posto devi aggiornare la java machine e
Quote:
il pc dà problemi?
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
18-07-2007, 00:27
|
#19 | |
|
Member
Iscritto dal: Apr 2006
Messaggi: 143
|
Quote:
il pc non da problemi mi sembra a posto la java da aggiornare è x sicurezza o è solo un di + (ho visto che ad ogni aggiornamento Java diventa sempre + lento il pc) si, fotocamera Canon installata io ... tutto ok |
|
|
|
|
18-07-2007, 00:58
|
#20 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
penso di si
probabilmente hai beccato la variante che aveva bisogno dell'interazione utente  e si....l'aggiornamento è anche questione di sicurezza...oppure puoi fare come me..io non l'ho proprio installata(con la sua cartella temp la vedo un'altro ricettacolo di schifezze) dipende da teSaluti 
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 13:28.
