minore di capitale

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware e sicurezza
Reload this Page

E Wimad-virus?

Registrati Sito Spy Elenco membri Donazione Ricerca Today's Posts Mark Forums Read Regole Forum

Register


 Default 

E Wimad-virus?




Reply
 
Thread Tools
  #1  
Old 21. Set 2008, 16:43
Nuovo Membro Gruppo
  
HI Evil Fantasy - Sto avendo un problema analogo per gli altri utenti qui. Ho scaricato ed eseguire combofix, la produzione dei quali è al di sotto. Vorrei molto apprezzare qualsiasi tipo di assistenza si potrebbe essere in grado di fornire. So che il file che il trojan è in - Ho cercato di eliminare le finestre, ma non vorrei - dice che è in uso. Ogni pensiero sarebbe la maggior parte del benvenuto.

Grazie


ComboFix 08-09-20.05 - Administrator 2008-09-22 0:29:51.1 -- FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254 [GMT 1:00]
Running da: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
* Creato un nuovo punto di ripristino
AVVERTENZA-Questa macchina NON HANNO IL RECUPERO CONSOLE INSTALLED!
.
Altri ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ 2o7 [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ad.yi eldmanager [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ pubblicità pubblicità [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-baa.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-discoverynetwork.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-mastercard.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-tfl.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ foxto ns.co [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ hits. gureport.co [1]. txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ news. uk.msn [2]. txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ revsc i [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ rtm [6]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ ng Servi-sys [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ ficclick specifiche [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ statc ounter [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ths.n ews.com [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ Doubler commercio [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ tsw0 [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ww0.t imeout [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@www.r eed.co [2]. Txt
C: \ WINDOWS \ system32 \ lsprst7.dll
.
((((((((((((((((((((((((( I file creati dal 2008/08/21 al 2008/09/21 ))))))))))) ))))))))))))))))))))
.
2008-09-22 00:28. 2008-09-16 01:03 <DIR> d -------- C: \ 32788R22FWJFW
2008-09-22 00:00. 2008-09-22 00:00 <DIR> d -------- C: \ Program Files \ sterminare It!
2008-09-14 21:22. 2008-04-14 01:12 221.184 - un ------ C: \ WINDOWS \ system32 \ wmpns.dll
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ system32 \ scripting
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ system32 \ it
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ l2schemas
2008-09-14 20:27. 2008-04-13 18:28 2.940.928 --------- C: \ WINDOWS \ system32 \ dllcache \ wmploc.dll
2008-09-14 20:26. 2008-04-14 01:10 844.314 --------- C: \ WINDOWS \ system32 \ dllcache \ msdxm.ocx
2008-09-13 18:04. 2008-09-13 18:04 <DIR> d -------- C: \ Program Files \ Java
2008-09-13 18:04. 2008-09-13 18:05 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Dati applicazioni \ LimeWire
2008-09-13 18:04. 2008-06-10 02:32 73.728 - a ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2008-09-13 18:03. 2008-09-13 18:03 <DIR> d -------- C: \ Program Files \ Common Files \ Java
2008-09-13 18:00. 2008-09-13 18:00 <DIR> d -------- C: \ Program Files \ LimeWire
2008-09-13 12:43. 2008-09-13 12:43 <DIR> d -------- C: \ Program Files \ iDump
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Program Files \ iTunes
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Program Files \ iPod
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ () 3276BE95_AF08_429F_A64F_CA64CB79BCF6
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Apple Computer
2008-09-13 12:08. 2008-04-17 13:12 107.368 - un ------ C: \ WINDOWS \ system32 \ GEARAspi.dll
2008-09-13 12:08. 2008-04-17 13:12 15.464 - a ------ C: \ WINDOWS \ system32 \ drivers \ GEARAspiWDM.sys
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Program Files \ QuickTime
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Program Files \ Bonjour
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple Computer
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ WINDOWS \ system32 \ DRVSTORE
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Program Files \ Common Files \ Apple
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Program Files \ Apple Software Update
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple
2008-09-06 15:09. 2008-09-06 15:09 90.112 - a ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57.344 - a ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-08-29 10:18. 2008-08-29 10:18 87.336 - a ------ C: \ WINDOWS \ system32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61.440 - a ------ C: \ WINDOWS \ system32 \ dnssd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 07:37 --------- d ----- w C: \ Documents and Settings \ Administrator \ Dati applicazioni \ skypePM
2008-08-03 07:35 --------- d ----- w C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Skype
2008-08-03 07:32 --------- d ----- w C: \ Program Files \ Skype
2008-08-03 07:31 --------- d ----- w C: \ Program Files \ Common Files \ Skype
2008-08-03 07:31 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ Skype
2008-07-18 21:10 94.920 ---- aw C: \ WINDOWS \ system32 \ dllcache \ cdm.dll
2008-07-18 21:10 94.920 ---- aw C: \ WINDOWS \ system32 \ cdm.dll
2008-07-18 21:10 53.448 ---- aw C: \ WINDOWS \ system32 \ Wuauclt.exe
2008-07-18 21:10 53.448 ---- aw C: \ WINDOWS \ system32 \ dllcache \ Wuauclt.exe
2008-07-18 21:10 45.768 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
2008-07-18 21:10 36.552 ---- aw C: \ WINDOWS \ system32 \ wups.dll
2008-07-18 21:10 36.552 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wups.dll
2008-07-18 21:09 563.912 ---- aw C: \ WINDOWS \ system32 \ wuapi.dll
2008-07-18 21:09 563.912 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuapi.dll
2008-07-18 21:09 325.832 ---- aw C: \ WINDOWS \ system32 \ wucltui.dll
2008-07-18 21:09 325.832 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wucltui.dll
2008-07-18 21:09 205.000 ---- aw C: \ WINDOWS \ system32 \ wuweb.dll
2008-07-18 21:09 205.000 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuweb.dll
2008-07-18 21:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ Wuaueng.dll
2008-07-18 21:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ dllcache \ Wuaueng.dll
2008-07-07 20:26 253.952 ---- aw C: \ WINDOWS \ system32 \ es.dll
2008-07-07 20:26 253.952 ------ w C: \ WINDOWS \ system32 \ dllcache \ es.dll
2008-06-26 08:15 619.520 ------ w C: \ WINDOWS \ system32 \ dllcache \ urlmon.dll
2008-06-26 08:15 1.499.136 ------ w C: \ WINDOWS \ system32 \ dllcache \ shdocvw.dll
2008-06-24 16:43 74.240 ---- aw C: \ WINDOWS \ system32 \ mscms.dll
2008-06-24 16:43 74.240 ------ w C: \ WINDOWS \ system32 \ dllcache \ mscms.dll
2008-06-23 15:09 666.112 ---- aw C: \ WINDOWS \ system32 \ wininet.dll
2008-06-23 15:09 666.112 ------ w C: \ WINDOWS \ system32 \ dllcache \ wininet.dll
2008-06-23 15:09 3.067.392 ------ w C: \ WINDOWS \ system32 \ dllcache \ mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * vuoto voci & legit default voci non vengono visualizzate
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2008-04-14 15360]
"swg" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2008-04-21 68856]
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-06-27 580096]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"bgsmsnd.exe" = "C: \ WINDOWS \ system32 \ bgsmsnd.exe" [2007-11-19 160136]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"S3TRAY2" = "S3Tray2.exe" [2001/10/11 C: \ WINDOWS \ system32 \ S3Tray2.exe]
"AGRSMMSG" = "AGRSMMSG.exe" [2003/06/27 C: \ WINDOWS \ AGRSMMSG.exe]
"ATIModeChange" = "Ati2mdxx.exe" [2001/09/04 C: \ WINDOWS \ system32 \ Ati2mdxx.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-04-19 219136]
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"C: \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ Program Files \ \ iTunes \ \ iTunes.exe" =
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" =
R3 Tp4Track; IBM PS / 2 TrackPoint Driver; C: \ WINDOWS \ system32 \ drivers \ tp4track.sys [2003-05-15 13904]
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (f1882860-129 D-11dd-89b6-000d60cb61ce)]
\ Shell \ AutoRun \ command - E: \ LaunchU3.exe
* * Servizio di nuova costituzione - PROCEXP90
.
Indice dell ' "Operazioni pianificate' cartella
.
.
------- ------- Supplementari Scan
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.google.co.uk/
R0 -: HKCU-Main, Search Page = hxxp: / / www.google.com
R0 -: HKCU-Main, Search Bar = hxxp: / / www.google.com / ie
R1 -: HKCU-Internet Settings, ProxyOverride = *. locali
R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s
O8 -: E & sporta in Microsoft Excel - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000
Ø16 -: (2DAD3559-2923-4935-AD49-B673D2539944) - hxxp: / / www-307.ibm.com/pc/support/acpir.cab
C: \ WINDOWS \ Downloaded Program Files \ acpir.inf
C: \ WINDOWS \ System32 \ capicom.dll
C: \ WINDOWS \ Downloaded Program Files \ acpir2.dll
Ø16 -: (483EB14D-AF1C-4951-81B0-4E2B41829FF6) - hxxps: / / www.select2perform.eu/cabs/QOLCheck.ocx
C: \ WINDOWS \ Downloaded Program Files \ QOLCheck.ocx
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 00:32:33
5/1/2600 Windows Service Pack 3 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
scansione di file nascosti ...
scansione completata con successo
i file nascosti: 0
************************************************** ************************
.
--------------------- DLLs Loaded Sotto i processi in esecuzione ---------------------
PROCESSO: C: \ WINDOWS \ system32 \ winlogon.exe
-> C: \ WINDOWS \ system32 \ Ati2evxx.dll
.
Completamento orario: 2008-09-22 0:33:07
ComboFix-quarantena-files.txt 2008-09-21 23:33:06
Pre-Run: 9484075008 bytes libero
Post-Run: 9686056960 bytes libero
167 --- EOF --- 2008-09-16 07:01:45
  #2  
Old 21. Set 2008, 17:37
Moderatore del Gruppo
  
Scaricare TrendMicro HijackThis.exe (HJT) per il Desktop.
  • Fare doppio clic su HJTInstall.
  • Fare clic sul Installare pulsante.
  • Sarà automaticamente posto in HJT C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
  • Su installare, HijackThis dovrebbe aprire per voi.
  • Fare clic sul Eseguire una scansione del sistema e salvare un file di log pulsante
  • HijackThis effettua la scansione e poi si aprirà un log in notepad.
  • Copiare e incollare l'intero contenuto del registro nel tuo post.
  • Non HijackThis fissare hanno ancora nulla. La maggior parte di ciò che si ritiene essere innocui o addirittura necessario.
__________________
  #3  
Old 21. Set 2008, 23:43
Nuovo Membro Gruppo
  
Grazie per l'aiuto. output di file di seguito:

Logfile di Trend Micro HijackThis v2.0.2
Scan salvato in 07:40:46, a 22/09/2008
Piattaforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ ibmpmsvc.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ WINDOWS \ system32 \ bgsmsnd.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ LimeWire \ LimeWire.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int Ethernet Impostazioni, ProxyOverride = *. locali
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: pdfMachine - (56CF4856-ECB4-4e46-A897-A378821F97B9) - C: \ WINDOWS \ system32 \ bgstb.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programmi \ Google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programmi \ Google \ googletoolbar1.dll
O3 - Toolbar: pdfMachine - (56CF4856-ECB4-4e46-A897-A378821F97B9) - C: \ WINDOWS \ system32 \ bgstb.dll
O4 - HKLM \ .. \ Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [bgsmsnd.exe] C: \ WINDOWS \ system32 \ bgsmsnd.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SERVIZIO LOCALE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra pulsante: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra pulsante: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (2DAD3559-2923-4935-AD49-B673D2539944) (IASRunner Class) -- http://www-307.ibm.com/pc/support/acpir.cab
Ø16 - DPF: (483EB14D-AF1C-4951-81B0-4E2B41829FF6) (QOLCheck Control) -- https: / / www.select2perform.eu/cabs/QOLCheck.ocx
Ø18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ COMUNE ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Hotkey Poller - Ignoto proprietario - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Sconosciuto proprietario - C: \ WINDOWS \ system32 \ ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1150 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
--
Fine del file - 6502 bytes
  #4  
Old 22. Set 2008, 07:42
Moderatore del Gruppo
  
Non vedo alcun malware, quali sono i problemi che si hanno?

È possibile eseguire la scansione qui http://www.computer-juice.com/forums...-posting-7476/ e dopo il log quando completo. Vedi le informazioni AVG. Hai bisogno di aggiornare il vostro.
__________________
  #5  
Old 22. Set 2008, 10:38
Nuovo Membro Gruppo
  
Hi Evilfantasy - grazie. Il problema è questo: un indagato è stato mp3 scaricati da limewire. Penso che è stato doppio clic su, e certamente è stato tentato di caricare in iTunes. (Tuttavia, non sarà stata eseguita con il lettore multimediale - non utilizzare che - non importa che, come ho letto da qualche parte che utilizza Windows MediaPlayer wimad vulnerabilità). Poi ho scannerizzato il file con AVG che raccolse Wimad E. Ma non si sembra che mi permetta di eliminare o quarantena Inoltre, se i soli e provare a cancellare il file, finestre, spiega il file è in uso e quindi non possono essere eliminati .

Vorrei passare attraverso la procedura si suggeriscono che su un'altra pagina.

Grazie
  #6  
Old 22. Set 2008, 10:41
Moderatore del Gruppo
  
Posta il log di MalwareBytes. Se non trovo che l'uso di un altro scanner per trovarlo.
__________________
Reply

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Contatto -- Privacy -- Mappa del sito -- Superiore

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd. Traduzione italiana SEO by vBSEO © 2009, alla scansione, Inc.