Pc lentissimo pagine che si aprono da sole - Pagina 3

maverik73 · 11-10-2007, 21:20

Questo e il nuovo log
ho trovato un vundo nel file ddayw.dll non so come eliminarlo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.20.33, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Programmi\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Panda Security\Panda Antivirus 2008\psimsvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programmi\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Programmi\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A9173C0-492D-4A5B-A43D-06A717A3E1AC}: NameServer = 85.37.17.9 85.38.28.75
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A9173C0-492D-4A5B-A43D-06A717A3E1AC}: NameServer = 85.37.17.9 85.38.28.75
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmi\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmi\Panda Security\Panda Antivirus 2008\psimsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 5619 bytes

**Chill-Out** · 11-10-2007, 21:22

Quello che non ho ancora capito è questo: li hai fatti girare i tool per rimuovere Vundo?
Edit: il log è pulito, potresti inoltre indicare il percorso di ddayw.dll

maverik73 · 12-10-2007, 00:09

si ma dopo un po ne trova altri

il percorso e c:windows\system32

lancetta · 12-10-2007, 02:49

Quote:

Originariamente inviato da maverik73

si ma dopo un po ne trova altri

il percorso e c:windows\system32

hai disabilitato il ripristino?(Disattivazione ripristino: start--> pannello di controllo--> sistema--> ripristino config--> spuntare la casella disattiva--> applica--> ok)
L'ultimo tool che ti ha consigliato chill... và usato in modalità provvisoria (riavvia il pc e premi ripetutamente F8,si aprirà una schermata testuale su sfondo nero, scegli con le frecce avvio in modalità provvisoria)
Ma sopratutto usa Elistara(importante) come detto da Riverside e posta il log che ti rilascia in C:

xcdegasp · 12-10-2007, 08:17

Quote:

Originariamente inviato da maverik73

Fatto ho aggiunto .jpg xche non li acettava

il file "cfdbaslb.dll" è il worm Vundo mentre "rundll32.exe" è sano

maverik73 · 12-10-2007, 11:02

Ma ripristino configurazione di sistema lo devo lasciare disattivato?

questi sono i due log

Fri Oct 12 10:20:49 2007
EliStartPage v14.82 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Programmi\Microsoft ActiveSync\RAPIPROXYSTUB.DLL --> Acceso Denegado, FakeAlert
C:\Programmi\Telecom Italia\AdslWizzy\Guida\common\utilities\exec\ALICE_INSTALLER.EXE --> Eliminado, KeyLogger.FL

[10/12/2007, 10:01:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Mav\Desktop\VirtumundoBeGone.exe" )
[10/12/2007, 10:01:13] - Detected System Information:
[10/12/2007, 10:01:13] - Windows Version: 5.1.2600, Service Pack 2
[10/12/2007, 10:01:13] - Current Username: Mav (Admin)
[10/12/2007, 10:01:13] - Windows is in SAFE mode with Networking.
[10/12/2007, 10:01:13] - Searching for Browser Helper Objects:
[10/12/2007, 10:01:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/12/2007, 10:01:13] - BHO 2: {10C92EA9-6D3B-4361-A5F3-69D81EE7C9E8} ()
[10/12/2007, 10:01:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/12/2007, 10:01:13] - No filename found. Continuing.
[10/12/2007, 10:01:13] - BHO 3: {1B119BCC-D829-490D-8567-56C05DA6AE45} ()
[10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/12/2007, 10:01:14] - No filename found. Continuing.
[10/12/2007, 10:01:14] - BHO 4: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} ()
[10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/12/2007, 10:01:14] - No filename found. Continuing.
[10/12/2007, 10:01:14] - BHO 5: {4BA96238-C065-42A8-981D-F963A01B60A7} ()
[10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/12/2007, 10:01:14] - No filename found. Continuing.
[10/12/2007, 10:01:14] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/12/2007, 10:01:14] - BHO 7: {57352B53-6842-4AA5-9A8A-6DA9AD63CB92} ()
[10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/12/2007, 10:01:14] - No filename found. Continuing.
[10/12/2007, 10:01:14] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/12/2007, 10:01:14] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/12/2007, 10:01:14] - No filename found. Continuing.
[10/12/2007, 10:01:14] - BHO 10: {80F6E103-73D8-4DAF-9452-955AA132C2FD} ()
[10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/12/2007, 10:01:14] - No filename found. Continuing.
[10/12/2007, 10:01:14] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/12/2007, 10:01:14] - BHO 12: {9EAD45AB-09C3-497E-B069-B7EBA8B8BA4E} ()
[10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/12/2007, 10:01:14] - No filename found. Continuing.
[10/12/2007, 10:01:14] - BHO 13: {A475E4BE-9809-429B-9D96-9236D6CBE147} ()
[10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/12/2007, 10:01:14] - No filename found. Continuing.
[10/12/2007, 10:01:14] - BHO 14: {ABDB4C1E-F7EB-4856-9F8F-964BD526ABA9} ()
[10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/12/2007, 10:01:14] - Checking for HKLM\...\Winlogon\Notify\ddayw
[10/12/2007, 10:01:14] - Key not found: HKLM\...\Winlogon\Notify\ddayw, continuing.
[10/12/2007, 10:01:14] - BHO 15: {AF94A05B-56CB-41B5-89AB-EA68A3E0C094} ()
[10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/12/2007, 10:01:14] - No filename found. Continuing.
[10/12/2007, 10:01:14] - BHO 16: {C9F89675-46FC-4A13-994F-D4D455AAF4BC} ()
[10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/12/2007, 10:01:14] - No filename found. Continuing.
[10/12/2007, 10:01:14] - Finished Searching Browser Helper Objects
[10/12/2007, 10:01:14] - Finishing up...
[10/12/2007, 10:01:14] - Nothing found! Exiting...

grazie

xcdegasp · 12-10-2007, 12:17

per ora sì.. non capisco dove sia il problema ad averlo spento, ti facciamo risparmiare spazio disco che solitamente è preda di virus

maverik73 · 12-10-2007, 13:30

Ok,era solo x capire!

che ne dici dei log?

Riverside · 12-10-2007, 14:03

Quote:

Originariamente inviato da maverik73

Ok,era solo x capire!

Disabilita il Ripristino configurazione di sistema

scarica ed esegui:

● VUNDOFIX: clicca qui per il download

oppure

● SYMANTEC FIXVUNDO: clicca qui per il download

Al termine, pubblica un nuovo log di Hthis.

maverik73 · 12-10-2007, 14:53

Fatto!!!
ma con vundofix non trova niente
dopo vari tools
il pc funziona
dopo 1 ora ne prende altri ho panda come antivirus

ogni tanto mi esce un errore c++ explorer overraid....
e devo riavviare il pc

lancetta · 12-10-2007, 23:04

fai analizzare un attimino questo C:\Programmi\Microsoft ActiveSync\RAPIPROXYSTUB.DLL QUI...se dovesse essere malefico vediamo come eliminarlo....

11-10-2007, 21:22	#42
Chill-Out Moderatore Iscritto dal: Jun 2007 Città: 127.0.0.1 Messaggi: 25885	Quello che non ho ancora capito è questo: li hai fatti girare i tool per rimuovere Vundo? Edit: il log è pulito, potresti inoltre indicare il percorso di ddayw.dll __________________ Regole di Sezione ▪ Guida alla Disinfezione ▪ Attenzione: Thread importanti Try again and you will be luckier. Ultima modifica di Chill-Out : 11-10-2007 alle 21:29.

12-10-2007, 12:17	#47
xcdegasp Senior Member Iscritto dal: Nov 2001 Città: Fidenza(pr) da Trento Messaggi: 27479	per ora sì.. non capisco dove sia il problema ad averlo spento, ti facciamo risparmiare spazio disco che solitamente è preda di virus __________________ "Visti da vicino siamo tutti strani..." ~\|~ What Defines a Community? ~\|~ Thread eMule Ufficiale ~\|~ Online Armor in Italiano ~\|~ Regole di Sezione ~\|► Guida a PrivateFirewall quinto potere ~\|~ Le illusioni della TV

12-10-2007, 23:04	#51
lancetta Senior Member Iscritto dal: Feb 2007 Città: Salerno...... Messaggi: 3259	fai analizzare un attimino questo C:\Programmi\Microsoft ActiveSync\RAPIPROXYSTUB.DLL QUI...se dovesse essere malefico vediamo come eliminarlo.... __________________ Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA \| GUIDA:ShutdownTimer (Spegnimento auto pc) \| Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...

11-10-2007, 21:20	#41
maverik73 Junior Member Iscritto dal: Oct 2007 Messaggi: 21	Questo e il nuovo log ho trovato un vundo nel file ddayw.dll non so come eliminarlo Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21.20.33, on 11/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Programmi\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Programmi\a-squared Free\a2service.exe C:\Programmi\Panda Security\Panda Antivirus 2008\psimsvc.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Programmi\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Programmi\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.it R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe" O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{0A9173C0-492D-4A5B-A43D-06A717A3E1AC}: NameServer = 85.37.17.9 85.38.28.75 O17 - HKLM\System\CS2\Services\Tcpip\..\{0A9173C0-492D-4A5B-A43D-06A717A3E1AC}: NameServer = 85.37.17.9 85.38.28.75 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Programmi\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmi\Panda Security\Panda Antivirus 2008\psimsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 5619 bytes

12-10-2007, 00:09	#43
maverik73 Junior Member Iscritto dal: Oct 2007 Messaggi: 21	si ma dopo un po ne trova altri il percorso e c:windows\system32

12-10-2007, 11:02	#46
maverik73 Junior Member Iscritto dal: Oct 2007 Messaggi: 21	Ma ripristino configurazione di sistema lo devo lasciare disattivato? questi sono i due log Fri Oct 12 10:20:49 2007 EliStartPage v14.82 (c)2007 S.G.H. / Satinfo S.L. -------------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Programmi\Microsoft ActiveSync\RAPIPROXYSTUB.DLL --> Acceso Denegado, FakeAlert C:\Programmi\Telecom Italia\AdslWizzy\Guida\common\utilities\exec\ALICE_INSTALLER.EXE --> Eliminado, KeyLogger.FL [10/12/2007, 10:01:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Mav\Desktop\VirtumundoBeGone.exe" ) [10/12/2007, 10:01:13] - Detected System Information: [10/12/2007, 10:01:13] - Windows Version: 5.1.2600, Service Pack 2 [10/12/2007, 10:01:13] - Current Username: Mav (Admin) [10/12/2007, 10:01:13] - Windows is in SAFE mode with Networking. [10/12/2007, 10:01:13] - Searching for Browser Helper Objects: [10/12/2007, 10:01:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [10/12/2007, 10:01:13] - BHO 2: {10C92EA9-6D3B-4361-A5F3-69D81EE7C9E8} () [10/12/2007, 10:01:13] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/12/2007, 10:01:13] - No filename found. Continuing. [10/12/2007, 10:01:13] - BHO 3: {1B119BCC-D829-490D-8567-56C05DA6AE45} () [10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/12/2007, 10:01:14] - No filename found. Continuing. [10/12/2007, 10:01:14] - BHO 4: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} () [10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/12/2007, 10:01:14] - No filename found. Continuing. [10/12/2007, 10:01:14] - BHO 5: {4BA96238-C065-42A8-981D-F963A01B60A7} () [10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/12/2007, 10:01:14] - No filename found. Continuing. [10/12/2007, 10:01:14] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [10/12/2007, 10:01:14] - BHO 7: {57352B53-6842-4AA5-9A8A-6DA9AD63CB92} () [10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/12/2007, 10:01:14] - No filename found. Continuing. [10/12/2007, 10:01:14] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [10/12/2007, 10:01:14] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/12/2007, 10:01:14] - No filename found. Continuing. [10/12/2007, 10:01:14] - BHO 10: {80F6E103-73D8-4DAF-9452-955AA132C2FD} () [10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/12/2007, 10:01:14] - No filename found. Continuing. [10/12/2007, 10:01:14] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [10/12/2007, 10:01:14] - BHO 12: {9EAD45AB-09C3-497E-B069-B7EBA8B8BA4E} () [10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/12/2007, 10:01:14] - No filename found. Continuing. [10/12/2007, 10:01:14] - BHO 13: {A475E4BE-9809-429B-9D96-9236D6CBE147} () [10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/12/2007, 10:01:14] - No filename found. Continuing. [10/12/2007, 10:01:14] - BHO 14: {ABDB4C1E-F7EB-4856-9F8F-964BD526ABA9} () [10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/12/2007, 10:01:14] - Checking for HKLM\...\Winlogon\Notify\ddayw [10/12/2007, 10:01:14] - Key not found: HKLM\...\Winlogon\Notify\ddayw, continuing. [10/12/2007, 10:01:14] - BHO 15: {AF94A05B-56CB-41B5-89AB-EA68A3E0C094} () [10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/12/2007, 10:01:14] - No filename found. Continuing. [10/12/2007, 10:01:14] - BHO 16: {C9F89675-46FC-4A13-994F-D4D455AAF4BC} () [10/12/2007, 10:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/12/2007, 10:01:14] - No filename found. Continuing. [10/12/2007, 10:01:14] - Finished Searching Browser Helper Objects [10/12/2007, 10:01:14] - Finishing up... [10/12/2007, 10:01:14] - Nothing found! Exiting... grazie

12-10-2007, 13:30	#48
maverik73 Junior Member Iscritto dal: Oct 2007 Messaggi: 21	Ok,era solo x capire! che ne dici dei log?

12-10-2007, 14:53	#50
maverik73 Junior Member Iscritto dal: Oct 2007 Messaggi: 21	Fatto!!! ma con vundofix non trova niente dopo vari tools il pc funziona dopo 1 ora ne prende altri ho panda come antivirus ogni tanto mi esce un errore c++ explorer overraid.... e devo riavviare il pc

Strumenti
Mostra una versione stampabile Invia questa pagina per email