Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Log di Hijack Opzioni
bbrun
Inviato: Friday, February 06, 2009 7:45:06 PM
Rank: AiutAmico

Iscritto dal : 3/14/2005
Posts: 978
Salve, ho un pc da esaminare, comprese tre pennette USB e un disco rigido esterno.
Ecco il log di Hijack.

Grazie.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.43.32, on 06/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\Mixer.exe
C:\Programmi\PCI Audio Applications\Bin\EchoCtrl.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Programmi\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copia 1)" /O6 "USB002" /M "Stylus CX3200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmi\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233166837232
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe

--
End of file - 5103 bytes
Sponsor
Inviato: Friday, February 06, 2009 7:45:06 PM

 
shapiro
Inviato: Friday, February 06, 2009 7:47:30 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
il log e' a posto

segui questa procedura

scarica Malwarebytes http://www.malwarebytes.org/mbam/program/mbam-setup.exe
1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum


poi....

Scarica Lop S&D | http://eric.71.mespages.googlepages.com/LopSD.exe
con tutte le applicazioni chiuse e disconnesso
doppio click su LopSD
scegli la lingua E (invio)
1 (ricerca) invio

al termine dello scan riavvia LopSD
questa volta scegli l'opzione 2 (invio)

allega il report C:\LopR.txt insieme ad un nuovo log di hijackthis
bbrun
Inviato: Friday, February 06, 2009 10:17:52 PM
Rank: AiutAmico

Iscritto dal : 3/14/2005
Posts: 978
Ecco il log di Malware.

Malwarebytes' Anti-Malware 1.33
Versione del database: 1735
Windows 5.1.2600 Service Pack 2

06/02/2009 22.16.32
mbam-log-2009-02-06 (22-16-25).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Elementi scansionati: 130613
Tempo trascorso: 2 hour(s), 16 minute(s), 30 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
E:\System Volume Information\_restore{B5A888DB-F251-4DD8-B531-631D401E52CD}\RP186\A0033112.exe (Trojan.Downloader) -> No action taken.
E:\_Library\crack+serial\windows XP service pack 1 - crack\sp1\all_xp_suite_keygen\XPKey.exe (Trojan.Downloader) -> No action taken.
shapiro
Inviato: Friday, February 06, 2009 10:23:33 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
disattiva il ripristino

Start --> programmi --> accessori --> utilita' di sistema --> ripristino configurazioni di sistema --> impostazioni ripristino configurazioni di sistema --> Disattiva ripristino



riavvia il pc creando un nuovo punto

Avvia malwarebytes e togli tutto quello che ha trovato

manca il log di Lop S&D
bbrun
Inviato: Friday, February 06, 2009 10:43:03 PM
Rank: AiutAmico

Iscritto dal : 3/14/2005
Posts: 978
Ecco qui, uno appresso all'altro, i log di Lop S&D 1 e 2 e di HJT.


Prima parte del log di Lop S&D





--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 1800+ )
BIOS : Version 1.00
USER : Silvia Biavasco ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:28 Go (Free:23 Go)
E:\ (Local Disk) - NTFS - Total:20 Go (Free:10 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (USB) - FAT - Total:977 Mo (Free:0 Go)
I:\ (USB) - FAT32 - Total:248 Mo (Free:0 Go)
J:\ (USB) - FAT32 - Total:1000 Mo (Free:0 Go)
K:\ (Local Disk) - FAT32 - Total:298 Go (Free:275 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 06/02/2009|22.23 )

--------------------\\ Listing folders in DATIAP~1

[13/12/2008|16.50] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple Computer
[01/02/2009|16.58] C:\DOCUME~1\ALLUSE~1\DATIAP~1\avg8
[28/01/2008|21.26] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Creative
[01/09/2004|19.45] C:\DOCUME~1\ALLUSE~1\DATIAP~1\CyberLink
[13/12/2008|16.51] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Kodak
[06/02/2009|19.57] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[28/01/2008|20.21] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[20/02/2005|13.57] C:\DOCUME~1\ALLUSE~1\DATIAP~1\MSN6
[13/12/2008|11.31] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Pinnacle
[13/12/2008|10.42] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Pinnacle Studio Ultimate
[15/10/2004|22.05] C:\DOCUME~1\ALLUSE~1\DATIAP~1\QuickTime
[20/11/2005|16.09] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Sony Ericsson
[28/01/2009|19.26] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[15|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[01/09/2004|19.21] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[01/02/2009|13.58] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[01/02/2009|13.58] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

[13/12/2008|10.46] C:\DOCUME~1\SILVIA~1\DATIAP~1\Adobe
[25/12/2008|11.46] C:\DOCUME~1\SILVIA~1\DATIAP~1\Apple Computer
[15/10/2004|22.26] C:\DOCUME~1\SILVIA~1\DATIAP~1\ArcSoft
[03/02/2009|19.52] C:\DOCUME~1\SILVIA~1\DATIAP~1\AVGTOOLBAR
[28/01/2008|21.42] C:\DOCUME~1\SILVIA~1\DATIAP~1\Creative
[14/12/2008|11.27] C:\DOCUME~1\SILVIA~1\DATIAP~1\dvdcss
[14/05/2005|17.55] C:\DOCUME~1\SILVIA~1\DATIAP~1\EPSON
[24/12/2005|12.09] C:\DOCUME~1\SILVIA~1\DATIAP~1\FMA
[01/09/2004|20.04] C:\DOCUME~1\SILVIA~1\DATIAP~1\Help
[01/09/2004|19.27] C:\DOCUME~1\SILVIA~1\DATIAP~1\Identities
[09/09/2004|17.35] C:\DOCUME~1\SILVIA~1\DATIAP~1\InterTrust
[15/05/2005|09.46] C:\DOCUME~1\SILVIA~1\DATIAP~1\Macromedia
[06/02/2009|19.58] C:\DOCUME~1\SILVIA~1\DATIAP~1\Malwarebytes
[01/02/2009|13.58] C:\DOCUME~1\SILVIA~1\DATIAP~1\Microsoft
[01/09/2004|19.52] C:\DOCUME~1\SILVIA~1\DATIAP~1\Microsoft Web Folders
[01/02/2009|17.21] C:\DOCUME~1\SILVIA~1\DATIAP~1\Mozilla
[20/02/2005|13.57] C:\DOCUME~1\SILVIA~1\DATIAP~1\MSN6
[15/10/2004|22.09] C:\DOCUME~1\SILVIA~1\DATIAP~1\Nikon
[09/09/2004|19.15] C:\DOCUME~1\SILVIA~1\DATIAP~1\Roxio
[22/11/2008|23.23] C:\DOCUME~1\SILVIA~1\DATIAP~1\vlc
[0|File] C:\DOCUME~1\SILVIA~1\DATIAP~1\byte
[22|Directory] C:\DOCUME~1\SILVIA~1\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[06/02/2009 19.25][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/08/2001 13.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[07/10/2006|11.20] C:\Programmi\Adobe
[15/10/2004|22.04] C:\Programmi\ArcSoft
[01/09/2004|19.32] C:\Programmi\ATI Multimedia
[01/02/2009|13.59] C:\Programmi\AVG
[20/11/2005|16.09] C:\Programmi\Common~1
[01/09/2004|19.18] C:\Programmi\ComPlus Applications
[28/01/2008|21.21] C:\Programmi\Creative
[28/01/2008|21.17] C:\Programmi\Creative Installation Information
[01/09/2004|19.45] C:\Programmi\CyberLink
[16/01/2005|13.38] C:\Programmi\DiMAGE Viewer
[14/05/2005|17.24] C:\Programmi\EPSON
[13/12/2008|16.49] C:\Programmi\File comuni
[20/11/2005|14.45] C:\Programmi\Guillemot
[20/11/2005|14.45] C:\Programmi\Hercules
[01/09/2004|21.07] C:\Programmi\Hewlett-Packard
[01/09/2004|21.03] C:\Programmi\hp deskjet 3320 series
[01/02/2008|18.34] C:\Programmi\InstallShield Installation Information
[13/12/2008|16.50] C:\Programmi\Internet Explorer
[16/04/2007|19.32] C:\Programmi\KaraFun
[13/12/2008|16.49] C:\Programmi\KODAK
[15/05/2005|13.29] C:\Programmi\LeechFTP
[16/04/2007|20.18] C:\Programmi\Macromedia
[06/02/2009|19.58] C:\Programmi\Malwarebytes' Anti-Malware
[28/01/2008|21.08] C:\Programmi\Messenger
[01/09/2004|19.21] C:\Programmi\microsoft frontpage
[01/09/2004|19.52] C:\Programmi\Microsoft Office
[01/09/2004|19.59] C:\Programmi\Microsoft Visual Studio
[28/01/2008|20.20] C:\Programmi\Movie Maker
[06/02/2009|19.46] C:\Programmi\Mozilla Firefox
[01/09/2004|19.18] C:\Programmi\MSN
[01/09/2004|19.18] C:\Programmi\MSN Gaming Zone
[13/08/2005|16.29] C:\Programmi\MSXML 4.0
[28/01/2008|20.17] C:\Programmi\NetMeeting
[15/10/2004|22.05] C:\Programmi\Nikon
[17/07/2007|20.00] C:\Programmi\Nokia
[28/01/2008|20.17] C:\Programmi\Outlook Express
[01/09/2004|19.40] C:\Programmi\PCI Audio Applications
[01/09/2004|19.43] C:\Programmi\Philips
[13/12/2008|16.50] C:\Programmi\QuickTime
[14/05/2005|17.24] C:\Programmi\SEIKO EPSON Corp
[01/09/2004|19.20] C:\Programmi\Servizi in linea
[20/11/2005|16.09] C:\Programmi\Sony Ericsson
[06/02/2009|19.42] C:\Programmi\Trend Micro
[01/09/2004|19.36] C:\Programmi\UIU
[01/09/2004|19.27] C:\Programmi\Uninstall Information
[22/01/2005|23.54] C:\Programmi\vanBasco's Karaoke Player
[22/11/2008|22.55] C:\Programmi\VideoLAN
[28/01/2008|21.18] C:\Programmi\Windows Media Player
[28/01/2008|20.17] C:\Programmi\Windows NT
[14/09/2004|20.54] C:\Programmi\WindowsUpdate
[01/09/2004|19.21] C:\Programmi\xerox
[0|File] C:\Programmi\byte
[53|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[01/09/2004|19.46] C:\Programmi\File comuni\Adaptec Shared
[07/10/2006|11.20] C:\Programmi\File comuni\Adobe
[28/01/2008|21.15] C:\Programmi\File comuni\Creative
[01/09/2004|19.53] C:\Programmi\File comuni\Designer
[16/11/2004|00.03] C:\Programmi\File comuni\EPSON
[08/08/2005|15.29] C:\Programmi\File comuni\InstallShield
[13/12/2008|16.49] C:\Programmi\File comuni\Kodak
[13/09/2004|21.33] C:\Programmi\File comuni\Macromedia
[01/02/2009|13.59] C:\Programmi\File comuni\Microsoft Shared
[01/09/2004|19.19] C:\Programmi\File comuni\MSSoap
[15/10/2004|22.05] C:\Programmi\File comuni\Nikon
[17/07/2007|20.00] C:\Programmi\File comuni\Nokia
[01/09/2004|20.04] C:\Programmi\File comuni\ODBC
[14/05/2005|17.25] C:\Programmi\File comuni\Python
[01/09/2004|19.32] C:\Programmi\File comuni\Ravisent Shared
[01/09/2004|19.19] C:\Programmi\File comuni\Services
[01/09/2004|20.04] C:\Programmi\File comuni\SpeechEngines
[28/01/2008|20.17] C:\Programmi\File comuni\System
[20/11/2005|16.09] C:\Programmi\File comuni\Teleca Shared
[0|File] C:\Programmi\File comuni\byte
[21|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 27 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 22:24:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:279][D:51]-> C:\DOCUME~1\SILVIA~1\IMPOST~1\Temp
[F:28][D:0]-> C:\DOCUME~1\SILVIA~1\Cookies
[F:2915][D:24]-> C:\DOCUME~1\SILVIA~1\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 06/02/2009|22.25 - Option : [1]

--------------------\\ Scan completed at 22.25.46




seconda parte del log di Lop S&D


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 1800+ )
BIOS : Version 1.00
USER : Silvia Biavasco ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:28 Go (Free:23 Go)
E:\ (Local Disk) - NTFS - Total:20 Go (Free:10 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (USB) - FAT - Total:977 Mo (Free:0 Go)
I:\ (USB) - FAT32 - Total:248 Mo (Free:0 Go)
J:\ (USB) - FAT32 - Total:1000 Mo (Free:0 Go)
K:\ (Local Disk) - FAT32 - Total:298 Go (Free:275 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 06/02/2009|22.27 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in DATIAP~1

[13/12/2008|16.50] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple Computer
[01/02/2009|16.58] C:\DOCUME~1\ALLUSE~1\DATIAP~1\avg8
[28/01/2008|21.26] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Creative
[01/09/2004|19.45] C:\DOCUME~1\ALLUSE~1\DATIAP~1\CyberLink
[13/12/2008|16.51] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Kodak
[06/02/2009|19.57] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[28/01/2008|20.21] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[20/02/2005|13.57] C:\DOCUME~1\ALLUSE~1\DATIAP~1\MSN6
[13/12/2008|11.31] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Pinnacle
[13/12/2008|10.42] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Pinnacle Studio Ultimate
[15/10/2004|22.05] C:\DOCUME~1\ALLUSE~1\DATIAP~1\QuickTime
[20/11/2005|16.09] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Sony Ericsson
[28/01/2009|19.26] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[15|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[01/09/2004|19.21] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[01/02/2009|13.58] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[01/02/2009|13.58] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

[13/12/2008|10.46] C:\DOCUME~1\SILVIA~1\DATIAP~1\Adobe
[25/12/2008|11.46] C:\DOCUME~1\SILVIA~1\DATIAP~1\Apple Computer
[15/10/2004|22.26] C:\DOCUME~1\SILVIA~1\DATIAP~1\ArcSoft
[03/02/2009|19.52] C:\DOCUME~1\SILVIA~1\DATIAP~1\AVGTOOLBAR
[28/01/2008|21.42] C:\DOCUME~1\SILVIA~1\DATIAP~1\Creative
[14/12/2008|11.27] C:\DOCUME~1\SILVIA~1\DATIAP~1\dvdcss
[14/05/2005|17.55] C:\DOCUME~1\SILVIA~1\DATIAP~1\EPSON
[24/12/2005|12.09] C:\DOCUME~1\SILVIA~1\DATIAP~1\FMA
[01/09/2004|20.04] C:\DOCUME~1\SILVIA~1\DATIAP~1\Help
[01/09/2004|19.27] C:\DOCUME~1\SILVIA~1\DATIAP~1\Identities
[09/09/2004|17.35] C:\DOCUME~1\SILVIA~1\DATIAP~1\InterTrust
[15/05/2005|09.46] C:\DOCUME~1\SILVIA~1\DATIAP~1\Macromedia
[06/02/2009|19.58] C:\DOCUME~1\SILVIA~1\DATIAP~1\Malwarebytes
[01/02/2009|13.58] C:\DOCUME~1\SILVIA~1\DATIAP~1\Microsoft
[01/09/2004|19.52] C:\DOCUME~1\SILVIA~1\DATIAP~1\Microsoft Web Folders
[01/02/2009|17.21] C:\DOCUME~1\SILVIA~1\DATIAP~1\Mozilla
[20/02/2005|13.57] C:\DOCUME~1\SILVIA~1\DATIAP~1\MSN6
[15/10/2004|22.09] C:\DOCUME~1\SILVIA~1\DATIAP~1\Nikon
[09/09/2004|19.15] C:\DOCUME~1\SILVIA~1\DATIAP~1\Roxio
[22/11/2008|23.23] C:\DOCUME~1\SILVIA~1\DATIAP~1\vlc
[0|File] C:\DOCUME~1\SILVIA~1\DATIAP~1\byte
[22|Directory] C:\DOCUME~1\SILVIA~1\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[06/02/2009 19.25][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/08/2001 13.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[07/10/2006|11.20] C:\Programmi\Adobe
[15/10/2004|22.04] C:\Programmi\ArcSoft
[01/09/2004|19.32] C:\Programmi\ATI Multimedia
[01/02/2009|13.59] C:\Programmi\AVG
[20/11/2005|16.09] C:\Programmi\Common~1
[01/09/2004|19.18] C:\Programmi\ComPlus Applications
[28/01/2008|21.21] C:\Programmi\Creative
[28/01/2008|21.17] C:\Programmi\Creative Installation Information
[01/09/2004|19.45] C:\Programmi\CyberLink
[16/01/2005|13.38] C:\Programmi\DiMAGE Viewer
[14/05/2005|17.24] C:\Programmi\EPSON
[13/12/2008|16.49] C:\Programmi\File comuni
[20/11/2005|14.45] C:\Programmi\Guillemot
[20/11/2005|14.45] C:\Programmi\Hercules
[01/09/2004|21.07] C:\Programmi\Hewlett-Packard
[01/09/2004|21.03] C:\Programmi\hp deskjet 3320 series
[01/02/2008|18.34] C:\Programmi\InstallShield Installation Information
[13/12/2008|16.50] C:\Programmi\Internet Explorer
[16/04/2007|19.32] C:\Programmi\KaraFun
[13/12/2008|16.49] C:\Programmi\KODAK
[15/05/2005|13.29] C:\Programmi\LeechFTP
[16/04/2007|20.18] C:\Programmi\Macromedia
[06/02/2009|19.58] C:\Programmi\Malwarebytes' Anti-Malware
[28/01/2008|21.08] C:\Programmi\Messenger
[01/09/2004|19.21] C:\Programmi\microsoft frontpage
[01/09/2004|19.52] C:\Programmi\Microsoft Office
[01/09/2004|19.59] C:\Programmi\Microsoft Visual Studio
[28/01/2008|20.20] C:\Programmi\Movie Maker
[06/02/2009|19.46] C:\Programmi\Mozilla Firefox
[01/09/2004|19.18] C:\Programmi\MSN
[01/09/2004|19.18] C:\Programmi\MSN Gaming Zone
[13/08/2005|16.29] C:\Programmi\MSXML 4.0
[28/01/2008|20.17] C:\Programmi\NetMeeting
[15/10/2004|22.05] C:\Programmi\Nikon
[17/07/2007|20.00] C:\Programmi\Nokia
[28/01/2008|20.17] C:\Programmi\Outlook Express
[01/09/2004|19.40] C:\Programmi\PCI Audio Applications
[01/09/2004|19.43] C:\Programmi\Philips
[13/12/2008|16.50] C:\Programmi\QuickTime
[14/05/2005|17.24] C:\Programmi\SEIKO EPSON Corp
[01/09/2004|19.20] C:\Programmi\Servizi in linea
[20/11/2005|16.09] C:\Programmi\Sony Ericsson
[06/02/2009|19.42] C:\Programmi\Trend Micro
[01/09/2004|19.36] C:\Programmi\UIU
[01/09/2004|19.27] C:\Programmi\Uninstall Information
[22/01/2005|23.54] C:\Programmi\vanBasco's Karaoke Player
[22/11/2008|22.55] C:\Programmi\VideoLAN
[28/01/2008|21.18] C:\Programmi\Windows Media Player
[28/01/2008|20.17] C:\Programmi\Windows NT
[14/09/2004|20.54] C:\Programmi\WindowsUpdate
[01/09/2004|19.21] C:\Programmi\xerox
[0|File] C:\Programmi\byte
[53|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[01/09/2004|19.46] C:\Programmi\File comuni\Adaptec Shared
[07/10/2006|11.20] C:\Programmi\File comuni\Adobe
[28/01/2008|21.15] C:\Programmi\File comuni\Creative
[01/09/2004|19.53] C:\Programmi\File comuni\Designer
[16/11/2004|00.03] C:\Programmi\File comuni\EPSON
[08/08/2005|15.29] C:\Programmi\File comuni\InstallShield
[13/12/2008|16.49] C:\Programmi\File comuni\Kodak
[13/09/2004|21.33] C:\Programmi\File comuni\Macromedia
[01/02/2009|13.59] C:\Programmi\File comuni\Microsoft Shared
[01/09/2004|19.19] C:\Programmi\File comuni\MSSoap
[15/10/2004|22.05] C:\Programmi\File comuni\Nikon
[17/07/2007|20.00] C:\Programmi\File comuni\Nokia
[01/09/2004|20.04] C:\Programmi\File comuni\ODBC
[14/05/2005|17.25] C:\Programmi\File comuni\Python
[01/09/2004|19.32] C:\Programmi\File comuni\Ravisent Shared
[01/09/2004|19.19] C:\Programmi\File comuni\Services
[01/09/2004|20.04] C:\Programmi\File comuni\SpeechEngines
[28/01/2008|20.17] C:\Programmi\File comuni\System
[20/11/2005|16.09] C:\Programmi\File comuni\Teleca Shared
[0|File] C:\Programmi\File comuni\byte
[21|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 27 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 22:29:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:279][D:51]-> C:\DOCUME~1\SILVIA~1\IMPOST~1\Temp
[F:28][D:0]-> C:\DOCUME~1\SILVIA~1\Cookies
[F:2915][D:24]-> C:\DOCUME~1\SILVIA~1\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 06/02/2009|22.25 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 06/02/2009|22.30 - Option : [2]

--------------------\\ Scan completed at 22.30.24




Log di HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.32.48, on 06/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Programmi\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copia 1)" /O6 "USB002" /M "Stylus CX3200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmi\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233166837232
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe

--
End of file - 4985 bytes
bbrun
Inviato: Friday, February 06, 2009 10:48:28 PM
Rank: AiutAmico

Iscritto dal : 3/14/2005
Posts: 978
shapiro ha scritto:
disattiva il ripristino

Start --> programmi --> accessori --> utilita' di sistema --> ripristino configurazioni di sistema --> impostazioni ripristino configurazioni di sistema --> Disattiva ripristino



riavvia il pc creando un nuovo punto

Avvia malwarebytes e togli tutto quello che ha trovato

manca il log di Lop S&D


Ho disattivato il punto di ripristino.
Scusa l'ignoranza ma... non dovrei prima pulire e poi creare un nuovo punto di ripristino?
shapiro
Inviato: Friday, February 06, 2009 10:59:16 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ti ho scritto infatti di creare un nuovo punto

Commenta:
disattiva il ripristino

Start --> programmi --> accessori --> utilita' di sistema --> ripristino configurazioni di sistema --> impostazioni ripristino configurazioni di sistema --> Disattiva ripristino



riavvia il pc creando un nuovo punto



il pc e' pulito

riscontri altri problemi?
bbrun
Inviato: Friday, February 06, 2009 10:59:20 PM
Rank: AiutAmico

Iscritto dal : 3/14/2005
Posts: 978
Altra questione di ignoranza, sto ripulendo un pc con XP.
Ma XP lo conosco poco in quanto normalmente ne uso uno con Win98SE.
Da questo la domanda, il nuovo punto di ripristino si crea automaticamente quando lo riattivo
o devo farlo io a mano?

Grazie.
bbrun
Inviato: Friday, February 06, 2009 11:03:15 PM
Rank: AiutAmico

Iscritto dal : 3/14/2005
Posts: 978
shapiro ha scritto:
ti ho scritto infatti di creare un nuovo punto

Commenta:
disattiva il ripristino

Start --> programmi --> accessori --> utilita' di sistema --> ripristino configurazioni di sistema --> impostazioni ripristino configurazioni di sistema --> Disattiva ripristino



riavvia il pc creando un nuovo punto



il pc e' pulito

riscontri altri problemi?



Ma... e quelle tre cose trovate da malware cosa sono?
shapiro
Inviato: Friday, February 06, 2009 11:05:37 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
sono una chiave infetta, un'infezione nel punto di ripristino e un'altra e' un ###

capito??
bbrun
Inviato: Friday, February 06, 2009 11:07:49 PM
Rank: AiutAmico

Iscritto dal : 3/14/2005
Posts: 978
shapiro ha scritto:
sono una chiave infetta, un'infezione nel punto di ripristino e un'altra e' un ###

capito??


E non devo toglierli di mezzo, prima di
riattivare il punto di ripristino?
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.