Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » INVIO LOG HIJACK - PROBLEMA CON VIRUS

INVIO LOG HIJACK - PROBLEMA CON VIRUS Opzioni
Topic Precedente · Topic Sucessivo
piero
Inviato: Monday, July 07, 2008 11:43:28 PM
Rank: Member

Iscritto dal : 12/25/2000
Posts: 15
Salve, da un paio di giorni l'antivirus (KASPERSKY aggiornatissimo) rileva continuamente un virus, credo si tratti di qualcosa tipo win32.bagle, trova un virus nel percorso c:\windows\system32\drivers\hldrr.exe, srosa.sys ed altri strani nomi.
Ho provato a fare una scnsione con Hyjack, vi posto il logo.
Ringrazio quanti potranno aiutarmi.

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Programmi\Nero\Nero 7\InCD\InCD.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Programmi\EPSON\ESM2\eEBSVC.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\Sprite Software\Sprite Backup\SpriteService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\EPSON\ESM2\Stms.exe
C:\Programmi\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe
c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=IT&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=IT&range=AD&phase=7&key=KBF01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DetectorApp] C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [PostOOBE] C:\WINDOWS\system32\wscript.exe C:\DRIVERS\POSTOOBE.NEC //E:VBS
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [NSLauncher] C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpriteService] "C:\Programmi\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Controllo in background EPSON.lnk = C:\Programmi\EPSON\ESM2\Stms.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = C:\Programmi\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\EPSON\ESM2\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Torna in alto
 
Sponsor
Inviato: Monday, July 07, 2008 11:43:28 PM

 
Torna in alto
 
r16
Inviato: Tuesday, July 08, 2008 12:14:03 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao piero.
Hai il virus Beagle.
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
La prima operazione da eseguire è la rimozione, di tutti i crack o keygen utilizzati, compresi quelli non utilizzati, comunque, archiaviati sia su disco fisso, che su unità removibili. (E-Mule per intenderci,il virus si trova in qualche file che hai scaricato)

Scarica elibagla : http://www.zonavirus.com/datos/descargas/95/elibagla.asp scorrere a fondo pagina e cliccare su "descargar elibagla"
Assicurati che la casella "Eliminar Ficheros Automaticamente" sia spuntata,dopo la scansione riavviare il pc e postare il log che si trova in: C:\InfoSat.txt
Usa Elibagla in modalità provvisoria,se funziona. Esegui 2 scansioni. e postami i relativi log.
*********************************************************************************************************
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.
Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .
Sempre qui.
ComboFix non funziona in modalità provvisoria
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e lo fai girare in Modalità Provvisoria (è molto importante).


Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Esegui queste operazioni alla lettera, e posta i log che ti ho chiesto,e dimmi eventuali problemi riscontrati.
Torna in alto
 
piero
Inviato: Tuesday, July 08, 2008 12:26:47 AM
Rank: Member

Iscritto dal : 12/25/2000
Posts: 15
Grazie,
ho stampato le istruzioni, credo sarà una bella fatica eliminare il virus... spero di riuscirci.
Grazie
Piero
Torna in alto
 
piero
Inviato: Tuesday, July 08, 2008 9:22:28 PM
Rank: Member

Iscritto dal : 12/25/2000
Posts: 15
Salve,
ho effettuato la scansione con elibagla, questo è il log, come ti sembra?

Tue Jul 08 20:06:50 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
Lista de Acciones (por Acción Directa):
Restaurada Clave: "SafeBoot\Minimal y Network"

Tue Jul 08 20:11:38 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
Lista de Acciones (por Acción Directa):

Tue Jul 08 20:11:45 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\downld\218046.EXE --> Eliminado Bagle.VR

Nº Total de Directorios: 13461
Nº Total de Ficheros: 162444
Nº de Ficheros Analizados: 14745
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Torna in alto
 
r16
Inviato: Tuesday, July 08, 2008 9:47:28 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Pensavo fossi messo peggio, piero. (lo hai fatto in Modalità Provvisoria spero)
Comunque se ti funziona la Modalità Provvisoria,vuol dire che l'infezione non è molto estesa.
Ti ha eliminato un file:C:\WINDOWS\system32\drivers\downld\218046.EXE
Aspetto il log di Combofix,da quello, ne capirò di più.
E anche Virit.
Poi molto probabilmente ci sarà bisogno di Avenger,ma come ti ho detto aspetto il log di Combofix.
Scarica questo:Avenger e salvalo sul Desktop.
http://swandog46.geekstogo.com/avenger.zip

Dimenticavo:visto che hai un signor antivirus, fai una bella scansione in MODALITA PROVVISORIA.
Sarà un pò lunga, ma serve molto.
Ciao.
Torna in alto
 
piero
Inviato: Wednesday, July 09, 2008 7:42:06 AM
Rank: Member

Iscritto dal : 12/25/2000
Posts: 15
Dopo ore di scansioni eccomi qui, questi sono i logs:

COMBO FIX
ComboFix 08-07-07.3 - Piero 2008-07-08 22.05.38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1412 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Piero\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Piero\Dati applicazioni\inst.exe
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\160937.exe
C:\WINDOWS\system32\drivers\downld\236531.exe
C:\WINDOWS\system32\drivers\downld\254234.exe
C:\WINDOWS\system32\drivers\downld\304953.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-06-08 al 2008-07-08 )))))))))))))))))))))))))))))))))))
.

2008-07-08 22:01 . 2008-07-08 21:30 2,604,325 --a------ C:\ComboFix.exe
2008-07-08 22:01 . 2008-07-08 22:00 2,460,160 --a------ C:\vnlt6301.exe
2008-07-08 20:07 . 2008-07-08 20:04 55,307 --a------ C:\ELIBAGLA.AH%D8GB%D8%D8H.EXE
2008-07-08 00:13 . 2008-07-08 00:13 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-07-08 00:12 . 2008-07-08 00:23 <DIR> d-------- C:\foto morpheus
2008-07-08 00:07 . 2008-07-08 00:09 <DIR> d-------- C:\Programmi\Morpheus Photo Morpher
2008-07-07 23:26 . 2008-07-07 23:26 <DIR> d-------- C:\Programmi\Trend Micro
2008-07-06 21:51 . 2008-07-06 21:51 <DIR> d-------- C:\Documents and Settings\Piero\Dati applicazioni\Morpheus Software
2008-06-29 11:09 . 2008-06-29 11:09 1,144 --a------ C:\WINDOWS\mozver.dat
2008-06-29 00:33 . 2008-06-29 00:33 0 --a------ C:\WINDOWS\STMMain.INI
2008-06-29 00:24 . 2008-06-29 00:24 <DIR> d-------- C:\Programmi\EPSON
2008-06-29 00:24 . 2002-05-11 13:56 122,880 --a------ C:\WINDOWS\system32\EEBAPI.dll
2008-06-29 00:24 . 2002-05-11 13:56 102,400 --a------ C:\WINDOWS\system32\EEBDSCVR.dll
2008-06-29 00:24 . 2002-01-11 22:05 65,536 --a------ C:\WINDOWS\system32\EEBUtil.dll
2008-06-29 00:24 . 2002-01-30 16:33 65,536 --a------ C:\WINDOWS\system32\EBAPI.dll
2008-06-29 00:24 . 2001-08-21 19:00 54,272 --a------ C:\WINDOWS\system32\EEBSDKIF.dll
2008-06-29 00:24 . 2001-09-04 20:04 182 --a------ C:\WINDOWS\system32\EBPPORT.DAT
2008-06-29 00:18 . 2002-04-17 20:24 70,924 --a------ C:\WINDOWS\system32\EBPMON2.DLL
2008-06-29 00:18 . 2002-02-20 20:23 56,832 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-06-29 00:18 . 1999-09-30 02:01 110 --a------ C:\WINDOWS\system32\EBPPORT.INF
2008-06-14 08:40 . 2006-12-20 13:23 876,544 --------- C:\WINDOWS\system32\CSCnvrtX.dll
2008-06-14 08:40 . 2006-12-20 13:23 114,688 --------- C:\WINDOWS\system32\pcleDVdc.dll
2008-06-14 08:40 . 2006-12-20 13:23 90,112 --------- C:\WINDOWS\system32\pcleDVcd.dll
2008-06-14 08:40 . 2006-12-20 13:23 90,112 --------- C:\WINDOWS\system32\pcleADV.dll
2008-06-14 08:40 . 2006-12-20 13:23 90,112 --------- C:\WINDOWS\system32\ACnvrtX.dll
2008-06-14 08:08 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2008-06-14 08:08 . 2003-04-21 16:11 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-06-14 07:42 . 2007-01-26 02:04 196,096 --a------ C:\WINDOWS\system32\macd32.dll
2008-06-14 07:42 . 2007-01-26 02:04 138,752 --a------ C:\WINDOWS\system32\mase32.dll
2008-06-14 07:42 . 2007-01-26 02:04 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
2008-06-14 07:42 . 2007-01-26 02:04 57,856 --a------ C:\WINDOWS\system32\masd32.dll
2008-06-14 07:42 . 2007-01-26 02:04 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2008-06-14 07:40 . 2004-02-24 13:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2008-06-14 07:35 . 2008-06-14 07:35 <DIR> d-------- C:\Documents and Settings\Piero\Dati applicazioni\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 20:09 3,576,352 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-08 20:09 266,769,696 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-08 20:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-07-08 20:02 351,776 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-08 20:02 3,599,672 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-08 16:59 --------- d-----w C:\Programmi\Windows Desktop Search
2008-07-07 05:24 --------- d-----w C:\Programmi\eMule
2008-07-05 07:50 --------- d-----w C:\Programmi\AutoCAD 2008
2008-07-05 07:41 --------- d-----w C:\Documents and Settings\Piero\Dati applicazioni\BitTorrent
2008-07-02 21:32 --------- d-----w C:\Documents and Settings\Piero\Dati applicazioni\Vso
2008-06-28 22:32 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 05:48 --------- d-----w C:\Programmi\Pinnacle
2008-06-07 14:03 --------- d-----w C:\Documents and Settings\Piero\Dati applicazioni\U3
2008-06-07 11:51 --------- d-----w C:\Programmi\HDDGURU LLF Tool
2008-06-02 13:18 88 --sh--r C:\Documents and Settings\All Users\Dati applicazioni\BE4EDCB161.sys
2008-06-02 13:18 3,140 --sha-w C:\Documents and Settings\All Users\Dati applicazioni\KGyGaAvL.sys
2008-06-02 12:41 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-29 17:29 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-29 17:29 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-29 17:29 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-18 17:42 --------- d-----w C:\Programmi\Sprite Software
2008-05-18 17:42 --------- d-----w C:\Documents and Settings\Piero\Dati applicazioni\Sprite Software
2008-05-18 17:42 --------- d-----w C:\Documents and Settings\Piero\Dati applicazioni\Sprite Setup Wizard
2008-05-18 17:42 --------- d-----w C:\Documents and Settings\Piero\Dati applicazioni\Sprite PC Agent
2008-05-18 17:41 --------- d-----w C:\Programmi\Microsoft ActiveSync
2008-05-11 09:47 --------- d-----w C:\Programmi\nLite
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,293,312 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-12 19:53 147 ----a-w C:\Programmi\_DEISREG.ISR
2008-03-02 20:23 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-02-08 20:22 47,360 ----a-w C:\Documents and Settings\Piero\Dati applicazioni\pcouffin.sys
1998-11-12 14:49 47,104 ----a-w C:\Programmi\_ISREG32.DLL
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 15:00 15360]
"H/PC Connection Agent"="C:\Programmi\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:38 1289000]
"SpriteService"="C:\Programmi\Sprite Software\Sprite Backup\SpriteService.exe" [2006-08-15 16:10 544768]
"LaunchList"="C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 15:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"DetectorApp"="C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 07:15 102400]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-08-09 07:03 81920]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 15:00 208952]
"EmailChecker"="C:\APPS\EmailChecker\ech.exe" [2003-07-02 11:13 40960]
"PostOOBE"="C:\WINDOWS\system32\wscript.exe" [2004-09-07 15:00 114688]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"InCD"="C:\Programmi\Nero\Nero 7\InCD\InCD.exe" [2006-12-08 10:56 1053184]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55 61440]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"type32"="C:\Programmi\Microsoft IntelliType Pro\type32.exe" [2003-05-15 17:45 114688]
"Acrobat Assistant 8.0"="C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 17:00 155648]
"NSLauncher"="C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 15:44 3100672]
"PaperPort PTD"="C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 13:04 57393]
"IndexSearch"="C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 13:19 40960]
"SetDefPrt"="C:\Programmi\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 10:16 49152]
"ControlCenter2.0"="C:\Programmi\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 10:34 851968]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 14:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-07 15:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 15:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-02-16 00:04:53 295606]
Adobe Acrobat Synchronizer.lnk - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
Controllo in background EPSON.lnk - C:\Programmi\EPSON\ESM2\Stms.exe [1999-12-03 20:11:56 235008]
ImageMixer for HDD Camcorder.lnk - C:\Programmi\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe [2008-04-30 21:30:32 1871872]
Status Monitor.lnk - C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe [2008-03-26 20:35:07 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"vidc.yv12"= yv12vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.I420"= vdrcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\Programmi\Microsoft ActiveSync\wcescomm.exe"= C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"= C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programmi\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Programmi\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Programmi\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\APPS\\skype\\Phone\\Skype.exe"=
"C:\\Programmi\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"=
"C:\\Programmi\\Sprite Software\\Sprite Backup\\SpriteService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 PSI_SVC_2;Protexis Licensing V2;c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe [2007-07-24 12:15]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14:56]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 16:34]
R3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 11:45]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f63d098b-d389-11dc-b6ce-001617e7a6f7}]
\Shell\Auto\command - mvsjfagxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL mvsjfagxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fea345e8-982d-11db-ac61-001617e7a6f7}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISUSPM Startup - C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 22:10:13
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-08 22.11.31
ComboFix-quarantined-files.txt 2008-07-08 20:11:22

15 Directory 25,051,910,144 byte disponibili
24 Directory 25,127,878,656 byte disponibili

222 --- E O F --- 2008-06-20 16:17:33



LOG VIRIT

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
08/07/2008 - 23:03:12

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]


[E:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

E:\PROGRAMMI RACCOLTI\ZETA 33\UTILS\HeadAC3\ptb.exe Infetto da Trojan.Win32.Small.NF
* * * RIMOSSO * * *
E:\PROGRAMMI RACCOLTI\ZETA1\CODICI E CRACK\NUOVO Serials 2000\s2kdos.exe Infetto da Trojan.Win32.Desex.B
* * * RIMOSSO * * *

[F:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

F:\FANTASTICI 4\NINTENDO GIOCHI\Browser nuovissimo\bspatch.exe Possibile variante da Trojan.Win32.Agent.CK

[G:]


[H:]
BOOT SECTOR: OK


[I:]
BOOT SECTOR: OK


[J:]
BOOT SECTOR: OK


[K:]
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 3.
Files Sospetti: 0.
Files Analizzati: 352916.
Files Totali: 352916.
Chiavi Registro rimosse: 0.
Virus Rimossi: 2.

come sono messo?
Torna in alto
 
piero
Inviato: Wednesday, July 09, 2008 8:08:26 PM
Rank: Member

Iscritto dal : 12/25/2000
Posts: 15
Ho appena terminato 12 ore di scansione con Kaspersky che sembra abbia riscontrato problemi, un messaggio avvisa che non può completare l'operazione in modalità provvisoria...
Torna in alto
 
r16
Inviato: Wednesday, July 09, 2008 9:01:25 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Hai ancora delle infezioni. E non mi risulta la rimozione, di tutti i crack o keygen utilizzati,come ti avevo consigliato.
Se non lo fai,rischiamo di fare la bonifica per niente.
Scarica questo:Avenger, salvalo sul Desktop.
http://swandog46.geekstogo.com/avenger.zip

Avvia AVENGER
Clicca Ok
Inserisci queste righe nel riquadro bianco: fai un Copia-incolla (quelle in neretto)

Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\ControlSet001\Services\srosa
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\ControlSet003\Services\srosa
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
HKLM\SYSTEM\ControlSet001\Services\pci32
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCI32
HKLM\SYSTEM\ControlSet003\Services\pci32
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_PCI32
HKLM\SYSTEM\CurrentControlSet\Services\rosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ROSA
HKLM\SYSTEM\ControlSet001\Services\rosa
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ROSA
HKLM\SYSTEM\ControlSet003\Services\rosa
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_ROSA
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
HKLM\SYSTEM\ControlSet001\Services\m_hook
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_M_HOOK
HKLM\SYSTEM\ControlSet003\Services\m_hook
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | drvsyskit
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | mule_st_key

Clicca su Execute
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
Controlla se hai il ripristino configurazione di sistema Disattivato.Tienilo disattivato, fino alla soluzione del problema.
Rifai la scansione con Elibagla in MODALITA PROVVISORIA e postami il log.
Rifai la scansione anche con Virit. (sempre in Modalita Provvisoria)
Torna in alto
 
piero
Inviato: Wednesday, July 09, 2008 9:56:26 PM
Rank: Member

Iscritto dal : 12/25/2000
Posts: 15
Ok, ho cercato di rimuovere tutti i crack possibili, farò un'altra ricerca...
Sto pure rifacendo la scansione con kaspersky, è iniziata 2 ore fa ed è ancora al 13%!!
Grazie, mi sei di grande aiuto.
Piero
Torna in alto
 
r16
Inviato: Wednesday, July 09, 2008 10:09:25 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Lascia perdere Piero, quella scansione si deve fare quando si è abbastanza sicuri di aver eliminato il virus.
Esegui le istruzioni del post precedente (avenger).
Poi fai questo controllo:
Installa StartUp Manager:
http://mesh.dl.sourceforge.net/sourceforge/st-m/StM_setup241.exe


● Installa il programma
● Avvia il programma Startup Manager
● Il programma mostra un elenco dei programmi che si avviano in automatico dopo il caricamento di Windows.
● Se in elenco fosse presente un programma con l'icona della croce rossa, è necessario disintallare il programma in questione e assicurarsi che la cartella sia stata rimossa.

Il virus infetta questi programmi in esecuzione automatica ed è quindi necessario rimuovere questi programmi

Anche questo è un Tooll specifico per il virus Beagle:
Tool Rimozione Bagle
http://fileup.itadib.com/download.php?id=q2a8YzMBk9Qfpwg4wUPV

Dalla Modalità Provvisoria:

● Estrai il contenuto del file FixBagleXP.zip sul desktop.
● Posiziona la cartella Shared, il file FixAll.reg e Fixbagle.bat dentro la cartella C:\Documents and Settings\<Nome account windows>
(In genere sono presenti due cartelle: All Users e un'altra cartella spesso con il tuo nome.(Piero) Devi posizionare il tutto dentro la cartella con il tuo nome o comunque non dentro All Users)
● Fai doppio clic sul file Fixbagle.bat e premi INVIO.
In pratica quei file li metti dentro :C:\Documents and Settings\Piero
Dai piero che non è difficile Applause


Torna in alto
 
piero
Inviato: Friday, July 11, 2008 2:28:13 PM
Rank: Member

Iscritto dal : 12/25/2000
Posts: 15
Dopo ore ed ore di scansioni e riavvii ecco i log:

ELIBAGLA


Tue Jul 08 20:06:50 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
Lista de Acciones (por Acción Directa):
Restaurada Clave: "SafeBoot\Minimal y Network"

Tue Jul 08 20:11:38 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
Lista de Acciones (por Acción Directa):

Tue Jul 08 20:11:45 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\downld\218046.EXE --> Eliminado Bagle.VR

Nº Total de Directorios: 13461
Nº Total de Ficheros: 162444
Nº de Ficheros Analizados: 14745
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Thu Jul 10 23:21:06 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
Lista de Acciones (por Acción Directa):

Thu Jul 10 23:21:11 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 13346
Nº Total de Ficheros: 160808
Nº de Ficheros Analizados: 14847
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

AVENGER

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\drivers\srosa.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\SYSTEM32\BAN_LIST.TXT" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\BAN_LIST.TXT" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\pci32" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\pci32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Services\pci32" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\pci32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCI32" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCI32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Services\pci32" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Services\pci32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_PCI32" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_PCI32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\rosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\rosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ROSA" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Services\rosa" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\rosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Services\rosa" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Services\rosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_ROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_ROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\m_hook" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\m_hook" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Services\m_hook" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\m_hook" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_M_HOOK" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_M_HOOK" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Services\m_hook" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Services\m_hook" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drvsyskit"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drvsyskit" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mule_st_key"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mule_st_key" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


VIRIT

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
08/07/2008 - 23:03:12

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]


[E:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

E:\PROGRAMMI RACCOLTI\ZETA 33\UTILS\HeadAC3\ptb.exe Infetto da Trojan.Win32.Small.NF
* * * RIMOSSO * * *
E:\PROGRAMMI RACCOLTI\ZETA1\CODICI E CRACK\NUOVO Serials 2000\s2kdos.exe Infetto da Trojan.Win32.Desex.B
* * * RIMOSSO * * *

[F:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

F:\FANTASTICI 4\NINTENDO GIOCHI\Browser nuovissimo\bspatch.exe Possibile variante da Trojan.Win32.Agent.CK

[G:]


[H:]
BOOT SECTOR: OK


[I:]
BOOT SECTOR: OK


[J:]
BOOT SECTOR: OK


[K:]
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 3.
Files Sospetti: 0.
Files Analizzati: 352916.
Files Totali: 352916.
Chiavi Registro rimosse: 0.
Virus Rimossi: 2.

[SCANSIONE DELLA MEMORIA]
OK
09/07/2008 - 07:27:05

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 34520.
Files Totali: 34520.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
09/07/2008 - 20:04:20

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 217.
Files Totali: 217.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
[Hidden Services]
zttkj - system32\drivers\mfoshnm.sys

OK
10/07/2008 - 23:10:22

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 17.
Files Totali: 17.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
10/07/2008 - 23:34:17

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]


[E:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[F:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

F:\FANTASTICI 4\NINTENDO GIOCHI\Browser nuovissimo\bspatch.exe Possibile variante da Trojan.Win32.Agent.CK

[G:]


[H:]
BOOT SECTOR: OK


[I:]
BOOT SECTOR: OK


[J:]
BOOT SECTOR: OK


[K:]
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 352125.
Files Totali: 352125.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
11/07/2008 - 07:32:10

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 160882.
Files Totali: 160882.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.26.28, on 11/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\EPSON\ESM2\eEBSVC.exe
C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\VEXPLITE\viritsvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\apps\ABoard\ABoard.exe
C:\Programmi\Nero\Nero 7\InCD\InCD.exe
C:\apps\ABoard\AOSD.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\Sprite Software\Sprite Backup\SpriteService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe
C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=IT&range=AD&phase=7&key=KBF01
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DetectorApp] C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [PostOOBE] C:\WINDOWS\system32\wscript.exe C:\DRIVERS\POSTOOBE.NEC //E:VBS
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [NSLauncher] C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpriteService] "C:\Programmi\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Controllo in background EPSON.lnk = C:\Programmi\EPSON\ESM2\Stms.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = C:\Programmi\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\EPSON\ESM2\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 14260 bytes

Spero di avere risolto!!
Infinatamente grazie per la disponibilità.
Piero
Torna in alto
 
r16
Inviato: Friday, July 11, 2008 6:38:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao piero.
Il log è pulito.
Con questo tipo di infezione,si deve avere un pò di pazienza piero.
Facciamo una bella pulizia generale:
Pulisci, prima di tutto, gli eventuali ADS (Alternate Data Streams), quindi:
lancia Hijackthis
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
lascia la spunta alla voce Ignore safe system info streams
togli la spunta alla voce Calculate md5 checksum of streams
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Terminata la scansione, devi riavviare il sistema.


Provvedi a svuotare del suo contenuto la cartella Prefetch :

Start
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno (mi raccomando, non eliminare la cartella)
Svuota il Cestino.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223

Adesso alcuni consigli:
I software :Combofix,Elibagla,Virit, lasciali installati per una settimana.
Ogni tanto,fai qualche scansione,nelle modalità che che hai già eseguito.
Passato tale periodo,se non rilevano nessuna infezione,puoi iniziare la loro disistallazione.
disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Per Virit,vai in Start\Tutti Programmi, e trovi il suo Unistall.
Avenger,lo puoi cestinare assieme ai log.
Se hai domande o qualche dubbio, non farti problemi,sono qui.
Ciao!
Torna in alto
 
piero
Inviato: Friday, July 11, 2008 6:57:03 PM
Rank: Member

Iscritto dal : 12/25/2000
Posts: 15
Ciao,
ho terminato la scansione per gli ADS con hijackthis. Ha trovato molti elementi, molti RENDER di Pinnacle Studio. Devo cancellare anche tutte tutte le altre voci che sono state trovate? Sono tutti ADS?
Grazie
Piero
Torna in alto
 
r16
Inviato: Friday, July 11, 2008 7:12:53 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Si Piero,senza paura.
Non ti preoccupare,NON ti verrà cancellato nessun programmma,ma solo l'infezione.
Riavvia il pc dopo la cancellazione.
Torna in alto
 
piero
Inviato: Saturday, July 12, 2008 12:13:25 AM
Rank: Member

Iscritto dal : 12/25/2000
Posts: 15
Ok, tutto terminato, grazie al tuo aiuto ho evitato la formattazione.
Grazie ancora
Piero
Torna in alto
 
r16
Inviato: Saturday, July 12, 2008 12:27:33 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Di niente Piero Drool
Mi raccomando,segui i consigli che ti ho indicato:
I software :Combofix,Elibagla,Virit, lasciali installati per una settimana.
Ogni tanto,fai qualche scansione,nelle modalità che che hai già eseguito.
Passato tale periodo,se non rilevano nessuna infezione,puoi iniziare la loro disistallazione.
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Aggiorna Java:
http://www.aiutaamici.com/software?s=y
Ciao!
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » INVIO LOG HIJACK - PROBLEMA CON VIRUS


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.