|
|
|
|
Strumenti |
11-09-2007, 09:19 | #1 |
Senior Member
Iscritto dal: Dec 2005
Città: a casa
Messaggi: 511
|
[win XP] virus Windows security alert
salve ragazzi ,ho un problema con il mio pc ogni tanto appare la schermata windows security alert...ho lasciato il mio pc nelle mani di mio padre per un giorno,questo è il risultato...ho il taskmanager disabilitato mi dice di contattare l'amministratore idem con Installazione/applicazioni .ho fatto la scanzione con Avast professional ma nn ho trovato niente,ho installato Spyware Doctor (aggiornato)è mi trova un WinAvXX.exe ma nn riesce ad eliminarlo ,mentre Ad-Aware 2007 nn trova niente..cosa devo fare???
sinceramente vorrei formatttare ma ho il dual boot del vista e nn so come succederebbe nel caso formattassi.... grazie mille a tutti
__________________
My pc:MB:intel865 PERL,pentium 4 3.0 prescott,1Gb RAM 2.5-3-3-7,Sapphire 9600XT 256Mb,terratec cinergy 400,MAXTOR 160GB SerialATA,LG DVDRAM-4160B,LG CD-RW GCE-8520B,LG DVD-ROM GDR8163B GSACreative® Inspire™ P5800 Ultima modifica di kizzuaziz : 11-09-2007 alle 09:22. |
11-09-2007, 09:25 | #2 |
Senior Member
Iscritto dal: Aug 2005
Città: Genova
Messaggi: 3391
|
c'è la sezione "aiuto sono infetto! cosa faccio?"
posta un log di hijackthis |
11-09-2007, 10:39 | #3 |
Moderatore
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27465
|
thread spostato.
quando si ha il sospetto d'essere infetti bisognerebbe per prima cosa seguire la metodologia standard per ripulire almeno parzialmente il proprio pc: scarica e installa e scansiona con i seguenti tool: ASQUARED FREE: http://download5.emsisoft.com/a2FreeSetup.exe PANDA ANTIROOTKIT: http://research.pandasoftware.com/bl...ntiRootkit.zip poi una passata di CCLEANER ( http://download.piriform.com/ccsetup141.exe ) che non guasta mai, e magari anche una passata di ADS Revealer ( http://www.nod32.it/tools/adsrevealer.php ) che serve a eliminare ed estrarre gli Alternate Data Stream in sistemi con filesystem NTFS. fatto tutto questo si fa la verifica con: HIJACKTHIS v.2.0.2: http://www.trendsecure.com/portal/en...HiJackThis.zip e posterai il log.
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
11-09-2007, 18:26 | #4 |
Member
Iscritto dal: Jan 2006
Messaggi: 113
|
re
Quote:
|
11-10-2007, 22:33 | #5 |
Junior Member
Iscritto dal: Oct 2007
Messaggi: 20
|
pure io ho lo stesso problema...sto seguendo i passi da voi descritti
|
11-10-2007, 23:50 | #6 |
Moderatore
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27465
|
facci sapere
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
12-10-2007, 01:23 | #7 |
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3254
|
di solito quello arriva dal servizio net send.............da disabilitare
Tasto dx su risorse del computer->gestione->servizi e applicazioni->servizi->messenger tasto dx su messenger->tipo di avvio impostare su disabilitato....non ha a che fare con live messenger..e comunque in ogni caso è solo un servizio (se non avete lan e vi inviate messaggi) inutile. Saluti
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta... |
12-10-2007, 07:09 | #8 | |
Moderatore
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27465
|
Quote:
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
12-10-2007, 08:05 | #9 | |
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28661
|
Quote:
|
|
12-10-2007, 09:33 | #10 |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Scarica sul Desktop SmitFraudfix e decomprimilo http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Riavvia in modalità provvisoria F8 Apri la cartella che contiene SmitfraudFix e avvia smitfraudfix.cmd Seleziona opzione 2 - Clean cliccando sul 2 e premi Invio. Riceverai questo messaggio: Registry cleaning - Do you want to clean the registry ? Rispondi Sì cliccando Y e premi invio. Rispondi Sì (Y) ad eventuali altre domande eseguita la scansione dopo il riavvio del pc copia e incolla il report qui.
__________________
Try again and you will be luckier.
Ultima modifica di Chill-Out : 24-10-2007 alle 10:06. |
12-10-2007, 13:13 | #11 |
Junior Member
Iscritto dal: Oct 2007
Messaggi: 20
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.11.49, on 12/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\Eset\nod32kui.exe C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmi\Intel Audio Studio\IntelAudioStudio.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe C:\Programmi\VMware\VMware Workstation\hqtray.exe C:\WINDOWS\system32\WinAvXX.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\devldr32.exe C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe C:\Programmi\Empire\Programmi Pen Dual TV\EMRCtl.exe C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE I:\xampp\mysql\bin\mysqld-nt.exe C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programmi\VMware\VMware Workstation\vmware-authd.exe C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Programmi\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\a-squared Free\a2service.exe C:\DOCUME~1\Andrea\IMPOST~1\Temp\Rar$EX02.766\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Programmi\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [vmware-tray] C:\Programmi\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Programmi\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Startup: system.exe O4 - Global Startup: autorun.exe O4 - Global Startup: Barra delle applicazioni di ATI CATALYST.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Controllo remoto.lnk = C:\Programmi\Empire\Programmi Pen Dual TV\EMRCtl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.supereva.it/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0FD36843-6D4A-418A-A5CE-3CC6196597AE}: NameServer = 194.177.67.35,194.177.67.36 O17 - HKLM\System\CCS\Services\Tcpip\..\{48DC717E-108C-4EAA-BD1E-BBDE02944DA5}: NameServer = 194.177.67.35,194.177.67.36 O17 - HKLM\System\CCS\Services\Tcpip\..\{5A97EA06-FD34-427B-9CF0-44FE265F0AD9}: NameServer = 194.177.67.35,194.177.67.36 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: Apache2.2 - Apache Software Foundation - I:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing) O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - I:\xampp\FileZillaFTP\FileZillaServer.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe O23 - Service: mysql - Unknown owner - I:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: XAMPP Service (XAMPP) - Unknown owner - I:\xampp\service.exe -- End of file - 11248 bytes |
12-10-2007, 13:41 | #12 | ||
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
a.xin90
sei bello pieno... fixia queste voci, prima disabilita il ripristinio di configurazione di sistema: Quote:
C:\WINDOWS\system32\WinAvXX.exe questi sono sospetti, per ora non fixarli Quote:
una volta installato, lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su: ● Impostazioni, e spunta la voce Cancellazione sicura (lenta) poi su: ● Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore ● alla voce Pulizia, spunta tutte le quelle comprese nella sezione Avanzate ● nel menu a sinistra, clicca sulla voce Pulizia, clicca su tasto Avvia Pulizia per eseguire la scansione ● sempre nel menu a sinistra, clicca sulla voce Problemi, clicca sul tasto Trova problemi ed avvia una scansione; al termine della scansione clicca sulla voce Ripara selezionati e prosegui poi scaricati PREVX 2.0 (versione trial di 30 giorni) e fai una bella SCANSIONE COMPLETA del sistema, alla fine dicci se ha trovato qualcosa e posta un nuovo log di hijackthis
__________________
Disinfettare da disk knight.exe / Icone desktop sparite? / Guida Rimozione Virus MSN Guida "Impossibile installare alcuni aggiornamenti XP / Ultima modifica di Gle89 : 12-10-2007 alle 13:43. |
||
12-10-2007, 13:43 | #13 |
Junior Member
Iscritto dal: Oct 2007
Messaggi: 20
|
SmitFraudFix v2.240
Scan done at 15.32.28,40, 12/10/2007 Run from C:\Documents and Settings\Andrea\Desktop\SmitfraudFix OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 192.168.200.3 ad.doubleclick.net 192.168.200.3 ad.fastclick.net 192.168.200.3 ads.fastclick.net 192.168.200.3 ar.atwola.com 192.168.200.3 atdmt.com 192.168.200.3 avp.ch 192.168.200.3 avp.com 192.168.200.3 avp.ru 192.168.200.3 awaps.net 192.168.200.3 banner.fastclick.net 192.168.200.3 banners.fastclick.net 192.168.200.3 ca.com 192.168.200.3 click.atdmt.com 192.168.200.3 clicks.atdmt.com 192.168.200.3 customer.symantec.com 192.168.200.3 dispatch.mcafee.com 192.168.200.3 download.mcafee.com 192.168.200.3 downloads-us1.kaspersky-labs.com 192.168.200.3 downloads-us2.kaspersky-labs.com 192.168.200.3 downloads-us3.kaspersky-labs.com 192.168.200.3 downloads1.kaspersky-labs.com 192.168.200.3 downloads2.kaspersky-labs.com 192.168.200.3 downloads3.kaspersky-labs.com 192.168.200.3 downloads4.kaspersky-labs.com 192.168.200.3 engine.awaps.net 192.168.200.3 f-secure.com 192.168.200.3 fastclick.net 192.168.200.3 ftp.avp.ch 192.168.200.3 ftp.downloads1.kaspersky-labs.com 192.168.200.3 ftp.downloads2.kaspersky-labs.com 192.168.200.3 ftp.downloads3.kaspersky-labs.com 192.168.200.3 ftp.f-secure.com 192.168.200.3 ftp.kasperskylab.ru 192.168.200.3 ftp.sophos.com 192.168.200.3 ids.kaspersky-labs.com 192.168.200.3 kaspersky-labs.com 192.168.200.3 kaspersky.com 192.168.200.3 liveupdate.symantec.com 192.168.200.3 liveupdate.symantecliveupdate.com 192.168.200.3 mast.mcafee.com 192.168.200.3 mcafee.com 192.168.200.3 media.fastclick.net 192.168.200.3 my-etrust.com 192.168.200.3 nai.com 192.168.200.3 networkassociates.com 192.168.200.3 norton.com 192.168.200.3 phx.corporate-ir.net 192.168.200.3 rads.mcafee.com 192.168.200.3 secure.nai.com 192.168.200.3 securityresponse.symantec.com 192.168.200.3 service1.symantec.com 192.168.200.3 sophos.com 192.168.200.3 spd.atdmt.com 192.168.200.3 symantec.com 192.168.200.3 trendmicro.com 192.168.200.3 update.symantec.com 192.168.200.3 updates.symantec.com 192.168.200.3 updates1.kaspersky-labs.com 192.168.200.3 updates2.kaspersky-labs.com 192.168.200.3 updates3.kaspersky-labs.com 192.168.200.3 updates4.kaspersky-labs.com 192.168.200.3 updates5.kaspersky-labs.com 192.168.200.3 us.mcafee.com 192.168.200.3 vil.nai.com 192.168.200.3 viruslist.com 192.168.200.3 viruslist.ru 192.168.200.3 virusscan.jotti.org 192.168.200.3 virustotal.com 192.168.200.3 www.avp.ch 192.168.200.3 www.avp.com 192.168.200.3 www.avp.ru 192.168.200.3 www.awaps.net 192.168.200.3 www.ca.com 192.168.200.3 www.f-secure.com 192.168.200.3 www.fastclick.net 192.168.200.3 www.grisoft.com 192.168.200.3 www.kaspersky-labs.com 192.168.200.3 www.kaspersky.com 192.168.200.3 www.kaspersky.ru 192.168.200.3 www.mcafee.com 192.168.200.3 www.my-etrust.com 192.168.200.3 www.nai.com 192.168.200.3 www.networkassociates.com 192.168.200.3 www.sophos.com 192.168.200.3 www.symantec.com 192.168.200.3 www.symantec.com 192.168.200.3 www.trendmicro.com 192.168.200.3 www.viruslist.com 192.168.200.3 www.viruslist.ru 192.168.200.3 www.virustotal.com 192.168.200.3 www3.ca.com »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\Delete_Me_Dummy_sulimo.dat Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{0FD36843-6D4A-418A-A5CE-3CC6196597AE}: NameServer=194.177.67.35,194.177.67.36 HKLM\SYSTEM\CCS\Services\Tcpip\..\{48DC717E-108C-4EAA-BD1E-BBDE02944DA5}: NameServer=194.177.67.35,194.177.67.36 HKLM\SYSTEM\CCS\Services\Tcpip\..\{5A97EA06-FD34-427B-9CF0-44FE265F0AD9}: NameServer=194.177.67.35,194.177.67.36 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0FD36843-6D4A-418A-A5CE-3CC6196597AE}: NameServer=194.177.67.35,194.177.67.36 HKLM\SYSTEM\CS1\Services\Tcpip\..\{48DC717E-108C-4EAA-BD1E-BBDE02944DA5}: NameServer=194.177.67.35,194.177.67.36 HKLM\SYSTEM\CS1\Services\Tcpip\..\{5A97EA06-FD34-427B-9CF0-44FE265F0AD9}: NameServer=194.177.67.35,194.177.67.36 HKLM\SYSTEM\CS2\Services\Tcpip\..\{0FD36843-6D4A-418A-A5CE-3CC6196597AE}: NameServer=194.177.67.35,194.177.67.36 HKLM\SYSTEM\CS2\Services\Tcpip\..\{48DC717E-108C-4EAA-BD1E-BBDE02944DA5}: NameServer=194.177.67.35,194.177.67.36 HKLM\SYSTEM\CS2\Services\Tcpip\..\{5A97EA06-FD34-427B-9CF0-44FE265F0AD9}: NameServer=194.177.67.35,194.177.67.36 HKLM\SYSTEM\CS3\Services\Tcpip\..\{0FD36843-6D4A-418A-A5CE-3CC6196597AE}: NameServer=194.177.67.35,194.177.67.36 HKLM\SYSTEM\CS3\Services\Tcpip\..\{48DC717E-108C-4EAA-BD1E-BBDE02944DA5}: NameServer=194.177.67.35,194.177.67.36 HKLM\SYSTEM\CS3\Services\Tcpip\..\{5A97EA06-FD34-427B-9CF0-44FE265F0AD9}: NameServer=194.177.67.35,194.177.67.36 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End |
12-10-2007, 13:45 | #14 | |
Junior Member
Iscritto dal: Oct 2007
Messaggi: 20
|
Quote:
come si fa a fixare i file?? |
|
12-10-2007, 13:46 | #15 |
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
apri di nuovo HJT con la seconda opzione "do a system scan" ora selezioni, mettendo la spunta, sulla sinistra delle voci che ti ho detto, alla fine clicchi FIX CHECKED (in basso) e poi dai conferma.
Controlla ammodo il mio post precedente perchè ho fatto delle modifiche |
12-10-2007, 14:00 | #16 |
Junior Member
Iscritto dal: Oct 2007
Messaggi: 20
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.59.26, on 12/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\Eset\nod32kui.exe C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmi\Intel Audio Studio\IntelAudioStudio.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe C:\Programmi\VMware\VMware Workstation\vmware-tray.exe C:\Programmi\VMware\VMware Workstation\hqtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programmi\Empire\Programmi Pen Dual TV\EMRCtl.exe C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe C:\WINDOWS\system32\devldr32.exe C:\Programmi\a-squared Free\a2service.exe C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\ati2sgag.exe C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe I:\xampp\mysql\bin\mysqld-nt.exe C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\VMware\VMware Workstation\vmware-authd.exe C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe I:\xampp\service.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\Andrea\IMPOST~1\Temp\Rar$EX00.015\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Programmi\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [vmware-tray] C:\Programmi\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Programmi\VMware\VMware Workstation\hqtray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Controllo remoto.lnk = C:\Programmi\Empire\Programmi Pen Dual TV\EMRCtl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.supereva.it/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0FD36843-6D4A-418A-A5CE-3CC6196597AE}: NameServer = 194.177.67.35,194.177.67.36 O17 - HKLM\System\CCS\Services\Tcpip\..\{48DC717E-108C-4EAA-BD1E-BBDE02944DA5}: NameServer = 194.177.67.35,194.177.67.36 O17 - HKLM\System\CCS\Services\Tcpip\..\{5A97EA06-FD34-427B-9CF0-44FE265F0AD9}: NameServer = 194.177.67.35,194.177.67.36 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: Apache2.2 - Apache Software Foundation - I:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - I:\xampp\FileZillaFTP\FileZillaServer.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe O23 - Service: mysql - Unknown owner - I:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: XAMPP Service (XAMPP) - Unknown owner - I:\xampp\service.exe -- End of file - 10323 bytes |
12-10-2007, 14:05 | #17 |
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
il log per ora è pulito ma ti avevo detto di postarlo DOPO la pulizia di CCleaner e dopo PREVX
|
12-10-2007, 14:36 | #18 |
Junior Member
Iscritto dal: Oct 2007
Messaggi: 20
|
scusami...mancava l'ultimo pezzo...dopo aver passato prevx 2.0 non ho trovato alcun servizio o programma strano...ho fatto anche una scansione dei file e non è risultato niente...il nuovo report è:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16.36.37, on 12/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\a-squared Free\a2service.exe C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE I:\xampp\mysql\bin\mysqld-nt.exe C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programmi\Prevx2\PXAgent.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\VMware\VMware Workstation\vmware-authd.exe C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\Eset\nod32kui.exe C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\devldr32.exe C:\Programmi\PC Connectivity Solution\ServiceLayer.exe C:\Programmi\Intel Audio Studio\IntelAudioStudio.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe C:\Programmi\VMware\VMware Workstation\vmware-tray.exe C:\Programmi\VMware\VMware Workstation\hqtray.exe C:\Programmi\Prevx2\PXConsole.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programmi\Empire\Programmi Pen Dual TV\EMRCtl.exe C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programmi\Internet Explorer\iexplore.exe C:\DOCUME~1\Andrea\IMPOST~1\Temp\Rar$EX00.610\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Programmi\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [vmware-tray] C:\Programmi\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Programmi\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx2\PXConsole.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Controllo remoto.lnk = C:\Programmi\Empire\Programmi Pen Dual TV\EMRCtl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.supereva.it/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0FD36843-6D4A-418A-A5CE-3CC6196597AE}: NameServer = 194.177.67.35,194.177.67.36 O17 - HKLM\System\CCS\Services\Tcpip\..\{48DC717E-108C-4EAA-BD1E-BBDE02944DA5}: NameServer = 194.177.67.35,194.177.67.36 O17 - HKLM\System\CCS\Services\Tcpip\..\{5A97EA06-FD34-427B-9CF0-44FE265F0AD9}: NameServer = 194.177.67.35,194.177.67.36 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: Apache2.2 - Apache Software Foundation - I:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - I:\xampp\FileZillaFTP\FileZillaServer.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe O23 - Service: mysql - Unknown owner - I:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: XAMPP Service (XAMPP) - Unknown owner - I:\xampp\service.exe -- End of file - 10722 bytes |
12-10-2007, 14:50 | #19 |
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
pulito io il log, quali sono ora i tuoi problemi?
|
12-10-2007, 14:51 | #20 |
Bannato
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
|
Fixa queste:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" –atboottime O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE Se quegli IP non sono roba tua, fixa anche queste: O17 - HKLM\System\CCS\Services\Tcpip\..\{0FD36843-6D4A-418A-A5CE-3CC6196597AE}: NameServer = 194.177.67.35,194.177.67.36 O17 - HKLM\System\CCS\Services\Tcpip\..\{48DC717E-108C-4EAA-BD1E-BBDE02944DA5}: NameServer = 194.177.67.35,194.177.67.36 O17 - HKLM\System\CCS\Services\Tcpip\..\{5A97EA06-FD34-427B-9CF0-44FE265F0AD9}: NameServer = 194.177.67.35,194.177.67.36 |
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 04:40.