|
| Precedente :: Successivo |
| Autore |
Messaggio |
pipporemix88
Mortale devoto
Registrato: 15/01/08 18:59
Messaggi: 6
|
 Inviato: 20 Set 2008 19:16 Oggetto: Il computer è infettato...và lento e apre pagine internet |
 |
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.12.59, on 20/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Gigabyte\Gigabyte Management Tools\GMTService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\documents and settings\muti\impostazioni locali\dati applicazioni\oijrlmf.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\DAP\DAP.EXE
C:\DOCUME~1\Muti\IMPOST~1\Temp\Directory temporanea 1 per HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [oijrlmf] "c:\documents and settings\muti\impostazioni locali\dati applicazioni\oijrlmf.exe" oijrlmf
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200658439187
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B45EA8C-107A-407D-B07C-CC2C6A7F3F86}: NameServer = 85.37.17.49 85.38.28.91
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GMT-Service - Unknown owner - C:\Programmi\Gigabyte\Gigabyte Management Tools\GMTService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
--
End of file - 5611 bytes |
|
| Top |
|
 |
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 20 Set 2008 19:37 Oggetto: |
|
|
Ciao pipporemix88  e benvenuto...
Ricorda che Hijackthis va installato in una cartella tutta sua cioè non temporanea e non sul desktop...
Procedi con queste scansioni:
- Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
- Segui le istruzioni di questo topic per usare MBAM.
- Segui le istruzioni di questo topic per eseguire combofix.
- Segui le istruzioni di questo topic per postare il log di HiJackThis.
- Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di MBAM su WikiSend e posta il Forum Link che ti viene assegnato.
- Carica il log di Combofix su WikiSend e posta il Forum Link che ti viene assegnato.
- Carica il log di HiJackThis su WikiSend e posta il Forum Link che ti viene assegnato.
|
|
| Top |
|
|
flyngvfactor87
Dio maturo
Registrato: 12/03/08 14:11
Messaggi: 7030
Residenza: Casa mia
|
| Inviato: 21 Set 2008 05:19 Oggetto: |
|
|
Ciao Pipporemix88...
Nel frattempo, se vuoi, puoi presentarti qui! 
Fly...
|
|
| Top |
|
|
pipporemix88
Mortale devoto
Registrato: 15/01/08 18:59
Messaggi: 6
|
| Inviato: 21 Set 2008 15:04 Oggetto: ok ciao ho eseguito tutte le operazioni richieste come sugge |
|
|
ok ciao ho eseguito tutte le operazioni richieste come suggerito e per ora sembra che il pc vada meglio....cmq questi sono i post:
ComboFix 08-09-20.05 - Muti 2008-09-21 14.36.40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.365 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Muti\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Muti\Impostazioni locali\Dati applicazioni\oijrlmf.dat
C:\Documents and Settings\Muti\Impostazioni locali\Dati applicazioni\oijrlmf.exe
C:\Documents and Settings\Muti\Impostazioni locali\Dati applicazioni\oijrlmf_nav.dat
C:\Documents and Settings\Muti\Impostazioni locali\Dati applicazioni\oijrlmf_navps.dat
C:\Documents and Settings\Muti\new.txt
C:\Programmi\AVM
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\skinboxer43.dll
.
((((((((((((((((((((((((( Files Creati Da 2008-08-21 al 2008-09-21 )))))))))))))))))))))))))))))))))))
.
2008-09-21 13:09 . 2008-09-21 13:09 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-21 13:09 . 2008-09-21 13:09 <DIR> d-------- C:\Documents and Settings\Muti\Dati applicazioni\Malwarebytes
2008-09-21 13:09 . 2008-09-21 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-21 13:09 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-21 13:09 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 13:05 . 2008-09-21 13:05 <DIR> d-------- C:\Programmi\CCleaner
2008-09-20 19:03 . 2008-09-20 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2008-09-16 12:49 . 2008-09-21 14:43 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-16 12:49 . 2008-09-21 14:43 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-16 12:49 . 2008-09-21 14:43 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-16 12:49 . 2008-09-21 14:43 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-16 12:47 . 2008-09-16 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-09-11 14:38 . 2008-09-11 14:38 <DIR> d-------- C:\Programmi\NOS
2008-09-11 14:38 . 2008-09-11 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\NOS
2008-09-09 16:06 . 2008-09-09 16:06 24,912 --a------ C:\Documents and Settings\Muti\nwbmtzuc.exe
2008-09-09 16:03 . 2008-09-09 16:03 24,912 --a------ C:\Documents and Settings\Muti\usrmfqpt.exe
2008-09-09 13:25 . 2008-09-09 13:25 <DIR> d----c--- C:\BackUpMSNCleaner
2008-09-05 18:23 . 2008-09-05 18:23 <DIR> d-------- C:\Documents and Settings\Muti\Dati applicazioni\TomTom
2008-09-03 16:22 . 2008-09-03 16:26 <DIR> d-------- C:\Programmi\VS Revo Group
2008-09-03 14:09 . 2008-09-03 14:09 <DIR> d-------- C:\WINDOWS\system32\it
2008-09-03 14:09 . 2008-09-03 14:09 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-03 14:09 . 2008-09-03 14:09 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-03 14:01 . 2008-09-03 14:11 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-03 13:29 . 2004-08-19 15:23 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-09-03 13:06 . 2008-09-03 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-09-03 12:52 . 2008-09-03 12:52 <DIR> d-------- C:\Programmi\Aladdin Systems
2008-08-27 17:04 . 2008-09-21 14:24 <DIR> d-------- C:\Programmi\MSA
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 12:33 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-17 12:25 --------- d-----w C:\Programmi\eMule
2008-09-11 13:00 --------- d-----w C:\Programmi\File comuni\Adobe
2008-09-11 12:47 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-09-09 12:11 --------- d-----w C:\Documents and Settings\Muti\Dati applicazioni\OpenOffice.org2
2008-09-03 10:52 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-09-02 10:46 --------- d-----w C:\Programmi\a-squared Anti-Malware
2008-09-01 11:20 --------- d-----w C:\Programmi\Alwil Software
2008-08-08 13:14 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-08-08 11:36 --------- d-----w C:\Programmi\File comuni\Ahead
2008-08-08 11:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-07-21 16:34 121,872 -c--a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-18 18:38 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-06 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Programmi\File comuni\logishrd\WUApp32.exe" [2007-10-12 439568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^gwum.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\gwum.lnk
backup=C:\WINDOWS\pss\gwum.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^NaturalColorLoad.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\NaturalColorLoad.lnk
backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneIII]
--a------ 2002-02-22 01:05 10752000 C:\Programmi\Gigabyte\EasyTune\EasyTune.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\english\\setup.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys [2000-10-06 12628]
R2 GLOGODrv;GLOGODrv;C:\WINDOWS\system32\drivers\GLOGODrv.sys [2000-10-12 13332]
R2 GMT-Service;GMT-Service;C:\Programmi\Gigabyte\Gigabyte Management Tools\GMTService.exe [2001-10-15 114688]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Programmi\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9e2a538-061d-11dd-822a-0020ed3bbd1f}]
\shell\Setup\command - G:\setup.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÇOS REMOVIDOS - - - -
URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
HKCU-Run-oijrlmf - c:\documents and settings\muti\impostazioni locali\dati applicazioni\oijrlmf.exe
MSConfigStartUp-Google Update - C:\Documents and Settings\Muti\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Start Page = about:blank
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O17 -: HKLM\CCS\Interface\{2B45EA8C-107A-407D-B07C-CC2C6A7F3F86}: NameServer = 85.37.17.49 85.38.28.91
O18 -: Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O18 -: Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 14:45:08
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2008-09-21 14:56:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-21 12:55:59
Pre-Run: 8.512.319.488 byte disponibili
Post-Run: 8,443,015,168 byte disponibili
156 --- E O F --- 2008-09-10 11:15:28
PER Hijackthi invece è:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.58.58, on 21/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Gigabyte\Gigabyte Management Tools\GMTService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\DOCUME~1\Muti\IMPOST~1\Temp\Directory temporanea 1 per HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200658439187
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B45EA8C-107A-407D-B07C-CC2C6A7F3F86}: NameServer = 85.37.17.49 85.38.28.91
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GMT-Service - Unknown owner - C:\Programmi\Gigabyte\Gigabyte Management Tools\GMTService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
--
End of file - 5296 bytes |
|
| Top |
|
|
pipporemix88
Mortale devoto
Registrato: 15/01/08 18:59
Messaggi: 6
|
| Inviato: 21 Set 2008 15:06 Oggetto: |
|
|
| ciao e quindi come dovrò procedere ora? |
|
| Top |
|
|
chemicalbit
Dio maturo
Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
|
| Inviato: 21 Set 2008 15:17 Oggetto: |
|
|
Prima di ComboFix avevi eseguito MBAM?
Posta anche quel log. |
|
| Top |
|
|
pipporemix88
Mortale devoto
Registrato: 15/01/08 18:59
Messaggi: 6
|
| Inviato: 22 Set 2008 13:05 Oggetto: |
|
|
ok questo è il post di MBAM:
Malwarebytes' Anti-Malware 1.27
Versione del database: 1127
Windows 5.1.2600 Service Pack 3
21/09/2008 14.24.27
mbam-log-2008-09-21 (14-24-27).txt
Tipo di scansione: Scansione rapida
Elementi scansionati: 41808
Tempo trascorso: 8 minute(s), 39 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 10
Valori di registro infetti: 6
Elementi dato del registro infetti: 0
Cartelle infette: 12
File infetti: 120
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\starware349 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware349 (Adware.Starware) -> Quarantined and deleted successfully.
Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully.
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
C:\Programmi\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programmi\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmi\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmi\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
File infetti:
C:\Programmi\Live_TV\INSTALL.LOG (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmi\Live_TV\tbLiv0.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmi\Live_TV\tbLiv1.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmi\Live_TV\tbLive.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmi\Live_TV\toolbar.cfg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmi\Live_TV\UNWISE.EXE (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\ebaykeyword.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\ebaykeyword.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\ebaysearch.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\ebaysearch.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\contexts\related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Starware349\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programmi\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmi\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmi\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmi\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmi\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programmi\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programmi\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programmi\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programmi\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmi\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmi\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmi\MSA\msa0.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Programmi\MSA\msa1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Programmi\AVM\avm.ooo (Rogue.AntivirusMaster) -> Quarantined and deleted successfully.
C:\Programmi\AVM\avm1.dat (Rogue.AntivirusMaster) -> Quarantined and deleted successfully.
C:\Programmi\AVM\avm0.dat (Rogue.AntivirusMaster) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32ps1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\Desktopblackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\DesktopEditorFKWP1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\DesktopEditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\Desktopfilemanagerclient.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\Desktopfkwp1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\Desktopfkwp2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\Desktopfwebd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\DesktopFWebdEditor.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Muti\DesktopTrojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. |
|
| Top |
|
|
Riverside
Ban a tempo indeterminato
Registrato: 29/02/08 22:32
Messaggi: 4396
Residenza: Riverside House
|
| Inviato: 22 Set 2008 13:41 Oggetto: |
|
|
| pipporemix88 ha scritto: | ok questo è il post di MBAM:
Malwarebytes' Anti-Malware 1.27
Versione del database: 1127
Windows 5.1.2600 Service Pack 3
21/09/2008 14.24.27
mbam-log-2008-09-21 (14-24-27).txt
Tipo di scansione: Scansione rapida
Elementi scansionati: 41808
Tempo trascorso: 8 minute(s), 39 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 10
Valori di registro infetti: 6
Elementi dato del registro infetti: 0
Cartelle infette: 12
File infetti: 120 |
Fantastico ..... hai fatto una raccolta completa  .... e non era poi cosi facile
1) Disattiva il Ripristino configurazione di sistema, procedendo in questa maniera:
● Start
● tasto destro del mouse sull'icona Risorse del Computer
● seleziona la voce Proprietà
● apri la scheda Ripristino configurazione di sistema
● spunta la voce Disattiva Ripristino configurazione di sistema
● conferma, la modifica, con Applica e, poi OK
Il Ripristino configurazione di sistema deve essere tenuto disabilitato fino al completamento della procedura
2) Provvedi a svuotare del suo contenuto la cartella Prefetch procedendo in questa maniera:
● Start
● clicca su Risorse del Computer
● clicca su Disco locale C:
● cerca, all?interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno (mi raccomando, non eliminare la cartella)
3) rilancia Hthis e, intanto, pulisci gli ADS in questo modo:
● clicca sulla voce Open the misc tool section
● clicca su Open ads spy
● togli la spunta alla voce Quick scan (windows base folder only)
● clicca su Scan
● se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
4) scarica ed installa SuperAntispyware:
http://www.superantispyware.com/
devi scaricare la versione free - e lo configuri come ho spiegato ad una altra utente in questo post: http://forum.zeusnews.com/viewtopic.php?t=35216
esegui una scansione completa del sistema e, una volta terminata la scansione, allega il log che verrà rilasciato
5) eseguiti i passaggi da 1) a 4), scarica ed installa CCleaner:
http://www.ccleaner.com/download
Una volta installato configuralo in questo modo:
lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
● Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi clicca su:
● Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
● alla voce Pulizia, nella sezione Avanzate spunta le voci Vecchi dati Prefetch e Disinstallatori aggiornamenti di WinUpdate
● nel menu a sinistra, clicca sulla voce Pulizia
● clicca su tasto Avvia pulizia per eseguire la scansione
● finita la scansione, sempre nel menu a sinistra, clicca sulla voce Registro e spunta tutte le voci comprese nella sezione meno la voce estensioni file non usate
● clicca sul tasto Trova problemi ed avvia una scansione
● al termine della scansione clicca sulla voce Ripara selezionati e prosegui con la riparazione (questo ultimo passaggio ripetilo più volte, fino a quando non verranno rilevati più problemi da correggere)
A questo punto riavvia, accedi al sistema in modalità provvisoria, riesegui la scansione con Combofix ed allega il nuovo log.
Infine, pubblica anche un nuovo log Hthis.
Poi vedremo di installare un antivirus serio. |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
|
| Top |
|
|
pipporemix88
Mortale devoto
Registrato: 15/01/08 18:59
Messaggi: 6
|
| Inviato: 23 Set 2008 16:19 Oggetto: |
|
|
| ciao praticamente ho effettuato tutti i passaggi come detto fino al quarto dove ho effettuato la scansione con SUPERantispy ma terminata tale non viene rilasciato nessun log da poter postare...come procedo vado avanti direttamente per il quinto punto? |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 23 Set 2008 17:18 Oggetto: |
|
|
| Si, nel frattempo vai avanti... |
|
| Top |
|
|
pipporemix88
Mortale devoto
Registrato: 15/01/08 18:59
Messaggi: 6
|
| Inviato: 25 Set 2008 11:54 Oggetto: |
|
|
ok ecco i post dopo aver effettuato i 5 punti:
ComboFix 08-09-20.05 - Muti 2008-09-25 11.40.12.2 - NTFSx86 MINIMAL
Eseguito da: C:\Documents and Settings\Muti\Desktop\ComboFix.exe
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((( Files Creati Da 2008-08-25 al 2008-09-25 )))))))))))))))))))))))))))))))))))
.
2008-09-22 15:03 . 2008-09-22 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SpeedBit
2008-09-22 14:51 . 2008-09-22 14:51 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-09-22 14:51 . 2008-09-22 14:51 <DIR> d-------- C:\Documents and Settings\Muti\Dati applicazioni\SUPERAntiSpyware.com
2008-09-22 14:51 . 2008-09-22 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-09-21 13:09 . 2008-09-21 13:09 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-21 13:09 . 2008-09-21 13:09 <DIR> d-------- C:\Documents and Settings\Muti\Dati applicazioni\Malwarebytes
2008-09-21 13:09 . 2008-09-21 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-21 13:09 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-21 13:09 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 13:05 . 2008-09-21 13:05 <DIR> d-------- C:\Programmi\CCleaner
2008-09-20 19:03 . 2008-09-20 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2008-09-16 12:49 . 2008-09-25 11:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-16 12:49 . 2008-09-25 11:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-16 12:49 . 2008-09-25 11:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-16 12:49 . 2008-09-25 11:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-16 12:47 . 2008-09-16 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-09-11 14:38 . 2008-09-11 14:38 <DIR> d-------- C:\Programmi\NOS
2008-09-11 14:38 . 2008-09-11 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\NOS
2008-09-09 16:06 . 2008-09-09 16:06 24,912 --a------ C:\Documents and Settings\Muti\nwbmtzuc.exe
2008-09-09 16:03 . 2008-09-09 16:03 24,912 --a------ C:\Documents and Settings\Muti\usrmfqpt.exe
2008-09-09 13:25 . 2008-09-09 13:25 <DIR> d----c--- C:\BackUpMSNCleaner
2008-09-05 18:23 . 2008-09-05 18:23 <DIR> d-------- C:\Documents and Settings\Muti\Dati applicazioni\TomTom
2008-09-03 16:22 . 2008-09-03 16:26 <DIR> d-------- C:\Programmi\VS Revo Group
2008-09-03 14:09 . 2008-09-03 14:09 <DIR> d-------- C:\WINDOWS\system32\it
2008-09-03 14:09 . 2008-09-03 14:09 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-03 14:09 . 2008-09-03 14:09 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-03 14:01 . 2008-09-03 14:11 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-03 13:29 . 2004-08-19 15:23 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-09-03 13:06 . 2008-09-03 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-09-03 12:52 . 2008-09-03 12:52 <DIR> d-------- C:\Programmi\Aladdin Systems
2008-08-27 17:04 . 2008-09-21 14:24 <DIR> d-------- C:\Programmi\MSA
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 09:31 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-22 13:03 --------- d-----w C:\Programmi\DAP
2008-09-22 12:50 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-09-17 12:25 --------- d-----w C:\Programmi\eMule
2008-09-11 13:00 --------- d-----w C:\Programmi\File comuni\Adobe
2008-09-11 12:47 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-09-09 12:11 --------- d-----w C:\Documents and Settings\Muti\Dati applicazioni\OpenOffice.org2
2008-09-03 10:52 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-09-02 10:46 --------- d-----w C:\Programmi\a-squared Anti-Malware
2008-09-01 11:20 --------- d-----w C:\Programmi\Alwil Software
2008-08-08 13:14 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-08-08 11:36 --------- d-----w C:\Programmi\File comuni\Ahead
2008-08-08 11:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-07-29 18:21 218,376 -c--a-w C:\WINDOWS\system32\klogon.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:38 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-28 22:57 74,703 -c--a-w C:\WINDOWS\system32\mfc45.dll
.
((((((((((((((((((((((((((((( snapshot@2008-09-21_14.54.16.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-22 12:51:12 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-22 12:51:12 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-06 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172032]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Programmi\File comuni\logishrd\WUApp32.exe" [2007-10-12 439568]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^gwum.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\gwum.lnk
backup=C:\WINDOWS\pss\gwum.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^NaturalColorLoad.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\NaturalColorLoad.lnk
backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-09-22 15:03 3061248 C:\Programmi\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneIII]
--a------ 2002-02-22 01:05 10752000 C:\Programmi\Gigabyte\EasyTune\EasyTune.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\english\\setup.exe"=
S0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
S2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys [2000-10-06 12628]
S2 GLOGODrv;GLOGODrv;C:\WINDOWS\system32\drivers\GLOGODrv.sys [2000-10-12 13332]
S2 GMT-Service;GMT-Service;C:\Programmi\Gigabyte\Gigabyte Management Tools\GMTService.exe [2001-10-15 114688]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Programmi\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9e2a538-061d-11dd-822a-0020ed3bbd1f}]
\shell\Setup\command - G:\setup.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Start Page = about:blank
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 -: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O18 -: Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O18 -: Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 11:44:19
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-09-25 11:47:47
ComboFix-quarantined-files.txt 2008-09-25 09:47:36
ComboFix2.txt 2008-09-21 12:56:23
Pre-Run: 11.286.712.320 byte disponibili
Post-Run: 11,277,471,744 byte disponibili
160 --- E O F --- 2008-09-10 11:15:28
per HIJACKTHIS invece è:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.48.37, on 25/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\DOCUME~1\Muti\IMPOST~1\Temp\Directory temporanea 1 per HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200658439187
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GMT-Service - Unknown owner - C:\Programmi\Gigabyte\Gigabyte Management Tools\GMTService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
--
End of file - 4912 bytes |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 25 Set 2008 15:29 Oggetto: |
 |
|
Adesso procedi così:
|
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
