| Autore |
 Discussione  |
|
ucla
Junior Member
50 Messaggi |
 Inserito il - 12/01/2006 : 14:51:45
|
|
Qualcuno sa aiutarmi per togliere questo trojan?
|
|
|
Yves
Moderatore
Città: Buenos Aires
6097 Messaggi |
Inserito il - 12/01/2006 : 15:39:58
|
Il nome non mi dice molto, dacci un pò di info sui sintomi e scarica questi software:
Tenta comunque in questo sistema, è un pò generico ma dovrebbe andare...
Scaricati ed installa:
Hijackthis : htt*://[www].majorgeeks[.com]/download3155.html (freeware)
questo serve più che altro a noi per vedere che tipo di infezione ti ritrovi, fai una scansione prima di fare il resto dei passaggi, ti crea un log (files di testo) lo copi ed incolli sul post del forum.
AdAware : htt*://[www].lavasoftusa[.com]/support/download/ (scegli nella lista la versine "Ad-Aware Personal", freeware)
SpyBotS&D : htt*://[www].spybot.info/ (Freeware)
CCleaner : htt*://[www].ccleaner[.com]/ (freeware)
Cerca di scoprire il nome del files di origine (l'antivirus dovrebbe darti dettagli su di questo..)
Ora disattiva la restaurazione del sistema (click puls DX su "risorse del computer" -> "proprietà" -> "ripristino configurazione di sistema", metti lo spunto su "disabilita" e conferma.
Riavvia il PC in provvisoria (tasto "F8" all'avvio del PC)
Una volta entrati in windows in questa maniera, fai le scansioni con i vari antivirus ed anti spyware, elimina tutto quello che trovano, se hai scoperto il nome del files infetto apri "start" "cerca" ed inserisci il nome del files, se lo trova lo rinomini (es: files-x.exe diventa files-x.bak), li non è più pericoloso.
Svuota il cesino, i files temporanei internet, reimposta la pagina iniziale di IE (se necessario..), ecc..
Riavvia il sistema, puoi riattivare il ripristino del sistema, utilizza il programma CCleanet e leva tutto quello che trova come registri inutili e files, riavvia ancora una volta.
Controlla ora come si comporta, normalmente dopo un lavoretto del genere dovrebbe andare, ma per essere sicuri il log di Hijakthis è necessario..
PS: se non hai installati antivirus e/o firewall ti consiglio questi due, se l'antivirus che hai installato non lavora da provvisoria, disinstallalo ed installa quello che ti segnalo qui, so che funge..
AntiVir PE : htt*://[www].free-av[.com]/ (AntiVir PersonalEdition Classic Windows, version 7, è beta test, ma ho provato e va perfettamente, freeware)
Guida AntiVir PE: htt*://[www].sicurezzainrete[.com]/Antivir_PE_6_1.htm
Zone Alarm : htt*://[www].zonelabs[.com]/store/content/home.jsp (scegli "ZoneAlarm" nel menu a SX, è la versione freeware)
Qui una guida di Zone Alarm: htt*://[www].attivissimo.net/acchiappavirus/za/
Ciao. |
Modificato da - Yves in data 12/01/2006 16:22:58 |
 |
|
|
ucla
Junior Member
50 Messaggi |
Inserito il - 13/01/2006 : 08:38:42
|
IL FILE INFETTO L'HA TROVATO IN:
c:\windows\system32\IdBFB8.tmp
Ho provato come mi hai detto ma ho delle perplessità....
ho installato Hijackthis appena l'ho lanciato mi ma creato strani collegamenti sul desktop :
explorer 2 volte e Movie....
oggi riprovo a rilanciare avast per vedere se ci sono ancora file infetti ma mi sa di si
Ciao |
|
|
|
n/a
deleted
1470 Messaggi |
Inserito il - 13/01/2006 : 17:50:34
|
Disattiva il ripristino di sistema
Scarica questo programma
Lancialo e fai una scansione.svuota il cestino,i file temporanei,i cookies,riattiva il punto di ripristino.
HJK và installato in una cartella a lui dedicata disinstallalo,crea la cartella e dopo posta un log di HJK |
|
|
|
ucla
Junior Member
50 Messaggi |
Inserito il - 13/01/2006 : 22:35:20
|
Logfile of HijackThis v1.99.1
Scan saved at 22.37.42, on 13/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\vecchio pc\disco c\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\LUCA\IMPOST~1\Temp\Rar$EX03.010\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt*://[www].repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt*://[www].hp[.com]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPanel] C:\WINDOWS\atip.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\vecchio pc\disco c\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmi\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmi\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Programmi\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmi\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: [ presso ]btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: [ presso ]btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=htt*://[www].hp[.com]
O15 - Trusted Zone: [www].archiviosex.net
O15 - Trusted Zone: [www].linkautomatici[.com]
O15 - Trusted Zone: [www].redfunny[.com]
O15 - Trusted Zone: [www].skymasters.biz
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEBF70B4-B3E5-46B7-A944-28FFDF49FBB2}: NameServer = 85.37.17.7 151.99.125.1
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
|
|
|
|
n/a
deleted
Città: eh eh ti piacerebbe saperlo
2419 Messaggi |
Inserito il - 14/01/2006 : 14:04:14
|
allora per debellare tutte le schifezze del tuo log bisognerà lavorare parecchio...ma la cosa non mi spaventa e spero non spaventi te quindi cominciamo subito....l'importante è che segui alla lettera i miei consigli se no ci troviamo male....piuttosto di saltare un passaggio se non sei in grado fammelo sapere che te lo spiego meglio....
IMPORTANTE: se fai qualcosa di particolare col pc....dimmelo subito onde evitare di cancella re cose che servono...è Molto importante..dimmi se fai cose particolari...anche la costruzione di un sito internet..oppure programmazione..oppure lo usi come server..tutto quello che ti viene in mente che va al di fuori di scaricare musica da internet navigare e ascoltare mp3 e fare qualche lettera con word...
avast non è + in grado di fare il suo lavoro..e il dubbio mi sorge vedendo queste due voci dove dice file missing..cioè perso..o meglio cancellato....
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
quindi scaricati antivir PE molto + leggero di avast ed efficente anche di + di avast...fidati..ormai gli antivirus li ho testati tutti tranne panda...
antivir lo trovi qua htt*://[www].free-av[.com]/
vai nella sezione download e scegli il mirror 5(ita)
quindi...disinstalla avast.. [.com]pletamente..dal pannello di controllo di windows.....e poi per eliminare qualsiasi sua traccia fai una bella pulizia con regseeker che trovi qua
RegSeeker(pulizia registro) htt*://[www].pianetapc.it/downloads.php?id=96
Guida a regseeker htt*://[www].megalab.it/articoli.php?id=325
per usare regseeker scegli la lingua in alto dove c'è la bandierina e poi dai un occhiata che ci sia la spunta in basso sul quadratino che indica la copia delle voci rimosse...mi raccomando deve essere spuntata..
poi prosegui e fai una pulizia del registro ed elimini tutto quello che trova...magari dai un occhio alla guida per sapere come fare le cose al meglio...
subito dopo riavvia e installa antivir pe...fai una bella scansione...e dopo guarda se ti elimina qualcosa...
segui pure i link di yves riguardo alla guida su antivir ma scaricati la 6(versione e non la 7..a qualcuno non va perfettamente)
poi apri hijackthis e fai un log e fixi le voci che ti dico..per fixarle intendo che le selezioni e premi fix checked
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\vecchio pc\disco c\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmi\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmi\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Programmi\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmi\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: [ presso ]btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: [ presso ]btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=htt*://[www].hp[.com]
O15 - Trusted Zone: [www].archiviosex.net
O15 - Trusted Zone: [www].linkautomatici[.com]
O15 - Trusted Zone: [www].redfunny[.com]
O15 - Trusted Zone: [www].skymasters.biz
poi dopo aver fixato ste cose ti installi spybot e adware se non lo hai ancora fatto....
i link te li ha dati Yves....
poi dopo scansioni(mi raccomando appena scarichi i due programmini qua e antivir pe devi subito fare gli aggiornamenti prima di usarli)
poi posti un nuovo log di hijackthis...
MI RACCOMANDO DI FARE LE COSE CHE TI HO DETTO ANCHE PERCHè CI HO MESSO PARECCHIO A SCRIVERLE...
il primo round è finito..aspetto il secondo log per il secondo round
ciaoooooooooooooo
|
|
|
|
ucla
Junior Member
50 Messaggi |
Inserito il - 15/01/2006 : 23:36:29
|
grazie mille Vanx mi sembra che Ad Aware abbia sconfitto il virus, ringrazio anche Alexsandra e Yves siete forti..... ditemi che è tutto ok!!!
ti posto il log:
Logfile of HijackThis v1.99.1
Scan saved at 23.33.58, on 15/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\rundll32.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\AVPersonal\AVSched32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\LUCA\Desktop\HJK\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt*://[www].repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt*://[www].hp[.com]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\Programmi\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Programmi\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
|
|
|
|
n/a
deleted
Città: eh eh ti piacerebbe saperlo
2419 Messaggi |
Inserito il - 16/01/2006 : 11:00:48
|
Il fetente sembra andato via....
ora bisogna fare la seconda pulizia..cioè eliminare tutti quei programmi che vengono eseguiti inutilmente....
Quel pc li è un notebook hp?
Il software per la connessione infrarossi lo hai installato tu?
allora virit..adesso che hai antivir puoi pure disinstallarlo...l'importante è che installi un firewall
io ti consiglio outpost
Outpost 1.0 Free Edition htt*://[www].pianetapc.it/downloads.php?id=25
Guida su Outpost 1.0 Free Edition By Fremyd htt*://[www].megalab.it/articoli.php?id=770
oppure zone alarm che aveva precedentemente quotato Yves
Zone Alarm : htt*://[www].zonelabs[.com]/store/content/home.jsp (scegli "ZoneAlarm" nel menu a SX, è la versione freeware)
Qui una guida di Zone Alarm: htt*://[www].attivissimo.net/acchiappavirus/za/
scegli te....io ti posso solo dire che outpost è un po + leggero..per il resto sono 2 ottimi firewall....
se scegli outpost l'importante è che dopo averlo installato lo devi aggiornare 1 volta sola..se no lui si aggiorna alla versione successiva che è a pagamento
unica pecca..outpost è in inglese mentre zone alarm è in italiano...quindi scegli quello con cui ti troveresti meglio...ma scegline uno...
poi installa reg cleaner
Regcleaner(pulizia registro e avvio) htt*://[www].worldstart[.com]/weekly-download/archives/reg-cleaner4.3.htm
Guida regcleaner htt*://[www].tutorialpc.it/regcleaner.asp
lo apri e vai nel menu "startup list" poi vai in file(che è in alto a sinistra) e gli dici save list as txt...poi mi copii incolli la lista qui sotto .....
ciaooooooooooooooooo
|
|
|
|
ucla
Junior Member
50 Messaggi |
Inserito il - 16/01/2006 : 22:43:21
|
ciao Vanx
Si il pc è notebook hp nx 7010
No il software per la connessione infrarossi non l'ho istallato io
Ho scelto Zone Alarm perchè in italiano
ecco cosa ha scritto Regcleaner:
RegCleaner 4.3 by Jouni Vuorio
These programs are run everytime you start your computer. Try to keep this list as short as possible
[syntax: Program, Filename, Loaded from ]
AdslTaskBar, Rundll32.exe Stmctrl.dll,TaskBar, HKEY_LM\Run
Agrsmmsg, AGRSMMSG.exe, HKEY_LM\Run
Atipta, C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe, HKEY_LM\Run
AVGCtrl, C:\Programmi\AVPersonal\AVGNT.EXE /min, HKEY_LM\Run
Avsched32, C:\Programmi\AVPersonal\AVSched32.EXE /min, HKEY_LM\Run
Cpqset, C:\Programmi\HPQ\Default Settings\cpqset.exe, HKEY_LM\Run
Ctfmon.exe, C:\WINDOWS\System32\ctfmon.exe, HKEY_CU\Run
DAEMON Tools-1033, "C:\Programmi\D-Tools\daemon.exe" -lang 1033, HKEY_LM\Run
DataLayer, C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE, HKEY_LM\Run
Desktop, N/A, Start Menu
Desktop, N/A, Start Menu (Common User)
DeviceDiscovery, C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe, HKEY_LM\Run
HP Software Update, "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe", HKEY_LM\Run
HPDJ Taskbar Utility, C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe, HKEY_LM\Run
HPHmon05, C:\WINDOWS\System32\hphmon05.exe, HKEY_LM\Run
Hphupd05, C:\Programmi\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe, HKEY_LM\Run
PCSuiteTrayApplication, C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE, HKEY_LM\Run
PRONoMgr.exe, C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe, HKEY_LM\Run
QuickTime Task, "C:\Programmi\QuickTime\qttask.exe" -atboottime, HKEY_LM\Run
RoxioDragToDisc, "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe", HKEY_LM\Run
RoxioEngineUtility, "C:\Programmi\File Comuni\Roxio Shared\System\EngUtil.exe", HKEY_LM\Run
SchedulingAgent, Mstask.exe, HKEY_LM\RunServices
Smapp, C:\Programmi\Analog Devices\SoundMAX\SMTray.exe, HKEY_LM\Run
SynTPEnh, C:\Programmi\Synaptics\SynTP\SynTPEnh.exe, HKEY_LM\Run
SynTPLpr, C:\Programmi\Synaptics\SynTP\SynTPLpr.exe, HKEY_LM\Run
TkBellExe, "C:\Programmi\File Comuni\Real\Update_OB\realsched.exe" -osboot, HKEY_LM\Run
Zone Labs Client, C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe, HKEY_LM\Run
|
|
|
|
n/a
deleted
Città: eh eh ti piacerebbe saperlo
2419 Messaggi |
Inserito il - 17/01/2006 : 17:38:38
|
allora selezioni quelli che ti dico e gli dici remove:(prima fai la prova con uno solo e assicurati che sia finito nel menù backups..se c'è torni in startup e rimuovi gli altri...ma non rimuovere niente dal menu backups e non fare altre pulizie per qualche giorno...così vedi se ti funziona tutto bene)
Atipta, C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe, HKEY_LM\Run
Ctfmon.exe, C:\WINDOWS\System32\ctfmon.exe, HKEY_CU\Run
DAEMON Tools-1033, "C:\Programmi\D-Tools\daemon.exe" -lang 1033, HKEY_LM\Run
DataLayer, C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE, HKEY_LM\Run
DeviceDiscovery, C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe, HKEY_LM\Run
QuickTime Task, "C:\Programmi\QuickTime\qttask.exe" -atboottime, HKEY_LM\Run
RoxioDragToDisc, "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe", HKEY_LM\Run
RoxioEngineUtility, "C:\Programmi\File Comuni\Roxio Shared\System\EngUtil.exe", HKEY_LM\Run
Smapp, C:\Programmi\Analog Devices\SoundMAX\SMTray.exe, HKEY_LM\Run
SynTPEnh, C:\Programmi\Synaptics\SynTP\SynTPEnh.exe, HKEY_LM\Run
SynTPLpr, C:\Programmi\Synaptics\SynTP\SynTPLpr.exe, HKEY_LM\Run
TkBellExe, "C:\Programmi\File Comuni\Real\Update_OB\realsched.exe" -osboot, HKEY_LM\Run
poi riposta un log di hijackthis...
(se qualcosa non dovesse + funzionare dimmelo che lo riabilitiamo)
ciaoooooooooooo |
|
|
|
ucla
Junior Member
50 Messaggi |
Inserito il - 18/01/2006 : 23:29:03
|
C'è qulcosa di strano:
quando apro il computer antivir si apre e trova:
c:\WINDOWS\SYSTEM32\LD9C79.TMP is the trojan horse TR/Dldr.Zlob.DQ
deny access
e talvolta anche
c:\WINDOWS\SYSTEM32\MSSEARCHNET.EXE is the trojan horse TR/Zlob.AB
faccio la scansione e non trova virus ad awere e spy boot nenache !!!
E' tutto Ok?
poi ti posto il log
|
|
|
|
ucla
Junior Member
50 Messaggi |
Inserito il - 18/01/2006 : 23:30:31
|
Logfile of HijackThis v1.99.1
Scan saved at 23.33.06, on 18/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\AVPersonal\AVSched32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\LUCA\Desktop\HJK\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt*://[www].repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt*://[www].hp[.com]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [AVGCtrl] C:\Programmi\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Programmi\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEBF70B4-B3E5-46B7-A944-28FFDF49FBB2}: NameServer = 85.37.17.7 85.38.28.95
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
|
|
|
n/a
deleted
1470 Messaggi |
Inserito il - 19/01/2006 : 08:26:55
|
Scarica CCleaner se non lo hai.
Avvia in provvisoria, visualizza file e cartelle nascosti (vai in start-impostazioni-pannello di controllo-opzioni cartella, e clicca su "visualizzazione". Seleziona "visualizza file e cartelle nascosti", "visualizza il contenuto delle cartelle di sistema" e deselezionate "nascondi file protetti e di sistema". Clicca su OK., cerca ed elimina il file segnalato
c:\WINDOWS\SYSTEM32\MSSEARCHNET.EXE
Poi lancia CCleaner (lascia le impostazioni di default, vai in opzioni-avanzate, lascia la spunta a backup ,a "chiedi backup delle voci di registro" e togliela a "cancella file windows solo se più vecchi di 48 ore") così elimini i file temporanei di windows, quelli di IE, cookies, cestino.
Il log è pulito,ma probabile che hai qualche tmp che viene riconosciuto come parte del trojan.
Ripeti la scansione con gli stessi programmi che ti hanno segnalato il trojan (aggiornali prima) e se non ti danno più segnalazioni prosegui con quanto sotto,altrimenti posta quello segnalato
Finito il tutto,disabilita il ripristino di sistema (clik col Dx su "Risorse del computer" - proprietà,clic sulla linguetta "ripristino configurazione di sistema" e metti la spunta su "disabilita ripristino di sistema".
Riavvia e ripeti l'operazione al contrario (lo riattivi) e crea un nuovo punto di ripristino (Start-programmi-accessori-utilità di sistema-ripristino configurazione di sistema) clicca sulla voce "crea nuovo punto di ripristino.
PS. esegui l'operazione di disattivare il ripristino quando non ricevi più segnalazioni del trojan |
|
|
|
ucla
Junior Member
50 Messaggi |
Inserito il - 19/01/2006 : 15:54:33
|
| ciao alexandra il file .exe non c'è proseguo come hai indicato? |
|
|
|
n/a
deleted
1470 Messaggi |
Inserito il - 19/01/2006 : 16:51:23
|
Citazione:
Messaggio inserito da ucla
ciao alexandra il file .exe non c'è proseguo come hai indicato?
Si allora sono i file temp di IE. prosegui con la procedura |
|
|
|
ucla
Junior Member
50 Messaggi |
Inserito il - 19/01/2006 : 23:26:05
|
15/01/2006,17.09.36 ---------------------------------------------------------
15/01/2006,17.09.36 [INIT] The AVGuard Service is starting.
15/01/2006,17.09.38 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
15/01/2006,17.09.39 [INFO] Start Filter Device.
15/01/2006,17.09.39 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.116
15/01/2006,17.09.39 AVGuard has been started successfully!
15/01/2006,17.09.42 [LOGON] Connection request by remote computer. Establishing secure communication channel.
15/01/2006,17.09.42 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaab691a2.
15/01/2006,17.35.34 [LOGON] Connection request by remote computer. Establishing secure communication channel.
15/01/2006,17.35.34 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa994393.
15/01/2006,17.46.35 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LD9E78.TMP
Unable to delete the file:
0x00000005 - Accesso negato.
15/01/2006,17.48.48 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LD9E78.TMP
Unable to delete the file:
0x00000005 - Accesso negato.
15/01/2006,17.49.52 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LD9E78.TMP
15/01/2006,17.51.43 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LD9E78.TMP
15/01/2006,17.57.25 [INFO] Stop Filter Device.
15/01/2006,17.57.26 AVGuard service has been stopped!
15/01/2006,21.45.05 ---------------------------------------------------------
15/01/2006,21.45.05 [INIT] The AVGuard Service is starting.
15/01/2006,21.45.08 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
15/01/2006,21.45.09 [INFO] Start Filter Device.
15/01/2006,21.45.09 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.116
15/01/2006,21.45.09 AVGuard has been started successfully!
15/01/2006,21.45.36 [LOGON] Connection request by remote computer. Establishing secure communication channel.
15/01/2006,21.45.36 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabb85d.
15/01/2006,21.45.22 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LDDAE8.TMP
15/01/2006,21.53.41 [INFO] Stop Filter Device.
15/01/2006,21.53.41 AVGuard service has been stopped!
15/01/2006,21.53.44 ---------------------------------------------------------
15/01/2006,21.53.44 [INIT] The AVGuard Service is starting.
15/01/2006,21.53.44 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
15/01/2006,21.53.45 [INFO] Start Filter Device.
15/01/2006,21.53.45 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.126
15/01/2006,21.53.45 AVGuard has been started successfully!
15/01/2006,21.53.51 [LOGON] Connection request by remote computer. Establishing secure communication channel.
15/01/2006,21.53.51 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa23438.
15/01/2006,22.02.48 [LOGON] Connection request by remote computer. Establishing secure communication channel.
15/01/2006,22.02.49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaba79db.
15/01/2006,22.02.43 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LDBB1C.TMP
15/01/2006,22.19.41 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LD47F4.TMP
15/01/2006,22.19.59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
15/01/2006,22.19.59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa8a263b.
15/01/2006,22.29.03 [LOGON] Connection request by remote computer. Establishing secure communication channel.
15/01/2006,22.29.03 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa8273cb.
15/01/2006,22.28.57 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LDC2E3.TMP
File has been deleted!
15/01/2006,23.49.18 [INFO] Stop Filter Device.
15/01/2006,23.49.19 AVGuard service has been stopped!
16/01/2006,19.06.00 ---------------------------------------------------------
16/01/2006,19.06.00 [INIT] The AVGuard Service is starting.
16/01/2006,19.06.03 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
16/01/2006,19.06.04 [INFO] Start Filter Device.
16/01/2006,19.06.04 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.126
16/01/2006,19.06.04 AVGuard has been started successfully!
16/01/2006,19.06.32 [LOGON] Connection request by remote computer. Establishing secure communication channel.
16/01/2006,19.06.32 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab8b60.
16/01/2006,19.06.22 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LDFA8E.TMP
File has been deleted!
16/01/2006,19.34.43 [INFO] Stop Filter Device.
16/01/2006,19.34.48 AVGuard service has been stopped!
16/01/2006,19.35.49 ---------------------------------------------------------
16/01/2006,19.35.49 [INIT] The AVGuard Service is starting.
16/01/2006,19.35.50 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
16/01/2006,19.35.51 [INFO] Start Filter Device.
16/01/2006,19.35.51 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.126
16/01/2006,19.35.51 AVGuard has been started successfully!
16/01/2006,19.36.01 [LOGON] Connection request by remote computer. Establishing secure communication channel.
16/01/2006,19.36.01 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa6b25.
16/01/2006,19.35.59 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LDB73B.TMP
File has been moved to quarantine directory!
16/01/2006,21.25.01 [INFO] Stop Filter Device.
16/01/2006,21.25.02 AVGuard service has been stopped!
16/01/2006,22.09.23 ---------------------------------------------------------
16/01/2006,22.09.23 [INIT] The AVGuard Service is starting.
16/01/2006,22.09.23 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
16/01/2006,22.09.25 [INFO] Start Filter Device.
16/01/2006,22.09.25 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.126
16/01/2006,22.09.25 AVGuard has been started successfully!
16/01/2006,22.10.20 [LOGON] Connection request by remote computer. Establishing secure communication channel.
16/01/2006,22.10.20 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab2acb.
16/01/2006,22.10.18 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LD76FE.TMP
File has been moved to quarantine directory!
16/01/2006,22.24.14 [INFO] Stop Filter Device.
16/01/2006,22.24.15 AVGuard service has been stopped!
16/01/2006,22.25.09 ---------------------------------------------------------
16/01/2006,22.25.09 [INIT] The AVGuard Service is starting.
16/01/2006,22.25.10 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
16/01/2006,22.25.20 [INFO] Start Filter Device.
16/01/2006,22.25.20 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.126
16/01/2006,22.25.20 AVGuard has been started successfully!
16/01/2006,22.26.32 [LOGON] Connection request by remote computer. Establishing secure communication channel.
16/01/2006,22.26.33 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab7444.
16/01/2006,22.25.48 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LD3242.TMP
File has been deleted!
16/01/2006,23.19.52 [INFO] Stop Filter Device.
16/01/2006,23.19.53 AVGuard service has been stopped!
16/01/2006,23.54.44 ---------------------------------------------------------
16/01/2006,23.54.44 [INIT] The AVGuard Service is starting.
16/01/2006,23.54.45 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
16/01/2006,23.54.59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
16/01/2006,23.54.59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa7295.
16/01/2006,23.55.11 [INFO] Start Filter Device.
16/01/2006,23.55.11 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.126
16/01/2006,23.55.11 AVGuard has been started successfully!
17/01/2006,0.05.01 [INFO] Stop Filter Device.
17/01/2006,0.05.02 AVGuard service has been stopped!
18/01/2006,19.15.22 ---------------------------------------------------------
18/01/2006,19.15.22 [INIT] The AVGuard Service is starting.
18/01/2006,19.15.22 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
18/01/2006,19.15.27 [INFO] Start Filter Device.
18/01/2006,19.15.27 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.126
18/01/2006,19.15.27 AVGuard has been started successfully!
18/01/2006,19.16.15 [LOGON] Connection request by remote computer. Establishing secure communication channel.
18/01/2006,19.16.15 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab263f.
18/01/2006,19.15.32 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LDE1E9.TMP
File has been moved to quarantine directory!
18/01/2006,19.38.14 [INFO] Stop Filter Device.
18/01/2006,19.38.15 AVGuard service has been stopped!
18/01/2006,19.39.13 ---------------------------------------------------------
18/01/2006,19.39.13 [INIT] The AVGuard Service is starting.
18/01/2006,19.39.14 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
18/01/2006,19.39.19 [INFO] Start Filter Device.
18/01/2006,19.39.19 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.126
18/01/2006,19.39.19 AVGuard has been started successfully!
18/01/2006,19.39.41 [LOGON] Connection request by remote computer. Establishing secure communication channel.
18/01/2006,19.39.41 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaba73b.
18/01/2006,19.39.21 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LDC04E.TMP
File has been renamed to *.VIR
18/01/2006,19.46.58 [INFO] Stop Filter Device.
18/01/2006,19.46.58 AVGuard service has been stopped!
18/01/2006,19.47.57 ---------------------------------------------------------
18/01/2006,19.47.57 [INIT] The AVGuard Service is starting.
18/01/2006,19.47.58 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
18/01/2006,19.48.01 [INFO] Start Filter Device.
18/01/2006,19.48.01 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.126
18/01/2006,19.48.01 AVGuard has been started successfully!
18/01/2006,19.48.18 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LDF7DB.TMP
File has been deleted!
18/01/2006,21.36.17 [INFO] Stop Filter Device.
18/01/2006,21.36.19 AVGuard service has been stopped!
18/01/2006,21.41.36 ---------------------------------------------------------
18/01/2006,21.41.36 [INIT] The AVGuard Service is starting.
18/01/2006,21.41.37 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
18/01/2006,21.41.41 [INFO] Start Filter Device.
18/01/2006,21.41.41 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.126
18/01/2006,21.41.41 AVGuard has been started successfully!
18/01/2006,21.41.55 [LOGON] Connection request by remote computer. Establishing secure communication channel.
18/01/2006,21.41.55 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa6b25.
18/01/2006,21.41.46 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LD9C79.TMP
18/01/2006,22.00.36 [INFO] Stop Filter Device.
18/01/2006,22.00.36 AVGuard service has been stopped!
18/01/2006,22.00.39 ---------------------------------------------------------
18/01/2006,22.00.39 [INIT] The AVGuard Service is starting.
18/01/2006,22.00.39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
18/01/2006,22.01.40 [LOGON] Connection request by remote computer. Establishing secure communication channel.
18/01/2006,22.01.40 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaab87efe.
18/01/2006,22.01.40 [INFO] Start Filter Device.
18/01/2006,22.01.40 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.139
18/01/2006,22.01.40 AVGuard has been started successfully!
18/01/2006,22.04.31 [INFO] Stop Filter Device.
18/01/2006,22.04.31 AVGuard service has been stopped!
18/01/2006,22.05.25 ---------------------------------------------------------
18/01/2006,22.05.25 [INIT] The AVGuard Service is starting.
18/01/2006,22.05.26 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
18/01/2006,22.05.30 [INFO] Start Filter Device.
18/01/2006,22.05.30 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.139
18/01/2006,22.05.30 AVGuard has been started successfully!
18/01/2006,22.08.11 WARNING: Is the Trojan horse TR/Zlob.AB!
C:\WINDOWS\SYSTEM32\MSSEARCHNET.EXE
18/01/2006,22.08.12 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LDFFBE.TMP
18/01/2006,22.13.13 WARNING: Is the Trojan horse TR/Zlob.AB!
C:\WINDOWS\SYSTEM32\MSSEARCHNET.EXE
File has been deleted!
18/01/2006,23.21.10 [INFO] Stop Filter Device.
18/01/2006,23.21.12 AVGuard service has been stopped!
18/01/2006,23.23.39 ---------------------------------------------------------
18/01/2006,23.23.39 [INIT] The AVGuard Service is starting.
18/01/2006,23.23.40 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
18/01/2006,23.23.44 [INFO] Start Filter Device.
18/01/2006,23.23.44 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.139
18/01/2006,23.23.44 AVGuard has been started successfully!
18/01/2006,23.24.05 [LOGON] Connection request by remote computer. Establishing secure communication channel.
18/01/2006,23.24.05 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa59f1.
18/01/2006,23.23.50 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LDB795.TMP
18/01/2006,23.24.38 [INFO] Stop Filter Device.
18/01/2006,23.24.49 [INFO] Start Filter Device.
19/01/2006,0.22.54 [INFO] Stop Filter Device.
19/01/2006,0.22.54 AVGuard service has been stopped!
19/01/2006,18.41.15 ---------------------------------------------------------
19/01/2006,18.41.15 [INIT] The AVGuard Service is starting.
19/01/2006,18.41.15 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
19/01/2006,18.41.19 [INFO] Start Filter Device.
19/01/2006,18.41.19 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.139
19/01/2006,18.41.19 AVGuard has been started successfully!
19/01/2006,18.42.16 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LD74CD.TMP
19/01/2006,18.42.27 [LOGON] Connection request by remote computer. Establishing secure communication channel.
19/01/2006,18.42.27 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab37d8.
19/01/2006,18.52.46 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LDE3D.TMP
19/01/2006,18.52.51 [LOGON] Connection request by remote computer. Establishing secure communication channel.
19/01/2006,18.52.51 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa1896b.
19/01/2006,18.54.58 [INFO] Stop Filter Device.
19/01/2006,18.54.58 AVGuard service has been stopped!
19/01/2006,18.55.48 ---------------------------------------------------------
19/01/2006,18.55.48 [INIT] The AVGuard Service is starting.
19/01/2006,18.55.49 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
19/01/2006,18.55.53 [INFO] Start Filter Device.
19/01/2006,18.55.53 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.139
19/01/2006,18.55.53 AVGuard has been started successfully!
19/01/2006,18.56.01 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LDB117.TMP
19/01/2006,18.56.12 [LOGON] Connection request by remote computer. Establishing secure communication channel.
19/01/2006,18.56.13 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa779d.
19/01/2006,19.03.32 [INFO] Stop Filter Device.
19/01/2006,19.03.33 AVGuard service has been stopped!
19/01/2006,19.04.27 ---------------------------------------------------------
19/01/2006,19.04.27 [INIT] The AVGuard Service is starting.
19/01/2006,19.04.28 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
19/01/2006,19.04.32 [INFO] Start Filter Device.
19/01/2006,19.04.32 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.139
19/01/2006,19.04.32 AVGuard has been started successfully!
19/01/2006,19.04.39 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LDA872.TMP
19/01/2006,19.53.02 [INFO] Stop Filter Device.
19/01/2006,19.53.03 AVGuard service has been stopped!
19/01/2006,22.24.32 ---------------------------------------------------------
19/01/2006,22.24.32 [INIT] The AVGuard Service is starting.
19/01/2006,22.24.33 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
19/01/2006,22.24.37 [INFO] Start Filter Device.
19/01/2006,22.24.37 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.139
19/01/2006,22.24.37 AVGuard has been started successfully!
19/01/2006,22.24.44 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LDA149.TMP
19/01/2006,22.24.54 [LOGON] Connection request by remote computer. Establishing secure communication channel.
19/01/2006,22.24.54 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa6056.
19/01/2006,22.48.36 WARNING: Is the Trojan horse TR/Dldr.Agent.ZD!
C:\ASDF.EXE
19/01/2006,23.02.24 [INFO] Stop Filter Device.
19/01/2006,23.02.25 AVGuard service has been stopped!
19/01/2006,23.02.27 ---------------------------------------------------------
19/01/2006,23.02.27 [INIT] The AVGuard Service is starting.
19/01/2006,23.02.28 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
19/01/2006,23.02.32 [INFO] Start Filter Device.
19/01/2006,23.02.32 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.144
19/01/2006,23.02.32 AVGuard has been started successfully!
19/01/2006,23.02.33 [LOGON] Connection request by remote computer. Establishing secure communication channel.
19/01/2006,23.02.33 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa89ee89.
19/01/2006,23.25.31 [INFO] Stop Filter Device.
19/01/2006,23.25.32 AVGuard service has been stopped!
19/01/2006,23.26.19 ---------------------------------------------------------
19/01/2006,23.26.19 [INIT] The AVGuard Service is starting.
19/01/2006,23.26.20 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
19/01/2006,23.26.24 [INFO] Start Filter Device.
19/01/2006,23.26.24 AntiVirService Version: 6.32.00.12 AVE Version 6.33.0.77 VDF Version: 6.33.0.144
19/01/2006,23.26.24 AVGuard has been started successfully!
19/01/2006,23.26.43 [LOGON] Connection request by remote computer. Establishing secure communication channel.
19/01/2006,23.26.43 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa786f.
19/01/2006,23.26.29 WARNING: Is the Trojan horse TR/Dldr.Zlob.DQ!
C:\WINDOWS\SYSTEM32\LD9AF3.TMP
|
|
|
|
Discussione |
|
|
|
W32 Zlob-AB
Forum Bloccato
