Precedente :: Successivo |
Autore |
Messaggio |
Bies Mortale pio

Registrato: 14/07/08 16:23 Messaggi: 27
|
Inviato: 14 Lug 2008 17:37 Oggetto: problema con google ed explorerforse trojan e lentezza pc |
|
|
Salve sono nuova tra voi , prima di dire il mio problema vi dico che ho letto sia come segnalare nella sezione pronto soccorso e sia i casi risolti. C'è un caso simile al mio, ma scusatemi, alcune cose non el capisco... quindi se qualcuno gentilmente mi prende per mano e mi aiuta ... ne sarei grata.
Il problema che ho verificato è stato qualche gg fa che mentre facevo delle ricerche su google con explorer 7 le pagine di ricerca che cliccavo mi rindirizzavano tutte da un altra parte. Inoltre le email con gmail non me le fa leggere, non mi fa loggare appena digito la prima lettera nel log in si blocca tutto e si impalla explorer. Cosi mi sono scaricata modzilla versione ita e li il problema non me lo fa.
ho so windows xp pro service pak 2
Ho fatto scan con
NOD32
AVG
inizialmente nella modalità normale NOD32 mi ha trovato questo :
modulo KERNEL oggetto FILE nome C:\WINDOWS\system32\drivers\svchost.exe virus Win32/TrojanDownloader.Agent.OAH
mentre AVG segnala solo tracking cooking.
Ho provato a fare la scan in maniera provvisoria eliminando sempre in questa modalità i file con cclean.. in questa modalità non visualizza nulla.
Ho fatto come da vostri post il Log ( che nn so nemmeno cosa sia ) con HIjack e ve lo metto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.23.58, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
C:\Programmi\Wireless Console 2\wcourier.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ASUS\Splendid\ACMON.exe
C:\Programmi\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\ASScrPro.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Windows Live\Family Safety\fssui.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Programmi\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Programmi\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUSTeK\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdxpq.exe] C:\WINDOWS\system32\kdxpq.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205765143765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205765346296
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9338 bytes
spero che qualcuno mi aiuti.
Grazie mille e scusatemi se ancora non so i termini giusti o i passaggi |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 14 Lug 2008 18:33 Oggetto: |
|
|
Ciao Bies,
comincia a disinstallare AVG8 (2 antivirus insieme non vanno d'accordo).
Poi, fai queste operazioni:
- Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
- Fai una scansione con Norman Malware Cleaner.
- Riavvia il computer in modalità normale
- Segui le istruzioni di questo topic per eseguire combofix.
- Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di Norman Malware Cleaner su WikiSend e posta il Forum Link che ti viene assegnato
- Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio
PS: se vuoi, puoi presentarti qui |
|
Top |
|
 |
Bies Mortale pio

Registrato: 14/07/08 16:23 Messaggi: 27
|
Inviato: 14 Lug 2008 18:52 Oggetto: |
|
|
grazie per l'aiuto ma scusa l'ignoranza un mio amico mi ha detto che nod non è uno spiware anti trojan adware ecc ma solo antivirus e cosi mi ha detto di emttere avg 8....
ora faccio come mi hai detto
hem dimenticavo nod è..... come dire.... non convenzionale ( capito????)
8) |
|
Top |
|
 |
Bies Mortale pio

Registrato: 14/07/08 16:23 Messaggi: 27
|
Inviato: 14 Lug 2008 18:54 Oggetto: |
|
|
ps la scan la faccio in modalità normale o provvisoria? |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 14 Lug 2008 18:56 Oggetto: |
|
|
Norman in provvisoria, se non hai problemi a entrarci.
Il resto in modalità normale.
Comunque tutto scritto nei links che ti ho indicato.  |
|
Top |
|
 |
Bies Mortale pio

Registrato: 14/07/08 16:23 Messaggi: 27
|
Inviato: 15 Lug 2008 13:56 Oggetto: |
|
|
ciao Bdoriano finalemnte sono riuscita a fare il punto uno e due , perchè il pc si impallava sempre e nn si accendeva oppure si bloccava nella visualizzaz del desktop.
ora sono al putno del combofix... ma prima devo disabilitare nod32 hem io non lo so fare come si disabilita?
scusami l'ignoranza ma non lo so
hem e il log di malvare dove lo trovo
grazie mille per la pazienza  |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 16 Lug 2008 09:29 Oggetto: |
|
|
Riecchime.
Per disabilitare NOD32, devi cliccare con il tasto destro del mouse sull'icona (bianco-verde) vicino all'orologio. Quando compare la finestra, clicca su Termina.
Per il log di MBAM:
- Avvia MBAM
- Clicca File di log
- Seleziona il file di log nell'elenco che ti compare
- Clicca Apri
- Ti si apre il Blocco note con il contenuto del file
- salvalo con un nuovo nome sul desktop
- carica il nuovo file su FreeFileHosting come indicato qui e posta il forum link che ti viene assegnato.
|
|
Top |
|
 |
Bies Mortale pio

Registrato: 14/07/08 16:23 Messaggi: 27
|
Inviato: 16 Lug 2008 16:38 Oggetto: |
|
|
eccoci qui grazie bdoriano per la pazienza allora ti posto
il forum link dopo averci caricato e uplodato il file log di malware clean ed è il seguete
NFix_2008-07-15_12-33-48.log
mentre il log di combifix è il seguente
ComboFix 08-07-15.4 - AMMINISTRATORE 2008-07-16 16.10.13.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1589 [GMT 2:00]
Eseguito da: C:\Documents and Settings\AMMINISTRATORE\Desktop\Combo-Fix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kdxpq.exe
C:\WINDOWS\Sysvxd.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-06-16 al 2008-07-16 )))))))))))))))))))))))))))))))))))
.
2008-07-16 11:52 . 2008-07-16 11:52 45,056 --a------ C:\WINDOWS\system32\acovcnt.exe
2008-07-15 11:59 . 2008-07-15 11:59 <DIR> d--hs---- C:\FOUND.001
2008-07-15 11:29 . 2008-07-15 11:29 <DIR> d--hs---- C:\FOUND.000
2008-07-13 22:54 . 2008-07-13 22:54 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-13 21:29 . 2008-07-13 21:29 <DIR> d-------- C:\fsaua.data
2008-07-13 21:16 . 2008-07-13 21:16 <DIR> d-------- C:\Programmi\Trend Micro
2008-07-13 20:46 . 2008-07-13 20:46 <DIR> d-------- C:\Documents and Settings\AMMINISTRATORE\Dati applicazioni\PCToolsFirewallPlus
2008-07-13 15:37 . 2008-07-13 15:37 <DIR> d-------- C:\Programmi\AVG
2008-07-13 15:37 . 2008-07-13 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-07-13 12:04 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-07-13 12:03 . 2008-07-13 12:03 <DIR> d-------- C:\VEXPLITEVIRIT
2008-07-13 11:57 . 2008-07-13 11:57 <DIR> d-------- C:\Programmi\CCleaner
2008-07-13 02:11 . 2008-07-13 02:11 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-13 01:57 . 2008-07-13 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-11 22:18 . 2008-07-11 22:19 <DIR> d-------- C:\WINDOWS\system32\it-it
2008-07-10 22:16 . 2008-07-10 22:16 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-04 12:21 . 2004-12-14 18:06 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-07-04 12:21 . 2004-12-14 18:06 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-07-04 12:20 . 2004-12-14 18:06 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-07-04 12:20 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-04 12:20 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-03 15:02 . 2008-07-03 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\HP
2008-07-03 15:01 . 2008-07-03 15:01 <DIR> d-------- C:\Programmi\File comuni\HP
2008-07-03 14:58 . 2008-07-03 14:58 <DIR> d-------- C:\Programmi\Hewlett-Packard
2008-07-03 14:57 . 2008-07-03 14:57 <DIR> d-------- C:\Programmi\File comuni\Hewlett-Packard
2008-07-03 14:56 . 2008-07-03 14:56 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-07-03 14:54 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-03 14:54 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-07-03 14:54 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-07-03 14:54 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-07-03 14:54 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-07-03 14:54 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-07-03 14:54 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-07-03 14:53 . 2008-07-03 14:53 <DIR> d-------- C:\Programmi\HP
2008-07-03 14:52 . 2008-07-04 12:22 70,108 --a------ C:\WINDOWS\hpoins05.dat
2008-07-03 14:52 . 2004-12-14 18:06 19,696 --------- C:\WINDOWS\hpomdl05.dat
2008-07-01 21:22 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-01 21:22 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-01 21:20 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-01 21:20 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-28 19:14 . 2008-06-28 19:14 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-06-24 22:46 . 2008-07-12 21:45 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-23 22:15 . 2008-06-23 22:14 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-06-23 22:15 . 2008-06-23 22:14 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-06-23 22:14 . 2008-06-23 22:14 <DIR> d-------- C:\Programmi\ESET
2008-06-22 14:42 . 2008-06-22 14:42 0 --a------ C:\WINDOWS\system32\drivers\1043_ASUSTeK_VX1.alu
2008-06-22 14:33 . 2001-08-30 20:41 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-22 14:33 . 2001-08-30 20:41 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-22 14:33 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-22 14:33 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-22 14:24 . 2008-06-22 14:24 268 --ah----- C:\sqmdata01.sqm
2008-06-22 14:24 . 2008-06-22 14:24 244 --ah----- C:\sqmnoopt01.sqm
2008-06-22 14:22 . 2008-06-22 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2006-03-13 11:10 19543592]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 23:40 106496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-07 09:27 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-07 09:27 86016]
"ASUS Live Update"="C:\Programmi\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224]
"SMSERIAL"="C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 01:57 573440]
"PowerForPhone"="C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe" [2006-06-29 14:40 774144]
"Wireless Console 2"="C:\Programmi\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 08:02 786521]
"ACMON"="C:\Programmi\ASUS\Splendid\ACMON.exe" [2006-05-30 10:28 811008]
"ABLKSR"="C:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440]
"RemoteControl"="C:\Programmi\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Power_Gear"="C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016]
"ASUS Screen Saver Protector"="C:\WINDOWS\ASScrPro.exe" [2006-10-13 18:12 28672]
"IntelZeroConfig"="C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"fssui"="C:\Programmi\Windows Live\Family Safety\fssui.exe" [2007-10-17 13:53 243240]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-06-23 22:14 917504]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"nwiz"="nwiz.exe" [2006-07-07 09:27 1519616 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
Avvio rapido di HP Image Zone.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\MSMSGS.EXE"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\AMMINISTRATORE\\Desktop\\installer-61501-15it-F-Secure-BlackLight-Italian(2).exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;C:\Programmi\Windows Live\Family Safety\fsssvc.exe [2007-10-17 13:53]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-14 14:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Programmi\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-07-11 10:25:32 C:\WINDOWS\Tasks\WebReg psc 1600 series.job"
- C:\Programmi\HP\Digital Imaging\bin\hpqwrg.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-C:\WINDOWS\system32\kdxpq.exe - C:\WINDOWS\system32\kdxpq.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 16:26:25
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAMMI\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAMMI\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAMMI\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\PROGRAMMI\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\ACENGSVR.EXE
C:\WINDOWS\ATK0100\ATKOSD.EXE
.
**************************************************************************
.
Ora fine scansione: 2008-07-16 16:26:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-16 14:26:56
11 Directory 82,670,452,736 byte disponibili
17 Directory 83,786,760,192 byte disponibili
162
e il log di hijack fatto dopo aver fatto tutti i procedimenti da te desacritti è il seguente
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.28.38, on 16/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
C:\Programmi\Wireless Console 2\wcourier.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ASUS\Splendid\ACMON.exe
C:\Programmi\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\ASScrPro.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Windows Live\Family Safety\fssui.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Combo-Fix\NirCmd.cfexe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdxpq.exe] C:\WINDOWS\system32\kdxpq.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Programmi\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Programmi\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUSTeK\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205765143765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205765346296
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7919 bytes
ora illuminami tu perchè per me è arabo
grazie per la disponibilità e la pazienza
Bies |
|
Top |
|
 |
Bies Mortale pio

Registrato: 14/07/08 16:23 Messaggi: 27
|
Inviato: 16 Lug 2008 23:41 Oggetto: |
|
|
please aiutatemi |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 17 Lug 2008 14:48 Oggetto: |
|
|
Nei logs che hai postato ci sono informazioni contrastanti.
Fai questa scansione con SystemScan e posta il log su WikiSend e posta il Forum Link che ti viene assegnato. |
|
Top |
|
 |
Bies Mortale pio

Registrato: 14/07/08 16:23 Messaggi: 27
|
Inviato: 17 Lug 2008 16:08 Oggetto: |
|
|
ciao bdoriano ecco il link del log
17_07_2008_16_05_report.zip
speriamo che non devo formattare perche hem non lo so fare  |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 17 Lug 2008 17:06 Oggetto: |
|
|
Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop
Avvia AVENGER
Clicca Ok
Inserisci queste righe nel riquadro bianco:
Codice: | Files to delete:
C:\WINDOWS\system32\kdxpq.exe
C:\Documents and Settings\AMMINISTRATORE\Desktop\installer-61501-15it-F-Secure-BlackLight-Italian(2).exe
Registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}
Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | C:\WINDOWS\system32\kdxpq.exe
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List | C:\Documents and Settings\AMMINISTRATORE\Desktop\installer-61501-15it-F-Secure-BlackLight-Italian(2).exe |
Clicca su Execute
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis. |
|
Top |
|
 |
Bies Mortale pio

Registrato: 14/07/08 16:23 Messaggi: 27
|
Inviato: 17 Lug 2008 22:04 Oggetto: |
|
|
eccomi qui bdoriano ... credo di aver fatto un casino pechè il pc era bloccato a riavviarsi e così ho spento e riacceso ma ho rifatto di nuovo avanger cmq ti posto i due log il primo
è
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\WINDOWS\system32\kdxpq.exe" not found!
Deletion of file "C:\WINDOWS\system32\kdxpq.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Documents and Settings\AMMINISTRATORE\Desktop\installer-61501-15it-F-Secure-BlackLight-Italian(2).exe" not found!
Deletion of file "C:\Documents and Settings\AMMINISTRATORE\Desktop\installer-61501-15it-F-Secure-BlackLight-Italian(2).exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Registry value "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List|C:\Documents and Settings\AMMINISTRATORE\Desktop\installer-61501-15it-F-Secure-BlackLight-Italian(2).exe" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|C:\WINDOWS\system32\kdxpq.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
poi siccome ho capito che ho fatto una stipidaggine ho rifatto il procedimento di avanger e ti riporto il log 2
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\WINDOWS\system32\kdxpq.exe" not found!
Deletion of file "C:\WINDOWS\system32\kdxpq.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Documents and Settings\AMMINISTRATORE\Desktop\installer-61501-15it-F-Secure-BlackLight-Italian(2).exe" not found!
Deletion of file "C:\Documents and Settings\AMMINISTRATORE\Desktop\installer-61501-15it-F-Secure-BlackLight-Italian(2).exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Registry value "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List|C:\Documents and Settings\AMMINISTRATORE\Desktop\installer-61501-15it-F-Secure-BlackLight-Italian(2).exe" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|C:\WINDOWS\system32\kdxpq.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
dopo di ciò ti ho fatto il log con hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.56.16, on 17/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
C:\Programmi\Wireless Console 2\wcourier.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ASUS\Splendid\ACMON.exe
C:\Programmi\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\ASScrPro.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Windows Live\Family Safety\fssui.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Programmi\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Programmi\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUSTeK\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205765143765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205765346296
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7803 bytes
questo è ciò che mi hai chiesto... ma una domanda con tutti sti programmi scaricati che faccio li lascio sul pc? inoltre mi consigli nod sia come antivirus che anti trojan malware spyware etc etc???
o devo integrarlo con qualcos'altro e se si con cosa?
grazie mille per l'aiuto ....
 |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
|
Top |
|
 |
Bies Mortale pio

Registrato: 14/07/08 16:23 Messaggi: 27
|
Inviato: 18 Lug 2008 12:43 Oggetto: |
|
|
ecco che mi esce con wise registry cleaner
Time: 12.42.59 Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\SymWriter.pdb
Reason: Remove Key failed.
ErrorCode:0
-----------------------------------------------------------------------
Time: 12.43.00 Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\mapifvbx.object.1
Reason: Remove Key failed.
ErrorCode:0
-----------------------------------------------------------------------
Time: 12.43.00 Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\mapifvbx.object
Reason: Remove Key failed.
ErrorCode:0
-----------------------------------------------------------------------
Time: 12.43.00 Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\MailFileAtt
Reason: Remove Key failed.
ErrorCode:0
-----------------------------------------------------------------------
Time: 12.43.00 Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\HeaderFooter.HeaderFooter.1
Reason: Remove Key failed.
ErrorCode:0
-----------------------------------------------------------------------
Time: 12.43.00 Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\DirectAnimation.StructuredGraphicsControl
Reason: Remove Key failed.
ErrorCode:0
-----------------------------------------------------------------------
Time: 12.43.00 Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\DirectAnimation.SpriteControl
Reason: Remove Key failed.
ErrorCode:0
-----------------------------------------------------------------------
Time: 12.43.00 Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\DirectAnimation.SequencerControl
Reason: Remove Key failed.
ErrorCode:0
-----------------------------------------------------------------------
Time: 12.43.00 Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\DirectAnimation.Sequence
Reason: Remove Key failed.
ErrorCode:0
-----------------------------------------------------------------------
Time: 12.43.00 Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\DirectAnimation.PathControl
Reason: Remove Key failed.
ErrorCode:0
-----------------------------------------------------------------------
Time: 12.43.00 Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\ComPlusMetaData.MsCorHost.2
Reason: Remove Key failed.
ErrorCode:0
-----------------------------------------------------------------------
Time: 12.43.00 Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\ComPlusMetaData.MsCorHost
Reason: Remove Key failed.
ErrorCode:0
-----------------------------------------------------------------------
Time: 12.43.00 Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\ADCS
Reason: Remove Key failed.
ErrorCode:0
------------------------------- |
|
Top |
|
 |
Bies Mortale pio

Registrato: 14/07/08 16:23 Messaggi: 27
|
Inviato: 18 Lug 2008 18:13 Oggetto: |
|
|
ciao bdoriano devo ringraziarti infinitamente perchè ho risolto il problema..... grazie grazie grazie grazie .
che faccio tutti i programmi che mi sono serviti per cercare il mio problema li lascio sul pc o li cancello?
grazie ancora davvero...... ora va bene spero di nn beccarlo più , ho anche scaricato un antispyware che mi hai consigliato
 |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 18 Lug 2008 19:33 Oggetto: |
|
|
E' normale che esistano chiavi di registro non eliminabili (quindi, non preoccuparti dei messaggi di errore di Wise).
Ti consiglio di mantenere e di aggiornare frequentemente MBAM. Ogni tanto, usalo per fare un controllo del pc.
Puoi cancellare Norman senza problemi.
Invece, per disinstallare ComboFix, procedi così:
Clicca Start
Clicca Esegui...
Digita:
Clicca su ok
e attendi la fine delle operazioni. |
|
Top |
|
 |
Bies Mortale pio

Registrato: 14/07/08 16:23 Messaggi: 27
|
Inviato: 19 Lug 2008 21:56 Oggetto: |
|
|
perfetto fatto rurro come mi hai detto tu
pardon mban è Norman Malware Cleaner?
grazie infinite ancora.... grazisssssssssssssssssssssime  |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 20 Lug 2008 08:44 Oggetto: |
|
|
MBAM = Malwarebytes Anti-Malware.
Prego!  |
|
Top |
|
 |
|