Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » pop up fastidiosi

2 pages: 1 [2]
pop up fastidiosi Opzioni
Topic Precedente · Topic Sucessivo
mammetta
Inviato: Thursday, March 19, 2009 10:39:11 PM
Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80
questo è quello di hijack

Logfile of HijackThis v1.99.0
Scan saved at 22.38.38, on 19/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Programmi\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmi\F-Secure\Common\FSMA32.EXE
C:\Programmi\F-Secure\Anti-Virus\fssm32.exe
C:\Programmi\F-Secure\Common\FSMB32.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\F-Secure\Common\FCH32.EXE
C:\Programmi\F-Secure\Common\FAMEH32.EXE
C:\Programmi\F-Secure\Anti-Virus\fsqh.exe
C:\Programmi\F-Secure\Anti-Virus\fsrw.exe
C:\Programmi\F-Secure\Common\FNRB32.EXE
C:\Programmi\F-Secure\FWES\Program\fsdfwd.exe
C:\Programmi\F-Secure\Common\FIH32.EXE
C:\Programmi\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Programmi\F-Secure\FSGUI\fsguidll.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Filzip\Filzip.exe
C:\DOCUME~1\_Marco_\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://edit.europe.yahoo.com/config/mail?.intl=it&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [cwmagcg] "c:\documents and settings\_marco_\impostazioni locali\dati applicazioni\cwmagcg.exe" cwmagcg
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Programmi\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Programmi\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2952C52B-A269-4EF8-9D7F-2A254357DCEF}: NameServer = 193.12.150.2 212.247.152.2
O23 - Service: F-Secure Automatic Update - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FSGKHS - Unknown - C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmi\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - Unknown - C:\Programmi\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Programmi\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Programmi\F-Secure\Common\FSMA32.EXE
O23 - Service: Macromedia Licensing Service - Unknown - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
Torna in alto
 
mammetta
Inviato: Thursday, March 19, 2009 10:40:01 PM
Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80
questo è quello di hijack

Logfile of HijackThis v1.99.0
Scan saved at 22.38.38, on 19/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Programmi\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmi\F-Secure\Common\FSMA32.EXE
C:\Programmi\F-Secure\Anti-Virus\fssm32.exe
C:\Programmi\F-Secure\Common\FSMB32.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\F-Secure\Common\FCH32.EXE
C:\Programmi\F-Secure\Common\FAMEH32.EXE
C:\Programmi\F-Secure\Anti-Virus\fsqh.exe
C:\Programmi\F-Secure\Anti-Virus\fsrw.exe
C:\Programmi\F-Secure\Common\FNRB32.EXE
C:\Programmi\F-Secure\FWES\Program\fsdfwd.exe
C:\Programmi\F-Secure\Common\FIH32.EXE
C:\Programmi\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Programmi\F-Secure\FSGUI\fsguidll.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Filzip\Filzip.exe
C:\DOCUME~1\_Marco_\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://edit.europe.yahoo.com/config/mail?.intl=it&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [cwmagcg] "c:\documents and settings\_marco_\impostazioni locali\dati applicazioni\cwmagcg.exe" cwmagcg
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Programmi\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Programmi\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2952C52B-A269-4EF8-9D7F-2A254357DCEF}: NameServer = 193.12.150.2 212.247.152.2
O23 - Service: F-Secure Automatic Update - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FSGKHS - Unknown - C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmi\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - Unknown - C:\Programmi\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Programmi\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Programmi\F-Secure\Common\FSMA32.EXE
O23 - Service: Macromedia Licensing Service - Unknown - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
Torna in alto
 
r16
Inviato: Thursday, March 19, 2009 10:48:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao mammetta .
Ma hai eseguito alla lettera le indicazioni di Pidue e steven ?
Torna in alto
 
mammetta
Inviato: Thursday, March 19, 2009 11:15:31 PM
Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80
si, adesso sta girando navilog. comunque non mi compare più nessun pop up
Torna in alto
 
r16
Inviato: Thursday, March 19, 2009 11:20:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
mammetta ha scritto:
si, adesso sta girando navilog. comunque non mi compare più nessun pop up

Quale Navilog....nessuno ti ha detto di fare una scansione con navilog...
E i log di Avenger e Combofix dove sono?
Il risultato del tool Gromozon Rootkit Removal Tool dov'è?
Senza vedere questi log, procediamo al buio.
Torna in alto
 
pidue
Inviato: Thursday, March 19, 2009 11:29:11 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
mammetta ha scritto:
comunque non mi compare più nessun pop up


Quelli te li ha tolti ComboFix. Lancja HJT e fixa questa riga:
O4 - HKCU\..\Run: [cwmagcg] "c:\documents and settings\_marco_\impostazioni locali\dati applicazioni\cwmagcg.exe" cwmagcg

aggiorna il Java e fai come ti dice r16.



Torna in alto
 
r16
Inviato: Thursday, March 19, 2009 11:35:37 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Fai anche questa operazione:
Start\Esegui\ copia-incolla questa stringa : control userpasswords2
Controlla se sotto Nome Utente hai un utente random (QQBEDYMV) oppure con altre lettere scritte a caso.
Se lo trovi lo selezioni e clicca "Rimuovi".
Poi :
Start\Esegui\ copia-incolla questa stringa: services.msc e clicca OK.
Cerca nei "Servizi" lo stesso nome utente random che hai trovato prima,lo selezioni, e arresti o disabiliti il servizio.
Torna in alto
 
mammetta
Inviato: Friday, March 20, 2009 8:17:19 AM
Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80
ricapitolando, ho fatto girare avenger (e non avatar, sorry), atf cleaner (pc pulito), navilog (come detto da steven, comunque dice pc pulito), combofix, gromozon rootkit .... (pc pulito), ho cancellato la riga che mi ha detto pidue con hjt ed ho sostituito il java. mi manca da fare l'ultimo controllo suggeritomi da r16. lo faccio questa sera e poi vi dico. intanto ho l'ultima versione di f-secure che installero' stasera. secondo voi è necessario disinstallare prima la vecchia o la posso installare sopra? grazie
Torna in alto
 
mammetta
Inviato: Friday, March 20, 2009 3:19:47 PM
Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80
ho eseguito anche l'ultima operazione dettatami da r16 ed in effetti avevo ben due utenti "strani". rimossi. adesso questa sera voglio provare a installare l'ultima versione di f-secure. la posso installare sopra la precedente? grazie 1000
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: 1 [2]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » pop up fastidiosi


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.