|
|
|
|
Strumenti |
16-11-2007, 19:36 | #21 |
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Si, sono d'accordo, avevo trascurato questo aspetto. Ritiro la proposta avanzata. Meglio che l'utente faccia qualche scansione in più e qualche log di HJT di meno.
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
|
16-11-2007, 19:37 | #22 |
Moderatore
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27465
|
Completamente concorde, ormai ne abusano del log di HJT
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
22-11-2007, 13:59 | #23 | |
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
Questi due link non vanno, potete modificarli?
Quote:
|
|
22-11-2007, 14:17 | #24 |
Senior Member
Iscritto dal: Aug 2005
Città: Genova
Messaggi: 3391
|
corretti
__________________
Rimozione Worm/Rootkit Bagle - Rimozione Trojan Vundo - Rimozione virus MSN Messenger -Rimozione virus su chiavetta o errori di file mancante all'apertura del disco fisso - NT AUTHORITY SYSTEM spegne il pc ad ogni avvio. Cosa fare?(worm sasser/blaster/rustock) - Thread Ufficiale firewall software |
22-11-2007, 14:24 | #25 |
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
|
22-11-2007, 14:30 | #26 |
Senior Member
Iscritto dal: Aug 2005
Città: Genova
Messaggi: 3391
|
ora lo controllo su virus total. per il momento tolgo il link.
su virustotal antivir non lo rileva... aggiorna le firme e prova a riscaricarlo. mi mandi uno screen del rilevamento prima della scelta di negare l'accesso?
__________________
Rimozione Worm/Rootkit Bagle - Rimozione Trojan Vundo - Rimozione virus MSN Messenger -Rimozione virus su chiavetta o errori di file mancante all'apertura del disco fisso - NT AUTHORITY SYSTEM spegne il pc ad ogni avvio. Cosa fare?(worm sasser/blaster/rustock) - Thread Ufficiale firewall software Ultima modifica di Bugs Bunny : 22-11-2007 alle 14:43. |
24-11-2007, 22:27 | #27 |
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Antivir è noto per i suoi problemi con i falsi positivi. Ho fatto la scansione su virscan.org e solo 5 software su 36 lo vedono come infetto. Nulla di cui preoccuparsi.
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
|
24-11-2007, 23:46 | #28 | |
Bannato
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
|
Quote:
Poi, è naturale che sulle procedure da seguire, pesi, in larga parte, l'esperienza personale di colui che la Guida la ha scritta. |
|
26-11-2007, 15:35 | #29 |
Member
Iscritto dal: Aug 2005
Messaggi: 139
|
vundo solo con antivir
ciao ragazzi...anke io purtroppo ho preso vundo.....la cosa strana è che se ho antivir che gira me lo segnala(aprendo le pop-up di avviso)...provo ad eliminarlo e niente...se disinstallo antivir tutto va normalemnte...però non sto tranquillo perkè sò ke sotto sotto ho ancora vundo....ke faccio?
__________________
Un vero galantuomo è colui che riesce a descrivere monica bellucci senza fare gesti! |
26-11-2007, 15:40 | #30 | |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
30-11-2007, 10:45 | #31 |
Senior Member
Iscritto dal: Sep 2001
Città: Vicopisano (PI)
Messaggi: 11652
|
Un aiutino....secondo voi in questo pc c'è solo vundo o anche qualche altro ospite indesiderato?
__________________
>>PARTECIPA AI PROGETTI DI CALCOLO DISTRIBUITO CON BOINC.Italy!<<
You may say I'm a dreamer - But I'm not the only one - I hope someday you'll join us - And the team will be the 1# one BoincEmperor 1° Livello - Rotoloni DOCET!! Cactus rulez!! |
30-11-2007, 10:51 | #32 |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Sembra solo Vundo, certo che la sicurezza di questo PC è tutta da rivedere, per i successivi log di HijackThis usa la versione aggiornata:
http://www.trendsecure.com/portal/en...HiJackThis.exe
__________________
Try again and you will be luckier.
|
30-11-2007, 11:08 | #33 | |
Senior Member
Iscritto dal: Sep 2001
Città: Vicopisano (PI)
Messaggi: 11652
|
Quote:
Codice:
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00665CB.dat Per quanto riguarda la sicurezza del pc intendi il tipo di antivirus? Firewall? Il pc è dietro ad un router e il firewall di windows è attivo.....o perlomeno sembra
__________________
>>PARTECIPA AI PROGETTI DI CALCOLO DISTRIBUITO CON BOINC.Italy!<<
You may say I'm a dreamer - But I'm not the only one - I hope someday you'll join us - And the team will be the 1# one BoincEmperor 1° Livello - Rotoloni DOCET!! Cactus rulez!! Ultima modifica di GHz : 30-11-2007 alle 11:58. |
|
30-11-2007, 11:19 | #34 | |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
Avast sostituiscilo con Antivir Free Installa un FW software vedi Comodo Free Installa un antispyware in real time vedi SpywareTerminator Free Utilizzi IE6 aggiornare alla versione 7 Aggiornare Acrobat Reader e Java versioni vecchie quindi vulnerabili Ciao
__________________
Try again and you will be luckier.
|
|
30-11-2007, 11:57 | #35 | |
Senior Member
Iscritto dal: Sep 2001
Città: Vicopisano (PI)
Messaggi: 11652
|
Quote:
__________________
>>PARTECIPA AI PROGETTI DI CALCOLO DISTRIBUITO CON BOINC.Italy!<<
You may say I'm a dreamer - But I'm not the only one - I hope someday you'll join us - And the team will be the 1# one BoincEmperor 1° Livello - Rotoloni DOCET!! Cactus rulez!! |
|
30-11-2007, 13:57 | #36 |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
di nulla
__________________
Try again and you will be luckier.
|
02-12-2007, 14:51 | #37 |
Member
Iscritto dal: Sep 2006
Messaggi: 236
|
Salve a tutti,anche io ho questo problema..
Ho seguito la guida su Vundo ma ancora nulla...McAfee mi segnala i file che contengono Vundo, me li pulisce/elimina ma il problema si ripresenta ancora!! Allego il log di HiJackThis. Ultima modifica di freddy85 : 10-12-2007 alle 21:48. |
02-12-2007, 16:48 | #38 | |
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Per ottenere assistenza devi attenerti alle regole di sezione per quanto riguarda i log:
Quote:
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
|
|
03-12-2007, 07:53 | #39 |
Junior Member
Iscritto dal: Nov 2007
Messaggi: 9
|
Strainfetto da Vundo
Salve, seguendo le indicazioni di Riverside, posto i logs relativi alla procedura 'Rimuovere trojan Vundo'.
Se poteste dirmi come procedere ve ne sarei molto grato. Stefano Codice:
[12/02/2007, 18:55:57] - VirtumundoBeGone v1.5 ( "C:\Analisi_Virus\Vundo\VirtumundoBeGone.exe" ) [12/02/2007, 18:56:04] - Detected System Information: [12/02/2007, 18:56:04] - Windows Version: 5.1.2600, Service Pack 2 [12/02/2007, 18:56:04] - Current Username: Stefano Papucci (Admin) [12/02/2007, 18:56:04] - Windows is in SAFE mode with Networking. [12/02/2007, 18:56:04] - Searching for Browser Helper Objects: [12/02/2007, 18:56:04] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader) [12/02/2007, 18:56:04] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [12/02/2007, 18:56:04] - BHO 3: {0945ace7-fa8f-4b6d-a39a-9a72dfce2297} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\ruccbnut [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\ruccbnut, continuing. [12/02/2007, 18:56:04] - BHO 4: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [12/02/2007, 18:56:04] - BHO 5: {26dced85-74da-42b3-85dd-fca5d5b62b9f} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\rjimtxox [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\rjimtxox, continuing. [12/02/2007, 18:56:04] - BHO 6: {2c924209-9adc-4010-88e5-4d6b890fc300} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\fvuxyxot [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\fvuxyxot, continuing. [12/02/2007, 18:56:04] - BHO 7: {30c87fa7-1c1d-4702-a893-8970c1ce9600} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\iojjabye [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\iojjabye, continuing. [12/02/2007, 18:56:04] - BHO 8: {38cc6bf5-bb41-4c8f-8d27-7715bd4f472a} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\widsgjyd [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\widsgjyd, continuing. [12/02/2007, 18:56:04] - BHO 9: {3e411996-b727-463f-ac1e-932b0afa4c4d} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\hqslfvuh [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\hqslfvuh, continuing. [12/02/2007, 18:56:04] - BHO 10: {467bba8b-7a24-4a30-9297-e716009602a3} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\wvainqih [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\wvainqih, continuing. [12/02/2007, 18:56:04] - BHO 11: {4c2c386e-d659-45b6-9325-c045732253c2} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\hfrsljdf [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\hfrsljdf, continuing. [12/02/2007, 18:56:04] - BHO 12: {52231464-407c-4281-b542-e141c6ebeaa7} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\smoholfk [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\smoholfk, continuing. [12/02/2007, 18:56:04] - BHO 13: {58e52550-63a0-4991-8aa8-a789376df1b8} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\ijptimll [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\ijptimll, continuing. [12/02/2007, 18:56:04] - BHO 14: {5cd89e51-6569-4196-8eae-7cca50c3489c} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\kxsupfte [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\kxsupfte, continuing. [12/02/2007, 18:56:04] - BHO 15: {5f6d4c6d-a76e-48e9-aadd-8f355e65f386} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\bbvrafax [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\bbvrafax, continuing. [12/02/2007, 18:56:04] - BHO 16: {6bbd8050-2c51-4b3b-ab5c-cb02df5a9705} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\eajpbstu [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\eajpbstu, continuing. [12/02/2007, 18:56:04] - BHO 17: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [12/02/2007, 18:56:04] - BHO 18: {766ebec5-d211-487d-b18e-ae378229e0fb} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\lddkfxfn [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\lddkfxfn, continuing. [12/02/2007, 18:56:04] - BHO 19: {7b26b0b7-1548-40c9-815f-dc895ce36b25} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\qlyedocx [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\qlyedocx, continuing. [12/02/2007, 18:56:04] - BHO 20: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - No filename found. Continuing. [12/02/2007, 18:56:04] - BHO 21: {a182ecc9-f08f-4d7d-9915-527b8aa6c67e} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\rkjepcsh [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\rkjepcsh, continuing. [12/02/2007, 18:56:04] - BHO 22: {A20F15CE-C276-44A9-92EC-6C510A4E3ACE} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\gebyx [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\gebyx, continuing. [12/02/2007, 18:56:04] - BHO 23: {a3babd3c-ba49-4a4e-82ab-6ee2a808a4b3} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\vhpnhqdf [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\vhpnhqdf, continuing. [12/02/2007, 18:56:04] - BHO 24: {a8a4dd42-d0ec-461f-a5ff-df2bcaff85b6} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - No filename found. Continuing. [12/02/2007, 18:56:04] - BHO 25: {aab72303-4ce4-4622-8a99-12e919a50981} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\vmiaaxmw [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\vmiaaxmw, continuing. [12/02/2007, 18:56:04] - BHO 26: {cfc32704-9872-403b-a926-3b6c9c982f92} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\ensogrok [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\ensogrok, continuing. [12/02/2007, 18:56:04] - BHO 27: {e627e1fa-b7b8-422b-928e-a4616e856214} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\jjwotgkb [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\jjwotgkb, continuing. [12/02/2007, 18:56:04] - BHO 28: {e8e134e9-aa65-4d62-be3d-9f50a57086f0} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\uceufdql [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\uceufdql, continuing. [12/02/2007, 18:56:04] - BHO 29: {edd2ca1a-bc10-46f2-8c6e-53f860817a7f} () [12/02/2007, 18:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/02/2007, 18:56:04] - Checking for HKLM\...\Winlogon\Notify\pgulfser [12/02/2007, 18:56:04] - Key not found: HKLM\...\Winlogon\Notify\pgulfser, continuing. [12/02/2007, 18:56:04] - Finished Searching Browser Helper Objects [12/02/2007, 18:56:04] - Finishing up... [12/02/2007, 18:56:04] - Nothing found! Exiting... VirIT eXplorer Lite Log [SCANSIONE DELLA MEMORIA] OK [SCANSIONE DELLA MEMORIA] OK -------------------------------------------------------- 02/12/2007 - 19:50:18 [SCANSIONE DEL REGISTRO] OK [C:] MASTER BOOT RECORD: OK BOOT SECTOR: OK C:\WINDOWS\system32\fvuxyxot.dll Infetto da Trojan.Win32.Vundo.BT * * * RIMOSSO * * * C:\WINDOWS\system32\qlyedocx.dll Infetto da Trojan.Win32.Vundo.BT * * * RIMOSSO * * * C:\WINDOWS\system32\iojjabye.dll Infetto da Trojan.Win32.Vundo.BT * * * RIMOSSO * * * C:\WINDOWS\system32\dmtqhlnd.dll Infetto da Trojan.Win32.Vundo.BT * * * RIMOSSO * * * C:\WINDOWS\system32\niiamiih.dll Infetto da Trojan.Win32.Vundo.BT * * * RIMOSSO * * * C:\WINDOWS\system32\crqatoad.dll Infetto da Trojan.Win32.Vundo.BT * * * RIMOSSO * * * C:\WINDOWS\system32\rkjepcsh.dll Infetto da Trojan.Win32.Vundo.BT * * * RIMOSSO * * * C:\WINDOWS\system32\oqwkvevj.dll Infetto da Trojan.Win32.Vundo.BT * * * RIMOSSO * * * C:\WINDOWS\system32\xpaxxvpf.dll Infetto da Trojan.Win32.Vundo.BT * * * RIMOSSO * * * C:\WINDOWS\system32\eajpbstu.dll Infetto da Trojan.Win32.Vundo.BT * * * RIMOSSO * * * C:\WINDOWS\system32\vmiaaxmw.dll Infetto da Trojan.Win32.Vundo.BT * * * RIMOSSO * * * C:\Documents and Settings\Stefano Papucci\Preferiti\Whatsnew.url Infetto da HTML.LinkShare.A * * * RIMOSSO * * * [D:] [E:] Chiavi Registro infette: 0. Files Infetti: 12. Files Sospetti: 0. Files Analizzati: 77212. Files Totali: 77212. Chiavi Registro rimosse: 0. Virus Rimossi: 12. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20.24.01, on 02/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\a-squared Free\a2service.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Programmi\Acer\Notebook Manager\almxptray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Launch Manager\QtZgAcer.EXE C:\Programmi\Acer\Wireless\Utility\Wlan11ab.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\QuickTime\qttask.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe C:\Programmi\Skype\Plugin Manager\skypePM.exe C:\Analisi_Virus\Vundo\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.acer.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0945ace7-fa8f-4b6d-a39a-9a72dfce2297} - C:\WINDOWS\system32\ruccbnut.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {26dced85-74da-42b3-85dd-fca5d5b62b9f} - C:\WINDOWS\system32\rjimtxox.dll O2 - BHO: (no name) - {2c924209-9adc-4010-88e5-4d6b890fc300} - C:\WINDOWS\system32\fvuxyxot.dll (file missing) O2 - BHO: (no name) - {30c87fa7-1c1d-4702-a893-8970c1ce9600} - C:\WINDOWS\system32\iojjabye.dll (file missing) O2 - BHO: (no name) - {38cc6bf5-bb41-4c8f-8d27-7715bd4f472a} - C:\WINDOWS\system32\widsgjyd.dll O2 - BHO: (no name) - {3e411996-b727-463f-ac1e-932b0afa4c4d} - C:\WINDOWS\system32\hqslfvuh.dll O2 - BHO: (no name) - {467bba8b-7a24-4a30-9297-e716009602a3} - C:\WINDOWS\system32\wvainqih.dll O2 - BHO: (no name) - {4c2c386e-d659-45b6-9325-c045732253c2} - C:\WINDOWS\system32\hfrsljdf.dll O2 - BHO: (no name) - {52231464-407c-4281-b542-e141c6ebeaa7} - C:\WINDOWS\system32\smoholfk.dll O2 - BHO: (no name) - {58e52550-63a0-4991-8aa8-a789376df1b8} - C:\WINDOWS\system32\ijptimll.dll O2 - BHO: (no name) - {5cd89e51-6569-4196-8eae-7cca50c3489c} - C:\WINDOWS\system32\kxsupfte.dll O2 - BHO: (no name) - {5f6d4c6d-a76e-48e9-aadd-8f355e65f386} - C:\WINDOWS\system32\bbvrafax.dll O2 - BHO: (no name) - {6bbd8050-2c51-4b3b-ab5c-cb02df5a9705} - C:\WINDOWS\system32\eajpbstu.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {766ebec5-d211-487d-b18e-ae378229e0fb} - C:\WINDOWS\system32\lddkfxfn.dll O2 - BHO: (no name) - {7b26b0b7-1548-40c9-815f-dc895ce36b25} - C:\WINDOWS\system32\qlyedocx.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {a182ecc9-f08f-4d7d-9915-527b8aa6c67e} - C:\WINDOWS\system32\rkjepcsh.dll (file missing) O2 - BHO: (no name) - {A20F15CE-C276-44A9-92EC-6C510A4E3ACE} - C:\WINDOWS\system32\gebyx.dll (file missing) O2 - BHO: (no name) - {a3babd3c-ba49-4a4e-82ab-6ee2a808a4b3} - C:\WINDOWS\system32\vhpnhqdf.dll O2 - BHO: {6b58ffac-b2fd-ff5a-f164-ce0d24dd4a8a} - {a8a4dd42-d0ec-461f-a5ff-df2bcaff85b6} - (no file) O2 - BHO: (no name) - {aab72303-4ce4-4622-8a99-12e919a50981} - C:\WINDOWS\system32\vmiaaxmw.dll (file missing) O2 - BHO: (no name) - {cfc32704-9872-403b-a926-3b6c9c982f92} - C:\WINDOWS\system32\ensogrok.dll O2 - BHO: (no name) - {e627e1fa-b7b8-422b-928e-a4616e856214} - C:\WINDOWS\system32\jjwotgkb.dll O2 - BHO: (no name) - {e8e134e9-aa65-4d62-be3d-9f50a57086f0} - C:\WINDOWS\system32\uceufdql.dll O2 - BHO: (no name) - {edd2ca1a-bc10-46f2-8c6e-53f860817a7f} - C:\WINDOWS\system32\pgulfser.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AcerNotebookManager] C:\Programmi\Acer\Notebook Manager\almxptray.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [AcerWirelessManager] C:\Programmi\Acer\Wireless\Utility\Wlan11ab.exe -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{06505D09-B04B-4302-BB86-347AB2FDC628}: NameServer = 151.99.125.1,151.99.0.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{7904831E-2EB3-4D12-9E1C-791FB1176A27}: NameServer = 151.99.125.1,151.99.0.100 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: nhdvjikz - nhdvjikz.dll (file missing) O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 10206 bytes |
03-12-2007, 08:35 | #40 |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
@quanah
Mancano i logs di VundoFix - FixVundo - ComboFix - Prevx CSI la procedura indicata dovrebbe essere eseguita per intero ti invito ad allegarli in formato .txt usando la funzione Gestisci allegati o hostandoli su www.zshare.net ed indicando il link dove prelevarli nel prossimo post.
__________________
Try again and you will be luckier.
|
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 12:16.