Condividi:        

Dialer porno... non riesco... I killed sgrunt... non basta!?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Dialer porno... non riesco... I killed sgrunt... non basta!?

Postdi Palestinese » 03/07/06 20:21

Mi affido a voi che già tre volte mi avete salvato. Mi è uscita per un pò una finestra per collegarmi a un pornazzo... Ho fatto quelle cose tipo Hijackthis... adaware... e anche il killsgrunt (che mi ha detto di aver depennato sgrunt in modalità normale ma in provvisoria "Run-time error 9"....) Cosa devo fare? Eccovi il log di HJT

Logfile of HijackThis v1.99.1
Scan saved at 21.12.16, on 03/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CRBroadCasting] C:\Programmi\CardReader2.0\CRBroadCasting.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OTi Card Reader Service - Unknown owner - C:\Programmi\CardReader2.0\OTiReader.exe
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

Sponsor
 

PS

Postdi Palestinese » 03/07/06 20:23

Ah... Bitdefender mi segnala un paio di trojan in cartelle che non conosco e non esistono...
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

Postdi andorra24 » 03/07/06 20:46

Il log di hijackthis non presenta nulla di grave. C'e' solo questa da fixare:

R3 - Default URLSearchHook is missing

Fai una scansione con ewido:
http://www.ewido.net/en/onlinescan/

Per quanto riguarda bitdefender sarebbe meglio se postassi il resoconto della scansione.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Riguardo Bitdefender

Postdi Palestinese » 04/07/06 10:56

Stasera vado a casa e posto il log di Bitdefender... o di ewido... Per ora vi elenco un pò di "Behaves like Trojan" e affini che Bitdefender mi segnalava e che mi sono appuntato su carta...

Temporary/citofarera/sysstvmr.exe
...Prefetch/sgru[1] (ma questo dovrei averlo killato)
...Troyandialer.qc
...Exploit.Htlm
...Codebase.exec
...sysmon.exe
...Downloaded Program Files/Conflict#/Auto***** (# è un numero da 1 a 9, ***** un numero di cinque cifre)
...w.exe
...SysVolInform

Molti di questi vengono segnalati in un percorso che non riesco a fare...

In più Avast non vede nulla, ed anche AdAware...
Grazie e per ora scusate ancora le scarse informazioni
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

Postdi andorra24 » 04/07/06 11:17

Visualizza cartelle e fine nascosti da start/risorse del computer/strumenti/opzioni cartella/visualizzazione e ricontrolla meglio i percorsi dove si trovano questi malwares. Fai anche la scansione con ewido.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Si

Postdi Palestinese » 04/07/06 12:47

Farò la scansione con ewido... cmq cartelle e file nascosti li ho già visualizzati
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

ancora

Postdi Palestinese » 04/07/06 19:23

ecco qua

EWIDO

Troyan.Proxcrak.A C:\Programmi\WinRAR\patch.exe
Troyan.Proxcrak.A C:\Programmi\WinRAR\patch2.exe
Troyan.Proxcrak.AC:\Programmi\WinRAR\WinRAR.and.DosRAR.v3.42.Italian.WinALL-CHiCNCREAM\patch.exe
Troyan.Proxcrak.A C:\Programmi\WinRAR\WinRAR.and.DosRAR.v3.42.Italian.WinALL-CHiCNCREAM\patch2.exe
Downloader.Vixup.b C:\WINDOWS\system32\sysmon.exe

Risk HIGH per tutti e cinque

AD AWARE

Ad-Aware SE Build 1.05
Logfile Created on:martedì 4 luglio 2006 19.53.03
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R113 28.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):12 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


04-07-2006 19.53.03 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Utente\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1336601894-839522115-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1336601894-839522115-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1336601894-839522115-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1336601894-839522115-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1336601894-839522115-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1336601894-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1336601894-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1336601894-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 584
ThreadCreationTime : 04-07-2006 15.21.23
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 648
ThreadCreationTime : 04-07-2006 15.21.28
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 672
ThreadCreationTime : 04-07-2006 15.21.29
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 04-07-2006 15.21.30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applicazione Servizi e Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 728
ThreadCreationTime : 04-07-2006 15.21.30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 04-07-2006 15.21.31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 960
ThreadCreationTime : 04-07-2006 15.21.32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1052
ThreadCreationTime : 04-07-2006 15.21.32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1116
ThreadCreationTime : 04-07-2006 15.21.33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1284
ThreadCreationTime : 04-07-2006 15.21.33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1452
ThreadCreationTime : 04-07-2006 15.21.34
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1652
ThreadCreationTime : 04-07-2006 15.21.36
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Esplora risorse
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : EXPLORER.EXE

#:13 [crbroadcasting.exe]
FilePath : C:\Programmi\CardReader2.0\
ProcessID : 1740
ThreadCreationTime : 04-07-2006 15.21.36
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : AnnounceNewCReader Application
FileDescription : AnnounceNewCReader MFC Application
InternalName : AnnounceNewCReader
LegalCopyright : Copyright (C) 2004
OriginalFilename : AnnounceNewCReader.EXE

#:14 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1748
ThreadCreationTime : 04-07-2006 15.21.36
BasePriority : Normal
FileVersion : 5.1.0.30
ProductVersion : 5.1.0.29
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:15 [pdvdserv.exe]
FilePath : C:\Programmi\CyberLink\PowerDVD\
ProcessID : 1768
ThreadCreationTime : 04-07-2006 15.21.36
BasePriority : Normal
FileVersion : 6.00.1027
ProductVersion : 6.00.1027
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright (c) CyberLink Corp. 1997-2004
OriginalFilename : PDVDSERV.EXE

#:16 [ituneshelper.exe]
FilePath : C:\Programmi\iTunes\
ProcessID : 1808
ThreadCreationTime : 04-07-2006 15.21.37
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:17 [qttask.exe]
FilePath : C:\Programmi\QuickTime\
ProcessID : 1816
ThreadCreationTime : 04-07-2006 15.21.37
BasePriority : Normal
FileVersion : 7.0.4
ProductVersion : QuickTime 7.0.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:18 [msgplus.exe]
FilePath : C:\Programmi\MessengerPlus! 3\
ProcessID : 1824
ThreadCreationTime : 04-07-2006 15.21.37
BasePriority : Normal


#:19 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 1832
ThreadCreationTime : 04-07-2006 15.21.37
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswDisp.exe

#:20 [nmbgmonitor.exe]
FilePath : C:\Programmi\File comuni\Ahead\lib\
ProcessID : 1840
ThreadCreationTime : 04-07-2006 15.21.37
BasePriority : Normal


#:21 [msmsgs.exe]
FilePath : C:\Programmi\Messenger\
ProcessID : 1868
ThreadCreationTime : 04-07-2006 15.21.37
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:22 [aswupdsv.exe]
FilePath : C:\Programmi\Alwil Software\Avast4\
ProcessID : 220
ThreadCreationTime : 04-07-2006 15.21.42
BasePriority : Normal


#:23 [ashserv.exe]
FilePath : C:\Programmi\Alwil Software\Avast4\
ProcessID : 236
ThreadCreationTime : 04-07-2006 15.21.42
BasePriority : High
FileVersion : 4, 7, 844, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswServ.exe

#:24 [mdm.exe]
FilePath : C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\
ProcessID : 324
ThreadCreationTime : 04-07-2006 15.21.42
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:25 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 348
ThreadCreationTime : 04-07-2006 15.21.43
BasePriority : Normal
FileVersion : 6.14.10.8421
ProductVersion : 6.14.10.8421
ProductName : NVIDIA Driver Helper Service, Version 84.21
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 84.21
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:26 [otireader.exe]
FilePath : C:\Programmi\CardReader2.0\
ProcessID : 388
ThreadCreationTime : 04-07-2006 15.21.43
BasePriority : Normal
FileVersion : 1, 1, 11, 10
ProductVersion : 1, 0, 0, 0
ProductName : OTi CardReader Software Utility
FileDescription : OTi CardReader2126 Software Utility(NanYeah)
InternalName : OTiCardReaderService
LegalCopyright : Copyright (C) 2003
OriginalFilename : OTiReader.EXE

#:27 [ipodservice.exe]
FilePath : C:\Programmi\iPod\bin\
ProcessID : 1228
ThreadCreationTime : 04-07-2006 15.21.50
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:28 [ashmaisv.exe]
FilePath : C:\Programmi\Alwil Software\Avast4\
ProcessID : 2056
ThreadCreationTime : 04-07-2006 15.21.51
BasePriority : Normal


#:29 [ashwebsv.exe]
FilePath : C:\Programmi\Alwil Software\Avast4\
ProcessID : 2092
ThreadCreationTime : 04-07-2006 15.21.52
BasePriority : Normal


#:30 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2448
ThreadCreationTime : 04-07-2006 15.21.52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3068
ThreadCreationTime : 04-07-2006 15.22.50
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Aggiornamenti automatici
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : wuauclt.exe

#:32 [iexplore.exe]
FilePath : C:\Programmi\Internet Explorer\
ProcessID : 2296
ThreadCreationTime : 04-07-2006 17.20.47
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : IEXPLORE.EXE

#:33 [winword.exe]
FilePath : C:\Programmi\Microsoft Office\OFFICE11\
ProcessID : 828
ThreadCreationTime : 04-07-2006 17.26.20
BasePriority : Normal


#:34 [iexplore.exe]
FilePath : C:\Programmi\Internet Explorer\
ProcessID : 3644
ThreadCreationTime : 04-07-2006 17.29.14
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : IEXPLORE.EXE

#:35 [ad-aware.exe]
FilePath : C:\Programmi\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2848
ThreadCreationTime : 04-07-2006 17.52.55
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utente@revenue[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:utente@revenue.net/
Expires : 10-06-2022 7.05.42
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 13



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 13




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

19.56.46 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00.03.42.250
Objects scanned:113177
Objects identified:1
Objects ignored:0
New critical objects:

###########Bitdefender

C:\System Volume Information\_restore[FB0362A5-4254-9DC4-0C4AEF0D9D2F]\RP66\A0106397.exe Infected with: Trojan.Downloader.Vixup.B

Nel frattempo vado a fare una strage in mod provvisoria...
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

Postdi andorra24 » 04/07/06 19:29

Prima di andare in modalita' provvisoria disattiva il ripristino di sistema:
http://service1.symantec.com/SUPPORT/IN ... 3151930924
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

doh

Postdi Palestinese » 04/07/06 19:40

doh! speriamo non serva... ewido is working... cmq non ho trovato patch e patch2 ... speriamo ewido li abbia deleted davvero
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

2 nuovi!

Postdi Palestinese » 04/07/06 19:44

ecco ora ewido

C:\RECYCLER\S-1-5-21-1993962763-1336601894-839522115-500\Dc17.txt

C:\RECYCLER\S-1-5-21-1993962763-1336601894-839522115-500\Dc17.txt

Risk Medium entrambi

Removed entrambi... ora ITA-GER e poi vediamo...
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

Wait please...

Postdi Palestinese » 05/07/06 14:54

Dite che ho speranza di pulire tutto?
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

Re: Wait please...

Postdi andorra24 » 05/07/06 15:07

Palestinese ha scritto:Dite che ho speranza di pulire tutto?

Ma certo, le varie scansioni riusciranno a ripulirti per bene il pc.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Tutt'appost'!

Postdi Palestinese » 05/07/06 19:24

Fatto una strage... e pare sia riuscita! Solo Avast ogni tanto segnala qualcosa ma... non sono niente... al più plug-ins di LavaSoft...

GRAZIE Andò!
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

Postdi andorra24 » 05/07/06 19:30

Bene, con i malwares bisogna usare il pugno di ferro. :) ;)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo


Torna a Sicurezza e Privacy


Topic correlati a "Dialer porno... non riesco... I killed sgrunt... non basta!?":


Chi c’è in linea

Visitano il forum: Nessuno e 65 ospiti