Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

internet dirottato Opzioni
stulfy66
Inviato: Wednesday, April 15, 2009 10:00:55 PM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
sto disinstallando avg ,mi dispiace un pò, mi ci ero affezionato.
ora scarico avira. , scansiono.....ma il log come lo faccio da avira o da hijackthis?
grazie r16
r16
Inviato: Wednesday, April 15, 2009 10:14:34 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao stulfy66 .
Guarda che non voglio importi Avira, (ci mancherebbe altro!)
Mi serve soltanto, per ripulirti meglio il pc, in quanto come antivirus puro, è il migliore,a mio parere.
Ha un difetto: non scansiona le E-Mail in arrivo, ma come Data-Base, Euristica, rilevamento falsi positivi, è migliore di AVG.
Ripeto: lo possiamo sempre disistallare, e reistallare AVG.
Il log deve essere di Avira, HJT non centra niente.
stulfy66
Inviato: Wednesday, April 15, 2009 10:17:52 PM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
r16 la mia era una battuta di spirito ah aha ha io sono quello che nono sa. tanto di cappello a chi come te si prodiga cosi' tanto per quelli come me.
stulfy66
Inviato: Wednesday, April 15, 2009 11:06:44 PM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
fatta anche la scansione con avira. eccola:



Avira AntiVir Personal
Report file date: mercoledì 15 aprile 2009 22:17

Scanning for 1354334 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : NOME-9D2E4466D8

Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 24/03/2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 10:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01/04/2009 20:15:21
ANTIVIR3.VDF : 7.1.3.57 266240 Bytes 15/04/2009 20:15:23
Engineversion : 8.2.0.143
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 15:36:42
AESCRIPT.DLL : 8.1.1.75 373113 Bytes 15/04/2009 20:15:37
AESCN.DLL : 8.1.1.10 127348 Bytes 15/04/2009 20:15:36
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
AEPACK.DLL : 8.1.3.12 397687 Bytes 15/04/2009 20:15:35
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
AEHEUR.DLL : 8.1.0.116 1708407 Bytes 15/04/2009 20:15:34
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
AEGEN.DLL : 8.1.1.34 340340 Bytes 15/04/2009 20:15:25
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 15/04/2009 20:15:24
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 05:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 13:55:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Programmi\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: delete
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: mercoledì 15 aprile 2009 22:17

Starting search for hidden objects.
'38030' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'VzRs.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'VzFw.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'SPMgr.exe' - '1' Module(s) have been scanned
Scan process 'ISBMgr.exe' - '1' Module(s) have been scanned
Scan process 'VCSW.exe' - '1' Module(s) have been scanned
Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'TUProgSt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
49 processes with 49 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '60' files ).


Starting the file scan:

Begin scan in 'C:\' <VAIO>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\saretta\Desktop\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\psexec.cfexe
[1] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the APPL/PsExec.E application
[NOTE] A backup was created as '4a53422a.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{C2ED04C9-B483-4D4F-83BF-03B22D5ED687}\RP104\A0015503.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] A backup was created as '4a1647fe.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{C2ED04C9-B483-4D4F-83BF-03B22D5ED687}\RP104\A0015504.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] A backup was created as '4b90587f.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{C2ED04C9-B483-4D4F-83BF-03B22D5ED687}\RP104\A0015505.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] A backup was created as '4a164700.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{C2ED04C9-B483-4D4F-83BF-03B22D5ED687}\RP104\A0015509.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] A backup was created as '4b905881.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{C2ED04C9-B483-4D4F-83BF-03B22D5ED687}\RP104\A0015510.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] A backup was created as '4a164702.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{C2ED04C9-B483-4D4F-83BF-03B22D5ED687}\RP104\A0015511.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] A backup was created as '4b905883.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{C2ED04C9-B483-4D4F-83BF-03B22D5ED687}\RP111\A0016072.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\psexec.cfexe
[1] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the APPL/PsExec.E application
[NOTE] A backup was created as '4a16481d.qua' ( QUARANTINE )
[NOTE] The file was deleted!
Begin scan in 'D:\' <VAIO>


End of the scan: mercoledì 15 aprile 2009 23:02
Used time: 45:08 Minute(s)

The scan has been done completely.

8138 Scanned directories
313241 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
8 files were deleted
0 Viruses and unwanted programs were repaired
8 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
313231 Files not concerned
7328 Archives were scanned
2 Warnings
10 Notes
38030 Objects were scanned with rootkit scan
0 Hidden objects were found

cosa mi dici?
ciao r16
r16
Inviato: Wednesday, April 15, 2009 11:19:01 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Dico che ha eliminato 8 virus che si trovavano nella cartella dei ripristini.
Per sicurezza fai queste operazioni;
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Poi:
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Riavvia il pc.
Riattiva il ripristino configurazione di sistema.
Se il pc risponde bene, e non riscontri problemi, direi che sei a posto.
Se hai domande o dubbi, non farti problemi, riferisci pure.
stulfy66
Inviato: Wednesday, April 15, 2009 11:37:46 PM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
r16 fatto tutto , la scansione con hijackthis non ha rilevato alcunche e al momento va tutto bene.
cosa dici è finita la tribulata?
r16
Inviato: Thursday, April 16, 2009 12:11:52 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
stulfy66 ha scritto:
r16 fatto tutto , la scansione con hijackthis non ha rilevato alcunche e al momento va tutto bene.
cosa dici è finita la tribulata?


No, per me non sarebbe finita, in quanto hai una chiave del registro che ha il virus Knight.exe .
E' solo una chiave, e chissà da quanto tempo si trova li'.
Il problema è che se per caso inserisci una chiavetta infetta, fai partire anche il virus.
Finchè, inserisci chiavette pulite, non succede niente, ma se inserisci una chiavetta infetta dall'"Autorum.Inf" sei fregato.
Si potrebbe provare a toglierla manualmente, ma mettere le mani sull'Editor del Registro, è sempre un'operazione delicata.
C'è il rischio di peggiorare le cose.
stulfy66
Inviato: Thursday, April 16, 2009 12:20:50 AM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
il pc funziona bene,hai già fatto l'inverosimile per me non addentriamoci in altri meandri oscuri di windows. non posso far altro che ringraziarti per tutto quello che hai fatto,per tutto il tempo ( tanto ) che mi hai dedicato. non bastano certo queste due righe per dirti 100000000000000000 di grazie r16 !!!!!!!
r16
Inviato: Thursday, April 16, 2009 12:31:56 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Di niente,stulfy66 .
Ciao!
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.