Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 2 1 2 ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 14
  1. 23-03-2008, 19:13 #1
    Sprunk
    Sprunk non è in linea
    Utente di HTML.it L'avatar di Sprunk
    Registrato dal
    Apr 2007
    Messaggi
    134

    Windows si riavvia continuamente senza preavviso, malware che modifica gli eseguibili

    salve a tutti.

    In sintesi i problemi che ho non sembrerebbero essere molti.
    il primo, è un virus che modifica gli eseguibili rendendoli
    inutilizzabili, probabilmente iniettando delle stringhe a caso nei
    file .exe, anche se compressi in archivi. Ciò rende impossibile l'uso
    di antivirus, anche dopo averli installati, di hijackthis e
    sicuramente di molte altre cose. Processi come windows live messenger
    e Mozilla Firefox non vengono colpiti (per fortuna).
    Il secondo problema, che mi lascia poco tempo per scrivervi, è il
    fatto che da stamattina windows si riavvia da solo, senza preavviso.
    Prendendo spunto da qualche forum sono andato su sysdm.cpl ed ho
    disabilitato il riavvio automatico, permettendomi di visualizzare la
    schermata blu.
    Nella schermata era presente anche questa riga, relativa agli errori
    Informazioni tecniche
    *** STOP: 0x000000F4 (0x00000003,0x86549C60,0x86549DD4,0x805D11F8)

    Non so se mi conviene tentare il ripristino delle configurazioni di
    sistema. Prima di ciò, vorrei chiedervi se c'è qualcosa che posso
    fare, oltre che crearmi una nuova partizione con windows e sistemare
    le altre... Grazie in anticipo. Cordiali saluti
    Tutte le palline per i forum! By Sprunk
    Rispondi quotando Rispondi quotando
  2. 23-03-2008, 20:59 #2
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    Se gli antivirus non funzionano, si potrebbe provare o con le scansioni on line o vedere cosa esce fuori da systemscan..

    Per le scansioni on line, puoi utilizzare Kaspersky_virusscanner o Bitdefender o Panda_activescan

    Comunque, in ultimo scarica SystemScan, disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => spunta tutte le opzioni => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus, carica il rapporto che trovi in C:\Suspectfile su Freefilehosting e posta il link ottenuto.

    Rispondendo alla tua domanda, a questo punto ti converrebbe cominciare dal ripristino (sempre che sia possibile e che dia risultati).
    Creare nuove partizioni.. non so.. :/ ....
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  3. 24-03-2008, 17:14 #3
    Sprunk
    Sprunk non è in linea
    Utente di HTML.it L'avatar di Sprunk
    Registrato dal
    Apr 2007
    Messaggi
    134
    Originariamente inviato da Deifobe
    Se gli antivirus non funzionano, si potrebbe provare o con le scansioni on line o vedere cosa esce fuori da systemscan..

    Per le scansioni on line, puoi utilizzare Kaspersky_virusscanner o Bitdefender o Panda_activescan

    Comunque, in ultimo scarica SystemScan, disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => spunta tutte le opzioni => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus, carica il rapporto che trovi in C:\Suspectfile su Freefilehosting e posta il link ottenuto.

    Rispondendo alla tua domanda, a questo punto ti converrebbe cominciare dal ripristino (sempre che sia possibile e che dia risultati).
    Creare nuove partizioni.. non so.. :/ ....
    Ciao! Per mia fportuna windows non mi si riavvia più, ma il problema dei file esguibili è rimasto. Mi sembra che si attivio solo dopo aver cliccato su un eseguibile. nella cartella dio avg free, ad esempio, ho cliccato su uno dei file dell'antivirus, che non funzionava. Dopodichè tutti i file exe presenti in quella cartella hanno iniziato a lampeggiare....
    Nella cartella C:\Suspectfile c'erano due file, ma per adesso ho caricato solo il report testuale.
    http://www.freefilehosting.net/download/3e499
    Grazie in anticipo. Cordiali saluti.Ciaoo
    Tutte le palline per i forum! By Sprunk
    Rispondi quotando Rispondi quotando
  4. 25-03-2008, 03:19 #4
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    scarica
    Avenger e elibagla (in fondo alla pagina)

    fai una scansione con elibagla: eseguilo, clicca su Explorar, quando finisce riavvia il pc e posta il rapporto (C:\Infosat.txt)

    esegui avenger e nel box bianco copia/incolla:
    files to delete:
    C:\Programmi\Logitech\Video\CameraAssistant.exe
    C:\Programmi\Logitech\Video\InstallHelper.exe
    C:\Programmi\Microsoft Visual Studio\MyProjects\MAT3x3\Debug\MAT3x3.exe
    C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Programmi\Spyware Terminator\SpywareTerminatorShield.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\PSDrvCheck.exe
    C:\WINXP\system32\drivers\hldrrr.exe
    C:\WINXP\system32\wintems.exe
    C:\WINXP\system32\drivers\hidr.exe
    C:\WINXP\system32\drivers\hidrrr.exe
    C:\WINXP\system32\drivers\srosa.sys
    C:\WINXP\system32\drivers\klif.sys
    C:\WINXP\system32\drivers\pci32.sys
    C:\WINXP\system32\hldrrr.exe
    C:\WINXP\system32\mdelk.exe

    files to move:
    C:\Programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe | C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
    C:\Programmi\File comuni\Real\Update_OB\bak\evntsvc.exe | C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe
    C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe | C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
    C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMesse nger.exe | C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    C:\Programmi\Logitech\Video\bak\CameraAssistant.ex e | C:\Programmi\Logitech\Video\CameraAssistant.exe
    C:\Programmi\Logitech\Video\bak\InstallHelper.exe | C:\Programmi\Logitech\Video\InstallHelper.exe
    C:\Programmi\Microsoft Visual Studio\MyProjects\MAT3x3\Debug\bak\MAT3x3.exe | C:\Programmi\Microsoft Visual Studio\MyProjects\MAT3x3\Debug\MAT3x3.exe
    C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe | C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe | C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Programmi\Spyware Terminator\bak\SpywareTerminatorShield.exe | C:\Programmi\Spyware Terminator\SpywareTerminatorShield.Exe
    C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\bak\ElkCtrl.exe | C:\WINDOWS\system32\ElkCtrl.exe
    C:\WINDOWS\system32\bak\LVCOMSX.EXE | C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\bak\PSDrvCheck.exe | C:\WINDOWS\system32\PSDrvCheck.exe
    C:\WINDOWS\system32\bak\srvafixe.exe | C:\WINDOWS\system32\srvafixe.exe

    folders to delete:
    C:\WINXP\system32\drivers\down
    c:\WINXP\exefld
    c:\WINXP\exefnd
    C:\WINXP\exefqd
    Spunta "Automatically disable any rootkits found" e clicca su "execute".
    Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato


    mah.. questo è qualcosa che ho trovato collegato ad un file che hai (in verità è un gruppetto di files).. threatexpert Rif. mndoor0.dll - Trojan.OnlineGames.Gen.44 [PCTools], New Malware.aj [McAfee]
    Non solo, hai anche il bagle..
    Ora esegui questo script e domani completiamo con il resto, così ne approfitto per fare altre ricerche.
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  5. 13-04-2008, 19:28 #5
    Sprunk
    Sprunk non è in linea
    Utente di HTML.it L'avatar di Sprunk
    Registrato dal
    Apr 2007
    Messaggi
    134
    Perdona il mio ritardo, ma a causa del virus non riuscivo a scaricare the avenger, diventava inutiulizzabile prima ancora di estrarlo dall'archivio. Quidni ho chiesto ad un mio amico che ha caricato su un server solo l'eseguibile. ho eseguito elibagla. Con internet explorer ho scaricato the avengenger eseguito lo script.
    Al riavvio mi è comparso il file di testo di tjhe avenger, ed elibagla mi ha detto qualcosa tipo che il bagle è stato eliminato. sembra essere tutto a posto, perchèp sono riuscito a scaricare anche Hijackthis, e ti posto il log ottenuto.
    log di elibagla
    codice:
    	  Sun Mar 23 02:02:01 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINXP\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINXP\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINXP\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

	  Sun Mar 23 02:02:40 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINXP\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios:   13187
Nº Total de Ficheros:      162434
Nº de Ficheros Analizados: 24021
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados:  1

	  Sun Mar 23 11:40:39 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINXP\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINXP\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINXP\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Sun Mar 23 11:41:20 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

	  Sun Mar 23 11:46:57 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINXP\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Sun Mar 23 11:47:30 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINXP\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios:   13187
Nº Total de Ficheros:      162671
Nº de Ficheros Analizados: 24021
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados:  1

	  Sun Mar 23 12:46:36 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINXP\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINXP\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINXP\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Sun Mar 23 12:47:08 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINXP\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios:   13172
Nº Total de Ficheros:      148150
Nº de Ficheros Analizados: 24021
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados:  1

	  Sun Mar 23 16:14:05 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINXP\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Sun Mar 23 16:38:47 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINXP\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Sun Mar 23 17:20:52 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINXP\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINXP\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINXP\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Sun Mar 23 17:27:22 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINXP\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Sun Mar 23 17:34:25 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINXP\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Sun Mar 23 17:41:39 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINXP\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Tue Mar 25 10:31:55 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINXP\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINXP\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINXP\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

	  Tue Mar 25 10:32:19 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINXP\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios:   12948
Nº Total de Ficheros:      154630
Nº de Ficheros Analizados: 23796
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados:  1

	  Sun Apr 13 18:36:30 2008
EliBagle v11.25  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINXP\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINXP\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\SPRUNKMAN\DATI APPLICAZIONI\M\FLEC006.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\SPRUNKMAN\DATI APPLICAZIONI\M\LIST.OCT --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

	  Sun Apr 13 18:37:28 2008
EliBagle v11.25  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINXP\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios:   13558
Nº Total de Ficheros:      156649
Nº de Ficheros Analizados: 24073
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados:  1

	  Sun Apr 13 19:14:59 2008
EliBagle v11.25  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINXP\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Eliminada Carpeta "%AppData%\M"
    Tutte le palline per i forum! By Sprunk
    Rispondi quotando Rispondi quotando
  6. 13-04-2008, 19:31 #6
    Sprunk
    Sprunk non è in linea
    Utente di HTML.it L'avatar di Sprunk
    Registrato dal
    Apr 2007
    Messaggi
    134
    log di the Avenger
    codice:
    Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Programmi\Logitech\Video\CameraAssistant.exe" deleted successfully.
File "C:\Programmi\Logitech\Video\InstallHelper.exe" deleted successfully.
File "C:\Programmi\Microsoft Visual Studio\MyProjects\MAT3x3\Debug\MAT3x3.exe" deleted successfully.
File "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" deleted successfully.
File "C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" deleted successfully.
File "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.Exe" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe" deleted successfully.
File "C:\WINDOWS\system32\PSDrvCheck.exe" deleted successfully.
File "C:\WINXP\system32\drivers\hldrrr.exe" deleted successfully.
File "C:\WINXP\system32\wintems.exe" deleted successfully.

Error:  file "C:\WINXP\system32\drivers\hidr.exe" not found!
Deletion of file "C:\WINXP\system32\drivers\hidr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINXP\system32\drivers\hidrrr.exe" not found!
Deletion of file "C:\WINXP\system32\drivers\hidrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINXP\system32\drivers\srosa.sys" deleted successfully.

Error:  file "C:\WINXP\system32\drivers\klif.sys" not found!
Deletion of file "C:\WINXP\system32\drivers\klif.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINXP\system32\drivers\pci32.sys" not found!
Deletion of file "C:\WINXP\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINXP\system32\hldrrr.exe" not found!
Deletion of file "C:\WINXP\system32\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINXP\system32\mdelk.exe" deleted successfully.
File move operation "C:\Programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe|C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" completed successfully.
File move operation "C:\Programmi\File comuni\Real\Update_OB\bak\evntsvc.exe|C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe" completed successfully.
File move operation "C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe|C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" completed successfully.
File move operation "C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe|C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" completed successfully.
File move operation "C:\Programmi\Logitech\Video\bak\CameraAssistant.exe|C:\Programmi\Logitech\Video\CameraAssistant.exe" completed successfully.
File move operation "C:\Programmi\Logitech\Video\bak\InstallHelper.exe|C:\Programmi\Logitech\Video\InstallHelper.exe" completed successfully.
File move operation "C:\Programmi\Microsoft Visual Studio\MyProjects\MAT3x3\Debug\bak\MAT3x3.exe|C:\Programmi\Microsoft Visual Studio\MyProjects\MAT3x3\Debug\MAT3x3.exe" completed successfully.
File move operation "C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe|C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" completed successfully.
File move operation "C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe|C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" completed successfully.
File move operation "C:\Programmi\Spyware Terminator\bak\SpywareTerminatorShield.exe|C:\Programmi\Spyware Terminator\SpywareTerminatorShield.Exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\ElkCtrl.exe|C:\WINDOWS\system32\ElkCtrl.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\LVCOMSX.EXE|C:\WINDOWS\system32\LVCOMSX.EXE" completed successfully.
File move operation "C:\WINDOWS\system32\bak\PSDrvCheck.exe|C:\WINDOWS\system32\PSDrvCheck.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\srvafixe.exe|C:\WINDOWS\system32\srvafixe.exe" completed successfully.
Folder "C:\WINXP\system32\drivers\down" deleted successfully.

Error:  folder "c:\WINXP\exefld" not found!
Deletion of folder "c:\WINXP\exefld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  folder "c:\WINXP\exefnd" not found!
Deletion of folder "c:\WINXP\exefnd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  folder "C:\WINXP\exefqd" not found!
Deletion of folder "C:\WINXP\exefqd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.
    Log di HiJackThis
    [CODE]
    Logfile of HijackThis v1.99.1
    Scan saved at 19.21.58, on 13/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINXP\System32\smss.exe
    C:\WINXP\system32\csrss.exe
    C:\WINXP\system32\winlogon.exe
    C:\WINXP\system32\services.exe
    C:\WINXP\system32\lsass.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\system32\spoolsv.exe
    c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
    C:\Programmi\FreePOPs\freepopsservice.exe
    C:\WINXP\System32\svchost.exe
    C:\Programmi\FreePOPs\freepopsd.exe
    C:\WINXP\System32\alg.exe
    C:\WINXP\Explorer.EXE
    C:\WINXP\system32\wuauclt.exe
    C:\WINXP\system32\NOTEPAD.EXE
    C:\WINXP\system32\wuauclt.exe
    C:\WINXP\RTHDCPL.EXE
    C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Programmi\Logitech\Video\CameraAssistant.exe
    C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
    C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\WINXP\system32\lvcomsx.exe
    C:\WINXP\system32\ctfmon.exe
    C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\eMule\eMule.exe
    C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\WINXP\system32\svchost.exe
    C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINXP\system32\NOTEPAD.EXE
    C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
    C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
    C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINXP\System32\wbem\wmiprvse.exe
    C:\Programmi\Mozilla Firefox 3 Beta 2\firefox.exe
    C:\WINXP\System32\wbem\wmiprvse.exe
    C:\Programmi\WinRAR\WinRAR.exe
    C:\DOCUME~1\SPRUNK~1\IMPOST~1\Temp\Rar$EX01.797\Hi jackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ewin91.spaces.live.com/recent/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C2626E66-D21B-E628-C1DF-1DACCFA36ED2} - C:\Programmi\File comuni\fjOs0r.dll
    O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINXP\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCLEUSBTip] C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINXP\system32\PCLECoInst.dll",CheckUSBControl ler
    O4 - HKLM\..\Run: [USBToolTip] "C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter3.exe
    O4 - HKLM\..\Run: [RegRun WinBait] C:\WINXP\winbait.exe
    O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
    O4 - HKLM\..\RunServices: [runsvc] runsvc.exe
    O4 - HKLM\..\RunOnce: [ReEXEc] C:\Documents and Settings\Sprunkman\Desktop\ELIBAGLA.B%D8%D8DB%D8%D 8H.EXE
    O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
    O4 - HKCU\..\Run: [drvsyskit] C:\WINXP\system32\drivers\hldrrr.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\eMule.exe -AutoStart
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Html To Image - C:\Programmi\Html To Image\menu.htm
    O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A
    Rispondi quotando Rispondi quotando
  7. 13-04-2008, 19:33 #7
    Sprunk
    Sprunk non è in linea
    Utente di HTML.it L'avatar di Sprunk
    Registrato dal
    Apr 2007
    Messaggi
    134
    log di the Avenger
    codice:
    Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Programmi\Logitech\Video\CameraAssistant.exe" deleted successfully.
File "C:\Programmi\Logitech\Video\InstallHelper.exe" deleted successfully.
File "C:\Programmi\Microsoft Visual Studio\MyProjects\MAT3x3\Debug\MAT3x3.exe" deleted successfully.
File "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" deleted successfully.
File "C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" deleted successfully.
File "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.Exe" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe" deleted successfully.
File "C:\WINDOWS\system32\PSDrvCheck.exe" deleted successfully.
File "C:\WINXP\system32\drivers\hldrrr.exe" deleted successfully.
File "C:\WINXP\system32\wintems.exe" deleted successfully.

Error:  file "C:\WINXP\system32\drivers\hidr.exe" not found!
Deletion of file "C:\WINXP\system32\drivers\hidr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINXP\system32\drivers\hidrrr.exe" not found!
Deletion of file "C:\WINXP\system32\drivers\hidrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINXP\system32\drivers\srosa.sys" deleted successfully.

Error:  file "C:\WINXP\system32\drivers\klif.sys" not found!
Deletion of file "C:\WINXP\system32\drivers\klif.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINXP\system32\drivers\pci32.sys" not found!
Deletion of file "C:\WINXP\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINXP\system32\hldrrr.exe" not found!
Deletion of file "C:\WINXP\system32\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINXP\system32\mdelk.exe" deleted successfully.
File move operation "C:\Programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe|C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" completed successfully.
File move operation "C:\Programmi\File comuni\Real\Update_OB\bak\evntsvc.exe|C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe" completed successfully.
File move operation "C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe|C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" completed successfully.
File move operation "C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe|C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" completed successfully.
File move operation "C:\Programmi\Logitech\Video\bak\CameraAssistant.exe|C:\Programmi\Logitech\Video\CameraAssistant.exe" completed successfully.
File move operation "C:\Programmi\Logitech\Video\bak\InstallHelper.exe|C:\Programmi\Logitech\Video\InstallHelper.exe" completed successfully.
File move operation "C:\Programmi\Microsoft Visual Studio\MyProjects\MAT3x3\Debug\bak\MAT3x3.exe|C:\Programmi\Microsoft Visual Studio\MyProjects\MAT3x3\Debug\MAT3x3.exe" completed successfully.
File move operation "C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe|C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" completed successfully.
File move operation "C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe|C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" completed successfully.
File move operation "C:\Programmi\Spyware Terminator\bak\SpywareTerminatorShield.exe|C:\Programmi\Spyware Terminator\SpywareTerminatorShield.Exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\ElkCtrl.exe|C:\WINDOWS\system32\ElkCtrl.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\LVCOMSX.EXE|C:\WINDOWS\system32\LVCOMSX.EXE" completed successfully.
File move operation "C:\WINDOWS\system32\bak\PSDrvCheck.exe|C:\WINDOWS\system32\PSDrvCheck.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\srvafixe.exe|C:\WINDOWS\system32\srvafixe.exe" completed successfully.
Folder "C:\WINXP\system32\drivers\down" deleted successfully.

Error:  folder "c:\WINXP\exefld" not found!
Deletion of folder "c:\WINXP\exefld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  folder "c:\WINXP\exefnd" not found!
Deletion of folder "c:\WINXP\exefnd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  folder "C:\WINXP\exefqd" not found!
Deletion of folder "C:\WINXP\exefqd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.
    Tutte le palline per i forum! By Sprunk
    Rispondi quotando Rispondi quotando
  8. 13-04-2008, 19:37 #8
    Sprunk
    Sprunk non è in linea
    Utente di HTML.it L'avatar di Sprunk
    Registrato dal
    Apr 2007
    Messaggi
    134
    Log di HiJackThis
    codice:
    Logfile of HijackThis v1.99.1
Scan saved at 19.21.58, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\csrss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\WINXP\System32\svchost.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\WINXP\System32\alg.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\wuauclt.exe
C:\WINXP\system32\NOTEPAD.EXE
C:\WINXP\system32\wuauclt.exe
C:\WINXP\RTHDCPL.EXE
C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINXP\system32\lvcomsx.exe
C:\WINXP\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\eMule\eMule.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINXP\system32\svchost.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINXP\system32\NOTEPAD.EXE
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINXP\System32\wbem\wmiprvse.exe
C:\Programmi\Mozilla Firefox 3 Beta 2\firefox.exe
C:\WINXP\System32\wbem\wmiprvse.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\SPRUNK~1\IMPOST~1\Temp\Rar$EX01.797\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ewin91.spaces.live.com/recent/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C2626E66-D21B-E628-C1DF-1DACCFA36ED2} - C:\Programmi\File comuni\fjOs0r.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINXP\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINXP\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINXP\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKLM\..\RunServices: [runsvc] runsvc.exe
O4 - HKLM\..\RunOnce: [ReEXEc] C:\Documents and Settings\Sprunkman\Desktop\ELIBAGLA.B%D8%D8DB%D8%D8H.EXE
O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [drvsyskit] C:\WINXP\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\eMule.exe -AutoStart
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Html To Image - C:\Programmi\Html To Image\menu.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49A3DCEE-FC3C-11D4-83E5-0050DA33C619} (BVXPlayer Class) - http://digilander.libero.it/face4us/xplayer/xplayer.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{686F1425-B4D6-4BD7-96A5-B23FD714F784}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINXP\SYSTEM32\WgaLogon.dll
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINXP\system32\dllcache\mravsc32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MS NET Service - Unknown owner - C:\WINXP\wiadss.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SSDP Discovery Center Service (SSDPCSR) - Unknown owner - C:\WINXP\system32\ssdpsr.exe (file missing)
    è tutto a posto adesso?
    Grazie infinite. Ciaooo
    Tutte le palline per i forum! By Sprunk
    Rispondi quotando Rispondi quotando
  9. 14-04-2008, 14:47 #9
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    Mi posti il link ad un nuovo systemscan?
    Fai anche una scansione on line su Kaspersky_virusscanner (seleziona "my computer" - salva e posta il rapporto di scansione)
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  10. 02-05-2008, 00:09 #10
    Sprunk
    Sprunk non è in linea
    Utente di HTML.it L'avatar di Sprunk
    Registrato dal
    Apr 2007
    Messaggi
    134
    ciao! Perdona i miei tempi, ma risolto un problema ne entra un altro

    ecco il systemscan
    http://www.zshare.net/download/1131605764fcd91e/

    ed ecco il report della scansione online
    http://www.zshare.net/download/11355849d9818ca3/

    scusa per l'attesa. grazie ancora. Cordiali saluti. Ciaoo
    Tutte le palline per i forum! By Sprunk
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.