Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

controllo log Opzioni
danielsun
Inviato: Tuesday, May 29, 2007 11:23:57 PM

Rank: Member

Iscritto dal : 6/30/2006
Posts: 0
Logfile of HijackThis v1.99.1
Scan saved at 23.20.21, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmi\Logitech\ImageStudio\LogiTray.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\FastMail\TrayIndicator_it.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmi\AdunanzA\eMule_AdnzA.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\ClamWin\bin\ClamWin.exe
C:\Programmi\ClamWin\bin\clamscan.exe
C:\Documents and Settings\daniela\Documenti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmi\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [nwyaud.exe] C:\DOCUME~1\daniela\IMPOST~1\Temp\nwyaud.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\rjjbckmv.dll",realset
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Indicatore FastMail.lnk = C:\Programmi\FastMail\TrayIndicator_it.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 3.74\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.04\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe

Sponsor
Inviato: Tuesday, May 29, 2007 11:23:57 PM

 
danielsun
Inviato: Wednesday, May 30, 2007 10:57:09 PM

Rank: Member

Iscritto dal : 6/30/2006
Posts: 0
nessuno me lo controlla?
mi si aprono pagine indirizzate a siti porno o pagine che simulano siti di antivirus o simili. uno dei link è questo http://www.amaena.com/securityworm81/?p=3andax=1&ex=1&h=10&mpt=1180558502&aid=ffnm_ik_wavff_kw2&lid=symantec:3E&affid=ffnm_67308_3F3AA5700DFD11DCA542003048895BFC_c8b94770+BF2CE370FE9743308843861734B71375
linfer
Inviato: Thursday, May 31, 2007 9:07:21 PM
Rank: Member

Iscritto dal : 3/5/2004
Posts: 3
Ciao, perchè non lo fai in automatico?
Ti spiego come (io ) procedo. Praticamente quello che tu hai inviato nel forum lo selezioni tutto e Control C.= Dopo di chè apri questo sito " http://www.hijackthis.de/index.php#anl " e giù giù lo incolli nel riquadro che trovi e quindi clicchi su analizza. Dopo pochi secondi ti compare tutta la situazione.

Io l'ho fatto per te:

O4 - HKLM\..\Run: [nwyaud.exe] C:\DOCUME~1\daniela\IMPOST~1\Temp\nwyaud.exe (questo è rosso e ti conviene cancellarlo, )

Mentre quelli che seguono sono programmi dubbi che lui non conosce.

Spero di esserti stato utile.
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\rjjbckmv.dll",realset
O4 - Startup: Indicatore FastMail.lnk = C:\Programmi\FastMail\TrayIndicator_it.exe



danielsun
Inviato: Friday, June 01, 2007 1:38:58 AM

Rank: Member

Iscritto dal : 6/30/2006
Posts: 0
visto che ormai appena apro hijack mi si apre subito l'errore che me lo chiude, c'è un'altro modo per eliminare il virus?
danielsun
Inviato: Sunday, June 03, 2007 11:29:36 AM

Rank: Member

Iscritto dal : 6/30/2006
Posts: 0
vi invio il nuovo log, penso di aver fatto qualche errore, penso di aver cancellato qualcosa di troppo, ma i problemi non sono stati risolti! provate a vedere un pò voi....

Logfile of HijackThis v1.99.1
Scan saved at 11.27.59, on 03/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmi\Logitech\ImageStudio\LogiTray.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\DOCUME~1\daniela\IMPOST~1\Temp\coqzka.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\daniela\Documenti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINDOWS\system32\tuvuutu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\ecpupetc.dll
O2 - BHO: (no name) - {E03F96F2-DDA0-4810-B01D-F331496BF2D3} - C:\WINDOWS\system32\awvtu.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmi\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\rjjbckmv.dll",realset
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [wfbrna.exe] C:\DOCUME~1\daniela\IMPOST~1\Temp\wfbrna.exe
O4 - HKLM\..\Run: [coqzka.exe] C:\DOCUME~1\daniela\IMPOST~1\Temp\coqzka.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 3.74\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.04\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll (file missing)
O20 - Winlogon Notify: tuvuutu - tuvuutu.dll (file missing)
O20 - Winlogon Notify: winbue32 - C:\WINDOWS\SYSTEM32\winbue32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
pidue
Inviato: Sunday, June 03, 2007 12:18:00 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ciao, non sei messa tanto bene, esegui la seguente procedura:

Chiudi HijackThis in una cartella a lui dedicata (possibilmente non sul desktop), altrimenti perdi i backup;

<b>disattiva il ripristino configurazione del sistema</b>:
tasto destro sull’icona Risorse del computer >> Proprietà >> Ripristino configurazione di sistema: togli la spunta dal quadratino dove c’è scritto :
<i>disattiva ripristino configurazione di sistema su tutte le unità</i>;

<b>avvia il computer in modalità provvisoria</b>:
riavvia il computer prima che si carichi Windows , premi ripetutamente il tasto F8;

<b>rendi visibili le cartelle nascoste in questo modo</b>:
da Risorse del computer:
Strumenti >> Opzioni cartella >> visualizzazione;
metti la spunta su:
<i>Visualizza file e cartelle nascoste</i>;
togli la spunta da:
<i>Nascondi file protetti del sistema(consigliato)</i>


Avvia hijackthis, con tutte le applicazioni chiuse, premi su <b>Do a system scan only</b> , spunta ed elimina <b>(fix checked)</b> le seguente righe:


<font color=red>
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINDOWS\system32\tuvuutu.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E03F96F2-DDA0-4810-B01D-F331496BF2D3} - C:\WINDOWS\system32\awvtu.dll (file missing)
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\rjjbckmv.dll",realset
O4 - HKLM\..\Run: [wfbrna.exe] C:\DOCUME~1\daniela\IMPOST~1\Temp\wfbrna.exe
O4 - HKLM\..\Run: [coqzka.exe] C:\DOCUME~1\daniela\IMPOST~1\Temp\coqzka.exe
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll (file missing)
O20 - Winlogon Notify: tuvuutu - tuvuutu.dll (file missing)
O20 - Winlogon Notify: winbue32 - C:\WINDOWS\SYSTEM32\winbue32.dll
</font id=red>



Cancella i seguenti file in rosso, di cui ti do il percorso:
___________________________________________
C:\DOCUME~1\daniela\IMPOST~1\Temp\<font color=red>coqzka.exe</font id=red>
C:\WINDOWS\system32\<font color=red>tuvuutu.dll</font id=red></font id=red> ---- > questo file potrebbe non esistere;
C:\WINDOWS\system32\<font color=red>awvtu.dll</font id=red> ----- > come sopra;
C:\WINDOWS\SYSTEM32\<font color=red>winbue32.dll</font id=red>
C:\DOCUME~1\daniela\IMPOST~1\Temp\<font color=red>wfbrna.exe[/red]



<b>NB</b>
La riga <i>C:\DOCUME~1\daniela\IMPOST~1\Temp</i> sta per
<i>C:\Documents and Settings\daniela\Impostazioni locali\Temp</i>

____________________________________________

Svuota la cartella <b>temp</b> di tutti i file che trovi.

Segui il punto <b>1</b> al seguente link:
http://www.microsoft.com/italy/technet/community/mvp/editoriali/spyware.mspx

svuota il Cestino;
fai un controllo antivirus a questo indirizzo:

http://security.symantec.com/sscv6/default.asp?productid=globalsitesandlangid=itandvenid=sym


<b>Alla fine:</b>

rinascondi le cartelle di sistema;
riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Pubblica un log aggiornato.




danielsun
Inviato: Sunday, June 03, 2007 7:01:45 PM

Rank: Member

Iscritto dal : 6/30/2006
Posts: 0
una volta fatta la scansione online, i file infetti devo rimuoverli a mano??
pidue
Inviato: Sunday, June 03, 2007 7:09:49 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Tu devi rimuovere a mano quelli che ti ho indicato e fixare le righe come suggerito.
Se la scansione on-line ti trova virus, posta il reseconto della scansione.
Ciao.



danielsun
Inviato: Sunday, June 03, 2007 7:10:25 PM

Rank: Member

Iscritto dal : 6/30/2006
Posts: 0
58356 files scanned, 15 file(s) infected on your disk drives.


No viruses were detected in memory.

Your computer is free of known threats. Virus Detection does not check compressed files.

Your computer appears safe for now. For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security™.

No viruses were detected in memory.

The scan was cancelled before finishing. To restart the scan, click here.

Your computer is free of known threats. Virus Detection does not check compressed files.

Your computer appears safe for now. For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security™.

Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.

Warning! The scan detected a virus that is active in your computer's memory.
The scan ended to prevent further infection.

You should shut down your computer immediately and restart it with an antivirus rescue disk or similar tool.


No viruses were detected in memory.

Your computer is infected with at least one known virus or Trojan horse.

Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.


No viruses were detected in memory.

Your computer is infected with at least one known virus or Trojan horse.

Note: The scan was cancelled before finishing. There may be more infected files on this computer.

Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.


A scan has not been run. To start Virus Detection, click here.

C:\WINDOWS\Temp\win1B2.tmp.exe is infected with Downloader
C:\WINDOWS\Temp\win2A3.tmp.exe is infected with Downloader
C:\WINDOWS\Temp\win2A8.tmp.exe is infected with Downloader
C:\WINDOWS\Temp\win54E.tmp.exe is infected with Downloader
C:\WINDOWS\Temp\win6A3.tmp.exe is infected with Downloader
C:\WINDOWS\Temp\win7B.tmp.exe is infected with Downloader
C:\WINDOWS\Temp\winCEB.tmp.exe is infected with Downloader
C:\WINDOWS\Temp\winEF.tmp.exe is infected with Downloader
C:\WINDOWS\Temp\winF0.tmp.exe is infected with Downloader
C:\WINDOWS\Temp\winF1.tmp.exe is infected with Downloader
C:\WINDOWS\Temp\winF6.tmp.exe is infected with Downloader
C:\WINDOWS\Temp\__delete_on_reboot__w_i_n_C_E_2_._t_m_p_._e_x_e_ is infected with Downloader
C:\WINDOWS\system32\lsmeimap.dll is infected with Trojan.Vundo
C:\WINDOWS\system32\r is infected with Trojan.Vundo
C:\Documents and Settings\daniela\Impostazioni locali\Temporary Internet Files\Content.IE5\JUWN7TCT\srvjvo[1].exe is infected with Downloader


pidue
Inviato: Sunday, June 03, 2007 8:07:53 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ciao, la maggior parte dei virus si trovano nella cartella C:\windows1temp, l'ultimo si trova nei file temporanei Internet.
Fai una scansione <b>in modalità provvisoria </b> col tuo Avast, non dovresti incontrare difficoltà a rimuoverli. Prima di avviare la scansione, <b>disattiva il ripristino configurazione di sistema </b> come ti ho suggerito.
Fammi sapere.
Ciao.



danielsun
Inviato: Tuesday, June 12, 2007 1:59:44 AM

Rank: Member

Iscritto dal : 6/30/2006
Posts: 0
ciao....non ho più fatto sapere niente per il semplice motivo che mi sono stufata di lottare contro tutti i virus, sto solo aspettando il momento migliore per formattare!
grazie dell'aiuto...
DoctoRthc
Inviato: Tuesday, June 12, 2007 2:10:47 AM
Rank: Member

Iscritto dal : 6/11/2007
Posts: 0
ciao!
io mi sono appena iscritto al forum perchè ho letto il tuo problema!!!
ho una situazione simile alla tua solo che in piu ora mi si blocca anche la formattazione! non mi riesce piu!
spero di risolvere....come te del resto...:)
ciao!
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.