Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » potete vedere per favore se hovirus?il mio pc và lentisimo!X FAVOREEEEEEEEE

potete vedere per favore se hovirus?il mio pc và lentisimo!X FAVOREEEEEEEEE Opzioni
Topic Precedente · Topic Sucessivo
gatto2
Inviato: Thursday, January 29, 2009 7:34:56 PM

Rank: AiutAmico

Iscritto dal : 5/12/2008
Posts: 30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34, on 2009-01-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\VIA\RAID\vialogsv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.eazel.com/it/index.php?rvs=hompag&d=79919387
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58A82ED9-E066-4B9F-8893-924AF94F7941} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {812B66A4-9AC8-4FA9-B86C-BA34719A57EC} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - (no file)
O2 - BHO: (no name) - {C802855A-7DDF-45B2-86E7-08E512DA1766} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Borra Disinstallazione_di_Toca_RD] command /c del "C:\Programmi\FX Uninstall Information\Disinstallazione_di_Toca_RD.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B01A936D-395A-490E-AF7C-C56EEBABC977}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcBqoPg - ddcBqoPg.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Programmi\VIA\RAID\vialogsv.exe
Torna in alto
 
Sponsor
Inviato: Thursday, January 29, 2009 7:34:56 PM

 
Torna in alto
 
shapiro
Inviato: Thursday, January 29, 2009 8:18:42 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

apri hjt e dopo aver spuntato queste voci premi fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O2 - BHO: (no name) - {58A82ED9-E066-4B9F-8893-924AF94F7941} - (no file)

O2 - BHO: (no name) - {812B66A4-9AC8-4FA9-B86C-BA34719A57EC} - (no file)

O2 - BHO: (no name) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - (no file)

O2 - BHO: (no name) - {C802855A-7DDF-45B2-86E7-08E512DA1766} - (no file)

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)

O4 - HKLM\..\RunOnce: [Borra Disinstallazione_di_Toca_RD] command /c del "C:\Programmi\FX Uninstall Information\Disinstallazione_di_Toca_RD.exe"

O20 - Winlogon Notify: ddcBqoPg - ddcBqoPg.dll (file missing)


Sottoponi ad analisi il file evidenziato in rosso

C:\Programmi\VIA\RAID\vialogsv.exe

da questo sito â–º http://www.virustotal.com/it/




scarica Malwarebytes http://www.malwarebytes.org/mbam/program/mbam-setup.exe
1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
Torna in alto
 
gatto2
Inviato: Tuesday, February 03, 2009 5:28:49 PM

Rank: AiutAmico

Iscritto dal : 5/12/2008
Posts: 30

Il file è già stato analizzato:
MD5: 4775579d1ae9c881a6f2f7739858e7cd
First received: 2008.11.11 21:02:26 (CET)
Data 2008.12.15 17:08:37 (CET) [>50D]
Risultati 0/38
Permalink: analisis/e8f3ab4ff2decc08e590d0add8218cd3
Torna in alto
 
gatto2
Inviato: Tuesday, February 03, 2009 5:29:30 PM

Rank: AiutAmico

Iscritto dal : 5/12/2008
Posts: 30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29, on 2009-02-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\VIA\RAID\vialogsv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.eazel.com/it/index.php?rvs=hompag&d=79919387
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B01A936D-395A-490E-AF7C-C56EEBABC977}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Programmi\VIA\RAID\vialogsv.exe

--
End of file - 8640 bytes
Torna in alto
 
gatto2
Inviato: Tuesday, February 03, 2009 5:30:15 PM

Rank: AiutAmico

Iscritto dal : 5/12/2008
Posts: 30
Il file:0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank NON ME LO FA ELIMINARE
Torna in alto
 
gatto2
Inviato: Tuesday, February 03, 2009 5:32:49 PM

Rank: AiutAmico

Iscritto dal : 5/12/2008
Posts: 30
Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.0.0.93 2009.02.03 -
AhnLab-V3 5.0.0.2 2009.02.03 -
AntiVir 7.9.0.71 2009.02.03 -
Authentium 5.1.0.4 2009.02.03 -
Avast 4.8.1281.0 2009.02.03 -
AVG 8.0.0.229 2009.02.03 -
BitDefender 7.2 2009.02.03 -
CAT-QuickHeal 10.00 2009.02.03 -
ClamAV 0.94.1 2009.02.03 -
Comodo 961 2009.02.03 -
DrWeb 4.44.0.09170 2009.02.03 -
eSafe 7.0.17.0 2009.02.01 -
eTrust-Vet 31.6.6339 2009.02.03 -
F-Prot 4.4.4.56 2009.02.02 -
F-Secure 8.0.14470.0 2009.02.03 -
Fortinet 3.117.0.0 2009.02.03 -
GData 19 2009.02.03 -
Ikarus T3.1.1.45.0 2009.02.03 -
K7AntiVirus 7.10.617 2009.02.03 -
Kaspersky 7.0.0.125 2009.02.03 -
McAfee 5514 2009.02.02 -
McAfee+Artemis 5514 2009.02.02 -
Microsoft 1.4306 2009.02.03 -
NOD32 3822 2009.02.03 -
Norman 6.00.02 2009.02.03 -
nProtect 2009.1.8.0 2009.02.03 -
Panda 9.5.1.2 2009.02.02 -
PCTools 4.4.2.0 2009.02.03 -
Prevx1 V2 2009.02.03 -
Rising 21.15.10.00 2009.02.03 -
SecureWeb-Gateway 6.7.6 2009.02.03 -
Sophos 4.38.0 2009.02.03 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.02.03 -
TheHacker 6.3.1.5.245 2009.02.03 -
TrendMicro 8.700.0.1004 2009.02.03 -
VBA32 3.12.8.12 2009.02.03 -
ViRobot 2009.2.3.1587 2009.02.03 -
VirusBuster 4.5.11.0 2009.02.03 -
Informazioni addizionali
File size: 52888 bytes
MD5...: 4775579d1ae9c881a6f2f7739858e7cd
SHA1..: 85b56b5b10edbfb00d4292e098b20f0bb2acaa05
SHA256: 9e878931f5f705d337b51bc7fe492a5044a0a41adfd1a21be1d74228bf9a235c
SHA512: 03ead8b8fc23c94e52f5c029ef31745c8fce7a5a962ff6a6744e9ee3c66ec85f
7b43b5fdc2ccb4de834825051fb1dd94bf2cb7d6a1813028d08ce9dcbc9eec34
ssdeep: 768:dsK+KCBrydrr1b1/NKJIfpVQkqCyuxP4uJRLkro5KiYScjmXhb5rd:aK+Pcr
TfpVQWyu+uHqo5Kp3KBj
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3c56
timedatestamp.....: 0x48746d46 (Wed Jul 09 07:48:22 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6656 0x7000 6.21 a9848866fe5656bfcb926d5ef01034e3
.rdata 0x8000 0xd7e 0x1000 4.93 5631e1d147281c76adab0b1e5682ef49
.data 0x9000 0x6fe8 0x2000 4.06 ccdb6ad967d0e1bd071dc490c5bbbab1
.rsrc 0x10000 0x274 0x1000 3.69 d167b02031a1fe709c7104b38ace7fe6

( 4 imports )
> KERNEL32.dll: FlushFileBuffers, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, lstrcmpiA, GetModuleFileNameA, GetLastError, lstrcpynA, GetVersionExA, Sleep, OutputDebugStringA, SetStdHandle, LoadLibraryA, GetProcAddress, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, GetCPInfo, HeapAlloc, CloseHandle, SetFilePointer, WriteFile, RtlUnwind, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, HeapFree
> USER32.dll: DispatchMessageA, SetTimer, MessageBoxA, KillTimer, GetMessageA
> ADVAPI32.dll: RegisterEventSourceA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, StartServiceCtrlDispatcherA, OpenServiceA, ControlService, DeleteService, OpenSCManagerA, CreateServiceA, QueryServiceStatus, CloseServiceHandle, StartServiceA, RegisterServiceCtrlHandlerA, DeregisterEventSource, ReportEventA, SetServiceStatus
> drvInterface.dll: _vr_get_array_num@@YAHHPAH@Z, _vr_get_device_info@@YAHHPAU_vr_device_info@@@Z, _vr_init@@YAHXZ, _vr_get_device_num@@YAHPAH@Z, _vr_set_param_for_wmi@@YAHPAXP6AXPAEE0@Z@Z, _vr_update_raid_info@@YAHXZ, _vr_update_hardware_info@@YAHXZ, _vr_get_controller_num@@YAHPAH@Z, _vr_get_array_info@@YAHHPAU_vr_array_info@@@Z, _vr_relse_rsc_while_exit@@YAHXZ, _vr_exit@@YAXXZ, _vr_get_capability_wmi@@YAHXZ, _vr_get_device_info_by_array_pos@@YAHHHPAU_vr_device_info@@@Z

( 0 exports )
Torna in alto
 
simo95
Inviato: Tuesday, February 03, 2009 5:58:04 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
gatto2 ha scritto:
Il file:0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank NON ME LO FA ELIMINARE


ma non dovrebbe essere pericoloso.
è semplicemente una pagina vuota(cioè non carica alcun indirizzo) di IE.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » potete vedere per favore se hovirus?il mio pc và lentisimo!X FAVOREEEEEEEEE


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.