Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Virus,comportamento strano, improvvisamente si blocca fino a quando non inserisco delle lettere che Opzioni
rendipiero
Inviato: Thursday, March 11, 2010 12:57:04 AM
Rank: Newbie

Iscritto dal : 11/28/2008
Posts: 7
Buonasera, qualcuno riesce ad aiutarmi???
Ho preso un virus. Oltre ad aprirmi pagine strane, ma spesso si blocca fino a quando non inserisco delle lettere che compaiono a video e con il seguente messaggio "enter both words below, separated by a space"


Scan saved at 19.21.36, on 10/03/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Geniosoft\Gold\maestro.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Proprietario\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sysfbtray] C:\Windows\bill103.exe
O4 - HKLM\..\Run: [Captcha21] rundll "C:\Program Files\captcha21.dll",captcha
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [libipwha] rundll32.exe "C:\Users\Proprietario\AppData\Roaming\ahfdxdyg.dll",tzpaczn
O4 - HKCU\..\Run: [wisac] "c:\users\proprietario\appdata\local\wisac.exe" wisac
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [lqdchu] "c:\users\proprietario\appdata\local\lqdchu.exe" lqdchu
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Conviva LivePass) -
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://194.244.16.117/g_bin/eng/poker_2_0_0_49.cab
O16 - DPF: {A1FE3DE0-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Demon) - http://194.244.16.117/g_bin/eng/demon_2_0_0_30.cab
O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://194.244.16.117/g_bin/eng/pirate_2_0_0_30.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://194.244.16.117/g_bin/eng/wordssingle_2_0_0_48.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{753BD319-3788-4273-9E68-0522B59F173B}: NameServer = 193.70.152.15,193.70.152.25
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: webserver - Unknown owner - C:\Program Files\webserver\webserver.exe
O23 - Service: XZVW - Sysinternals - www.sysinternals.com - C:\Users\PROPRI~1\AppData\Local\Temp\XZVW.exe

--
End of file - 10885 bytes
Sponsor
Inviato: Thursday, March 11, 2010 12:57:04 AM

 
paolopa
Inviato: Thursday, March 11, 2010 7:03:22 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
il log rileva alcune infezioni,vediamo che si puo' fare:scarica mbam,aggiornalo e fai una scansione completa,se rileva infezioni(ma mi stupirei del contrario)posta il log che ti rilascera'.
http://software.aiutamici.com/software?ID=80346
rendipiero
Inviato: Thursday, March 11, 2010 10:20:48 AM
Rank: Newbie

Iscritto dal : 11/28/2008
Posts: 7
Innanzitutto grazie!
Ho provato una scansione con Malwarebytes, il problema è che non mi fa aggiornare il database. é aggiornato al 2008.
paolopa
Inviato: Thursday, March 11, 2010 10:36:16 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
andiamo bene allora.prova cosi':
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX chiudi la connessione disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
se non riesci con il tuo pc a scaricarlo mettilo su una pendrive da un altro pc,e segui la procedura.
se ci sono difficolta' fixiamo le voci con hijack.
rendipiero
Inviato: Thursday, March 11, 2010 1:11:37 PM
Rank: Newbie

Iscritto dal : 11/28/2008
Posts: 7
Sono riuscito ad aggiornarlo ed ecco il risultato della scansione con Malwarebytes:
Faccio comunque la procedure descritta su?


Malwarebytes' Anti-Malware 1.44
Versione del database: 3510
Windows 6.0.6000
Internet Explorer 7.0.6000.16711
11/03/2010 12.40.53
mbam-log-2010-03-11 (12-40-53).txt
Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 215536
Tempo trascorso: 45 minute(s), 21 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 2
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 6
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wisac (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lqdchu (Trojan.Agent.H) -> Quarantined and deleted successfully.
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
C:\Downloads\get.php (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Proprietario\AppData\Local\Temp\zpskon_1267927671.exe (Worm.Koobface) -> Quarantined and deleted successfully.
shapiro
Inviato: Thursday, March 11, 2010 1:21:16 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
scusate l'intromissione

rendipiero sei sicuro di averlo aggiornato? la versione e' 3510 mentre col nuovo aggiornamento( l'ho fatto pochi minuti fa) siamo alla 3851
paolopa
Inviato: Thursday, March 11, 2010 1:38:49 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
shapiro ha ragione,siamo alla versione da lui detta,ho aggiornato anch io per scansionare un file che ho scaricato.
credo che sia bene che esegui anche combofix,cosi' magari sondiamo piu' a fondo.
@shapiro:nessuna intromissione,anzi....se secondo te è meglio fare qualcos altro dillo tranquillamente,io ho solo da imparare.non ho fatto fixare le voci perchè preferisco che lo facciano i software,ma se pensi che sia meglio digli serenamente cio che deve fare.
shapiro
Inviato: Thursday, March 11, 2010 4:35:32 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
apri hijackthis e premi Do a system scan only

spunta queste voci e premi fix checked

elimina le toolbar da pannello di controllo e procedi con la scansione indicata da paolopa

Code:
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKCU\..\Run: [wisac] "c:\users\proprietario\appdata\local\wisac.exe" wisac

O4 - HKCU\..\Run: [lqdchu] "c:\users\proprietario\appdata\local\lqdchu.exe" lqdchu

O4 - HKLM\..\Run: [Captcha21] rundll "C:\Program Files\captcha21.dll",captcha

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe


rendipiero
Inviato: Monday, March 22, 2010 8:30:48 PM
Rank: Newbie

Iscritto dal : 11/28/2008
Posts: 7
Buonasera....ecco finalmente la scanzione che mi avete chiesto col combofix.


ComboFix 10-03-21.05 - Proprietario 22/03/2010 19.04.44.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.39.1040.18.1022.450 [GMT 1:00]
Eseguito da: c:\users\Proprietario\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\webserver
c:\users\Proprietario\AppData\Local\010112010146111103.xxe
c:\users\Proprietario\AppData\Local\lqdchu.dat
c:\users\Proprietario\AppData\Local\lqdchu_nav.dat
c:\users\Proprietario\AppData\Local\lqdchu_navps.dat
c:\users\Proprietario\AppData\Local\rdr_1267902418.exe
c:\users\Proprietario\AppData\Local\rdr_1267902419.exe
c:\users\Proprietario\AppData\Local\rdr_1267902420.exe
c:\users\Proprietario\AppData\Local\rdr_1267902421.exe
c:\users\Proprietario\AppData\Local\rdr_1268210151.exe
c:\users\Proprietario\AppData\Local\rdr_1268211286.exe
c:\users\Proprietario\AppData\Local\rdr_1268237198.exe
c:\users\Proprietario\AppData\Local\rdr_1268237898.exe
c:\users\Proprietario\AppData\Local\rdr_1268244325.exe
c:\users\Proprietario\AppData\Local\rdr_1268296746.exe
c:\users\Proprietario\AppData\Local\rdr_1268297059.exe
c:\users\Proprietario\AppData\Local\rdr_1268302156.exe
c:\users\Proprietario\AppData\Local\rdr_1268302462.exe
c:\users\Proprietario\AppData\Local\wisac_nav.dat
c:\users\Proprietario\AppData\Local\wisac_navps.dat
c:\windows\bill103.exe
c:\windows\ligh
c:\windows\system32\Connect.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_webserver


((((((((((((((((((((((((( Files Creati Da 2010-02-22 al 2010-03-22 )))))))))))))))))))))))))))))))))))
.

2010-03-22 17:02 . 2010-03-22 17:02 -------- d-----w- c:\program files\TrendMicro
2010-03-17 09:01 . 2010-03-17 09:01 -------- d-----w- c:\users\Proprietario\AppData\Roaming\Conviva
2010-03-16 09:14 . 2010-03-16 09:14 -------- d-----w- c:\windows\Sun
2010-03-11 10:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-11 10:15 . 2010-03-11 10:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 10:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 08:57 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-11 08:57 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-11 08:57 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-11 08:57 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-11 08:57 . 2010-03-09 11:08 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-03-11 08:55 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-11 08:55 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-11 08:55 . 2010-03-11 08:55 -------- d-----w- c:\programdata\Alwil Software
2010-03-11 08:55 . 2010-03-11 08:55 -------- d-----w- c:\program files\Alwil Software
2010-03-10 18:21 . 2010-03-10 18:21 -------- d-----w- c:\program files\Sophos
2010-03-10 18:04 . 2010-03-10 18:04 -------- d-----w- c:\users\Proprietario\AppData\Roaming\Malwarebytes
2010-03-10 18:04 . 2010-03-10 18:04 -------- d-----w- c:\programdata\Malwarebytes
2010-03-10 16:26 . 2010-03-19 10:17 -------- d-----w- c:\users\Proprietario\AppData\Roaming\TeamViewer
2010-03-10 16:26 . 2010-03-10 16:26 -------- d-----w- c:\program files\TeamViewer
2010-03-10 08:51 . 2010-03-11 08:43 -------- dc----w- c:\windows\system32\DRVSTORE
2010-03-10 08:49 . 2010-03-11 08:43 -------- d-----w- c:\programdata\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 18:11 . 2009-05-08 10:37 -------- d-----w- c:\users\Proprietario\AppData\Roaming\Free Download Manager
2010-03-22 17:23 . 2009-07-23 15:59 -------- d-----w- c:\program files\Yahoo!
2010-03-22 17:02 . 2010-03-22 17:02 388096 ----a-r- c:\users\Proprietario\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-22 11:24 . 2006-05-30 20:54 -------- d-----w- c:\users\Proprietario\AppData\Roaming\OpenOffice.org2
2010-03-22 11:03 . 2006-05-30 20:56 1 ----a-w- c:\users\Proprietario\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-03-13 19:14 . 2007-01-04 05:58 682184 ----a-w- c:\windows\system32\perfh010.dat
2010-03-13 19:14 . 2007-01-04 05:58 114622 ----a-w- c:\windows\system32\perfc010.dat
2010-03-11 08:47 . 2008-10-06 10:45 -------- d-----w- c:\programdata\avg8
2010-03-10 08:29 . 2009-04-20 14:40 -------- d-----w- c:\programdata\NOS
2010-03-10 08:29 . 2009-04-20 14:40 -------- d-----w- c:\program files\NOS
2010-02-27 20:08 . 2009-04-17 08:59 -------- d-----w- c:\users\Proprietario\AppData\Roaming\FileZilla
2010-02-24 09:16 . 2009-10-03 11:07 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-05 18:47 . 2007-01-03 21:26 -------- d-----w- c:\program files\Google
2010-02-05 17:33 . 2010-02-05 17:33 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbF987.tmp.exe
2010-01-25 17:48 . 2010-01-25 17:48 -------- d-----w- c:\users\Proprietario\AppData\Roaming\DivX
2010-01-19 18:02 . 2010-01-19 18:02 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-01-19 18:02 . 2010-01-19 18:02 44768 ----a-w- c:\windows\system32\wups2.dll
2010-01-19 18:02 . 2010-01-19 18:02 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-01-19 18:02 . 2010-01-19 18:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-01-19 18:01 . 2010-01-19 18:01 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-01-19 18:01 . 2010-01-19 18:01 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-01-19 18:01 . 2010-01-19 18:01 35552 ----a-w- c:\windows\system32\wups.dll
2010-01-19 18:01 . 2010-01-19 18:01 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-01-19 18:01 . 2010-01-19 18:01 171608 ----a-w- c:\windows\system32\wuwebv.dll
2008-08-18 07:45 . 2008-08-18 07:45 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-09-10 1232896]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"Google Update"="c:\users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-16 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-02-27 3399727]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-09-10 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-27 8473120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-27 81920]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-8-23 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:28ab7d3a47

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1730336886-3869713857-2092326480-1000]
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 XZVW;XZVW;c:\users\PROPRI~1\AppData\Local\Temp\XZVW.exe [x]
R4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-09 234888]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S3 SNXPCARD;Sunix PCI Multi I/O Card Driver;c:\windows\system32\DRIVERS\snxpcard.sys [2006-02-05 20864]
S3 SNXPSERX;Sunix PCI Serial Port Driver;c:\windows\system32\DRIVERS\snxpserx.sys [2006-02-05 54528]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
netsvc6 REG_MULTI_SZ srvoko6
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 18:47]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 18:47]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1730336886-3869713857-2092326480-1000Core.job
- c:\users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-16 08:39]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1730336886-3869713857-2092326480-1000UA.job
- c:\users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-16 08:39]

2010-03-22 c:\windows\Tasks\User_Feed_Synchronization-{A59E10AE-F285-414E-91C7-DCB9EE714009}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://it.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Scarica con Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
DPF: {A1FE3DE0-CF77-11D4-8340-0080C8D7ED4A} - hxxp://194.244.16.117/g_bin/eng/demon_2_0_0_30.cab
DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} - hxxp://194.244.16.117/g_bin/eng/pirate_2_0_0_30.cab
DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} - hxxp://194.244.16.117/g_bin/eng/wordssingle_2_0_0_48.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
HKCU-Run-libipwha - c:\users\Proprietario\AppData\Roaming\ahfdxdyg.dll
AddRemove-HijackThis - c:\users\Proprietario\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe
AddRemove-myphotobook - j:\fotoalb\myphotobook\uninst.exe
AddRemove-SNAPFISH - C:\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 19:16
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1730336886-3869713857-2092326480-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EA88F9F8-5478-97BC-8169-ACC79C8E2EDC}*]
"hajlnihbemoooija"=hex:6b,61,70,6c,70,6a,64,66,64,69,68,61,6c,6a,70,62,6b,6f,
70,69,6b,63,00,00
"ialodjleahlaofodcj"=hex:6b,61,66,6c,68,6c,66,70,70,6a,68,70,6a,67,64,6f,6c,6c,
6b,66,67,63,00,00
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-22 19:19:14 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-22 18:19

Pre-Run: 67.536.805.888 byte disponibili
Post-Run: 72.387.055.616 byte disponibili

- - End Of File - - D2BE41A7BCF06F6C09351969929A2764
paolopa
Inviato: Monday, March 22, 2010 8:36:35 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
prova se adesso riesci ad aggiornare malwarebytes e a fare una scansione completa.posta un log aggiornato di hijack.
meme1580
Inviato: Monday, March 22, 2010 8:38:44 PM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170
scusate ma dal log di haijakthis non compare nessun antivirus installato o sbaglio?
rendipiero
Inviato: Monday, March 22, 2010 8:44:53 PM
Rank: Newbie

Iscritto dal : 11/28/2008
Posts: 7
ok....domani llo faro' domani mattina!
Una curiosita', dall'ultimo log di combofix....vedi qualche anomalia?
Grazie
paolopa
Inviato: Monday, March 22, 2010 8:47:19 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
solo queste infezioni rimosse:
c:\program files\webserver
c:\users\Proprietario\AppData\Local\010112010146111103.xxe
c:\users\Proprietario\AppData\Local\lqdchu.dat
c:\users\Proprietario\AppData\Local\lqdchu_nav.dat
c:\users\Proprietario\AppData\Local\lqdchu_navps.dat
c:\users\Proprietario\AppData\Local\rdr_1267902418.exe
c:\users\Proprietario\AppData\Local\rdr_1267902419.exe
c:\users\Proprietario\AppData\Local\rdr_1267902420.exe
c:\users\Proprietario\AppData\Local\rdr_1267902421.exe
c:\users\Proprietario\AppData\Local\rdr_1268210151.exe
c:\users\Proprietario\AppData\Local\rdr_1268211286.exe
c:\users\Proprietario\AppData\Local\rdr_1268237198.exe
c:\users\Proprietario\AppData\Local\rdr_1268237898.exe
c:\users\Proprietario\AppData\Local\rdr_1268244325.exe
c:\users\Proprietario\AppData\Local\rdr_1268296746.exe
c:\users\Proprietario\AppData\Local\rdr_1268297059.exe
c:\users\Proprietario\AppData\Local\rdr_1268302156.exe
c:\users\Proprietario\AppData\Local\rdr_1268302462.exe
c:\users\Proprietario\AppData\Local\wisac_nav.dat
c:\users\Proprietario\AppData\Local\wisac_navps.dat
c:\windows\bill103.exe
c:\windows\ligh
c:\windows\system32\Connect.dll
rendipiero
Inviato: Wednesday, March 24, 2010 9:16:49 PM
Rank: Newbie

Iscritto dal : 11/28/2008
Posts: 7
Grazie ancora di tutto
Ecco il report di Malwarebytes'



Malwarebytes' Anti-Malware 1.44
Versione del database: 3905
Windows 6.0.6000
Internet Explorer 7.0.6000.16711

24/03/2010 19.12.10
mbam-log-2010-03-24 (19-12-10).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 227206
Tempo trascorso: 39 minute(s), 10 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 12

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc6 (Worm.KoobFace) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Downloads\4 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Downloads\Software\Setup_312s1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Proprietario\AppData\Local\rdr_1268210151.exe.vir (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Proprietario\AppData\Local\rdr_1268211286.exe.vir (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Proprietario\AppData\Local\rdr_1268237198.exe.vir (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Proprietario\AppData\Local\rdr_1268237898.exe.vir (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Proprietario\AppData\Local\rdr_1268244325.exe.vir (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Proprietario\AppData\Local\rdr_1268296746.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Proprietario\AppData\Local\rdr_1268302156.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Proprietario\AppData\Local\rdr_1268302462.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\bill103.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Proprietario\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d (Rogue.Installer) -> Quarantined and deleted successfully.
paolopa
Inviato: Wednesday, March 24, 2010 9:22:43 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
posteresti un log aggiornato di hijack?
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.