Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » CONTROLLO LOG

CONTROLLO LOG Opzioni
Topic Precedente · Topic Sucessivo
El_PaMpErO
Inviato: Tuesday, March 20, 2012 3:21:52 PM
Rank: Member

Iscritto dal : 3/8/2007
Posts: 11
Salve a tutti,
Qualcuno potrebbe controllarmi il log gentilmente?
Grazie a tutti.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.20.03, on 20/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\DAVIDE\Dati applicazioni\D.tmp
C:\Documents and Settings\DAVIDE\Dati applicazioni\10.tmp
C:\WINDOWS\system32\24CI3U~1.COM
C:\WINDOWS\system32\24ci3uHDu.com
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=0&o=xph&d=0309&m=aoa150
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=0&o=xph&d=0309&m=aoa150
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=0&o=xph&d=0309&m=aoa150
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alicemobile.mobi
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1040
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\sadrive32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dllkrnl] C:\Documents and Settings\All Users\dllkrnl.exe
O4 - HKLM\..\Run: [defraggdi] C:\Documents and Settings\DAVIDE\Dati applicazioni\defraggdi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\DATIAP~1\qwehumvirrim.dat,StartAs
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Tjpp1] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp1g.exe
O4 - HKCU\..\Run: [psysjo3] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe
O4 - HKCU\..\Run: [Tjii321] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe
O4 - HKCU\..\Run: [psys3] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe
O4 - HKCU\..\Run: [psysnew3] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe
O4 - HKCU\..\Run: [psysjo32] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe
O4 - HKCU\..\Run: [Tjmm71] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe
O4 - HKCU\..\Run: [Tjpp2] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp2g.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tnaww] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
O4 - HKCU\..\Run: [Mtoeoq] C:\Documents and Settings\DAVIDE\Dati applicazioni\Mtoeoq.exe
O4 - HKCU\..\Run: [zaber0] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
O4 - HKCU\..\Run: [msmgr] C:\DOCUME~1\DAVIDE\IMPOST~1\Temp\msmgr.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\DAVIDE\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Woteri] "C:\Documents and Settings\DAVIDE\Dati applicazioni\Invewe\ynaq.exe"
O4 - HKCU\..\Run: [Rvoeov] C:\Documents and Settings\DAVIDE\Dati applicazioni\Mtoeoq.exe
O4 - HKCU\..\Run: [dllkrnl] C:\Documents and Settings\All Users\dllkrnl.exe
O4 - HKCU\..\Run: [defraggdi] C:\Documents and Settings\DAVIDE\Dati applicazioni\defraggdi.exe
O4 - HKCU\..\Run: [Evgez] "C:\Documents and Settings\DAVIDE\Dati applicazioni\Zycuix\neqei.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\sadrive32.exe
O4 - HKLM\..\Policies\Explorer\Run: [31466] C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msdubmna.com
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\DATIAP~1\qwehumvirrim.dat,StartAs (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\rundll32.exe c:\docume~1\alluse~1\datiap~1\qwehumvirrim.dat,StartAs (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\rundll32.exe c:\docume~1\alluse~1\datiap~1\qwehumvirrim.dat,StartAs (User 'Default user')
O4 - S-1-5-18 Startup: ctfmon.lnk = C:\WINDOWS\system32\rundll32.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ctfmon.lnk = C:\WINDOWS\system32\rundll32.exe (User 'Default user')
O4 - .DEFAULT User Startup: esab.exe (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{310719D7-6AF0-4014-8F2A-E5CD0C818C44}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{310719D7-6AF0-4014-8F2A-E5CD0C818C44}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 14011 bytes
Torna in alto
 
Sponsor
Inviato: Tuesday, March 20, 2012 3:21:52 PM

 
Torna in alto
 
bustocb
Inviato: Tuesday, March 20, 2012 7:26:26 PM

Rank: AiutAmico

Iscritto dal : 2/23/2012
Posts: 260
Hai un sacco di casini il pc dovrebbe essere molto lento, ci sentiamo più tardi.
Nel frattempo installa malwarebytes QUI lo aggiorni e poi fai una scansione COMPLETA non veloce, elimina tutto quello che trova, posta il suo log.
Ciao
Torna in alto
 
bustocb
Inviato: Tuesday, March 20, 2012 11:42:11 PM

Rank: AiutAmico

Iscritto dal : 2/23/2012
Posts: 260
Chiudi tutti i programmi e disconnesso lanci HJT e clicca sul secondo pulsante: Do a system scan only poi metti la spunta alle voci che ti indico e alla fine clic su Fix checked.

C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
C:\WINDOWS\system32\24CI3U~1.COM
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\sadrive32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dllkrnl] C:\Documents and Settings\All Users\dllkrnl.exe
O4 - HKLM\..\Run: [defraggdi] C:\Documents and Settings\DAVIDE\Dati applicazioni\defraggdi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\DATIAP~1\qwehumvirrim.dat,StartAs
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Tjpp1] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp1g.exe
O4 - HKCU\..\Run: [psysjo3] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe
O4 - HKCU\..\Run: [Tjii321] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe
O4 - HKCU\..\Run: [psys3] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe
O4 - HKCU\..\Run: [psysnew3] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe
O4 - HKCU\..\Run: [psysjo32] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe
O4 - HKCU\..\Run: [Tjmm71] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe
O4 - HKCU\..\Run: [Tjpp2] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp2g.exe
O4 - HKCU\..\Run: [Tnaww] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
O4 - HKCU\..\Run: [Mtoeoq] C:\Documents and Settings\DAVIDE\Dati applicazioni\Mtoeoq.exe
O4 - HKCU\..\Run: [zaber0] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
O4 - HKCU\..\Run: [msmgr] C:\DOCUME~1\DAVIDE\IMPOST~1\Temp\msmgr.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\DAVIDE\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Woteri] "C:\Documents and Settings\DAVIDE\Dati applicazioni\Invewe\ynaq.exe"
O4 - HKCU\..\Run: [Rvoeov] C:\Documents and Settings\DAVIDE\Dati applicazioni\Mtoeoq.exe
O4 - HKCU\..\Run: [dllkrnl] C:\Documents and Settings\All Users\dllkrnl.exe
O4 - HKCU\..\Run: [defraggdi] C:\Documents and Settings\DAVIDE\Dati applicazioni\defraggdi.exe
O4 - HKCU\..\Run: [Evgez] "C:\Documents and Settings\DAVIDE\Dati applicazioni\Zycuix\neqei.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\sadrive32.exe
O4 - HKLM\..\Policies\Explorer\Run: [31466] C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msdubmna.com
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\DATIAP~1\qwehumvirrim.dat,StartAs (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\rundll32.exe c:\docume~1\alluse~1\datiap~1\qwehumvirrim.dat,StartAs (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\rundll32.exe c:\docume~1\alluse~1\datiap~1\qwehumvirrim.dat,StartAs (User 'Default user')
O4 - S-1-5-18 Startup: ctfmon.lnk = C:\WINDOWS\system32\rundll32.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ctfmon.lnk = C:\WINDOWS\system32\rundll32.exe (User 'Default user')
O4 - .DEFAULT User Startup: esab.exe (User 'Default user')

Disattiva il ripristino configurazione di sistema e tienilo disattivato,
start,pannello di controllo,sistema,configurazione di sistema,metti la spunta a
"disattiva ripristino configurazione di sistema su tutte le unita'",applica,ok.

PULIZIA CON CCLEANER
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta
a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie),
registro compreso.
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp.
(non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows,
aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci
conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO

Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su
Remove selected
Alla fine riattivare il Ripristino configurazione di sistema e crea un nuovo punto.

Per creare un nuovo punto di ripristino del sistema in XP

Start - Tutti i programmi – Accessori - Utilità di sistema - Ripristino configurazione clic su Crea
nuovo punto – Avanti mettere un nome del nuovo punto poi clic su crea ok, chiudi.

Mi raccomando fai tutte le operazioni in ordine come descritto, fai molta attenzione.
Aspetto il log di malwarebytes.
Poi rilancia HJT e posta un nuovo log aggiornato.
Fammi sapere come va il pc.
Ciao
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » CONTROLLO LOG


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.