Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log per favore

2 pages: [1] 2
Controllo Log per favore Opzioni
Topic Precedente · Topic Sucessivo
stewarman
Inviato: Thursday, May 28, 2009 7:07:36 PM
Rank: Member

Iscritto dal : 5/16/2009
Posts: 21
Salve,
forse nella precedente richiesta di analisi del log alcune settimane fa non ho eseguito correttamente qualche passaggio, per cui richiedo gentilmente un controllo del log. Grazie:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.58.21, on 28/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Java\jre1.6.0_05\bin\jucheck.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programmi\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Lucia Mori')
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Lucia Mori')
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c (User 'Lucia Mori')
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Lucia Mori')
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [sogcq] "c:\documents and settings\lucia mori\impostazioni locali\dati applicazioni\sogcq.exe" sogcq (User 'Lucia Mori')
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background (User 'Lucia Mori')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212746228003
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe

--
End of file - 9417 bytes
Torna in alto
 
Sponsor
Inviato: Thursday, May 28, 2009 7:07:36 PM

 
Torna in alto
 
shapiro
Inviato: Thursday, May 28, 2009 7:19:40 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
scarica navilog1.exe_il mafioso sul desktop e installalo.

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^).
Esegui Navilog1 e scegli l'opzione 2 (Automatic Cleaning) e dai l'ok (eseguirà la pulizia dei files infetti trovati)
Quando finisce, riavvia il pc in modalità normale

Svuota C:\WINDOWS\Prefetch

Posta il log che trovi in C:\



Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [sogcq] "c:\documents and settings\lucia mori\impostazioni locali\dati applicazioni\sogcq.exe" sogcq (User 'Lucia Mori')




Fai una scansione con Malwarebytes http://www.malwarebytes.org/mbam/program/mbam-setup.exe
1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
Torna in alto
 
enigmista63
Inviato: Thursday, May 28, 2009 7:19:47 PM

Rank: AiutAmico

Iscritto dal : 4/28/2007
Posts: 1,976
Ciao mentre attendi gli esperti devi eliminare queste 2 voci:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [sogcq] "c:\documents and settings\lucia mori\impostazioni locali\dati applicazioni\sogcq.exe" sogcq (User 'Lucia Mori')

poi controlla se conosci queste voci:


O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab

O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
Torna in alto
 
stewarman
Inviato: Friday, May 29, 2009 6:31:24 PM
Rank: Member

Iscritto dal : 5/16/2009
Posts: 21
Ringrazio innanzitutto gli amici che mi hanno risposto, e poi come da suggerimento posto il log:

Malwarebytes' Anti-Malware 1.37
Versione del database: 2191
Windows 5.1.2600 Service Pack 3

29/05/2009 11.14.19
mbam-log-2009-05-29 (11-14-19).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 139496
Tempo trascorso: 1 hour(s), 3 minute(s), 24 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Per enigmista63: non sono sicuro di essere in grado di dire se conosco quelle voci....
Torna in alto
 
shapiro
Inviato: Friday, May 29, 2009 7:12:45 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
mi posti anche il log di navilog? lo trovi in C:\
Torna in alto
 
stewarman
Inviato: Saturday, May 30, 2009 5:56:57 PM
Rank: Member

Iscritto dal : 5/16/2009
Posts: 21
qual'è il nome di questo file?
Torna in alto
 
shapiro
Inviato: Saturday, May 30, 2009 6:01:33 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
lo trovi in C:\ come fixnavi.txt
Torna in alto
 
stewarman
Inviato: Saturday, May 30, 2009 7:14:49 PM
Rank: Member

Iscritto dal : 5/16/2009
Posts: 21
Ecco il file:

Search Navipromo version 3.7.7 began on 29/05/2009 at 9.47.16,13

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Programmi\navilog1

Updated on 12.05.2009 at 18h00 by IL-MAFIOSO

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.50GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Fabio Mori ( Administrator )
BOOT : Fail-safe boot

Antivirus : Kaspersky Anti-Virus 8.0.0.357 (Not Activated)


C:\ (Local Disk) - NTFS - Total:37 Go (Free:20 Go)
D:\ (CD or DVD)


Search done in safe mode


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Programmi" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Search folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\Fabio Mori\datiap~1" ***


*** Search folders in "C:\DOCUME~1\LUCIAM~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\Fabio Mori\impost~1\datiap~1" ***


*** Search folders in "C:\DOCUME~1\LUCIAM~1\impost~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\Fabio Mori\menuav~1\progra~1" ***


*** Search folders in "C:\DOCUME~1\LUCIAM~1\menuav~1\progra~1" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\Fabio Mori\impost~1\datiap~1" *

* Scan in "C:\DOCUME~1\LUCIAM~1\impost~1\datiap~1" *



*** Search files ***



*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\Fabio Mori\impost~1\datiap~1" :


* In "C:\DOCUME~1\LUCIAM~1\impost~1\datiap~1" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :



*** Search completed on 29/05/2009 at 9.55.32,53 ***
Torna in alto
 
shapiro
Inviato: Saturday, May 30, 2009 7:21:40 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
sicuro che il log e' completo? manca il report dei file infetti
Torna in alto
 
stewarman
Inviato: Sunday, May 31, 2009 5:15:50 PM
Rank: Member

Iscritto dal : 5/16/2009
Posts: 21
Credo di si...
Torna in alto
 
shapiro
Inviato: Sunday, May 31, 2009 6:59:47 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti


cerca ed elimina se presenti i file in rosso

c:\documents and settings\lucia mori\impostazioni locali\dati applicazioni\sogcq.exe
c:\documents and settings\lucia mori\impostazioni locali\dati applicazioni\sogcq.dat
c:\documents and settings\lucia mori\impostazioni locali\dati applicazioni\sogcq_nav.dat
c:\documents and settings\lucia mori\impostazioni locali\dati applicazioni\sogcq_navps.dat



Apri blocco note e copiaci questo codice

Commenta:
Windows Registry Editor Version 5.00

[HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run]
"sogcq"=-
;



salvalo come:
nome: fix.reg
tipo di file: tutti i file
chiudi ed eseguilo. accetta le modifiche al registro

Appena finito, posta un log di hjt aggiornato
Torna in alto
 
stewarman
Inviato: Monday, June 01, 2009 11:40:15 AM
Rank: Member

Iscritto dal : 5/16/2009
Posts: 21
Ho provato ad eseguire il file fix.reg ma appare un messaggio che dice: "Impossibile importare C:\fix.reg. Il file specificato non è uno script del Registro di sistema. E' possibile importare solo file del Registro di sistema binari dall'editor del Registro di sistema".
Non è che ho copiato male il codice? Ti posto il copia ed incolla che ho effettuato in blocco note:
[HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run]
"sogcq"=-
;

Ti ringrazio per la tua disponibilità e pazienza....
Torna in alto
 
shapiro
Inviato: Monday, June 01, 2009 11:51:00 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
Ti posto il copia ed incolla che ho effettuato in blocco note:
[HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run]
"sogcq"=-
;




no, manca la parte iniziale- devi copiare tutta la parte in rosso

Commenta:
Windows Registry Editor Version 5.00

[HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run]
"sogcq"=-
;
Torna in alto
 
stewarman
Inviato: Monday, June 01, 2009 1:35:34 PM
Rank: Member

Iscritto dal : 5/16/2009
Posts: 21
Tutto ok, ecco il log hjt aggiornato:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.34.28, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Programmi\Java\jre1.6.0_05\bin\jucheck.exe
c:\progra~1\fileco~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\agent.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programmi\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Lucia Mori')
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Lucia Mori')
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c (User 'Lucia Mori')
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Lucia Mori')
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [sogcq] "c:\documents and settings\lucia mori\impostazioni locali\dati applicazioni\sogcq.exe" sogcq (User 'Lucia Mori')
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background (User 'Lucia Mori')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212746228003
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe

--
End of file - 9404 bytes
Torna in alto
 
shapiro
Inviato: Monday, June 01, 2009 1:44:19 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
elimina con hjt

O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [sogcq] "c:\documents and settings\lucia mori\impostazioni locali\dati applicazioni\sogcq.exe" sogcq (User 'Lucia Mori')


per maggior sicurezza fai questo

start\esegui\regedit

HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run

tasto destro su Run - esportami la chiave, salvala sul desktop e caricala qui

www.wikisend.com
Torna in alto
 
stewarman
Inviato: Monday, June 01, 2009 3:22:50 PM
Rank: Member

Iscritto dal : 5/16/2009
Posts: 21
Fatto, vuoi il link?
Torna in alto
 
shapiro
Inviato: Monday, June 01, 2009 4:27:57 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
certo devi postarmelo
Torna in alto
 
stewarman
Inviato: Monday, June 01, 2009 4:37:04 PM
Rank: Member

Iscritto dal : 5/16/2009
Posts: 21
http://wikisend.com/download/927388/chiave.reg
Torna in alto
 
shapiro
Inviato: Monday, June 01, 2009 5:23:09 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

devi postarmi la Run e non la Run-
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log per favore


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.