Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
* apertura di pagine intenet indesiderate
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
kathy
Eroe
Eroe


Registrato: 30/05/07 22:30
Messaggi: 49
Residenza: su una nota di violino
MessaggioInviato: 20 Gen 2008 18:40    Oggetto: * apertura di pagine intenet indesiderate Rispondi citando
ciao ragazzi,
ho preso sicuramente un virus perchè mi si aprono pagine improvvise d'internet.
non funziona nemmeno più internet explorer, si apre ma non si connette.
vi posto il log di HJT
grazie mille! Grazie



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.32.00, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\Willy\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Pure Team Open Exit] C:\Documents and Settings\All Users\Dati applicazioni\Option Camp Pure Team\MATH CITY.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Keep link] C:\DOCUME~1\Willy\DATIAP~1\Antilogo\fork comp settings.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?c4fd318fb3a84a0cbe0bef600b7b1df0
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?c4fd318fb3a84a0cbe0bef600b7b1df0
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{80323018-40C0-4563-9A4E-BB2955E8CFCA}: NameServer = 85.37.17.41 85.38.28.83
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7519 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 21 Gen 2008 12:35    Oggetto: Rispondi citando
Ciao kathy, Ciao

Hai beccato il CID. Laughing

Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:
Citazione:
O4 - HKLM\..\Run: [Pure Team Open Exit] C:\Documents and Settings\All Users\Dati applicazioni\Option Camp Pure Team\MATH CITY.exe
O4 - HKCU\..\Run: [Keep link] C:\DOCUME~1\Willy\DATIAP~1\Antilogo\fork comp settings.exe

clicca fix checked

Trova ed elimina i seguenti files:
C:\Documents and Settings\All Users\Dati applicazioni\Option Camp Pure Team\MATH CITY.exe
C:\Documents and Settings\Willy\Dati applicazioni\Antilogo\fork comp settings.exe

Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
kathy
Eroe
Eroe


Registrato: 30/05/07 22:30
Messaggi: 49
Residenza: su una nota di violino
MessaggioInviato: 21 Gen 2008 21:11    Oggetto: Rispondi citando
ti ringrazio molto provo a fare le cose che mi dici anche se per me e come arrampicarmi Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic Panic
Top
Profilo Invia messaggio privato
kathy
Eroe
Eroe


Registrato: 30/05/07 22:30
Messaggi: 49
Residenza: su una nota di violino
MessaggioInviato: 21 Gen 2008 21:53    Oggetto: Rispondi citando
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\Willy\Desktop\Icone di servizio\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6763 bytes non posso fare la scansione perche internet explorer non va
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 21 Gen 2008 23:28    Oggetto: Rispondi citando
Il log di hijackthis pare pulito.

Che errore ti segnala Internet Explorer? Think
Top
Profilo Invia messaggio privato
kathy
Eroe
Eroe


Registrato: 30/05/07 22:30
Messaggi: 49
Residenza: su una nota di violino
MessaggioInviato: 21 Gen 2008 23:55    Oggetto: Rispondi citando
mi dice impossibile aprire la pagina Think Think Think Think Think Think Think Think Think Think
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 22 Gen 2008 10:14    Oggetto: Rispondi citando
Lo fa con qualsiasi pagina o solo con Kaspersky?

Scarica DelDomains e salvalo sul desktop (clic con destro sul link > salva oggetto)
poi clic con destro sul file e scegli Installa.
Top
Profilo Invia messaggio privato
kathy
Eroe
Eroe


Registrato: 30/05/07 22:30
Messaggi: 49
Residenza: su una nota di violino
MessaggioInviato: 24 Gen 2008 21:25    Oggetto: Rispondi citando
ti ringrazio dopo tanti tentativi sono riuscito a capire forse Wink Wink Wink Wink Wink Wink Wink comunque è tutto a posto ti offro da bere CinCin CinCin CinCin CinCin CinCin CinCin CinCin CinCin CinCin CinCin CinCin CinCin CinCin CinCin CinCin CinCin CinCin
Top
Profilo Invia messaggio privato
kathy
Eroe
Eroe


Registrato: 30/05/07 22:30
Messaggi: 49
Residenza: su una nota di violino
MessaggioInviato: 25 Gen 2008 00:48    Oggetto: Rispondi citando
ti mando il log che ho fatto perche ce qualcosa che non funziona Thursday, January 24, 2008 11:36:52 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/01/2008
Kaspersky Anti-Virus database records: 531609
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 35974
Number of viruses found 3
Number of infected objects 5
Number of suspicious objects 0
Duration of the scan process 01:45:11

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Willy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Willy\Dati applicazioni\Antilogo\nhrzprwz.exe Infected: Trojan.Win32.Inject.qu skipped
C:\Documents and Settings\Willy\Dati applicazioni\Antilogo\vqirefhe.exe Infected: Trojan.Win32.Inject.rx skipped
C:\Documents and Settings\Willy\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Willy\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Willy\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Willy\Impostazioni locali\Dati applicazioni\Identities\{35F13328-11B6-41F6-A5CD-8BA332BC46DE}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Willy\Impostazioni locali\Dati applicazioni\Identities\{35F13328-11B6-41F6-A5CD-8BA332BC46DE}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Willy\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Willy\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Willy\Impostazioni locali\Temp\~DFC220.tmp Object is locked skipped
C:\Documents and Settings\Willy\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Willy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Willy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Willy\x_dtrace_log Object is locked skipped
C:\Programmi\Secured eMule\SecuredEmule_new08.exe Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{45A1CEC0-06B0-47B0-A62E-9B34854E11FB}\RP2\A0001471.EXE/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
C:\System Volume Information\_restore{45A1CEC0-06B0-47B0-A62E-9B34854E11FB}\RP2\A0001471.EXE WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{45A1CEC0-06B0-47B0-A62E-9B34854E11FB}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E326E4EF-C4E4-4017-896A-3ADB0CC99415}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp0000644c\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{45A1CEC0-06B0-47B0-A62E-9B34854E11FB}\RP6\change.log Object is locked skipped
Scan process completed.
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 25 Gen 2008 00:54    Oggetto: Rispondi citando
Disabilita il ripristino di sistema

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
files to delete:
C:\Documents and Settings\Willy\Dati applicazioni\Antilogo\nhrzprwz.exe
C:\Documents and Settings\Willy\Dati applicazioni\Antilogo\vqirefhe.exe
C:\Programmi\Secured eMule\SecuredEmule_new08.exe

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.

Segui le istruzioni di questo topic per postare il log di combofix.
Top
Profilo Invia messaggio privato
kathy
Eroe
Eroe


Registrato: 30/05/07 22:30
Messaggi: 49
Residenza: su una nota di violino
MessaggioInviato: 03 Feb 2008 22:10    Oggetto: Rispondi citando
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hpnpscxq

*******************

Script file located at: \??\C:\WINDOWS\idllkbrb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Documents and Settings\Willy\Dati applicazioni\Antilogo\nhrzprwz.exe not found!
Deletion of file C:\Documents and Settings\Willy\Dati applicazioni\Antilogo\nhrzprwz.exe failed!

Could not process line:
C:\Documents and Settings\Willy\Dati applicazioni\Antilogo\nhrzprwz.exe
Status: 0xc0000034



File C:\Documents and Settings\Willy\Dati applicazioni\Antilogo\vqirefhe.exe not found!
Deletion of file C:\Documents and Settings\Willy\Dati applicazioni\Antilogo\vqirefhe.exe failed!

Could not process line:
C:\Documents and Settings\Willy\Dati applicazioni\Antilogo\vqirefhe.exe
Status: 0xc0000034

File C:\Programmi\Secured eMule\SecuredEmule_new08.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Top
Profilo Invia messaggio privato
kathy
Eroe
Eroe


Registrato: 30/05/07 22:30
Messaggi: 49
Residenza: su una nota di violino
MessaggioInviato: 03 Feb 2008 22:14    Oggetto: Rispondi citando
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.13.09, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\Willy\Desktop\Icone di servizio\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Programmi\Secured_eMule\tbSec1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Programmi\Secured_eMule\tbSec1.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Programmi\Secured_eMule\tbSec1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Keep link] C:\DOCUME~1\Willy\DATIAP~1\Antilogo\fork comp settings.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{80323018-40C0-4563-9A4E-BB2955E8CFCA}: NameServer = 85.37.17.41 85.38.28.83
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7268 bytes
Top
Profilo Invia messaggio privato
kathy
Eroe
Eroe


Registrato: 30/05/07 22:30
Messaggi: 49
Residenza: su una nota di violino
MessaggioInviato: 03 Feb 2008 22:41    Oggetto: Rispondi citando
ComboFix 08-02.03.1 - Willy 2008-02-03 21.23.45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.90 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Willy\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Willy\Dati applicazioni\inst.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-01-03 al 2008-02-03 )))))))))))))))))))))))))))))))))))
.

2008-02-03 20:59 . 2006-02-25 23:28 130,048 --a------ C:\avenger.exe
2008-01-24 21:15 . 2008-01-24 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-24 21:14 . 2008-01-24 21:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-23 12:37 . 2008-01-23 12:38 <DIR> d-------- C:\Virtual
2008-01-23 12:35 . 2008-01-23 12:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\BufferZone
2008-01-23 12:31 . 2008-01-23 12:32 <DIR> d-------- C:\WINDOWS\793CFFC9A72F431D9C742E9361E67D04.TMP
2008-01-23 12:31 . 2008-01-24 10:24 <DIR> d-------- C:\Programmi\Secured_eMule
2008-01-23 12:30 . 2008-02-03 21:05 <DIR> d-------- C:\Programmi\Secured eMule
2008-01-20 21:49 . 2008-01-20 21:49 <DIR> d-------- C:\Programmi\CCleaner
2008-01-20 21:37 . 2008-01-20 21:43 <DIR> d-------- C:\Programmi\Wise Registry Cleaner
2008-01-20 20:22 . 2008-01-20 20:22 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-20 20:21 . 2008-02-03 20:50 <DIR> d-------- C:\Programmi\Spyware Terminator
2008-01-20 20:21 . 2008-02-03 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-01-20 18:34 . 2008-01-20 18:34 <DIR> d-------- C:\Documents and Settings\Willy\Dati applicazioni\Comodo
2008-01-20 18:34 . 2008-01-20 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\comodo
2008-01-20 18:34 . 2008-01-20 18:33 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2008-01-20 18:34 . 2008-01-20 18:33 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-01-20 18:34 . 2008-01-20 18:33 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-01-20 18:33 . 2008-01-20 18:33 <DIR> d-------- C:\Programmi\COMODO
2008-01-20 18:07 . 2006-12-10 15:16 <DIR> d-------- C:\Programmi\Bricks of Atlantis
2008-01-20 17:58 . 2008-01-20 18:12 <DIR> d-------- C:\Programmi\GameHouse
2008-01-20 16:57 . 2008-01-20 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Prevx
2008-01-16 17:29 . 2008-01-16 17:29 244 --ah----- C:\sqmnoopt05.sqm
2008-01-16 17:29 . 2008-01-16 17:29 232 --ah----- C:\sqmdata05.sqm
2008-01-15 20:20 . 2008-01-15 20:20 <DIR> d-------- C:\Programmi\Antilogo
2008-01-13 16:22 . 1998-12-22 01:49 66,594 --a--c--- C:\WINDOWS\system32\dllcache\c_862.nls
2008-01-13 16:22 . 1998-12-22 01:49 66,594 --a------ C:\WINDOWS\system32\c_862.nls
2008-01-13 16:22 . 1998-12-22 01:49 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_708.nls
2008-01-13 16:22 . 1998-12-22 01:49 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_28596.nls
2008-01-13 16:22 . 1998-12-22 01:49 66,082 --a------ C:\WINDOWS\system32\c_708.nls
2008-01-13 16:22 . 1998-12-22 01:49 66,082 --a------ C:\WINDOWS\system32\c_28596.nls
2008-01-13 16:22 . 1998-10-07 09:21 29,184 --a------ C:\WINDOWS\system32\Popup.ocx
2008-01-13 16:20 . 2008-01-13 16:20 <DIR> d-------- C:\Programmi\LHSP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 20:17 14 ----a-w C:\Documents and Settings\Willy\getfile.dat
2008-02-03 12:29 --------- d-----w C:\Programmi\emule 47 c
2008-01-29 08:28 --------- d-----w C:\Documents and Settings\Willy\Dati applicazioni\Vso
2008-01-28 08:39 --------- d-----w C:\Documents and Settings\Willy\Dati applicazioni\Antilogo
2008-01-27 21:36 --------- d-----w C:\Documents and Settings\Willy\Dati applicazioni\Skype
2008-01-24 18:23 --------- d-----w C:\Programmi\WarChess
2008-01-20 19:47 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-01-20 17:44 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-01-15 19:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Option Camp Pure Team
2008-01-13 16:23 --------- d-----w C:\Programmi\Star Defender 3
2008-01-02 16:03 --------- d-----w C:\Documents and Settings\Willy\Dati applicazioni\Image Zone Express
2007-12-31 09:13 --------- d-----w C:\Programmi\File comuni\Adobe
2007-12-30 20:05 --------- d-----w C:\Programmi\Windows Media Connect 2
2007-12-12 22:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2007-12-03 19:16 --------- d-----w C:\Programmi\Windows Live
2007-12-03 19:08 --------- d-----w C:\Programmi\Microsoft SQL Server Compact Edition
2007-12-03 19:02 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2007-12-03 18:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-20 07:49 47,360 ----a-w C:\Documents and Settings\Willy\Dati applicazioni\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2008-01-24 10:24 1502232 --a------ C:\Programmi\Secured_eMule\tbSec1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= C:\Programmi\Secured_eMule\tbSec1.dll [2008-01-24 10:24 1502232]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 15:14 147456]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"Keep link"="C:\DOCUME~1\Willy\DATIAP~1\Antilogo\fork comp settings.exe" [2008-01-15 20:20 475648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-20 10:22 249896]
"BDMCon"="C:\Programmi\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 11:10 421888]
"BDNewsAgent"="C:\Programmi\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 11:19 8192]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 12:48 286720]
"COMODO Firewall Pro"="C:\Programmi\COMODO\Firewall\cfp.exe" [2008-01-20 18:33 1481472]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-20 20:21 2834432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-01-20 18:33]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-01-20 18:33]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-20 20:22]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-03 20:00:03 C:\WINDOWS\Tasks\A61845D3906BC34B.job"
- c:\docume~1\willy\datiap~1\antilogo\Deadcampidle.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 21:38:19
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Ora fine scansione: 2008-02-03 21.39.21
ComboFix-quarantined-files.txt 2008-02-03 20:39:10
.
2008-02-02 09:22:15 --- E O F ---
Top
Profilo Invia messaggio privato
kathy
Eroe
Eroe


Registrato: 30/05/07 22:30
Messaggi: 49
Residenza: su una nota di violino
MessaggioInviato: 07 Feb 2008 19:39    Oggetto: Rispondi citando
non ho piu ricevuto notizie anzi o unaltro problemino non funziona piu la posta quando la apro mi si sconnette.sono giorni che provo a metterla a posto ma senza alcun risultato Basta Basta Basta Basta Damn!
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Feb 2008 20:41    Oggetto: Rispondi citando
Apri il notepad, e copia/incolla questo codice
Citazione:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Keep link"=-

poi salva il file col nome di fix.reg in C:\ (IMPORTANTE!)

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
files to delete:
C:\DOCUME~1\Willy\DATIAP~1\Antilogo\fork comp settings.exe
c:\docume~1\willy\datiap~1\antilogo\Deadcampidle.exe
C:\WINDOWS\Tasks\A61845D3906BC34B.job

Programs to launch on reboot:
C:\fix.reg

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
kathy
Eroe
Eroe


Registrato: 30/05/07 22:30
Messaggi: 49
Residenza: su una nota di violino
MessaggioInviato: 17 Feb 2008 22:48    Oggetto: Rispondi citando
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kuhnpkud

*******************

Script file located at: \??\C:\WINDOWS\xfowctfu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\DOCUME~1\Willy\DATIAP~1\Antilogo\fork comp settings.exe not found!
Deletion of file C:\DOCUME~1\Willy\DATIAP~1\Antilogo\fork comp settings.exe failed!

Could not process line:
C:\DOCUME~1\Willy\DATIAP~1\Antilogo\fork comp settings.exe
Status: 0xc0000034



File c:\docume~1\willy\datiap~1\antilogo\Deadcampidle.exe not found!
Deletion of file c:\docume~1\willy\datiap~1\antilogo\Deadcampidle.exe failed!

Could not process line:
c:\docume~1\willy\datiap~1\antilogo\Deadcampidle.exe
Status: 0xc0000034

File C:\WINDOWS\Tasks\A61845D3906BC34B.job deleted successfully.
Program C:\fix.reg successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.
Top
Profilo Invia messaggio privato
kathy
Eroe
Eroe


Registrato: 30/05/07 22:30
Messaggi: 49
Residenza: su una nota di violino
MessaggioInviato: 17 Feb 2008 23:41    Oggetto: Rispondi citando
kathy ha scritto:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kuhnpkud

*******************

Script file located at: \??\C:\WINDOWS\xfowctfu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\DOCUME~1\Willy\DATIAP~1\Antilogo\fork comp settings.exe not found!
Deletion of file C:\DOCUME~1\Willy\DATIAP~1\Antilogo\fork comp settings.exe failed!

Could not process line:
C:\DOCUME~1\Willy\DATIAP~1\Antilogo\fork comp settings.exe
Status: 0xc0000034



File c:\docume~1\willy\datiap~1\antilogo\Deadcampidle.exe not found!
Deletion of file c:\docume~1\willy\datiap~1\antilogo\Deadcampidle.exe failed!

Could not process line:
c:\docume~1\willy\datiap~1\antilogo\Deadcampidle.exe
Status: 0xc0000034

File C:\WINDOWS\Tasks\A61845D3906BC34B.job deleted successfully.
Program C:\fix.reg successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.
appena riesco ti mando il resto chiedo un po di pazzienza sono un po lento
Top
Profilo Invia messaggio privato
kathy
Eroe
Eroe


Registrato: 30/05/07 22:30
Messaggi: 49
Residenza: su una nota di violino
MessaggioInviato: 18 Feb 2008 21:36    Oggetto: Rispondi citando
http://www.freefilehosting.net/download/3c87g
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 20 Feb 2008 12:34    Oggetto: Rispondi citando
Ciao kathy Ciao
disattiva il ripristino di sistema;
Elimina il backup creato da Avenger;
Utilizza CCleaner; Avvialo e clicca su opzioni->Avanzate, e togli la spunta da "elimina file solo se più vecchi di 48 ore"
Utilizza l'opzione Pulizia e poi clicca su Analizza; alla fine clicca su Avvia Pulizia. Fai la stessa cosa con l'opzione Trova problemi; eliminerà una serie di chiavi di registro inutili. Dopo puoi riattivare il ripristino di sistema; Deframmenta anche il disco;
Riscontri altri problemi?
Top
Profilo Invia messaggio privato
kathy
Eroe
Eroe


Registrato: 30/05/07 22:30
Messaggi: 49
Residenza: su una nota di violino
MessaggioInviato: 20 Feb 2008 21:31    Oggetto: Rispondi
o problemi ancora con internet exsplorer e inoltre non mi fa aprire la posta perche mi dice passwuord errata oltre a questi due problemi tutto il resto per informazione dovrebbe essere a posto? Pray Pray Pray
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Vai a 1, 2, 3  Successivo
Pagina 1 di 3

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi