Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi dareste una controllata al log? pagine che si chiudono, icone che spariscono e tornano!!!!!!

2 pages: 1 [2]
mi dareste una controllata al log? pagine che si chiudono, icone che spariscono e tornano!!!!!! Opzioni
Topic Precedente · Topic Sucessivo
salella
Inviato: Wednesday, April 01, 2009 1:17:00 PM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
buongiorno a tutti,
stamani ho aperto una pagina di internet e se ne sono aperte una sfilza che non finiva più!!!mi sa chè ci sia ancora qualcosina Brick wall ho faticato a chiuderle con task manager!
ho fatto una scansione con malwerebytes "nessun elemento malevolo trovato" e con spybot ma nulla neppure quà!
posto un log nuovo Think spero non ci trovate nulla di strano Pray

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.57.18, on 01/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam10\QuickCam10.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\Programmi\USB Disk Tool\USNDISKT.EXE
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\WinAlarm\WinAlarm.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.racine.ra.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: XBTP06568 Class - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Programmi\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Programmi\AOL Security Toolbar\AOL_security_toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [USB Disk Tool] C:\Programmi\USB Disk Tool\USNDISKT.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WinAlarm] C:\Programmi\WinAlarm\WinAlarm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8794 bytes
Torna in alto
 
r16
Inviato: Wednesday, April 01, 2009 5:44:34 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Il log di HJT non presenta problemi.
Prova a fare scansione con Combofix:


Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)
Torna in alto
 
salella
Inviato: Wednesday, April 01, 2009 10:39:51 PM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
questo file che c'è nel log lo dovevo fixare? ...O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)..
non l'ho fixato ... ma a che serve??
Torna in alto
 
r16
Inviato: Wednesday, April 01, 2009 10:53:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao salella .
Ti garantisco che non è quella voce di HJT, il tuo problema.
Mi sembra, di averti dato delle indicazioni diverse, dal fixare voci di HJT.
Torna in alto
 
salella
Inviato: Thursday, April 02, 2009 1:16:46 PM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
r16 scusami, ma avevo letto da qualche parte in questo forum,che quel file è stato fatto fixare!(prima di postare il mio problema mi son lettoa quasi tutti i postdi questa sezione Anxious senza per altro capirci molto!Brick wall
ti posto il log di combo fix, e aspetto tue nuove, grazie

ComboFix 09-04-01.01 - Capra 2009-04-02 13.03.40.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.495.203 [GMT 2:00]
Eseguito da: c:\documents and settings\Capra\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090401-0] *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-03-02 al 2009-04-02 )))))))))))))))))))))))))))))))))))
.

2009-03-30 20:50 . 2009-03-30 20:50 <DIR> d-------- c:\programmi\TomTom International B.V
2009-03-30 14:41 . 2009-03-30 14:41 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-03-29 20:44 . 2009-03-29 20:44 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-03-29 20:44 . 2009-03-29 20:44 <DIR> d-------- c:\documents and settings\Capra\Dati applicazioni\Malwarebytes
2009-03-29 20:44 . 2009-03-29 20:44 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-03-29 20:44 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-29 20:44 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-28 22:19 . 2009-03-28 22:19 <DIR> d-------- c:\programmi\Panda Security
2009-03-28 22:19 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-12 18:01 . 2009-03-27 14:52 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-12 18:01 . 2009-03-12 18:01 1,409 --a------ c:\windows\QTFont.for
2009-03-08 10:07 . 2009-03-08 10:07 <DIR> d--hs---- C:\FOUND.011
2009-03-05 21:21 . 2009-03-05 21:21 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-27 14:50 --------- d-----w c:\programmi\realvnc
2009-02-20 16:15 --------- d-----w c:\programmi\Trend Micro
2009-02-09 13:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 13:04 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 13:03 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-09 13:03 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-09 12:53 --------- d-----w c:\programmi\File comuni\PCSuite
2009-02-09 12:53 --------- d-----w c:\programmi\File comuni\Nokia
2009-02-09 12:50 --------- d-----w c:\programmi\PC Connectivity Solution
2009-02-09 12:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Installations
2009-02-09 09:53 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-05 20:48 --------- d-----w c:\documents and settings\Capra\Dati applicazioni\skypePM
2009-02-05 20:47 --------- d-----w c:\programmi\File comuni\Skype
2009-01-16 19:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2007-10-13 19:23 7,680 ----a-w c:\documents and settings\Capra\netcache.dat
1999-03-10 11:53 99,840 ----a-w c:\programmi\File comuni\IRAABOUT.DLL
1998-12-09 01:53 70,144 ----a-w c:\programmi\File comuni\IRAMDMTR.DLL
1998-12-09 01:53 48,640 ----a-w c:\programmi\File comuni\IRALPTTR.DLL
1998-12-09 01:53 31,744 ----a-w c:\programmi\File comuni\IRAWEBTR.DLL
1998-12-09 01:53 186,368 ----a-w c:\programmi\File comuni\IRAREG.DLL
1998-12-09 01:53 17,920 ----a-w c:\programmi\File comuni\IRASRIAL.DLL
2008-05-15 17:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008051520080516\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-10-30 67128]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-06-23 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-06-23 114688]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"LogitechCommunicationsManager"="c:\programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 746520]
"LVCOMSX"="c:\programmi\File comuni\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"USB Disk Tool"="c:\programmi\USB Disk Tool\USNDISKT.EXE" [2003-04-02 122880]
"LManager"="c:\progra~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 155648]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2002-07-25 151552]
"WinAlarm"="c:\programmi\WinAlarm\WinAlarm.exe" [2007-12-26 353280]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SoundMan"="SOUNDMAN.EXE" [2003-06-20 c:\windows\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-30 67128]
Porta Symantec Fax Starter Edition.lnk - c:\programmi\Microsoft Office\Office\1040\OLFSNT40.EXE [1999-03-10 45568]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Acrobat Assistant.lnk - c:\programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-02-04 82026]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ZDWLan Utility.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ZDWLan Utility.lnk
backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 c:\programmi\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2009-03-18 02:03 251240 c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\System32\\rtcshare.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-28 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-01 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-01 20560]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [2009-03-18 92008]
S3 PCX500;Driver per schede LAN senza fili Cisco;c:\windows\system32\drivers\pcx500.sys [2004-01-02 169984]
S3 USBSNXSTOR;Mass Storage driver ;c:\windows\system32\drivers\USBSNX2K.SYS [2004-08-17 53083]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9329f7c0-b3ae-11dc-af28-00042379b4dd}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c492ef30-dcc9-11dc-af86-00042379b4dd}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 11:37]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.racine.ra.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 13:05:44
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-04-02 13.07.23
ComboFix2.txt 2009-03-29 20:33:08
ComboFix-quarantined-files.txt 2009-04-02 11:07:18

Pre-Run: 9.645.588.480 byte disponibili
Post-Run: 9,649,061,888 byte disponibili

143 --- E O F --- 2009-03-20 09:22:59
Torna in alto
 
r16
Inviato: Thursday, April 02, 2009 2:57:51 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
salella ha scritto:
r16 scusami, ma avevo letto da qualche parte in questo forum,che quel file è stato fatto fixare!(prima di postare il mio problema mi son lettoa quasi tutti i postdi questa sezione Anxious senza per altro capirci molto!Brick wall
ti posto il log di combo fix, e aspetto tue nuove, grazie

Quella voce di HJT non và tolta.
E una voce legittima di Messenger.
Anche se la togli, la prima volta che accedi a Messenger si rigenera.
E' un bug di HJT.
*********************************************************************************************************
Elimina questo programma segnato in rosso:
C:\Programmi\WinAlarm\WinAlarm.exe (è una cartella)
Poi elimina questa voce di HJT:
O4 - HKLM\..\Run: [WinAlarm] C:\Programmi\WinAlarm\WinAlarm.exe
*********************************************************************************************************
Poi elimina anche questi file:
c:\programmi\Panda Security (è una cartella)
c:\windows\system32\drivers\pavboot.sys
Fai una pulizia con CCleaner .
Riavvia il pc.
Vedi se è cambiata la musica.
Torna in alto
 
salella
Inviato: Thursday, April 02, 2009 5:09:53 PM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
Eh? Win allarm è un programma che ho da anni! ( mi fa da notes ,con allarme, per le cose che devo ricordare Anxious Visto l'età e la memoria!! Whistle ) se fosse possibile tenerlo! Pray
il resto lo tolgo subito!
Torna in alto
 
r16
Inviato: Thursday, April 02, 2009 6:51:00 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Prova a tenerlo.
Volevo eliminarlo perchè pensavo che potesse entrare in conflitto con qualche altro programma.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: 1 [2]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi dareste una controllata al log? pagine che si chiudono, icone che spariscono e tornano!!!!!!


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.