Ciao a tutti
Oltre all'avg uso un anti spyware consigliatomi da un amico , un certo Scan Spyware e ieri sera mi ha trovato 5 file infetti.... di questi ne son riuscita a cancellare 3 ma 2 mi son rimasti in quanto mi dice che sono file rinominati
Vi posto il log dello scan dell'antispyware e anche il log di hijackthis ... però l'hijackthis l'ha fatto il mio ragazzo in condivisione fà niente ?
ok allora :
Application Information
=======================
Application Version: ScanSpyware v3.8 build 3.8.0.1
Original Database: pests09-10-04.db
Updated Database: ssdb101108.db
Current Date: Sunday, October 19, 2008 08:35:13 AM
__________________________________________________
Directories recognized:
=======================
__________________________________________________
Files recognized:
=================
Questi due sono i file infetti :
[CashBack]
E:\DOKUME~1\gioia\LOKALE~1\Temp\blank.gif
[DirSpy]
E:\WINDOWS\_ISENV31.INI
___________________________________________
Questi non sò ...
Registry keys recognized:
=========================
[Boss EveryWare]
HKEY_CLASSES_ROOT\.dbf
[Boss EveryWare]
HKEY_LOCAL_MACHINE\Software\classes\.dbf
[Delf.HAO]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\taskmgr.exe
-------------------------------------------------------------------------
Ora incollo l'hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:10:24, on 19.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
E:\Programme\Microsoft IntelliType Pro\type32.exe
E:\Programme\Microsoft IntelliPoint\point32.exe
E:\Programme\Winamp\winampa.exe
E:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
E:\Programme\ScanSoft\OmniPageSE\opware32.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programme\Messenger\msmsgs.exe
E:\Programme\OpenOffice.org 2.0\program\soffice.exe
E:\Programme\OpenOffice.org 2.0\program\soffice.BIN
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\PROGRA~1\AVG\AVG8\avgfws8.exe
E:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\AVG\AVG8\avgam.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Programme\Skype\Phone\Skype.exe
E:\Programme\Skype\Plugin Manager\skypePM.exe
E:\Programme\Windows Live\Messenger\usnsvc.exe
E:\Programme\TeamViewer3\TeamViewer.exe
E:\Programme\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [IAAnotif] "E:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [type32] "E:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "E:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] E:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DW6] "E:\Programme\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = E:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE004BE0-41BD-4F18-9F94-BC86B512F222}: NameServer = 62.109.123.197 213.191.74.19
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - E:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Programme\TuneUpUtilities2006\WinStylerThemeSvc .exe
O23 - Service: XAudioService - Conexant Systems, Inc. - E:\WINDOWS\system32\DRIVERS\xaudio.exe
--
End of file - 7110 bytes
Aiutatemi vi prego ...
Devo disabilitare il ripristino di sistema ? devo pulire in modalità provvisoria ???
Ditemi voi ...
Grazie in anticipo