|
| Precedente :: Successivo |
| Autore |
Messaggio |
phoenix74
Mortale devoto
Registrato: 23/01/08 19:40
Messaggi: 7
|
 Inviato: 23 Gen 2008 19:58 Oggetto: Trojan-Dropper.Win32.Agent.dgo |
 |
|
ciao a tutti
sono un neo iscritto e ho trovato il vostro forum "grazie" al virus che risiede sul mio pc,trattasi del virus Trojan-Dropper.Win32.Agent.dgo.
Che posso fare? Si sono trovate altre soluzioni per eliminare questo fastidiosissimo virus?
vi ringrazio in anticipo |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
|
| Top |
|
|
phoenix74
Mortale devoto
Registrato: 23/01/08 19:40
Messaggi: 7
|
| Inviato: 23 Gen 2008 20:28 Oggetto: |
|
|
ciao e grazie per la tua risposta e il benvenuto
ho fatto il log tramite hijackthis, sono abbastanza esperto con il pc ma questa e' la prima volta che mi becco un virus quindi alcune di queste procedure per me sono ignote ehehee
Basta questo log?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.35.07, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\Mixer.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINXP\system32\wuauclt.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 65.75.216.6 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.54 www.winmx.com err.winmx.com
O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com
O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com
O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O1 - Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net
O1 - Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net
O1 - Hosts: 82.43.229.238 test2.winmxgroup.net
O1 - Hosts: 205.238.40.1 test3.winmxgroup.net
O1 - Hosts: 205.238.40.2 test4.winmxgroup.net
O1 - Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net
O1 - Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net
O1 - Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net
O1 - Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net
O1 - Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINXP\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINXP\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191686569730
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191687544609
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rickyphoenix74.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe
O23 - Service: avp - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 9206 bytes |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 23 Gen 2008 20:37 Oggetto: |
|
|
| phoenix74 ha scritto: | ho fatto il log tramite hijackthis, sono abbastanza esperto con il pc ma questa e' la prima volta che mi becco un virus quindi alcune di queste procedure per me sono ignote ehehee
Basta questo log? |
Hijackthis evidenzia parecchie voci probabilmente da eliminare... ma non basta. 
Fai anche gli altri passaggi che ti ho indicato.  |
|
| Top |
|
|
phoenix74
Mortale devoto
Registrato: 23/01/08 19:40
Messaggi: 7
|
| Inviato: 23 Gen 2008 20:43 Oggetto: |
|
|
ecco l'altro
ComboFix 08-01-23.2 - Ricky 2008-01-23 19.34.25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.700 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Ricky\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Ricky\Dati applicazioni\addon.dat
C:\WINXP\system32\geeby.dll
C:\WINXP\system32\geeby.exe
C:\WINXP\system32\server.exe
C:\WINXP\system32\ybeeg.ini
C:\WINXP\system32\ybeeg.ini2
----- BITS: Possible infected sites -----
hxxp://www.down
.
((((((((((((((((((((((((( Files Creati Da 2007-12-23 al 2008-01-23 )))))))))))))))))))))))))))))))))))
.
2008-01-23 19:32 . 2000-08-31 08:00 51,200 --a------ C:\WINXP\Nircmd.exe
2008-01-23 19:08 . 2007-06-05 10:56 44,928 --a------ C:\WINXP\system32\drivers\SDTHOOK.SYS
2008-01-23 19:07 . 2007-06-08 09:44 8,576 --a------ C:\WINXP\system32\drivers\vcwrcofbdtpm.sys
2008-01-23 19:06 . 2007-06-08 09:44 8,576 --a------ C:\WINXP\system32\drivers\RkPavProc.sys
2008-01-23 18:54 . 2008-01-23 19:07 <DIR> d-------- C:\WINXP\system32\ActiveScan
2008-01-23 18:54 . 2008-01-23 18:54 30,590 --a------ C:\WINXP\system32\pavas.ico
2008-01-23 18:54 . 2008-01-23 18:54 2,550 --a------ C:\WINXP\system32\Uninstall.ico
2008-01-23 18:54 . 2008-01-23 18:54 1,406 --a------ C:\WINXP\system32\Help.ico
2008-01-23 18:34 . 2008-01-23 18:34 <DIR> d-------- C:\Programmi\Trend Micro
2008-01-23 14:14 . 2008-01-23 14:14 <DIR> d-------- C:\VundoFix Backups
2008-01-22 23:59 . 2008-01-23 19:39 <DIR> d-------- C:\Programmi\ewido anti-spyware 4.0
2008-01-22 23:56 . 2008-01-23 00:07 <DIR> d-------- C:\WINXP\BDOSCAN8
2008-01-22 18:56 . 2008-01-22 19:05 91,492 --a------ C:\WINXP\system32\drivers\klin.dat
2008-01-22 18:56 . 2008-01-22 19:05 85,860 --a------ C:\WINXP\system32\drivers\klick.dat
2008-01-22 18:54 . 2008-01-22 18:54 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-01-22 18:54 . 2008-01-23 19:39 2,471,200 --ahs---- C:\WINXP\system32\drivers\fidbox.dat
2008-01-22 18:54 . 2008-01-23 19:38 39,368 --ahs---- C:\WINXP\system32\drivers\fidbox.idx
2008-01-22 18:54 . 2008-01-23 19:39 23,328 --ahs---- C:\WINXP\system32\drivers\fidbox2.dat
2008-01-22 18:54 . 2008-01-23 19:38 4,256 --ahs---- C:\WINXP\system32\drivers\fidbox2.idx
2008-01-22 14:14 . 2008-01-22 19:41 23,040 --a------ C:\WINXP\system32\Setup .exe
2008-01-22 07:45 . 2008-01-22 07:45 155,648 --a------ C:\WINXP\system32\NeroCheck .exe
2008-01-22 07:45 . 2008-01-22 07:45 32,768 --a------ C:\WINXP\V0220Mon .exe
2008-01-22 07:45 . 2008-01-22 07:45 15,360 --a------ C:\WINXP\system32\ctfmon .exe
2008-01-21 22:10 . 2008-01-21 22:10 <DIR> d-------- C:\Programmi\Elaborate Bytes
2008-01-21 18:39 . 2008-01-22 14:03 <DIR> d-------- C:\Programmi\VoipCheapCom
2008-01-20 14:12 . 2008-01-20 14:12 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-01-20 14:12 . 2004-08-19 15:39 221,184 --a------ C:\WINXP\system32\wmpns.dll
2008-01-20 14:10 . 2008-01-22 18:47 <DIR> d-------- C:\WINXP\system32\LogFiles
2008-01-20 14:10 . 2008-01-20 14:11 <DIR> d-------- C:\WINXP\system32\drivers\UMDF
2008-01-13 21:32 . 2008-01-13 21:32 97,216 --a------ C:\WINXP\system32\drivers\AnyDVD.sys
2007-12-28 15:00 . 2007-12-28 15:00 <DIR> d-------- C:\KAV
2007-12-26 22:57 . 2007-12-26 22:57 <DIR> d-------- C:\Programmi\MSXML 4.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 18:30 --------- d-----w C:\Programmi\WinMX
2008-01-22 22:29 --------- d-----w C:\Programmi\Windows Live
2008-01-20 14:29 --------- d-----w C:\Programmi\DVD Profiler
2007-12-20 17:12 --------- d-----w C:\Programmi\Microsoft SQL Server Compact Edition
2007-12-20 17:07 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2007-10-25 09:26 53,248 ----a-w C:\WINXP\bdoscandel.exe
2007-10-23 16:49 586,240 ----a-w C:\WINXP\WLXPGSS.SCR
.
| Codice: | <pre>
----a-w 39,792 2008-01-22 16:48:19 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 949,376 2008-01-22 16:48:23 C:\Programmi\ESET\nod32kui .exe
----a-w 6,283,264 2008-01-22 23:22:04 C:\Programmi\ewido anti-spyware 4.0\ewido .exe
----a-w 94,208 2008-01-22 16:48:22 C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor .exe
----a-w 132,496 2008-01-22 16:48:19 C:\Programmi\Java\jre1.6.0_03\bin\jusched .exe
----a-w 218,376 2008-01-22 22:39:17 C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
----a-w 1,694,208 2008-01-22 16:49:51 C:\Programmi\Messenger\msmsgs .exe
----a-w 5,724,184 2008-01-22 22:39:16 C:\Programmi\Windows Live\Messenger\MsnMsgr .Exe
----a-w 32,768 2008-01-22 06:45:43 C:\WINXP\V0220Mon .exe
----a-w 15,360 2008-01-22 06:45:50 C:\WINXP\system32\ctfmon .exe
----a-w 155,648 2008-01-22 06:45:45 C:\WINXP\system32\NeroCheck .exe
----a-w 23,040 2008-01-22 18:41:39 C:\WINXP\system32\Setup .exe
</pre> |
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 17:00 1818624 C:\WINXP\mixer.exe]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvuusr]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINXP\system32\DRIVERS\fetnd5bv.sys [2007-07-05 05:33]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINXP\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 V0220Dev;Live! Cam Video IM;C:\WINXP\system32\DRIVERS\V0220Dev.sys [2006-06-29 06:58]
R3 V0220Vfx;V0220VFX;C:\WINXP\system32\DRIVERS\V0220Vfx.sys [2006-06-08 09:00]
S2 avp ;avp ;"C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 UPnPService;UPnPService;C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96cefb98-75a8-11dc-9d9a-00507022c458}]
\Shell\Auto\command - G:\sys.exe
\Shell\AutoRun\command - C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7524c10-7425-11dc-b63d-806d6172696f}]
\Shell\AutoRun\command - E:\start.exe /checksection
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-23 18:08:00 C:\WINXP\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1191690440.job"
- C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 19:40:01
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
. |
|
| Top |
|
|
phoenix74
Mortale devoto
Registrato: 23/01/08 19:40
Messaggi: 7
|
| Inviato: 23 Gen 2008 20:47 Oggetto: |
|
|
ho rifatto anche il log con HijackThis dopo aver cancellato alcuni programmi
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\svchost.exe
C:\WINXP\Mixer.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINXP\system32\wscntfy.exe
C:\WINXP\system32\NOTEPAD.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuvuusr - C:\WINXP\
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe
O23 - Service: avp - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 3567 bytes |
|
| Top |
|
|
phoenix74
Mortale devoto
Registrato: 23/01/08 19:40
Messaggi: 7
|
| Inviato: 24 Gen 2008 08:37 Oggetto: |
|
|
sono riuscito a risolvere
grazie |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 24 Gen 2008 09:09 Oggetto: |
 |
|
Contento che hai risolto. 
Ti va di dirci quali passaggi hai fatto?
Per sicurezza, collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato. |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
