Prometto che ho già provveduto a leggere ed a eseguire tutto cio' che ho letto in rilievo.
Sistema op. Windows 2000 pro
Ho hatto dei tentativi con Ad-Aware sia in mod prov che in mod. normale.
con CW mi segnala questi:
CWS.Alfasearch e CWS.Qttasks
Poi quando mi connetto ad internet mi compare questa pagina (vedi l'allegato)
Non me la cavo +
Ciao,prova con la nuova versione di CW la 2.18
http://cwshredder.net/bin/CWShredder.exe
Usalo in modalità provvisoria
Reimposta la pagina iniziale
Posta un log di hijack,trovi le modalità di invio nel thread in rilievo
Logfile of HijackThis v1.99.1
Scan saved at 16.19.47, on 14/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRAMMI\AVPERSONAL\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07. exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\WINNT\system32\sysmon.exe
C:\WINNT\system32\paytime.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\paytime.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINNT\system32\sysfind.exe
C:\Programmi\Trend Micro\Tmas\Tmas.exe
C:\Programmi\Hijackthis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINNT\system32\smiehlp.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Programmi\CoreStreet\SpoofStick\SpoofStickBHO.d ll
O2 - BHO: (no name) - {CE57DA55-F491-45C6-B3DB-6C98E4B17CDC} - C:\Programmi\Secretmaker\secretmakerie.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\system32\azesearch4.ocx
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\system32\azesearch4.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07. exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Programmi\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Systems] C:\WINNT\system32\sysmon.exe
O4 - HKLM\..\Run: [PayTime] C:\WINNT\system32\paytime.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PayTime] C:\WINNT\system32\paytime.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Programmi\Secretmaker\secretmaker.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Programmi\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F48C1D3D-DB70-4583-BF8F-48549E5585DD}: NameServer = 193.70.192.25,193.70.152.25
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMMI\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
Che macello
Scaricati questi programmi
SmitRem By NoahDfear
AboutBuster 5.1
http://www.mvps.org/winhelp2002/DelDomains.inf salva la pagina sul desktop
Scompatta il programma about buster in C:\
Clicca sul'eseguibile,si apre il programma,clicca su "Update"per aggiornalo finito chiudi tutto
Avvia il PC in modalità provvisoria
Start>Pannello di controllo>Opzioni cartella
-Portarti sulla scheda visualizzazione
-Metti la spunta nella casella "Visualizza file e cartelle
-Togli la spunta dalla casella "Nascondi file di sistema(consigliato)
-Rispondi di SI al messaggio
-Applica>OK
Apri hijackthis,clicca sul pulsante "Do a system scan only"
Metti i flag(spunte)solo nelle caselle che corrispondono alle strighe che ti metto sotto e clicca su "Fix Checked" per eliminarle
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - Default URLSearchHook is missing
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\system32\azesearch4.ocx
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\system32\azesearch4.ocx
O4 - HKLM\..\Run: [Systems] C:\WINNT\system32\sysmon.exe
O4 - HKLM\..\Run: [PayTime] C:\WINNT\system32\paytime.exe
O4 - HKCU\..\Run: [PayTime] C:\WINNT\system32\paytime.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
Elimina i files in grasetto
c:\secure32.html
C:\WINNT\azentretien.dll
C:\WINNT\system32\azesearch4.ocx
C:\WINNT\system32\iasada.dll
C:\WINNT\system32\sysmon.exe
C:\WINNT\system32\paytime.exe
Svuota il cestino
Adesso portati in C:\AboutBuster apri la cartelle e clicca sull'eseguibile,una volta aperto il programma clicca su "Begin Removal"
Finita la scansione installa smitrem che ti creerà una nuova cartella,apri la cartella e clicca su RunThis.bat ti si apre una finestra prompt,segui le istruzioni in inglese,se hai problemi ti do quella in italiano
Finito il tool,seleziona il file .INF che hai salvato sul desktop,tasto destro del mouse su di esso e seleziona l'opzione "Installa"
Riavvia in modalità normale e posta un log aggiornato
Logfile of HijackThis v1.99.1
Scan saved at 17.31.15, on 14/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRAMMI\AVPERSONAL\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07. exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\WINNT\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Hijackthis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINNT\system32\smiehlp.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Programmi\CoreStreet\SpoofStick\SpoofStickBHO.d ll
O2 - BHO: (no name) - {CE57DA55-F491-45C6-B3DB-6C98E4B17CDC} - C:\Programmi\Secretmaker\secretmakerie.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07. exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Programmi\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PayTime] C:\WINNT\system32\paytime.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Programmi\Secretmaker\secretmaker.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F48C1D3D-DB70-4583-BF8F-48549E5585DD}: NameServer = 193.70.192.25,193.70.152.25
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMMI\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
Con CW mi risulta ancora attivo "CWS.Qttasks"
Ciao,avvia in modalità provvisoria,con hijack elimina questa voce
O4 - HKCU\..\Run: [PayTime] C:\WINNT\system32\paytime.exe
elimina il file in grasetto
C:\WINNT\system32\paytime.exe
Svuota il cestino
Dai una pulita con ccleaner
Mi posteresti i rapporti di fine scansione di aboutbuster e smitrem?(li trovi nelle loro cartelle)
Riavvia in modalità normale e se hai una connessione adsl ti consiglio di effetture una scansione on-line
http://www.pandasoftware.com/actives..._principal.htm
http://www.kaspersky.com/service?chapter=161739400
Se viene individuato qualcosa salvati il rapporto di fine scansione
PS:Riscontri ancora problemi?
Con CW mi risulta ancora attivo "CWS.Qttasks"Originariamente inviato da Hoops
Con CW mi risulta ancora attivo "CWS.Qttasks"
Scansione ultimata....
Panda...
Incidente Stato Percorso Adware:Adware/AzeSearch Non Disinfettato C:\Programmi\Hijackthis\backups\backup-20051114-163716-269.dll
Adware:Adware/SpySheriff Non Disinfettato C:\WINNT\loadadv728.exe
Adware:Adware/Secure32 Non Disinfettato C:\WINNT\secure32.html
Adware:adware/azesearch Non Disinfettato C:\WINNT\system32\azebar.xml
Adware:Adware/SpywareNo Non Disinfettato C:\WINNT\system32\countrydial.exe
Adware:Adware/SpywareNo Non Disinfettato C:\WINNT\system32\sysfind.exe
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, November 15, 2005 10:10:44
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 15/11/2005
Kaspersky Anti-Virus database records: 150186
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - Folders:
C:\
Scan Statistics:
Total number of scanned objects: 54415
Number of viruses found: 5
Number of infected objects: 9
Number of suspicious objects: 2
Duration of the scan process: 5143 sec
Infected Object Name - Virus Name
C:\Documents and Settings\Vanni\Documenti\Programmi\Multi pop\POSTA 27.05\TARGETINFO\Outlook Express\Posta in arrivo.dbx/[From laser@castellanilaser.it][Date Fri, 27 May 2005 11:23:39 +0200]/UNNAMED/readme_targetinfo.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Vanni\Documenti\Programmi\Multi pop\POSTA 27.05\TARGETINFO\Outlook Express\Posta in arrivo.dbx/[From laser@castellanilaser.it][Date Fri, 27 May 2005 11:23:39 +0200]/UNNAMED/readme_targetinfo.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Vanni\Documenti\Programmi\Multi pop\POSTA 27.05\TARGETINFO\Outlook Express\Posta in arrivo.dbx/[From laser@castellanilaser.it][Date Fri, 27 May 2005 11:23:39 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Vanni\Documenti\Programmi\Multi pop\POSTA 27.05\TARGETINFO\Outlook Express\Posta in arrivo.dbx/[From m72cappelletti@tiscali.it][Date Fri, 27 May 2005 11:34:20 +0200]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Vanni\Documenti\Programmi\Multi pop\POSTA 27.05\TARGETINFO\Outlook Express\Posta in arrivo.dbx/[From m72cappelletti@tiscali.it][Date Fri, 27 May 2005 11:34:20 +0200]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Vanni\Documenti\Programmi\Multi pop\POSTA 27.05\TARGETINFO\Outlook Express\Posta in arrivo.dbx/[From m72cappelletti@tiscali.it][Date Fri, 27 May 2005 11:34:20 +0200]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Vanni\Documenti\Programmi\Multi pop\POSTA 27.05\TARGETINFO\Outlook Express\Posta in arrivo.dbx/[From m72cappelletti@tiscali.it][Date Fri, 27 May 2005 11:34:20 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Vanni\Documenti\Programmi\Multi pop\POSTA 27.05\TARGETINFO\Outlook Express\Posta in arrivo.dbx Infected: Email-Worm.Win32.NetSky.q
C:\WINNT\loadadv728.exe Infected: Trojan-Downloader.Win32.Small.bfy
C:\WINNT\system32\countrydial.exe Infected: Trojan-Downloader.Win32.Small.bwh
C:\WINNT\system32\sysfind.exe Infected: Trojan.Win32.Dialer.hz
Scan process completed.
Permessi di invio
Rispondi quotando