Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuto x log malwarebytes

aiuto x log malwarebytes Opzioni
Topic Precedente · Topic Sucessivo
biscottino11
Inviato: Wednesday, November 11, 2009 9:38:16 AM
Rank: AiutAmico

Iscritto dal : 4/29/2007
Posts: 35
chiedo gentilmente l'aiuto di qualche esperto grazie

Malwarebytes' Anti-Malware 1.41
Versione del database: 3145
Windows 6.0.6002 Service Pack 2

11/11/2009 9.10.53
mbam-log-2009-11-11 (09-10-26).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 284005
Tempo trascorso: 1 hour(s), 23 minute(s), 1 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.37.32, on 11/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Presario&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Presario&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O13 - Gopher Prefix:
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.fueps.com/gp/images/common/games/PopCapGames/popcaploader_v10_it.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7375 bytes
Torna in alto
 
Sponsor
Inviato: Wednesday, November 11, 2009 9:38:16 AM

 
Torna in alto
 
biscottino11
Inviato: Wednesday, November 11, 2009 4:50:22 PM
Rank: AiutAmico

Iscritto dal : 4/29/2007
Posts: 35
vi prego Pray
qualcuno mi aiuti Whistle

grazie 1000
Torna in alto
 
dario-vr
Inviato: Wednesday, November 11, 2009 5:23:16 PM

Rank: AiutAmico

Iscritto dal : 3/28/2007
Posts: 633
Ciao il log di hjackthis non presenta particolari problemi, ma non sono un grande esperto.

Però mi sembra che tu non usi nessun firewall, se non lo hai usa questo:
http://software.aiutamici.com/software?ID=80142
non è difficile da usare, va molto bene, leggi la breve guida.

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso se lo hai) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Attendi che lo veda qualche amico più esperto di me
r16 su tutti
Torna in alto
 
biscottino11
Inviato: Wednesday, November 11, 2009 5:49:09 PM
Rank: AiutAmico

Iscritto dal : 4/29/2007
Posts: 35
grazie per la tua collaborazione, il firewall e quello di windows vista ed è abilitato
prima di procedere con combofix debbo eliminare quello che ha rilevato malwarebytes o lo chiudo e basta ciao
Torna in alto
 
r16
Inviato: Wednesday, November 11, 2009 10:14:29 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Non installare nessun firewall.
Elimina quello che ha trovato Malwarebytes.
Disabilita il UAC.
http://www.faqwindows.com/public/post/disabilitare-uac-da-pannello-di-controllo-disable-uac-12.asp
Poi fai la scansione con Combofix.

@dario-vr
Non fare casini....
Torna in alto
 
biscottino11
Inviato: Wednesday, November 11, 2009 10:45:50 PM
Rank: AiutAmico

Iscritto dal : 4/29/2007
Posts: 35
ciao r16

ecco il log combofix


ComboFix 09-11-11.02 - Stefania 11/11/2009 22.17.15.1.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.39.1040.18.2814.1523 [GMT 1:00]
Eseguito da: c:\users\Stefania\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3151536488-3068896762-3460366295-500
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Files Creati Da 2009-10-11 al 2009-11-11 )))))))))))))))))))))))))))))))))))
.

2009-11-11 21:30 . 2009-11-11 21:30 -------- d-----w- c:\users\Stefania\AppData\Local\temp
2009-11-11 21:30 . 2009-11-11 21:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-06 08:52 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-06 08:52 . 2009-11-06 08:53 4096 d-----w- c:\program files\K-Lite Codec Pack
2009-11-05 21:22 . 2009-11-05 21:22 -------- d-----w- c:\programdata\PopCap
2009-10-29 16:37 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-29 16:37 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-29 16:37 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-29 16:37 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-29 16:36 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-29 16:36 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-29 16:36 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-29 16:36 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-29 16:36 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 02:49 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 02:49 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-24 18:44 . 2009-03-24 09:10 114688 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-10-19 17:37 . 2009-10-19 17:37 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-19 17:37 . 2009-07-15 09:48 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-10-19 17:37 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-19 17:36 . 2009-10-19 17:36 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-10-19 17:36 . 2009-10-19 17:36 -------- d-----w- c:\users\Stefania\AppData\Roaming\TuneUp Software
2009-10-19 17:36 . 2009-10-19 17:36 28672 d-----w- c:\program files\TuneUp Utilities 2009
2009-10-19 17:36 . 2009-10-19 17:36 -------- d-----w- c:\programdata\TuneUp Software
2009-10-19 17:35 . 2009-10-19 17:35 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-10-14 21:28 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 14:22 . 2009-01-29 10:33 4096 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-11 14:20 . 2009-01-23 12:26 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-11 13:02 . 2008-12-02 17:53 42844 ----a-w- c:\programdata\nvModes.dat
2009-11-11 06:27 . 2008-06-06 21:43 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-11-11 06:27 . 2008-06-06 21:43 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-11-11 06:22 . 2009-03-24 18:47 -------- d-----w- c:\programdata\Kaspersky Lab
2009-11-11 00:26 . 2009-03-24 18:47 802848 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-11 00:26 . 2009-03-24 18:47 5469216 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-11 00:26 . 2009-03-24 18:47 4872 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-11 00:26 . 2009-03-24 18:47 45904 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-07 23:53 . 2009-06-09 15:21 -------- d-----w- c:\programdata\Babylon
2009-11-05 16:29 . 2008-12-03 16:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-02 19:42 . 2009-10-02 23:54 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 21:53 . 2009-03-27 17:15 4096 d-----w- c:\users\Stefania\AppData\Roaming\Skype
2009-11-01 21:42 . 2009-03-27 17:23 -------- d-----w- c:\users\Stefania\AppData\Roaming\skypePM
2009-10-24 18:44 . 2009-09-23 17:18 -------- d-----w- c:\program files\Zylom Games
2009-10-22 18:28 . 2009-09-30 17:26 -------- d-----w- c:\program files\GameTop.com
2009-10-16 10:40 . 2009-01-23 19:24 4096 d-----w- c:\program files\SpywareBlaster
2009-10-14 22:12 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-14 14:31 . 2009-03-24 18:48 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-14 14:31 . 2009-03-24 18:48 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-14 10:42 . 2008-06-06 13:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-07 15:52 . 2009-06-09 15:21 4096 d-----w- c:\users\Stefania\AppData\Roaming\Babylon
2009-09-30 17:27 . 2009-09-30 17:27 -------- d-----w- c:\programdata\Lost Treasures Of El Dorado
2009-09-27 10:15 . 2009-01-23 19:19 4096 d-----w- c:\program files\Google
2009-09-23 17:19 . 2009-09-23 17:19 -------- d-----w- c:\users\Stefania\AppData\Roaming\Zylom
2009-09-14 16:16 . 2009-09-14 16:16 -------- d-----w- c:\programdata\Zylom
2009-09-14 09:29 . 2009-10-14 21:27 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 12:54 . 2009-03-07 20:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-03-07 20:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 09:48 . 2009-09-24 17:51 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe
2009-09-10 09:48 . 2009-09-24 17:51 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll
2009-09-10 09:48 . 2009-09-24 17:51 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL
2009-09-04 11:41 . 2009-10-14 21:27 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-09-03 10:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 10:53 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-14 21:27 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 21:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 21:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 21:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-15 17:20 . 2009-08-15 17:17 680 ----a-w- c:\users\Stefania\AppData\Local\d3d9caps.dat
2009-08-14 16:27 . 2009-09-10 11:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 11:27 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 11:27 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 11:27 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 11:27 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 11:27 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 11:27 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 11:27 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 11:27 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 11:27 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 11:27 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-04-10 21:14 . 2009-04-10 21:14 812344 ----a-w- c:\program files\HJTInstall.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-24 201992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):42,e4,49,b4,01,fb,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3151536488-3068896762-3460366295-1000]
"EnableNotificationsRef"=dword:0000000b

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 18.29.38 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [26/03/2008 13.10.16 20496]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [23/04/2007 10.50.50 25896]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 3.33.13 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [06/06/2008 14.44.14 361808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [29/01/2009 11.33.30 1153368]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [19/10/2009 18.37.11 604488]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [06/06/2008 13.35.48 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [03/05/2008 13.39.00 42528]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v3.sys [26/03/2009 10.48.52 289280]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - PROCEXP113
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-11 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-07-24 07:55]

2009-11-11 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-07-24 08:15]

2009-10-30 c:\windows\Tasks\HPCeeScheduleForStefania.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-06-06 13:14]

2009-11-11 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 10:28]

2009-11-11 c:\windows\Tasks\User_Feed_Synchronization-{9AD4E378-01CB-40EE-A96E-C0C8B784AB32}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://virgilio.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Presario&pf=cnnb
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-11-11 22.36.29
ComboFix-quarantined-files.txt 2009-11-11 21:36

Pre-Run: 201.348.911.104 byte disponibili
Post-Run: 201.224.560.640 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45
- - End Of File - - A4677EB668C3B904B648F8213C55FC95
Torna in alto
 
r16
Inviato: Wednesday, November 11, 2009 10:49:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Prova il pc e dimmi se riscontri problemi.
Torna in alto
 
biscottino11
Inviato: Wednesday, November 11, 2009 11:00:14 PM
Rank: AiutAmico

Iscritto dal : 4/29/2007
Posts: 35
ciao
sembra che vada tutto bene, combofix ha eliminato l'infezione?
Torna in alto
 
r16
Inviato: Wednesday, November 11, 2009 11:04:00 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Si, ma c'è qualcosa che non mi quadra.
Se riscontri quache problema, torna qui.

Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)
Torna in alto
 
dario-vr
Inviato: Thursday, November 12, 2009 10:01:36 AM

Rank: AiutAmico

Iscritto dal : 3/28/2007
Posts: 633
r16 ha scritto:


@dario-vr
Non fare casini....


Think
Drool

volevo solo aiutare biscottino.... poi il fw di windows è un colabrodo Angel
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuto x log malwarebytes


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.