|
|
|
![]() |
|
Strumenti |
![]() |
#21 | |
Member
Iscritto dal: Jan 2003
Città: ultimamente nel pallone
Messaggi: 286
|
Quote:
Il windows.003... ...se non ricordo male... ... proviene dalla terza installazione di windows senza la rimozione delle versioni precedenti: pertanto leggitimaa come suopposto da rIVERSIDE |
|
![]() |
![]() |
#22 |
Junior Member
Iscritto dal: Aug 2007
Messaggi: 17
|
![]() e quindi? va bè, comunque ho fatto come ha detto Riverside , ho tolto avast e ho installato antivir. Adesso faccio la scansione e poi ripubblico il log di MSNFix. Comunque grazie a tutti. |
![]() |
![]() |
#23 | |
Bannato
Iscritto dal: Feb 2005
Città: Roma
Messaggi: 7029
|
Quote:
![]() ![]() |
|
![]() |
![]() |
#24 | |
Senior Member
Iscritto dal: Apr 2007
Messaggi: 895
|
Quote:
Insomma, per farla breve, non si impara solo sbagliando, ma anche scherzando! ![]() River lo sa che ho molto apprezzato tutti i dettagli ben spiegati nella sua esemplare procedura! ![]() ![]() Chiaro? ![]() |
|
![]() |
![]() |
#25 |
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
A questo punto si può fare un ulteriore prova prendi sti benedetti file nella cartella 003 e falli analizzare su virus total
__________________
Opera disabilitazione script ed iframe ![]() |
![]() |
![]() |
#26 |
Senior Member
Iscritto dal: Apr 2007
Messaggi: 895
|
|
![]() |
![]() |
#27 | |
Bannato
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
|
Quote:
Secondo me, tutti quei processi sono legittimi: guarda il log di HThis che è stato pubblicato: non solo non sono duplicati (quindi, il sospetto di una infezione sarebbe fondato) ma, se fai caso, manca, totalmente, la localizzazione corretta C:\WINDOWS\System32\ Resto del parere che, qualcosa (o qualcuno) ha rinominato la cartella C:\WINDOWS\ in C:\WINDOWS.003\ Avevo anche evidenziato in un mio precedente post, (dimostra, anche questo, come la cartella C:\WINDOWS\ non esista): Ultima modifica di Riverside : 03-09-2007 alle 14:49. |
|
![]() |
![]() |
#28 |
Junior Member
Iscritto dal: Aug 2007
Messaggi: 17
|
AntiVir PersonalEdition Classic
Report file date: lunedì 3 settembre 2007 14:58 Scanning for 1043274 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Gianni Dj Computer name: U2Z0Y4 Version information: BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:16 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:56 LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:06 LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:19:00 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 20:24:24 ANTIVIR2.VDF : 6.39.1.74 1637376 Bytes 02/09/2007 20:24:24 ANTIVIR3.VDF : 6.39.1.79 18944 Bytes 03/09/2007 12:39:06 AVEWIN32.DLL : 7.4.1.66 2789888 Bytes 02/09/2007 20:24:24 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28 AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:52 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 02/09/2007 20:24:24 AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:10 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:06 AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:28 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:20 RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:44 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: C:\Programmi\AntiVir PersonalEdition Classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lunedì 3 settembre 2007 14:58 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'wmplayer.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned Scan process 'EasyShare.exe' - '1' Module(s) have been scanned Scan process 'aoltray.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned Scan process 'MONLITE.EXE' - '1' Module(s) have been scanned Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'WgaTray.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'WANMPSVC.EXE' - '1' Module(s) have been scanned Scan process 'VIRITSVC.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'a2service.exe' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 38 processes with 38 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Boot sector 'F:\' [NOTE] No virus was found! Starting to scan the registry. C:\WINDOWS.003\SetPoint.exe [DETECTION] Contains signature of the worm WORM/IRCBot.388096 [INFO] The file was moved to '4750057a.qua'! C:\WINDOWS.003\SetPoint.exe [DETECTION] Contains signature of the worm WORM/IRCBot.388096 The registry was scanned ( '22' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\hiberfil.sys [WARNING] The file could not be opened! C:\u5g9p7x1h4a3.exe [DETECTION] Contains signature of the dial-up program DIAL/52224.A.19 [INFO] The file was moved to '47430553.qua'! C:\WINDOWS.003\S_00305_jpg.zip [0] Archive type: ZIP --> www.S_00305_jpg-msn.com [DETECTION] Contains signature of the worm WORM/IRCBot.388096 [INFO] The file was moved to '470c0609.qua'! C:\WINDOWS.003\perfmon.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was moved to '474e061a.qua'! C:\Programmi\File comuni\delsim\del.exe [DETECTION] Contains signature of the dial-up program DIAL/52224.A.19 [INFO] The file was moved to '47480881.qua'! C:\Documents and Settings\Gianni Dj\Impostazioni locali\Temp\VIRIT\perfmon.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was moved to '474e0b01.qua'! C:\Documents and Settings\Gianni Dj\Impostazioni locali\Temporary Internet Files\Content.IE5\OLQROTUV\backup[1].zip [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was moved to '473f0b35.qua'! C:\Documents and Settings\Gianni Dj\Impostazioni locali\Temporary Internet Files\Content.IE5\I1KLM5KP\mod4[1].rar [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was moved to '47400b52.qua'! C:\System Volume Information\_restore{7E2DEE66-14B4-4382-B786-DA7F153BF3DF}\RP1\A0000022.exe [DETECTION] Contains signature of the dial-up program DIAL/52224.A.19 [INFO] The file was moved to '470c0c72.qua'! C:\System Volume Information\_restore{7E2DEE66-14B4-4382-B786-DA7F153BF3DF}\RP3\A0000153.exe [DETECTION] Contains signature of the worm WORM/IRCBot.388096 [INFO] The file was moved to '470c0c83.qua'! C:\System Volume Information\_restore{7E2DEE66-14B4-4382-B786-DA7F153BF3DF}\RP3\A0000154.exe [DETECTION] Contains signature of the dial-up program DIAL/52224.A.19 [INFO] The file was moved to '470c0c87.qua'! C:\System Volume Information\_restore{7E2DEE66-14B4-4382-B786-DA7F153BF3DF}\RP3\A0000155.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was moved to '470c0c89.qua'! C:\System Volume Information\_restore{7E2DEE66-14B4-4382-B786-DA7F153BF3DF}\RP3\A0000156.exe [DETECTION] Contains signature of the dial-up program DIAL/52224.A.19 [INFO] The file was moved to '470c0c8c.qua'! Begin scan in 'A:\' Search path A:\ could not be opened! Periferica non pronta. Begin scan in 'F:\' <KATE'S MP3> Begin scan in 'D:\' Search path D:\ could not be opened! Periferica non pronta. Begin scan in 'E:\' Search path E:\ could not be opened! Periferica non pronta. End of the scan: lunedì 3 settembre 2007 15:31 Used time: 32:40 min The scan has been done completely. 3497 Scanning directories 107812 Files were scanned 13 viruses and/or unwanted programs were found 0 classified as suspicious: 0 files were deleted 0 files were repaired 13 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 107799 Files not concerned 1222 Archives were scanned 3 Warnings 9 Notes 0 Hidden objects were found scusate l'ignoranza lo so che adesso vi stupirò...ma mettere in quarantena un virus significa isolarlo, invece di cancellarlo? ![]() MSNFix 1.484 C:\Documents and Settings\Gianni Dj\Desktop\MSNFix Fix effettuato il 03/09/2007 - 15.42.42,49 By Gianni Dj modalità normale ************************ Cercare i files presenti ... C:\WINDOWS.003\system32\microsoft\backup.ftp ... C:\WINDOWS.003\system32\microsoft\backup.tftp ... C:\WINDOWS.003\Z058_jpg.zip ************************ Ricerca le cartelle presenti Nessuna cartella trovata ************************ Eliminazione dei files .. OK ... C:\WINDOWS.003\system32\microsoft\backup.ftp .. OK ... C:\WINDOWS.003\system32\microsoft\backup.tftp .. OK ... C:\WINDOWS.003\Z058_jpg.zip ************************ Pulizia del Registro ************************ Files sospetti /!\ questi files necessitano di un parere esperto prima di qualsiasi intervento [C:\WINDOWS.003\system32\Logo.scr] A0B457A21E5726E0F8BCEA887701B213 [C:\WINDOWS.003\system32\anfysave.scr] 414E884ABCB21F6C25BDCAE584D642BC I files e le chiavi di registro eliminati sono stati salvati nel file 03092007_15.43.2307.zip ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- |
![]() |
![]() |
#29 | |
Senior Member
Iscritto dal: Apr 2007
Messaggi: 895
|
Quote:
![]() |
|
![]() |
![]() |
#30 |
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
Ciao Riverside..
![]() ![]()
__________________
Opera disabilitazione script ed iframe ![]() |
![]() |
![]() |
#31 |
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
edit: dal log della scansione ha una backdoor e dialer sul pc
__________________
Opera disabilitazione script ed iframe ![]() |
![]() |
![]() |
#32 |
Bannato
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
|
E non solo quello, a quanto pare.
Certo che è strano che Asquared non abbia rilevato, perlomeno questa roba, per esempio: Starting to scan the registry. C:\WINDOWS.003\SetPoint.exe [DETECTION] Contains signature of the worm WORM/IRCBot.388096 [INFO] The file was moved to '4750057a.qua'! C:\WINDOWS.003\SetPoint.exe [DETECTION] Contains signature of the worm WORM/IRCBot.388096 Ultima modifica di Riverside : 03-09-2007 alle 15:09. |
![]() |
![]() |
#33 |
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
forse non hai neanche disattivato il ripristino di sistema QUI link in quanto l'antivirus ne ha trovati di "ospiti" anche lì
__________________
Opera disabilitazione script ed iframe ![]() |
![]() |
![]() |
#34 |
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
direi che a questo punto devi rifare tutta la procedura postata da riverside disattivando il ripristino rifacendo le scansioni ripublicando i vari log,e aggiungi come antispyware anche questoche è free e molto efficace
Superantispyware aggiornalo e fagli fare una "Perform complete scan" da "scan your computer" Un'altra cosa fai anche scansione degli ads Così:apri hijackthis clicca "open the misc tools section",click su "open ads spy",leva la spunta a "quick scan",click sul tasto "scan" e riporta qui cosa ha rilevato. Adesso vi saluto..vado al lavoro
__________________
Opera disabilitazione script ed iframe ![]() |
![]() |
![]() |
#35 | |
Bannato
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
|
Quote:
pensa che lo avevo, anche, evidenziato ![]() |
|
![]() |
![]() |
#36 |
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
La tua guida è ottima e chiara Riverside,
![]() ![]() Saluti ![]()
__________________
Opera disabilitazione script ed iframe ![]() |
![]() |
![]() |
#37 | |
Junior Member
Iscritto dal: Aug 2007
Messaggi: 17
|
Quote:
adesso rifaccio tutto. ps: il download di superantispyware mi si blocca! comunque faccio tutta la procedura e poi ripubblico i log. |
|
![]() |
![]() |
#38 | |
Bannato
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
|
Quote:
E sempre in quella modalità rifai una scansione completa con l'antivirus. |
|
![]() |
![]() |
#39 |
Junior Member
Iscritto dal: Aug 2007
Messaggi: 17
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.57.51, on 03/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS.003\System32\smss.exe C:\WINDOWS.003\system32\winlogon.exe C:\WINDOWS.003\system32\services.exe C:\WINDOWS.003\system32\lsass.exe C:\WINDOWS.003\system32\svchost.exe C:\WINDOWS.003\System32\svchost.exe C:\WINDOWS.003\system32\spoolsv.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS.003\system32\svchost.exe C:\VEXPLITE\viritsvc.exe C:\WINDOWS.003\wanmpsvc.exe C:\WINDOWS.003\Explorer.EXE C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe C:\Programmi\QuickTime\qttask.exe C:\WINDOWS.003\system32\rundll32.exe C:\VEXPLITE\MONLITE.EXE C:\WINDOWS.003\wdfmgr.exe C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS.003\system32\ctfmon.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\AOL 7.0\aoltray.exe C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Programmi\Google\Google Updater\GoogleUpdater.exe C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS.003\system32\WgaTray.exe C:\Programmi\a-squared Free\a2service.exe C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\GIANNI~1\IMPOST~1\Temp\Rar$EX00.461\HijackThis.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE O4 - HKLM\..\Run: [wdfmgr.exe] C:\WINDOWS.003\wdfmgr.exe O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.003\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.003\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.003\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.003\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.003\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Icône AOL.lnk = C:\Programmi\AOL 7.0\aoltray.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\AIM.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.happyfile.net O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cathlythebest.spaces.live.com...d/MsnPUpld.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cathlythebest.spaces.live.com...d/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS.003\wanmpsvc.exe -- End of file - 6813 bytes ![]() |
![]() |
![]() |
#40 |
Senior Member
Iscritto dal: Apr 2007
Messaggi: 895
|
Vedo che attendi da parecchio...
Io non sono espertissima, ma ti posso dire che di questo ho letto qualcosa in giro: C:\Programmi\Bonjour\mDNSResponder.exe La parola "Bonjour" fa eco nella mia mente. Prova a fare una ricerca su google (intanto che attendi risposte da altri più esperti), oppure fai analizzare quel file (mDNSResponder.exe) da virustotal, a questo indirizzo: http://www.virustotal.com/it/ Se non sai come fare: clicca sul tasto "Scegli", vai nella directory (cartella) sopra indicata e seleziona il file in questione, poi clicca su "Apri". Il sito caricherà quel file e lo analizzerà con una quindicina di antivirus ('na figata! ![]() ![]() Intanto fai questo. |
![]() |
![]() |
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 14:44.