file windows/sistem 32 / dskypqas.exe - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » file windows/sistem 32 / dskypqas.exe

file windows/sistem 32 / dskypqas.exe

Opzioni

Topic Precedente · Topic Sucessivo

tuscany

Inviato: Wednesday, September 03, 2008 4:12:00 PM

Rank: Member

Iscritto dal : 7/24/2007
Posts: 17

Avrei bisogno di informazioni sul file Windows / system 32 / dskypqas. exe . Credo sia infettato : ogni volta che mi connetto ad internet questo file chiede di connettersi ad un indirizzo ; l' unica cosa che sono riuscito a fare è di bloccarlo con il firewall ( se consento a farlo collegare subito dopo l'antivirus elimina un troyan ). Qualcuno saprebbe darmi qualche consiglio ?

Torna in alto

Sponsor

Inviato: Wednesday, September 03, 2008 4:12:00 PM

Torna in alto

pidue

Inviato: Wednesday, September 03, 2008 4:24:13 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332

tuscany ha scritto:

Posta un log di HijackThis, così si vede meglio.

Torna in alto

tuscany

Inviato: Sunday, September 07, 2008 2:57:31 PM

Rank: Member

Iscritto dal : 7/24/2007
Posts: 17

Anzitutto mi scuso conPidue per il ritardo con cui rispondo ma proprio ho avuto un periodo terribile . Allego il log di Hijack: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49, on 2008-09-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hamlet\Adsl\dslstat.exe
C:\Program Files\Hamlet\Adsl\dslagent.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\HPQ\Shared\hpqwmi.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\windows\system32\wuauclt.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Hamlet\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Hamlet\Adsl\dslagent.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programmi\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Local Website Archive - C:\Documents and Settings\Pierfilippo\Dati applicazioni\aignes\Local Website Archive\config\iearc.htm
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {057869FF-C922-4FDE-9F88-CD326DED1EC4} - C:\Programmi\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {057869FF-C922-4FDE-9F88-CD326DED1EC4} - C:\Programmi\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra button: Add to Local Website Archive - {9297A231-F384-408B-BAD6-453145F8DC7A} - C:\Programmi\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra button: Start Local Website Archive - {A22D8BAD-DFE7-47E5-A700-01CC17FE53A0} - C:\Programmi\Local Website Archive\wsarc.exe (HKCU)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\Shared\hpqwmi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe

--
End of file - 8861 bytes
Aggiungo che il mio antivirus mi segnala che all'accensione del pc un programma sconosciuto tenta di modificare qualcosa nell'antivirus stesso ....... sono piuttosto preoccupato

Torna in alto

tuscany

Inviato: Sunday, September 07, 2008 4:00:54 PM

Rank: Member

Iscritto dal : 7/24/2007
Posts: 17

Ho fatto una scansione pure con combofix. Ti invio il log. ComboFix 08-09-05.03 - Pierfilippo 2008-09-07 15:45:20.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.521 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Pierfilippo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-08-07 al 2008-09-07 )))))))))))))))))))))))))))))))))))
.

2008-09-05 16:57 . 2008-09-05 17:09 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-05 16:57 . 2008-09-05 17:09 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-05 16:56 . 2008-09-05 16:56 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-09-05 16:56 . 2008-09-07 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-09-05 16:56 . 2008-09-07 12:26 2,182,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-05 16:56 . 2008-09-07 15:43 344,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-05 16:56 . 2008-09-07 12:26 18,132 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-05 16:56 . 2008-09-07 15:43 2,256 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-03 16:28 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-09-02 17:39 . 2008-09-02 17:39 2,855 --a------ C:\WINDOWS\system32\dskvpqas.PIF
2008-08-21 16:16 . 2008-08-21 16:16 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-21 16:15 . 2008-07-22 16:45 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-21 16:14 . 2008-07-22 16:45 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-21 16:14 . 2008-07-22 16:45 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-14 16:17 . 2008-05-01 16:34 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 16:15 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-08 23:46 . 2008-09-02 16:53 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-08-08 23:46 . 2008-08-08 23:46 <DIR> d-------- C:\Documents and Settings\Pierfilippo\Dati applicazioni\Malwarebytes
2008-08-08 23:46 . 2008-08-08 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-08-08 23:46 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-08 23:46 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 15:22 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-05 15:22 --------- d-----w C:\Programmi\SpywareBlaster
2008-08-23 13:41 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-08-21 14:16 --------- d-----w C:\Programmi\Windows Desktop Search
2008-08-19 15:09 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-07-22 12:12 --------- d-----w C:\Programmi\Windows Defender
2008-07-16 14:46 --------- d-----w C:\Programmi\AbiSuite2
2008-07-13 14:26 --------- d-----w C:\Programmi\Trend Micro
2008-07-10 15:27 --------- d-----w C:\Programmi\Panasonic
2008-07-10 15:22 --------- d-----w C:\Programmi\Java
2008-07-07 20:27 253,952 ----a-w C:\windows\system32\es.dll
2008-07-01 15:42 81,984 ----a-w C:\windows\system32\bdod.bin
2008-06-24 16:42 74,240 ----a-w C:\windows\system32\mscms.dll
2008-06-23 16:15 826,368 ----a-w C:\windows\system32\wininet.dll
2008-06-20 17:46 247,296 ----a-w C:\windows\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-07-25 344064]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"hpWirelessAssistant"="C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"DSLSTATEXE"="C:\Program Files\Hamlet\Adsl\dslstat.exe" [2005-10-24 344064]
"DSLAGENTEXE"="C:\Program Files\Hamlet\Adsl\dslagent.exe" [2005-08-25 65536]
"SynTPStart"="C:\Programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

C:\Documents and Settings\Pierfilippo\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1\ESECUZ~1\
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-05-12 581693]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Add to Local Website Archive - C:\Documents and Settings\Pierfilippo\Dati applicazioni\aignes\Local Website Archive\config\iearc.htm
O8 -: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 -: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O18 -: Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~1\DOWNLO~1\mdpph.dll
O18 -: Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~1\DOWNLO~1\mdpph.dll
O18 -: Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~1\DOWNLO~1\mdpph.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 15:47:13
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-09-07 15:48:57
ComboFix-quarantined-files.txt 2008-09-07 13:48:44

Pre-Run: 91,522,383,872 byte disponibili
Post-Run: 91,526,430,720 byte disponibili

120 --- E O F --- 2008-09-05 15:17:55

Torna in alto

tuscany

Inviato: Tuesday, September 09, 2008 3:30:20 PM

Rank: Member

Iscritto dal : 7/24/2007
Posts: 17

Nessuno può controllarmi per favore il log ? Grazie

Torna in alto

pidue

Inviato: Tuesday, September 09, 2008 4:05:44 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332

Arrivo!
Il log è a posto e ComboFix nulla trovò. Secondo me dovresti analizzare il file su virustotal. Zippa il file, collegati al sito, clicca su Sfoglia, carica il file e poi clicca sul pulsante Send File.
Riferisci il responso.

Ciao.

Torna in alto

tuscany

Inviato: Tuesday, September 09, 2008 4:11:50 PM

Rank: Member

Iscritto dal : 7/24/2007
Posts: 17

Grazie mille pidue! Provo a fare quanto mi suggerisci e poi ti faccio sapere

Torna in alto

tuscany

Inviato: Friday, September 12, 2008 4:49:36 PM

Rank: Member

Iscritto dal : 7/24/2007
Posts: 17

PROBLEMA RISOLTO .......o almeno spero .Era un troyan , l'ho fatto fuori . GRazie ancora pidue

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » file windows/sistem 32 / dskypqas.exe

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded