www.MegaLab.it

[evergreen]

continuano ad aprirsi degli script di avast (come se si stesse per aprire una nuova pagina di explorer) e tra i processi spuntano due iexplore.exe di cui uno e' la vera pag internet che sto aprendo l'altra la termino e non è una vera pagina aperta

[Amantide]

continuano ad aprirsi degli script di avast (come se si stesse per aprire una nuova pagina di explorer) e tra i processi spuntano due iexplore.exe di cui uno e' la vera pag internet che sto aprendo l'altra la termino e non è una vera pagina aperta

Per prima cosa devi mettere un firewall... Altro iexplore.exe in che posizione si trova? Oggi come oggi ti consiglierei di cambiare Avast con Active Virus Shield o Antivir, Avast ultimamente lascia a desiderare in fatto di sicurezza. Con il pc semisprotetto, sensa firewall e con antivirus non dei migliori, può anche essere che il computer si reinfetta 5 minuti dovo averlo ripulito.

[evergreen]

adesso e' il primo processo, quello che elimino è sempre il primo e sotto ci sta il vero processo di explorer, comunque adesso installo l'antivirus che mi hai consigliato. Succede che appena riavvio il pc si prova a connettere, mq questo credo che dipenda dai programmi all'avvio (incredimail e qualche altro) comunque adesso provo a stare un po online e vedo se succede qualche evento anomalo intanto ti ringrazio davvero tanto per tutto l'aiuto che mi hai dato

[evergreen]

eccolo ti pareva
all'avvio mi si creano questi due processi:

CDAC11BA.EXE

ULCDRSvr.exe

che mi puzzano, anche perché quando si creano tendono a collegarsi ad internet :(
so che ormai vi sto frantumando le scatole, ma sti virus mi stanno uccidendo

[crazy.cat]

Tutti e due legittimi processi.

cdac11ba.exe - cdac11ba - Process Information

Process File: cdac11ba.exe or cdac11ba
Process Name: cdac11ba

Description:
cdac11ba.exe is a process belonging to MacroVision safeCast copy protection software. This piece of software allows manufacturers to protect their products from illegal duplication. Disabling, or deleting this process may corrupt the product it was supplied with.

ulcdrsvr.exe - ulcdrsvr - Process Information

Process File: ulcdrsvr.exe or ulcdrsvr
Process Name: Ulead DVD workshop Server

Description:
ulcdrsvr.exe is a process belonging to Ulead's DVD workshop, a product which allows the writing to DVD and CD media. This program is a non-essential process, but should not be terminated unless suspected to be causing problems.

[evergreen]

lo so che sto rompendo i cocomeri con la mia discussione ma il problema non si è risolto, mi si aprono ancora degli exe che iniziano con L e procedono con dei numeri (tipo L300.exe, L710.exe) tra i processi attivi e poi si si aprono due iexplore.exe, uno che risulta essere la vera pagina internet aperta l'altra no. Che devo fare? Aiutatemi le sto provando tutte, mi si disconnette dopo max un paio d'ore ogni volta.

NUOVO LOG:

Logfile of HijackThis v1.99.1
Scan saved at 15.58.48, on 30/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\GSICON.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\InterVideo\WinDVR\WinScheduler.exe
C:\Programmi\Screenshot Utility\ScreenshotUtility.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ema The Voice\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freeforumzone.leonardo.it/viewforum.aspx?f=12780
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programmi\Corel\Corel Graphics 12\Languages\IT\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122006 serial=DR12WES-3007622-EUW lang=IT
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Programmi\TerraTec\Cinergy 400 TV\TTTVRC.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Documents and Settings\Ema The Voice\Desktop\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Screenshot Utility.lnk = C:\Programmi\Screenshot Utility\ScreenshotUtility.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Programmi\InterVideo\WinDVR\WinScheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Damage Cleanup Server Control) - http://213.158.72.33/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B95D902B-1E7B-4FCE-A965-BDF6C8278DB6}: NameServer = 85.37.17.39 85.38.28.71
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Accesso periferica Wi-Fi Ex (acpWiFi) - Unknown owner - C:\WINDOWS\Downlo~1\116na\50b97yw.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

[crazy.cat]

E' comparso un nuovo servizio fasullo, anche se il file sembra che sia stato eliminato
O23 - Service: Accesso periferica Wi-Fi Ex (acpWiFi) - Unknown owner - C:\WINDOWS\Downlo~1\116na\50b97yw.exe (file missing)

Dal log non si vede altro di pericoloso.
Prova a rifare la scansione su kaspersky avidentemente è sfuggito qualcosa.

Niente firewall installato?

[evergreen]

No non ho avuto ancora neanche il tempo di scaricare qualche applicazione, il problema che sicuramente qualcosa c'e' ancora, mi si aprono ancora gli script blocker di avast senza motivo e mi si formano dei processi doppi di iexplore.exe, e mi cade la connessione dopo un certo periodo, riprovo subito con Kaspersky e ti posto il risultato.
Ah tra l'altro avvolte mi si riformano i file tipo L300.exe

[Amantide]

Per prima cosa devi mettere un firewall...

Lo dico un altra volta e non lo ripeto più. Finchè non provvedi ad installare un firewall mi rifiuto di darti ulteriori suggerimenti.
Quindi, installa un firewall e postami anche un nuovo log della scansione con Kaspersky.
Dopo aver installato firewall vai su Start-> Esegui, digita questo comando sc stop acpWiFi e premi Ok e poi esegui anche questo comando sc delete acpWiFi.

[evergreen]

allora come firewall ho attivato per il momento quello di windows, spero che vada bene.
Ecco il log di kapersky:

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
E:\
F:\

Scan Statistics
Total number of scanned objects 96298
Number of viruses found 5
Number of infected objects 46 / 0
Number of suspicious objects 0
Duration of the scan process 02:00:30

Infected Object Name Virus Name Last Action
C:\avenger\backup.zip/avenger/50b97yw.exe Infected: Trojan-Downloader.Win32.Small.dij skipped

C:\avenger\backup.zip/avenger/ajumdjkc.exe Infected: Trojan-Clicker.Win32.Costrat.v skipped

C:\avenger\backup.zip ZIP: infected - 2 skipped

C:\Documents and Settings\Ema The Voice\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Cronologia\History.IE5\MSHist012006123020061231\index.dat Object is locked skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temp\PXR2.tmp Object is locked skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temp\PXR3.tmp Object is locked skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temp\PXR4.tmp Object is locked skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temp\PXR5.tmp Object is locked skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temp\PXR6.tmp Object is locked skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temp\PXR7.tmp Object is locked skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temp\PXR8.tmp Object is locked skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temp\PXR9.tmp Object is locked skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temporary Internet Files\Content.IE5\6EA1DLSA\drf1167474767[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temporary Internet Files\Content.IE5\6EA1DLSA\drf1167474767[1].htm Embedded EXE: infected - 1 skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temporary Internet Files\Content.IE5\6EA1DLSA\drf1167474767[1].htm UPX: infected - 1 skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temporary Internet Files\Content.IE5\6EA1DLSA\drf1167474767[1].htm PE_Patch.UPX: infected - 1 skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temporary Internet Files\Content.IE5\KD2NKXEV\drf1167216862[1].htm.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temporary Internet Files\Content.IE5\O9Y7WTAZ\drf1166707391[1].htm.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temporary Internet Files\Content.IE5\R8LJ8ECJ\drf1167442610[1].htm.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temporary Internet Files\Content.IE5\SLMVK5MJ\drf1167042275[1].htm.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\Documents and Settings\Ema The Voice\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Ema The Voice\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166475589[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166475589[1].htm Embedded EXE: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166475589[1].htm UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166475589[1].htm PE_Patch.UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166791798[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166791798[1].htm Embedded EXE: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166791798[1].htm UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166791798[1].htm PE_Patch.UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166857559[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166857559[1].htm Embedded EXE: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166857559[1].htm UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166857559[1].htm PE_Patch.UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166599670[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166599670[1].htm Embedded EXE: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166599670[1].htm UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166599670[1].htm PE_Patch.UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166705893[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166705893[1].htm Embedded EXE: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166705893[1].htm UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166705893[1].htm PE_Patch.UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166776918[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166776918[1].htm Embedded EXE: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166776918[1].htm UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166776918[1].htm PE_Patch.UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166799238[1].htm Infected: Trojan.Win32.Dialer.qn skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166799238[1].htm.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166468149[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166468149[1].htm Embedded EXE: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166468149[1].htm UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166468149[1].htm PE_Patch.UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166784358[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166784358[1].htm Embedded EXE: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166784358[1].htm UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166784358[1].htm PE_Patch.UPX: infected - 1 skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\report\Protezione residente.txt Object is locked skipped

C:\Programmi\eMule\Temp\002.part Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd5949.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\NeroCheck.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

---------------------------------------

Il comando che ho inserito su esegui non so se l'ha preso, come prima mi si è aperto per un secondo il dos e si è subito chiuso, provo ad eliminarlo come fatto con il precedente?

[Amantide]

allora come firewall ho attivato per il momento quello di windows, spero che vada bene.

Meglio di niente ma comunque non vada bene. Provvedi ad installare un altro firewall il prima possibile.

Il comando che ho inserito su esegui non so se l'ha preso, come prima mi si è aperto per un secondo il dos e si è subito chiuso, provo ad eliminarlo come fatto con il precedente?

Il servizio dovrebbe essere sparito, comunque ricontrolla e se è ancora presente eliminalo come quello precedente.
Intanto ricontrollo bene i log e poi ti faccio sapere. Tu intanto inizia a scaricare il firewall.

[crazy.cat]

Scaricati Ccleaner e fagli fare la pulizia così elimina tutti i virus che ci sono nella cartella dei file temporanei di internet.

Poi elimina questo file
C:\WINDOWS\system32\NeroCheck.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

[Amantide]

I file temporanei internet sono altra volta pieni zeppi di trojan, per il resto non si vede nient altro di pericoloso.
Le cose da fare sono queste:
-ripulire i file temporanei internet;
-cambiare firewall, mettendo Comodo Firewall o Zone Alarm;
-cambiare browser, mettendo Opera o Firefox.

Già cambiando il browser risolverai a metà il problema, ma per prevenire le future infezioni devi mettere anche un buon firewall. Il virus non ha "una fissa dimora" nel tuo computer, viene ogni volta scaricato tramite i file temporanei internet e quindi è inutile ripulire ogni volta il pc se non metti l' adeguata protezione.
E non dimenticare ad eliminare il file segnalato da crazy.cat.

[evergreen]

allora ragazzi grazie ancora di tutto, ho installato zone alarm, il problema con i firewall e che non so esattamente come configurarli, ad esempio il "mulo" adesso ha la benda (cioè è "limitato" dal firewall), cosi' come mirc e tutti i programmi di download ma se e' questo il prezzo da pagare per avere un pc pulito va benissimo

[Amantide]

allora ragazzi grazie ancora di tutto, ho installato zone alarm, il problema con i firewall e che non so esattamente come configurarli, ad esempio il "mulo" adesso ha la benda (cioè è "limitato" dal firewall), cosi' come mirc e tutti i programmi di download ma se e' questo il prezzo da pagare per avere un pc pulito va benissimo

Per questo "problema" basta cercare sul google
http://www.emule.it/guida_emule/config_ ... ealarm.asp
Tra altro Zone Alarm è molto facile da configurare.