Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi potete controllare il log di hijack

2 pages: [1] 2
mi potete controllare il log di hijack Opzioni
Topic Precedente · Topic Sucessivo
hastdudie
Inviato: Wednesday, February 24, 2010 8:55:45 PM
Rank: Member

Iscritto dal : 4/6/2007
Posts: 24
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Programmi\SweetIM\Messenger\SweetIM.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRAMMI\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
C:\Programmi\Belkin\Software Bluetooth\BTTray.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\PrintKey2000\Printkey2000.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\KeyText\KeyText.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.register.epson-europe.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAMMI\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] C:\Documents and Settings\Utente PC\Dati applicazioni\java\msnmsgs.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: KeyText.lnk = C:\Programmi\KeyText\KeyText.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Nikon Monitor.lnk = C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Printkey2000.lnk = C:\Programmi\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Belkin\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Belkin\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Belkin\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Canasta - http://origin.games.yahoo.net/games/clients/y/yt2_x.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_04) -
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F441464-B562-494E-86F2-64AA3A361FF6}: NameServer = 85.37.17.7 85.38.28.95
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 12445 bytes
Torna in alto
 
Sponsor
Inviato: Wednesday, February 24, 2010 8:55:45 PM

 
Torna in alto
 
r16
Inviato: Wednesday, February 24, 2010 10:08:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non aprire per favore altri topic per lo stesso problema.

Da Installazione Applicazioni, disinstalla TUTTE le versioni installate di JAVA.
Installa questa:
http://www.aiutamici.com/software?ID=11134

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] C:\Documents and Settings\Utente PC\Dati applicazioni\java\msnmsgs.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Printkey2000.lnk = C:\Programmi\PrintKey2000\Printkey2000.exe
O16 - DPF: Yahoo! Canasta - http://origin.games.yahoo.net/games/clients/y/yt2_x.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_04) -
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) -

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Da Installazione Applicazioni, disinstalla TUTTE le versioni installate di JAVA.
Installa questa:
http://www.aiutamici.com/software?ID=11134

Riavvia il pc.

Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
Torna in alto
 
hastdudie
Inviato: Thursday, February 25, 2010 12:47:59 PM
Rank: Member

Iscritto dal : 4/6/2007
Posts: 24
Ciao, virus nessuno grazie ma l'account indesiderato non è scomparso

questo è il log Malwarebytes' Anti-Malware 1.44
Versione del database: 3788
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/02/2010 12.45.16
mbam-log-2010-02-25 (12-45-16).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 128413
Tempo trascorso: 5 minute(s), 31 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
r16
Inviato: Thursday, February 25, 2010 2:02:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
fdaccc
Inviato: Thursday, February 25, 2010 2:03:55 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
r16, la scansione non è completa.
Torna in alto
 
r16
Inviato: Thursday, February 25, 2010 2:07:02 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
fdaccc ha scritto:
r16, la scansione non è completa.

Non serve farla completa.
Serve la scansione con Combofix, ma evidentemente, hastdudie ha altro da fare.
Torna in alto
 
paolopa
Inviato: Thursday, February 25, 2010 2:12:03 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ciao r16,non mi ero accorto di due post uguali e avevo risposto nell altro,tra l altro attingendo a tue risoluzioni.se continui tu è meglio di sicuro.
Torna in alto
 
r16
Inviato: Thursday, February 25, 2010 2:28:47 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
paolopa ha scritto:
ciao r16,non mi ero accorto di due post uguali e avevo risposto nell altro,tra l altro attingendo a tue risoluzioni.se continui tu è meglio di sicuro.

No, continua tu.
Ma tanto sembra che abbia risolto. (forse)
Torna in alto
 
hastdudie
Inviato: Thursday, February 25, 2010 2:32:19 PM
Rank: Member

Iscritto dal : 4/6/2007
Posts: 24
scusa r16 ho fatto iò la scansione con combo fix, questo è il report

ComboFix 10-02-24.03 - Utente PC 25/02/2010 14.21.33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1471 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente PC\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100224-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Utente PC\Dati applicazioni\inst.exe
c:\recycler\S-1-5-21-1715567821-1177238915-725345543-1003
c:\recycler\S-1-5-21-1757981266-1292428093-725345543-1003
c:\recycler\S-1-5-21-527237240-854245398-1801674531-1003
c:\recycler\S-1-5-21-789336058-1202660629-725345543-1003
c:\windows\system32\ctfmon .exe
c:\windows\vVX1000 .exe
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Creati Da 2010-01-25 al 2010-02-25 )))))))))))))))))))))))))))))))))))
.

2010-02-25 11:51 . 2010-02-25 11:51 -------- d--h--w- c:\windows\PIF
2010-02-25 11:33 . 2010-02-25 11:33 -------- d-----w- c:\programmi\File comuni\Java
2010-02-25 11:31 . 2010-02-25 11:31 79488 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\Sun\Java\jre1.6.0_18\gtapi.dll
2010-02-25 11:31 . 2010-02-25 11:31 152576 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\Sun\Java\jre1.6.0_18\lzma.dll
2010-02-25 10:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-25 10:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-25 10:18 . 2010-02-25 10:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-02-25 10:18 . 2010-02-25 10:22 -------- d-----w- c:\programmi\SpywareBlaster
2010-02-24 21:36 . 2010-02-24 21:36 348160 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a81c8e-n\msvcr71.dll
2010-02-24 21:36 . 2010-02-24 21:36 503808 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a81c8e-n\msvcp71.dll
2010-02-24 21:36 . 2010-02-24 21:36 499712 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a81c8e-n\jmc.dll
2010-02-24 21:36 . 2010-02-24 21:36 61440 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-50df9eca-n\decora-sse.dll
2010-02-24 21:36 . 2010-02-24 21:36 12800 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-50df9eca-n\decora-d3d.dll
2010-02-24 21:36 . 2010-02-25 11:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-24 14:57 . 2010-02-25 12:46 -------- d-----w- c:\programmi\a-squared Anti-Malware
2010-02-24 14:34 . 2010-02-24 14:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-24 11:27 . 2010-02-24 11:27 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-02-24 11:21 . 2010-02-24 11:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-23 20:53 . 2010-02-23 20:53 -------- d-----w- c:\documents and settings\Utente PC\Dati applicazioni\Malwarebytes
2010-02-23 20:53 . 2010-02-23 20:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-23 20:53 . 2010-02-25 10:44 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-23 00:22 . 2010-02-23 00:23 -------- d-----w- c:\documents and settings\Utente PC\Dati applicazioni\java
2010-02-23 00:22 . 2010-02-23 00:22 49152 ---ha-w- c:\documents and settings\Utente PC\Dati applicazioni\java\msnmsgs.exe
2010-02-23 00:22 . 2010-02-23 00:22 49152 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\msnmsgs.exe
2010-02-05 11:28 . 2010-02-05 11:28 -------- d-----w- c:\programmi\DownloadToolz

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 12:47 . 2002-09-10 13:00 93414 ----a-w- c:\windows\system32\perfc010.dat
2010-02-25 12:47 . 2002-09-10 13:00 515148 ----a-w- c:\windows\system32\perfh010.dat
2010-02-25 12:46 . 2008-09-04 17:29 -------- d-----w- c:\programmi\Bit Che
2010-02-25 11:32 . 2008-02-07 10:03 -------- d-----w- c:\programmi\Java
2010-02-25 10:52 . 2007-10-15 20:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-02-24 18:46 . 2007-10-07 21:32 -------- d-----w- c:\programmi\DustBuster
2010-02-24 12:47 . 2009-04-07 14:53 -------- d-----w- c:\programmi\File comuni\Apple
2010-02-23 10:26 . 2008-07-26 21:39 -------- d-----w- c:\documents and settings\Utente PC\Dati applicazioni\uTorrent
2010-02-23 00:22 . 2007-10-07 03:12 76960 ----a-w- c:\documents and settings\Utente PC\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-22 21:55 . 2009-05-25 17:48 -------- d-----w- c:\programmi\KeyText
2010-02-22 21:55 . 2007-10-16 12:40 -------- d-----w- c:\programmi\eMule
2010-02-22 21:47 . 2009-11-27 14:13 -------- d-----w- c:\programmi\QuickTime
2010-02-20 21:24 . 2009-05-28 12:40 -------- d-----w- c:\programmi\Burraconline
2010-02-19 14:16 . 2008-02-27 00:32 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-02-05 10:44 . 2009-11-17 22:09 -------- d-----w- c:\programmi\vixy.net
2010-01-28 23:21 . 2008-12-12 17:02 -------- d-----w- c:\programmi\Google
2010-01-28 14:19 . 2008-02-07 15:03 -------- d-----w- c:\documents and settings\Utente PC\Dati applicazioni\Skype
2010-01-28 14:13 . 2008-02-07 15:08 -------- d-----w- c:\documents and settings\Utente PC\Dati applicazioni\skypePM
2010-01-22 15:57 . 2008-09-11 15:01 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-14 10:12 . 2009-10-16 16:30 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-18 13:37 . 2009-12-18 13:37 20299200 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\TomTom\HOME\Profiles\d2fwwasx.default\Updates\v2_7_3_1894_win.exe
2009-11-27 14:08 . 2009-11-27 14:08 79144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.
Code:
<pre>
c:\programmi\ClocX\ClocX .exe
c:\windows\system32\dla\tfswctrl .exe
</pre>


------- Sigcheck -------

[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

c:\windows\System32\ctfmon.exe ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\documents and settings\Utente PC\Menu Avvio\Programmi\Esecuzione automatica\
KeyText.lnk - c:\programmi\KeyText\KeyText.exe [2009-5-25 409600]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Lotus Organizer EasyClip.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Lotus QuickStart.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Lotus SmartCenter.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Lotus SuiteStart.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Utente PC^Menu Avvio^Programmi^Esecuzione automatica^Registrazione Lotus SmartSuite Versione 9.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Utente PC^Menu Avvio^Programmi^Esecuzione automatica^TimeLeft.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
~c:\programmi\Yahoo!\Messenger\YahooMessenger.exe [N/A]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"SweetIM"=c:\programmi\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\TavoliVerdi\\TavoliVerdi.exe"=
"c:\\Programmi\\TavoliVerdi\\TVControllo.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [29/07/2004 2.33.08 138780]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/03/2008 14.22.38 114768]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [29/07/2004 3.13.28 46779]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/03/2008 14.22.38 20560]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12.31.14 92008]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 18.19.58 13592]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\drivers\UsbFltr.sys [21/04/2003 16.58.22 11392]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [29/01/2010 0.21.59 135664]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [27/07/2008 20.42.55 8192]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-20 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4253618421.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]

2010-02-25 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-04-11 07:49]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-28 23:21]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-28 23:21]

2010-02-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-02-17 c:\windows\Tasks\WebReg 20100217143005.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-09 16:06]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www.register.epson-europe.com/
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Invia a &Bluetooth - c:\programmi\Belkin\Software Bluetooth\btsendto_ie_ctx.htm
TCP: {6F441464-B562-494E-86F2-64AA3A361FF6} = 85.37.17.7 85.38.28.95
DPF: Microsoft XML Parser for Java
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-Doctor Alex Antispyware - c:\programmi\Doctor Alex Antispyware\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 14:26
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xA860F000]<< >>UNKNOWN [0xBA918000]<< >>UNKNOWN [0xBA908000]<< >>UNKNOWN [0xBA779000]<< >>UNKNOWN [0x806D1000]<< >>UNKNOWN [0xBA70B000]<< >>UNKNOWN [0xBAB30000]<< >>UNKNOWN [0xBAB28000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0xba91cf28
\Driver\ACPI -> 0xba77fcb8
\Driver\atapi -> 0xba711852
IoDeviceObjectType -> DeleteProcedure -> 0x80579022
ParseProcedure -> 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> 0x80579022
ParseProcedure -> 0x80577c84
NDIS: Scheda Fast Ethernet VIA compatibile -> SendCompleteHandler -> 0xba5c7bb0
PacketIndicateHandler -> 0xba5d4a21
SendHandler -> 0xba5b287b
user & kernel MBR OK

**************************************************************************
.
Ora fine scansione: 2010-02-25 14:28:55
ComboFix-quarantined-files.txt 2010-02-25 13:28

Pre-Run: 76.548.943.872 byte disponibili
Post-Run: 76.535.418.880 byte disponibili

- - End Of File - - 4C65E312B280C38C7260C534E13661A1
Torna in alto
 
paolopa
Inviato: Thursday, February 25, 2010 2:48:39 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
combo ti ha eliminato un po di roba,se non sbaglio anche nell mbr,agganci del rootkit.riscontri ancora problemi?
posta un log di hijack
Torna in alto
 
r16
Inviato: Thursday, February 25, 2010 2:49:44 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Toh....visto che eri ancora "pieno"?
Prima vediamo di mettere a posto l'MBR:
Scarica MBR.EXE direttamente nella Directory C:\ (è importante che venga scaricato in C:\ )
http://www2.gmer.net/mbr/mbr.exe
Avvia il Pc in modalità provvisoria

Fai: Start - Esegui - copia-incolla questo comando: C:\mbr.exe -f e clicca su OK
Non digitare quel comando; FAI il copia-incolla.(si deve rispettare uno spazio che c'è dopo exe )
Posta il log, che troverai, dove hai scaricato il Tool, ovvero in C:\
Torna in alto
 
paolopa
Inviato: Thursday, February 25, 2010 2:52:02 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
meno male che ci sei tu,io pensavo che avesse provveduto combo....
Torna in alto
 
hastdudie
Inviato: Thursday, February 25, 2010 2:52:30 PM
Rank: Member

Iscritto dal : 4/6/2007
Posts: 24
ok ora provo, il pc è un po lento
Torna in alto
 
hastdudie
Inviato: Thursday, February 25, 2010 3:30:09 PM
Rank: Member

Iscritto dal : 4/6/2007
Posts: 24
ecco cosa è uscito
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Torna in alto
 
r16
Inviato: Thursday, February 25, 2010 3:36:39 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

FCopy::
c:\windows\ServicePackFiles\i386\ctfmon.exe|c:\windows\System32\ctfmon.exe

Folder::
c:\windows\Tasks


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
hastdudie
Inviato: Thursday, February 25, 2010 4:46:30 PM
Rank: Member

Iscritto dal : 4/6/2007
Posts: 24
finalmente sono riscito ad avere il report

ComboFix 10-02-24.03 - Utente PC 25/02/2010 16.28.30.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1481 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente PC\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Utente PC\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100224-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\ctfmon.exe --> c:\windows\System32\ctfmon.exe
.
((((((((((((((((((((((((( Files Creati Da 2010-01-25 al 2010-02-25 )))))))))))))))))))))))))))))))))))
.

2010-02-25 15:28 . 2008-04-14 02:14 15360 -c--a-w- c:\windows\system32\dllcache\ctfmon.exe
2010-02-25 15:28 . 2008-04-14 02:14 15360 ----a-w- c:\windows\system32\ctfmon.exe
2010-02-25 13:37 . 2010-02-25 13:38 -------- d-----w- c:\documents and settings\Utente PC\.calme
2010-02-25 13:37 . 2010-02-25 13:37 -------- d-----w- c:\programmi\Calme 2010
2010-02-25 11:51 . 2010-02-25 11:51 -------- d--h--w- c:\windows\PIF
2010-02-25 11:33 . 2010-02-25 11:33 -------- d-----w- c:\programmi\File comuni\Java
2010-02-25 11:31 . 2010-02-25 11:31 79488 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\Sun\Java\jre1.6.0_18\gtapi.dll
2010-02-25 11:31 . 2010-02-25 11:31 152576 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\Sun\Java\jre1.6.0_18\lzma.dll
2010-02-25 10:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-25 10:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-25 10:18 . 2010-02-25 10:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-02-25 10:18 . 2010-02-25 10:22 -------- d-----w- c:\programmi\SpywareBlaster
2010-02-24 21:36 . 2010-02-24 21:36 348160 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a81c8e-n\msvcr71.dll
2010-02-24 21:36 . 2010-02-24 21:36 503808 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a81c8e-n\msvcp71.dll
2010-02-24 21:36 . 2010-02-24 21:36 499712 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a81c8e-n\jmc.dll
2010-02-24 21:36 . 2010-02-24 21:36 61440 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-50df9eca-n\decora-sse.dll
2010-02-24 21:36 . 2010-02-24 21:36 12800 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-50df9eca-n\decora-d3d.dll
2010-02-24 21:36 . 2010-02-25 11:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-24 14:57 . 2010-02-25 12:46 -------- d-----w- c:\programmi\a-squared Anti-Malware
2010-02-24 14:34 . 2010-02-24 14:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-24 11:27 . 2010-02-24 11:27 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-02-24 11:21 . 2010-02-24 11:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-23 20:53 . 2010-02-23 20:53 -------- d-----w- c:\documents and settings\Utente PC\Dati applicazioni\Malwarebytes
2010-02-23 20:53 . 2010-02-23 20:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-23 20:53 . 2010-02-25 10:44 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-23 00:22 . 2010-02-23 00:23 -------- d-----w- c:\documents and settings\Utente PC\Dati applicazioni\java
2010-02-23 00:22 . 2010-02-23 00:22 49152 ---ha-w- c:\documents and settings\Utente PC\Dati applicazioni\java\msnmsgs.exe
2010-02-23 00:22 . 2010-02-23 00:22 49152 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\msnmsgs.exe
2010-02-05 11:28 . 2010-02-05 11:28 -------- d-----w- c:\programmi\DownloadToolz

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 15:29 . 2002-09-10 13:00 93414 ----a-w- c:\windows\system32\perfc010.dat
2010-02-25 15:29 . 2002-09-10 13:00 515148 ----a-w- c:\windows\system32\perfh010.dat
2010-02-25 13:48 . 2008-12-15 12:12 -------- d-----w- c:\programmi\CCleaner
2010-02-25 12:46 . 2008-09-04 17:29 -------- d-----w- c:\programmi\Bit Che
2010-02-25 11:32 . 2008-02-07 10:03 -------- d-----w- c:\programmi\Java
2010-02-25 10:52 . 2007-10-15 20:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-02-24 18:46 . 2007-10-07 21:32 -------- d-----w- c:\programmi\DustBuster
2010-02-24 12:47 . 2009-04-07 14:53 -------- d-----w- c:\programmi\File comuni\Apple
2010-02-23 10:26 . 2008-07-26 21:39 -------- d-----w- c:\documents and settings\Utente PC\Dati applicazioni\uTorrent
2010-02-23 00:22 . 2007-10-07 03:12 76960 ----a-w- c:\documents and settings\Utente PC\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-22 21:55 . 2009-05-25 17:48 -------- d-----w- c:\programmi\KeyText
2010-02-22 21:55 . 2007-10-16 12:40 -------- d-----w- c:\programmi\eMule
2010-02-22 21:47 . 2009-11-27 14:13 -------- d-----w- c:\programmi\QuickTime
2010-02-20 21:24 . 2009-05-28 12:40 -------- d-----w- c:\programmi\Burraconline
2010-02-19 14:16 . 2008-02-27 00:32 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-02-05 10:44 . 2009-11-17 22:09 -------- d-----w- c:\programmi\vixy.net
2010-01-28 23:21 . 2008-12-12 17:02 -------- d-----w- c:\programmi\Google
2010-01-28 14:19 . 2008-02-07 15:03 -------- d-----w- c:\documents and settings\Utente PC\Dati applicazioni\Skype
2010-01-28 14:13 . 2008-02-07 15:08 -------- d-----w- c:\documents and settings\Utente PC\Dati applicazioni\skypePM
2010-01-22 15:57 . 2008-09-11 15:01 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-14 10:12 . 2009-10-16 16:30 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-18 13:37 . 2009-12-18 13:37 20299200 ----a-w- c:\documents and settings\Utente PC\Dati applicazioni\TomTom\HOME\Profiles\d2fwwasx.default\Updates\v2_7_3_1894_win.exe
.
Code:
<pre>
c:\programmi\ClocX\ClocX .exe
c:\windows\system32\dla\tfswctrl .exe
</pre>


((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\documents and settings\Utente PC\Menu Avvio\Programmi\Esecuzione automatica\
KeyText.lnk - c:\programmi\KeyText\KeyText.exe [2009-5-25 409600]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Lotus Organizer EasyClip.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Lotus QuickStart.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Lotus SmartCenter.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Lotus SuiteStart.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Utente PC^Menu Avvio^Programmi^Esecuzione automatica^Registrazione Lotus SmartSuite Versione 9.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Utente PC^Menu Avvio^Programmi^Esecuzione automatica^TimeLeft.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
~c:\programmi\Yahoo!\Messenger\YahooMessenger.exe [N/A]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"SweetIM"=c:\programmi\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\TavoliVerdi\\TavoliVerdi.exe"=
"c:\\Programmi\\TavoliVerdi\\TVControllo.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [29/07/2004 2.33.08 138780]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/03/2008 14.22.38 114768]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [29/07/2004 3.13.28 46779]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/03/2008 14.22.38 20560]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [27/07/2008 20.42.55 8192]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12.31.14 92008]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 18.19.58 13592]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\drivers\UsbFltr.sys [21/04/2003 16.58.22 11392]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [29/01/2010 0.21.59 135664]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-20 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4253618421.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]

2010-02-25 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-04-11 07:49]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-28 23:21]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-28 23:21]

2010-02-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-02-17 c:\windows\Tasks\WebReg 20100217143005.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-09 16:06]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www.register.epson-europe.com/
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Invia a &Bluetooth - c:\programmi\Belkin\Software Bluetooth\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 16:37
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1320)
c:\windows\system32\WININET.dll
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\windows\system32\dla\tfswshx.dll
c:\windows\system32\tfswapi.dll
c:\windows\system32\dla\tfswcres.dll
c:\programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
c:\programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
c:\programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\Belkin\Software Bluetooth\bin\btwdins.exe
c:\windows\System32\GEARSec.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Microsoft LifeCam\MSCamS32.exe
c:\programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\Burraconline\BurracoClient.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-25 16:42:59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-25 15:42
ComboFix2.txt 2010-02-25 15:17
ComboFix3.txt 2010-02-25 15:07
ComboFix4.txt 2010-02-25 13:28

Pre-Run: 76.456.189.952 byte disponibili
Post-Run: 76.411.588.608 byte disponibili

- - End Of File - - B01D95E34A95C74008A8FCE93A79974C
Torna in alto
 
r16
Inviato: Thursday, February 25, 2010 6:33:54 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Posta un log aggiornato di HJT.
Torna in alto
 
hastdudie
Inviato: Thursday, February 25, 2010 6:34:38 PM
Rank: Member

Iscritto dal : 4/6/2007
Posts: 24
scusa la mia ignoranza, come si fa???
Torna in alto
 
hastdudie
Inviato: Thursday, February 25, 2010 6:38:21 PM
Rank: Member

Iscritto dal : 4/6/2007
Posts: 24
intendevi l'abbreviazione di HijackThis??
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi potete controllare il log di hijack


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.