Condividi:        

findkill

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

findkill

Postdi marcosesto1 » 01/11/09 12:38

scansione con findkill

----------------- FindyKill V4.700 ------------------

* User: marco mattioli - MARCO
* Executed from : C:\Programmi\FindyKill
* Update on 13/11/08 by Chiquitine29
* Start at 12:25:32 the 01/11/2009
* Windows XP - Internet Explorer 8.0.6001.18702

((((((((((((((((( *** Searching *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

--------------- [ Infected files / folders ] ----------------


»»»» Presence Files in C:


»»»» Presence Files in C:\WINDOWS


»»»» Presence Files in C:\WINDOWS\Prefetch


»»»» Presence Files in C:\WINDOWS\system32


»»»» Presence Files in C:\WINDOWS\system32\drivers


»»»» Presence Files in C:\Documents and Settings\marco mattioli\Dati applicazioni


»»»» Presence Files in C:\DOCUME~1\MARCOM~1\IMPOST~1\Temp


»»»» Presence Files in C:\Documents and Settings\marco mattioli\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant REG_SZ C:\Programmi\Logitech\Video\CameraAssistant.exe
LogitechVideo[inspector] REG_SZ C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
LogitechCameraService(E) REG_SZ C:\WINDOWS\system32\ElkCtrl.exe /automation
NeroFilterCheck REG_SZ C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
SoundMan REG_SZ SOUNDMAN.EXE
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nod32kui REG_SZ "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
SunJavaUpdateSched REG_SZ "C:\Programmi\Java\jre6\bin\jusched.exe"
TkBellExe REG_SZ "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher REG_SZ "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
QuickTime Task REG_SZ "C:\Programmi\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Programmi\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
Packard Bell Software Suite REG_SZ C:\Programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
MSMSGS REG_SZ "C:\Programmi\Messenger\msmsgs.exe" /background
Google Update REG_SZ "C:\Documents and Settings\marco mattioli\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
AdobeBridge REG_SZ

--------------- [ Registry / Infected keys ] ----------------


Found ! - HKEY_USERS\S-1-5-21-606747145-1085031214-839522115-1004\Software\bisoft
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft

--------------- [ States / Services ] ----------------

Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- boot mode not available !!

Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- boot mode not available !!

Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- boot mode not available !!



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

/!\ Ip6Fw - Type of startup = 4

/!\ SharedAccess - Type of startup = 4

/!\ wuauserv - Type of startup = 4

/!\ wscsvc - Type of startup = 4



--------------- [ Searching in removable drives ] ----------------


+- Informations :

C: - Unit… fissa


+- Presence of files :



--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


------------------- ! End of report ! --------------------

cosa devo fare ora?
marcosesto1
Newbie
 
Post: 3
Iscritto il: 01/11/09 12:31

Sponsor
 

Re: findkill

Postdi Luke57 » 01/11/09 12:51

Ciao, riavvialo e scegli l'opzione 2 per eliminare le infezione trovate appartenenti al bagle.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: findkill

Postdi marcosesto1 » 01/11/09 19:13

innanzi tutto grazie, ma l'ho appena fatto ed è tutto come prima.
marcosesto1
Newbie
 
Post: 3
Iscritto il: 01/11/09 12:31

Re: findkill

Postdi marcosesto1 » 01/11/09 19:17

Non mi si aprono ne l'antivirus ne Spybot e ne HijackThis e all'apertura di windows al posta della solita finestradell'antivirus ne esce una con strani segni che sembrano tipo cinesi seguito da un reset del pc
marcosesto1
Newbie
 
Post: 3
Iscritto il: 01/11/09 12:31

Re: findkill

Postdi gahan » 18/11/09 10:32

Scarica http://www.zonavirus.com/datos/descarga ... ibagla.asp ed eseguilo in modalita' provvisoria

esegui il programma e spunta '' ELIMINAR FICHEROS AUTOMATICAMENTE''

clicca su EXPLORAR per avviare la scansione

Quando avra' finito troverai il log in C:\InfoSat.txt. - copialo in blocco note e postalo nel forum
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: findkill

Postdi gahan » 18/11/09 10:34

words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09


Torna a Sicurezza e Privacy

Chi c’è in linea

Visitano il forum: Nessuno e 42 ospiti