Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log Sospetto Help Pls

Log Sospetto Help Pls Opzioni
Topic Precedente · Topic Sucessivo
thejackal
Inviato: Thursday, February 18, 2010 10:55:29 PM
Rank: Newbie

Iscritto dal : 2/18/2010
Posts: 7
Salve a tutti, vorri sottoporvi un log per vedere se i miei dubbi sono fondati:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:14, on 18/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\msa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Windows\System32\rundll32.exe
C:\Users\Niel\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Programmi\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\apocalyps32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Cerberus] C:\Windows\System32\Cerberus\server.exe
O4 - HKLM\..\Run: [apocalyp] C:\Windows\apocalyps32.exe
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AttachConsoleA
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\Niel\AppData\Local\Temp\Thr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxbk_device -   - C:\Windows\system32\lxbkcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7386 bytes



I processi che mi sembrano un po sospetti sono i seguenti:


C:\Windows\msa.exe
O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AttachConsoleA
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\Niel\AppData\Local\Temp\Thr.exe

Che dite?
Questi ultimi 2 (LosAlamos e TOY5KNQ8OC) me li ritrovo anche nell'msconfig in avvio, e non ricordo di averli mai visti di recente.....

Grazie a tutti!
Torna in alto
 
Sponsor
Inviato: Thursday, February 18, 2010 10:55:29 PM

 
Torna in alto
 
r16
Inviato: Thursday, February 18, 2010 11:02:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Elimina i file infetti trovati.
Riavvia il pc se te lo chiede.
Posta il log.
Aggiungi un'altro log aggiornato di HJT.
Torna in alto
 
thejackal
Inviato: Thursday, February 18, 2010 11:23:59 PM
Rank: Newbie

Iscritto dal : 2/18/2010
Posts: 7
Ok Grazie, pare proprio che quei processi che avevo indicato fossero qualcosa dannosi, ho fatto la scansione con MalawareByte che ha trovato 7 infezioni, le ho eliminate ma prima di riavviare mi ha detto che c'era qualcosa che nn era riuscito ad eliminare, ora ripeto la scansione e se me lo ridà posto il nome...

Per ora la scansine seguente di HJT ha dato questo risultato:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:31, on 18/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Niel\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Programmi\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\apocalyps32.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [apocalyp] C:\Windows\apocalyps32.exe
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: lxbk_device -   - C:\Windows\system32\lxbkcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6799 bytes



I 3 processi sospetti di prima sono scomparsi, ora mi è venuto un dubbio su questo:

O4 - HKLM\..\Run: [apocalyp] C:\Windows\apocalyps32.exe

Sai dirmi qualcosa in proposito?

Grazie :)
Torna in alto
 
r16
Inviato: Thursday, February 18, 2010 11:30:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
No.
Non mi piace lavorare al buio.
Ti ho chiesto di postare i log, proprio per verificare dei file.
Per cui per cortesia posta il log di Malwarebytes.
Torna in alto
 
thejackal
Inviato: Thursday, February 18, 2010 11:36:12 PM
Rank: Newbie

Iscritto dal : 2/18/2010
Posts: 7
Ok sorry, posto sempre quello della scansione competa o va bene anche quella rapida?
Torna in alto
 
thejackal
Inviato: Thursday, February 18, 2010 11:38:54 PM
Rank: Newbie

Iscritto dal : 2/18/2010
Posts: 7
Intanto incollo quello della scansione rapida che ho fatto partire prima che mi dicessi di fare quella completa, se nn è sufficiente appena termina quello della completa posto quello.

Code:

Malwarebytes' Anti-Malware 1.44
Versione del database: 3758
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/02/2010 23:13:39
mbam-log-2010-02-18 (23-13-35).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 113038
Tempo trascorso: 5 minute(s), 27 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 1
Chiavi di registro infette: 8
Valori di registro infetti: 3
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 5

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> No action taken.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{t5tbb77l-4678-0mkc-421q-14416031dyu6} (Generic.Bot.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{t5tbb77l-4678-0mkc-421q-14416031dyu6} (Password.Stealer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Apocalypse (Backdoor.IRCBot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\losalamos (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cerberus (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toy5knq8oc (Trojan.FakeAlert) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Users\Niel\downloads\Live-Player_setup.exe (Adware.NaviPromo) -> No action taken.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.



Tnx
Torna in alto
 
r16
Inviato: Thursday, February 18, 2010 11:41:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Fai così:

Start\Esegui\digita:regedit\ok.
Clicca sul + di HKEY_LOCAL_MACHINE
Clicca sul + di SOFTWARE
Clicca sul + di Microsoft
Clicca sul + di Windows NT
Clicca sul + di CurrentVersion
Scorri finchè trovi la cartellina Winlogon.
Clicca una volta, sopra la cartellina Winlogon.
Nella pagina a destra, (quasi a fondo pagina) troverai:
Userinit.
Fai Doppio click su Userinit.
Si apre una finestrella, con scritto: C:\windows\system32\userinit.exe,C:\WINDOWS\system32\apocalyps32.exe,
Devi eliminare SOLO la parte in rosso: C:\WINDOWS\system32\apocalyps32.exe,
Il risultato finale deve essere: C:\windows\system32\userinit.exe, (virgola finale compresa)
Confema tutto.
Poi segui questo percorso ed elimina il file in rosso:
C:\WINDOWS\system32\apocalyps32.exe
Oppure trovalo con la funzione "Cerca" di Windows.
Riavvia il pc dopo averlo eliminato.

Ricontrolla se la modifica, è stata eseguita correttamente.
Torna in alto
 
thejackal
Inviato: Thursday, February 18, 2010 11:52:43 PM
Rank: Newbie

Iscritto dal : 2/18/2010
Posts: 7
Allora, la prima parte ok, mentre nel percorso WINDOWS\system32, non esiste quel file e nell'msconfig nella sezione avvio appare ma senza la spunta....
Possibile che lo abbia eliminato con la scansione di Malwarebytes?
La precedente scansione di Malwarebytes mi aveva detto che non era riuscita ad eliminare questo:

C:\Windows\System32\sshnas21.dll
Torna in alto
 
r16
Inviato: Thursday, February 18, 2010 11:57:26 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Sì, è possibile che tu non abbia trovato quel file: apocalyps32.exe.
Era una precauzione, volevo essere sicuro che non ci fosse.
Elimina questa voce di HJT:

O4 - HKLM\..\Run: [apocalyp] C:\Windows\apocalyps32.exe

Poi:

Fai questa scansione eseguendo alla lettera le indicazioni:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
thejackal
Inviato: Friday, February 19, 2010 12:29:14 AM
Rank: Newbie

Iscritto dal : 2/18/2010
Posts: 7
Ciao e grazie per l'aiuto, questa è l'ultima scansione completa di Malwarebytes:

Code:

Malwarebytes' Anti-Malware 1.44
Versione del database: 3758
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19/02/2010 00:27:37
mbam-log-2010-02-19 (00-27-37).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 264271
Tempo trascorso: 1 hour(s), 7 minute(s), 21 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)



E' il caso che faccio cmq il controllo con combofix?

Grazie
Torna in alto
 
r16
Inviato: Friday, February 19, 2010 12:32:47 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Sì, è fondamentale.
Se ora è troppo tardi, fallo domani.
Ma fallo.
Torna in alto
 
thejackal
Inviato: Friday, February 19, 2010 1:20:26 AM
Rank: Newbie

Iscritto dal : 2/18/2010
Posts: 7
Ecco il log di combofix:

Code:

ComboFix 10-02-18.06 - Niel 19/02/2010   1:02.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.39.1033.18.2046.1287 [GMT 1:00]
Eseguito da: c:\users\Niel\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Cheat Engine\dbk32.sys
c:\windows\msnimport.exe
c:\windows\system32\win.ini
D:\install.exe

.
(((((((((((((((((((((((((   Files Creati Da 2010-01-19 al 2010-02-19  )))))))))))))))))))))))))))))))))))
.

2010-02-19 00:09 . 2010-02-19 00:10    --------    d-----w-    c:\users\Niel\AppData\Local\temp
2010-02-18 22:06 . 2010-02-18 22:06    --------    d-----w-    c:\users\Niel\AppData\Roaming\Malwarebytes
2010-02-18 22:06 . 2010-01-07 15:07    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 22:06 . 2010-02-18 22:13    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-02-18 22:06 . 2010-02-18 22:06    --------    d-----w-    c:\programdata\Malwarebytes
2010-02-18 22:06 . 2010-01-07 15:07    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-01-30 11:20 . 2010-01-30 11:20    --------    d-----w-    c:\program files\Common Files\Java

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 00:09 . 2010-01-07 11:09    --------    d-----w-    c:\program files\Cheat Engine
2010-02-18 22:11 . 2009-11-29 10:10    --------    d-----w-    c:\programdata\Lavasoft
2010-02-18 21:09 . 2009-12-15 16:25    --------    d-----w-    c:\program files\MAGIX
2010-02-18 21:08 . 2009-09-16 17:01    12978    ----a-w-    c:\users\Niel\AppData\Roaming\nvModes.dat
2010-02-18 20:25 . 2009-09-16 16:37    138576    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-02-18 20:24 . 2009-09-16 16:37    215104    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-02-18 10:13 . 2009-09-16 15:10    691036    ----a-w-    c:\windows\system32\perfh010.dat
2010-02-18 10:13 . 2009-09-16 15:10    125116    ----a-w-    c:\windows\system32\perfc010.dat
2010-02-17 10:37 . 2009-09-16 20:45    --------    d-----w-    c:\users\Niel\AppData\Roaming\vlc
2010-02-09 10:31 . 2009-09-16 18:02    --------    d-----w-    c:\users\Niel\AppData\Roaming\Skype
2010-02-09 10:30 . 2009-09-16 18:08    --------    d-----w-    c:\users\Niel\AppData\Roaming\skypePM
2010-02-05 18:14 . 2009-09-16 16:12    --------    d-----w-    c:\programdata\Microsoft Help
2010-02-04 23:06 . 2009-12-07 12:54    --------    d-----w-    c:\program files\Google
2010-01-30 11:19 . 2009-09-16 18:56    --------    d-----w-    c:\program files\Java
2010-01-29 09:36 . 2009-10-11 16:30    --------    d-----w-    c:\program files\FMS
2010-01-19 22:05 . 2009-09-16 17:17    --------    d-----w-    c:\users\Niel\AppData\Roaming\Xfire
2010-01-16 15:38 . 2009-09-16 17:17    --------    d-----w-    c:\programdata\Xfire
2010-01-14 10:12 . 2009-10-03 17:23    181120    ------w-    c:\windows\system32\MpSigStub.exe
2010-01-13 12:23 . 2010-01-13 12:23    --------    d-----w-    c:\users\Niel\AppData\Roaming\Ahead
2010-01-11 13:24 . 2010-01-05 12:57    --------    d-----w-    c:\program files\UOAM
2010-01-06 11:24 . 2009-09-16 17:17    --------    d-----w-    c:\program files\Xfire
2010-01-05 11:50 . 2010-01-05 11:50    --------    d-----w-    c:\program files\EA Games
2010-01-05 11:50 . 2009-09-16 16:36    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-01-05 11:47 . 2010-01-05 11:47    --------    d-----w-    c:\program files\Razor
2009-12-22 23:59 . 2009-12-22 23:59    41872    ----a-w-    c:\windows\system32\xfcodec.dll
2009-12-22 12:06 . 2009-12-19 14:50    --------    d-----w-    c:\program files\Steam
2009-12-22 12:04 . 2009-10-11 18:46    413696    ----a-w-    c:\windows\system32\wrap_oal.dll
2009-12-22 12:04 . 2009-10-11 18:46    110592    ----a-w-    c:\windows\system32\OpenAL32.dll
2009-12-20 12:20 . 2009-12-20 12:21    36864    ----a-w-    c:\programdata\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2009-12-17 16:14 . 2009-09-16 18:56    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-12-16 09:56 . 2009-09-16 15:11    122952    ----a-w-    c:\users\Niel\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-13 14:52 . 2009-12-13 14:52    119808    ----a-r-    c:\users\Niel\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2009-12-09 13:09 . 2009-12-09 13:09    2560    ----a-w-    c:\windows\_MSRSTRT.EXE
2009-11-30 18:44 . 2009-11-30 18:44    876544    ----a-w-    c:\users\Niel\AppData\Roaming\serv.exe
2009-11-30 18:44 . 2009-11-30 18:44    876544    ----a-w-    c:\users\Niel\AppData\Roaming\serv.exe
2009-11-24 23:54 . 2009-09-16 17:54    1280480    ----a-w-    c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2009-09-16 17:55    114768    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-09-16 17:55    20560    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-09-16 17:54    53328    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2009-09-16 17:55    48560    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-16 17:55    23120    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-16 17:55    97480    ----a-w-    c:\windows\system32\AvastSS.scr
2009-05-01 21:02 . 2009-05-01 21:02    1044480    ----a-w-    c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02    200704    ----a-w-    c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04    9633792    --sha-r-    c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-04 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-04 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-27 4702208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
backup=c:\windows\pss\PDFCreator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Niel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Niel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50    155648    ----a-w-    c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12    1414144    ----a-w-    c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-12-19 14:51    1217808    ----a-w-    c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2008-08-18 07:24    90112    ----a-w-    c:\program files\MAGIX\Video_deluxe_15_Download-Version\Trayserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-19 21:16    222504    ------w-    c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]
2009-06-11 12:14    162912    ------w-    c:\program files\CyberLink\YouCam\YouCamTray.exe

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [16/09/2009 18:55 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [16/09/2009 18:55 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [16/09/2009 18:54 53328]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [10/06/2009 22:18 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [13/07/2009 23:13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [13/07/2009 23:13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [13/07/2009 23:13 661504]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28/03/2007 06:51 43008]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [16/09/2009 17:02 721904]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/12/2009 13:54 135664]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [15/12/2009 17:28 1527900]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 12:54]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 12:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Niel\AppData\Roaming\Mozilla\Firefox\Profiles\91vw1enb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it&source=iglk
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-apocalyp - (no file)
MSConfigStartUp-apocalyps32 - c:\windows\apocalyps32.exe
MSConfigStartUp-Cerberus - c:\windows\System32\Cerberus\server.exe
MSConfigStartUp-RemoveIT Pro v7Ent - c:\program files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-FMS - c:\program files\FMS\Uninstall.exe
AddRemove-HijackThis - c:\users\Niel\Desktop\HijackThis.exe


.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2010-02-19  01:14:23
ComboFix-quarantined-files.txt  2010-02-19 00:14

Pre-Run: 25.198.206.976 byte disponibili
Post-Run: 24.896.012.288 byte disponibili

- - End Of File - - 655747C7FB8141641BA135E097423532



EDIT: Dimenticavo che durante l'esecuzione del programma è apparso il seguente errore:

Impossibile esportare RegRuns00, Errore durante la scrittura sul file.
Potrebbe esserci un errore del disco o del file system.

Grazie
Torna in alto
 
r16
Inviato: Friday, February 19, 2010 2:11:44 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note, sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

Folder::
c:\program files\Cheat Engine

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]



e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.
Se noti anomalie, dopo la scansione, riavvia il pc.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log Sospetto Help Pls


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.