Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » nuovo log hijack+LoPsd

nuovo log hijack+LoPsd Opzioni
Topic Precedente · Topic Sucessivo
cristianx81
Inviato: Friday, October 09, 2009 10:50:52 PM
Rank: Newbie

Iscritto dal : 10/9/2009
Posts: 6
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.42.54, on 09/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\6f7b1ca.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://it.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [6f7b1ca.exe] C:\WINDOWS\system32\6f7b1ca.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programmi\Chessmaster Challenge\Images\stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programmi\Chessmaster Challenge\Images\armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servizio di Google Update (gupdate1ca4351cdb52736) (gupdate1ca4351cdb52736) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 6957 bytes






--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.80GHz )
BIOS : Award Modular BIOS v6.00PG
USER : CRISTIAN ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:78 Go (Free:61 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:387 Go (Free:323 Go)
F:\ (Local Disk) - NTFS - Total:33 Go (Free:24 Go)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 09/10/2009|22.29 )

--------------------\\ Listing folders in DATIAP~1

[09/10/2009|12.53] C:\DOCUME~1\ADMINI~1\DATIAP~1\.clamwin
[07/11/2010|22.20] C:\DOCUME~1\ADMINI~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte disponibili

[28/10/2008|12.14] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple Computer
[07/10/2009|14.18] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Avira
[29/03/2009|14.17] C:\DOCUME~1\ALLUSE~1\DATIAP~1\ChessBase
[28/09/2009|20.52] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Edizioni NECA
[12/04/2009|09.24] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google
[09/10/2009|22.09] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[01/01/2009|19.28] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[05/04/2009|12.26] C:\DOCUME~1\ALLUSE~1\DATIAP~1\NFS Underground
[02/10/2009|13.15] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Skype
[09/10/2009|17.05] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[07/10/2009|18.09] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TEMP
[07/10/2009|21.31] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[30/10/2008|21.19] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Yahoo!
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[15|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[08/10/2009|21.08] C:\DOCUME~1\CRISTIAN\DATIAP~1\.clamwin
[30/10/2008|21.08] C:\DOCUME~1\CRISTIAN\DATIAP~1\Adobe
[28/10/2008|12.14] C:\DOCUME~1\CRISTIAN\DATIAP~1\Apple Computer
[29/03/2009|14.22] C:\DOCUME~1\CRISTIAN\DATIAP~1\ChessBase
[29/03/2009|13.42] C:\DOCUME~1\CRISTIAN\DATIAP~1\Chessmaster Challenge
[08/03/2009|16.27] C:\DOCUME~1\CRISTIAN\DATIAP~1\ConvertTemp
[03/08/2009|19.21] C:\DOCUME~1\CRISTIAN\DATIAP~1\dvdcss
[12/04/2009|09.24] C:\DOCUME~1\CRISTIAN\DATIAP~1\Google
[10/01/2009|18.25] C:\DOCUME~1\CRISTIAN\DATIAP~1\Help
[07/11/2010|22.27] C:\DOCUME~1\CRISTIAN\DATIAP~1\Identities
[07/11/2010|22.35] C:\DOCUME~1\CRISTIAN\DATIAP~1\InstallShield
[30/10/2008|21.08] C:\DOCUME~1\CRISTIAN\DATIAP~1\Macromedia
[09/10/2009|22.09] C:\DOCUME~1\CRISTIAN\DATIAP~1\Malwarebytes
[17/11/2008|16.19] C:\DOCUME~1\CRISTIAN\DATIAP~1\Media Player Classic
[25/03/2009|10.05] C:\DOCUME~1\CRISTIAN\DATIAP~1\Microsoft
[28/10/2008|11.48] C:\DOCUME~1\CRISTIAN\DATIAP~1\Mozilla
[28/10/2008|11.53] C:\DOCUME~1\CRISTIAN\DATIAP~1\OpenOffice.org
[07/10/2009|18.08] C:\DOCUME~1\CRISTIAN\DATIAP~1\Samsung
[09/10/2009|20.54] C:\DOCUME~1\CRISTIAN\DATIAP~1\Skype
[09/10/2009|17.58] C:\DOCUME~1\CRISTIAN\DATIAP~1\skypePM
[28/03/2009|19.57] C:\DOCUME~1\CRISTIAN\DATIAP~1\SpinTop
[28/10/2008|11.50] C:\DOCUME~1\CRISTIAN\DATIAP~1\Sun
[31/05/2009|15.13] C:\DOCUME~1\CRISTIAN\DATIAP~1\TeamViewer
[08/03/2009|16.27] C:\DOCUME~1\CRISTIAN\DATIAP~1\Temporary
[08/03/2009|16.27] C:\DOCUME~1\CRISTIAN\DATIAP~1\TransRender
[07/10/2009|17.43] C:\DOCUME~1\CRISTIAN\DATIAP~1\URSoft
[10/11/2008|18.36] C:\DOCUME~1\CRISTIAN\DATIAP~1\vlc
[05/10/2009|14.57] C:\DOCUME~1\CRISTIAN\DATIAP~1\Winamp
[01/01/2009|19.16] C:\DOCUME~1\CRISTIAN\DATIAP~1\WinRAR
[31/10/2008|09.51] C:\DOCUME~1\CRISTIAN\DATIAP~1\Yahoo!
[0|File] C:\DOCUME~1\CRISTIAN\DATIAP~1\byte
[32|Directory] C:\DOCUME~1\CRISTIAN\DATIAP~1\byte disponibili

[07/11/2010|22.20] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[07/11/2010|22.20] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[07/10/2009|16.53] C:\DOCUME~1\LOCALS~1\DATIAP~1\Mozilla
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[07/11/2010|22.20] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/10/2009 20.52][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 14.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
[09/10/2009 21.46][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[09/10/2009 20.52][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

--------------------\\ Listing Folders in C:\Programmi

[05/05/2009|18.46] C:\Programmi\3DO
[09/01/2009|22.20] C:\Programmi\Ahead
[28/10/2008|11.32] C:\Programmi\Alwil Software
[07/10/2009|14.18] C:\Programmi\Avira
[08/10/2009|13.26] C:\Programmi\CCleaner
[08/10/2009|21.08] C:\Programmi\ClamWin
[07/11/2010|22.17] C:\Programmi\ComPlus Applications
[29/03/2009|17.27] C:\Programmi\Conduit
[09/07/2009|13.04] C:\Programmi\DIRECTX7
[19/01/2009|20.01] C:\Programmi\D-Tools
[09/07/2009|13.04] C:\Programmi\EXTRAS
[07/10/2009|17.13] C:\Programmi\File comuni
[28/10/2008|11.39] C:\Programmi\Foxit Software
[07/07/2009|18.30] C:\Programmi\FX Uninstall Information
[02/10/2009|13.18] C:\Programmi\Google
[28/06/2009|13.45] C:\Programmi\InstallShield Installation Information
[07/11/2010|22.29] C:\Programmi\Intel
[21/01/2009|19.52] C:\Programmi\Internet Explorer
[01/01/2009|18.56] C:\Programmi\Java
[28/10/2008|11.51] C:\Programmi\JRE
[28/10/2008|11.48] C:\Programmi\K-Lite Codec Pack
[09/10/2009|22.27] C:\Programmi\Malwarebytes' Anti-Malware
[23/01/2009|16.28] C:\Programmi\Messenger
[07/11/2010|22.21] C:\Programmi\microsoft frontpage
[21/01/2009|19.45] C:\Programmi\Movie Maker
[09/10/2009|22.24] C:\Programmi\Mozilla Firefox
[21/03/2009|21.46] C:\Programmi\Mplayer
[07/11/2010|22.17] C:\Programmi\MSN Gaming Zone
[19/01/2009|20.35] C:\Programmi\MSXML 4.0
[21/01/2009|19.44] C:\Programmi\NetMeeting
[28/10/2008|11.51] C:\Programmi\OpenOffice.org 3
[07/09/2009|09.31] C:\Programmi\Outlook Express
[28/10/2008|12.13] C:\Programmi\QuickTime
[07/11/2010|22.35] C:\Programmi\Realtek
[11/09/2009|21.52] C:\Programmi\sdc222
[07/11/2010|22.19] C:\Programmi\Servizi in linea
[02/10/2009|13.16] C:\Programmi\Skype
[09/10/2009|17.08] C:\Programmi\Spybot - Search & Destroy
[09/07/2009|13.04] C:\Programmi\SUPPORT
[09/07/2009|13.04] C:\Programmi\SupportLoc
[09/10/2009|21.27] C:\Programmi\Trend Micro
[07/11/2010|22.27] C:\Programmi\Uninstall Information
[28/10/2008|11.49] C:\Programmi\VideoLAN
[01/01/2009|19.49] C:\Programmi\Webteh
[24/09/2009|13.34] C:\Programmi\Winamp
[21/01/2009|19.46] C:\Programmi\Windows Media Player
[21/01/2009|19.44] C:\Programmi\Windows NT
[07/11/2010|22.19] C:\Programmi\WindowsUpdate
[28/10/2008|11.37] C:\Programmi\WinRAR
[07/11/2010|22.21] C:\Programmi\xerox
[07/10/2009|14.34] C:\Programmi\Yahoo!
[0|File] C:\Programmi\byte
[53|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[05/05/2009|18.46] C:\Programmi\File comuni\3DO Shared
[08/03/2009|16.23] C:\Programmi\File comuni\Adobe
[09/01/2009|22.20] C:\Programmi\File comuni\Ahead
[17/03/2009|21.50] C:\Programmi\File comuni\Apple
[23/02/2009|19.52] C:\Programmi\File comuni\DirectX
[07/11/2010|22.32] C:\Programmi\File comuni\InstallShield
[28/10/2008|11.50] C:\Programmi\File comuni\Java
[30/10/2008|21.16] C:\Programmi\File comuni\Microsoft Shared
[07/11/2010|22.18] C:\Programmi\File comuni\MSSoap
[07/11/2010|23.03] C:\Programmi\File comuni\ODBC
[07/11/2010|22.18] C:\Programmi\File comuni\Services
[02/10/2009|13.16] C:\Programmi\File comuni\Skype
[07/11/2010|23.03] C:\Programmi\File comuni\SpeechEngines
[21/01/2009|19.44] C:\Programmi\File comuni\System
[0|File] C:\Programmi\File comuni\byte
[16|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 29 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\CRISTIAN\IMPOST~1\Temp\nsd98.tmp
C:\DOCUME~1\CRISTIAN\IMPOST~1\Temp\nsh98.tmp

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 22:31:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\CRISTIAN\Recent\keygen.lnk


[F:12][D:119]-> C:\DOCUME~1\CRISTIAN\IMPOST~1\Temp
[F:962][D:0]-> C:\DOCUME~1\CRISTIAN\Cookies
[F:16678][D:24]-> C:\DOCUME~1\CRISTIAN\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 09/10/2009|22.32 - Option : [1]











--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.80GHz )
BIOS : Award Modular BIOS v6.00PG
USER : CRISTIAN ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:78 Go (Free:61 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:387 Go (Free:323 Go)
F:\ (Local Disk) - NTFS - Total:33 Go (Free:24 Go)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 09/10/2009|22.35 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\CRISTIAN\IMPOST~1\Temp\nsd98.tmp
Deleted! - C:\DOCUME~1\CRISTIAN\IMPOST~1\Temp\nsh98.tmp
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in DATIAP~1

[09/10/2009|12.53] C:\DOCUME~1\ADMINI~1\DATIAP~1\.clamwin
[07/11/2010|22.20] C:\DOCUME~1\ADMINI~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte disponibili

[28/10/2008|12.14] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple Computer
[07/10/2009|14.18] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Avira
[29/03/2009|14.17] C:\DOCUME~1\ALLUSE~1\DATIAP~1\ChessBase
[28/09/2009|20.52] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Edizioni NECA
[12/04/2009|09.24] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google
[09/10/2009|22.09] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[01/01/2009|19.28] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[05/04/2009|12.26] C:\DOCUME~1\ALLUSE~1\DATIAP~1\NFS Underground
[02/10/2009|13.15] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Skype
[09/10/2009|17.05] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[07/10/2009|18.09] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TEMP
[07/10/2009|21.31] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[30/10/2008|21.19] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Yahoo!
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[15|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[08/10/2009|21.08] C:\DOCUME~1\CRISTIAN\DATIAP~1\.clamwin
[30/10/2008|21.08] C:\DOCUME~1\CRISTIAN\DATIAP~1\Adobe
[28/10/2008|12.14] C:\DOCUME~1\CRISTIAN\DATIAP~1\Apple Computer
[29/03/2009|14.22] C:\DOCUME~1\CRISTIAN\DATIAP~1\ChessBase
[29/03/2009|13.42] C:\DOCUME~1\CRISTIAN\DATIAP~1\Chessmaster Challenge
[08/03/2009|16.27] C:\DOCUME~1\CRISTIAN\DATIAP~1\ConvertTemp
[03/08/2009|19.21] C:\DOCUME~1\CRISTIAN\DATIAP~1\dvdcss
[12/04/2009|09.24] C:\DOCUME~1\CRISTIAN\DATIAP~1\Google
[10/01/2009|18.25] C:\DOCUME~1\CRISTIAN\DATIAP~1\Help
[07/11/2010|22.27] C:\DOCUME~1\CRISTIAN\DATIAP~1\Identities
[07/11/2010|22.35] C:\DOCUME~1\CRISTIAN\DATIAP~1\InstallShield
[30/10/2008|21.08] C:\DOCUME~1\CRISTIAN\DATIAP~1\Macromedia
[09/10/2009|22.09] C:\DOCUME~1\CRISTIAN\DATIAP~1\Malwarebytes
[17/11/2008|16.19] C:\DOCUME~1\CRISTIAN\DATIAP~1\Media Player Classic
[25/03/2009|10.05] C:\DOCUME~1\CRISTIAN\DATIAP~1\Microsoft
[28/10/2008|11.48] C:\DOCUME~1\CRISTIAN\DATIAP~1\Mozilla
[28/10/2008|11.53] C:\DOCUME~1\CRISTIAN\DATIAP~1\OpenOffice.org
[07/10/2009|18.08] C:\DOCUME~1\CRISTIAN\DATIAP~1\Samsung
[09/10/2009|20.54] C:\DOCUME~1\CRISTIAN\DATIAP~1\Skype
[09/10/2009|17.58] C:\DOCUME~1\CRISTIAN\DATIAP~1\skypePM
[28/03/2009|19.57] C:\DOCUME~1\CRISTIAN\DATIAP~1\SpinTop
[28/10/2008|11.50] C:\DOCUME~1\CRISTIAN\DATIAP~1\Sun
[31/05/2009|15.13] C:\DOCUME~1\CRISTIAN\DATIAP~1\TeamViewer
[08/03/2009|16.27] C:\DOCUME~1\CRISTIAN\DATIAP~1\Temporary
[08/03/2009|16.27] C:\DOCUME~1\CRISTIAN\DATIAP~1\TransRender
[07/10/2009|17.43] C:\DOCUME~1\CRISTIAN\DATIAP~1\URSoft
[10/11/2008|18.36] C:\DOCUME~1\CRISTIAN\DATIAP~1\vlc
[05/10/2009|14.57] C:\DOCUME~1\CRISTIAN\DATIAP~1\Winamp
[01/01/2009|19.16] C:\DOCUME~1\CRISTIAN\DATIAP~1\WinRAR
[31/10/2008|09.51] C:\DOCUME~1\CRISTIAN\DATIAP~1\Yahoo!
[0|File] C:\DOCUME~1\CRISTIAN\DATIAP~1\byte
[32|Directory] C:\DOCUME~1\CRISTIAN\DATIAP~1\byte disponibili

[07/11/2010|22.20] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[07/11/2010|22.20] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[07/10/2009|16.53] C:\DOCUME~1\LOCALS~1\DATIAP~1\Mozilla
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[07/11/2010|22.20] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/10/2009 20.52][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 14.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
[09/10/2009 21.46][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[09/10/2009 20.52][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

--------------------\\ Listing Folders in C:\Programmi

[05/05/2009|18.46] C:\Programmi\3DO
[09/01/2009|22.20] C:\Programmi\Ahead
[28/10/2008|11.32] C:\Programmi\Alwil Software
[07/10/2009|14.18] C:\Programmi\Avira
[08/10/2009|13.26] C:\Programmi\CCleaner
[08/10/2009|21.08] C:\Programmi\ClamWin
[07/11/2010|22.17] C:\Programmi\ComPlus Applications
[29/03/2009|17.27] C:\Programmi\Conduit
[09/07/2009|13.04] C:\Programmi\DIRECTX7
[19/01/2009|20.01] C:\Programmi\D-Tools
[09/07/2009|13.04] C:\Programmi\EXTRAS
[07/10/2009|17.13] C:\Programmi\File comuni
[28/10/2008|11.39] C:\Programmi\Foxit Software
[07/07/2009|18.30] C:\Programmi\FX Uninstall Information
[02/10/2009|13.18] C:\Programmi\Google
[28/06/2009|13.45] C:\Programmi\InstallShield Installation Information
[07/11/2010|22.29] C:\Programmi\Intel
[21/01/2009|19.52] C:\Programmi\Internet Explorer
[01/01/2009|18.56] C:\Programmi\Java
[28/10/2008|11.51] C:\Programmi\JRE
[28/10/2008|11.48] C:\Programmi\K-Lite Codec Pack
[09/10/2009|22.27] C:\Programmi\Malwarebytes' Anti-Malware
[23/01/2009|16.28] C:\Programmi\Messenger
[07/11/2010|22.21] C:\Programmi\microsoft frontpage
[21/01/2009|19.45] C:\Programmi\Movie Maker
[09/10/2009|22.24] C:\Programmi\Mozilla Firefox
[21/03/2009|21.46] C:\Programmi\Mplayer
[07/11/2010|22.17] C:\Programmi\MSN Gaming Zone
[19/01/2009|20.35] C:\Programmi\MSXML 4.0
[21/01/2009|19.44] C:\Programmi\NetMeeting
[28/10/2008|11.51] C:\Programmi\OpenOffice.org 3
[07/09/2009|09.31] C:\Programmi\Outlook Express
[28/10/2008|12.13] C:\Programmi\QuickTime
[07/11/2010|22.35] C:\Programmi\Realtek
[11/09/2009|21.52] C:\Programmi\sdc222
[07/11/2010|22.19] C:\Programmi\Servizi in linea
[02/10/2009|13.16] C:\Programmi\Skype
[09/10/2009|17.08] C:\Programmi\Spybot - Search & Destroy
[09/07/2009|13.04] C:\Programmi\SUPPORT
[09/07/2009|13.04] C:\Programmi\SupportLoc
[09/10/2009|21.27] C:\Programmi\Trend Micro
[07/11/2010|22.27] C:\Programmi\Uninstall Information
[28/10/2008|11.49] C:\Programmi\VideoLAN
[01/01/2009|19.49] C:\Programmi\Webteh
[24/09/2009|13.34] C:\Programmi\Winamp
[21/01/2009|19.46] C:\Programmi\Windows Media Player
[21/01/2009|19.44] C:\Programmi\Windows NT
[07/11/2010|22.19] C:\Programmi\WindowsUpdate
[28/10/2008|11.37] C:\Programmi\WinRAR
[07/11/2010|22.21] C:\Programmi\xerox
[07/10/2009|14.34] C:\Programmi\Yahoo!
[0|File] C:\Programmi\byte
[53|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[05/05/2009|18.46] C:\Programmi\File comuni\3DO Shared
[08/03/2009|16.23] C:\Programmi\File comuni\Adobe
[09/01/2009|22.20] C:\Programmi\File comuni\Ahead
[17/03/2009|21.50] C:\Programmi\File comuni\Apple
[23/02/2009|19.52] C:\Programmi\File comuni\DirectX
[07/11/2010|22.32] C:\Programmi\File comuni\InstallShield
[28/10/2008|11.50] C:\Programmi\File comuni\Java
[30/10/2008|21.16] C:\Programmi\File comuni\Microsoft Shared
[07/11/2010|22.18] C:\Programmi\File comuni\MSSoap
[07/11/2010|23.03] C:\Programmi\File comuni\ODBC
[07/11/2010|22.18] C:\Programmi\File comuni\Services
[02/10/2009|13.16] C:\Programmi\File comuni\Skype
[07/11/2010|23.03] C:\Programmi\File comuni\SpeechEngines
[21/01/2009|19.44] C:\Programmi\File comuni\System
[0|File] C:\Programmi\File comuni\byte
[16|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 28 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 22:36:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\CRISTIAN\Recent\keygen.lnk


[F:12][D:117]-> C:\DOCUME~1\CRISTIAN\IMPOST~1\Temp
[F:962][D:0]-> C:\DOCUME~1\CRISTIAN\Cookies
[F:16678][D:24]-> C:\DOCUME~1\CRISTIAN\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 09/10/2009|22.32 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 09/10/2009|22.37 - Option : [2]
Torna in alto
 
Sponsor
Inviato: Friday, October 09, 2009 10:50:52 PM

 
Torna in alto
 
shapiro
Inviato: Friday, October 09, 2009 10:58:32 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
CRISTIANX81 dovresti postarmi anche il log di malwarebytes

continuiamo qui, non aprire altre discussioni
Torna in alto
 
cristianx81
Inviato: Friday, October 09, 2009 11:03:55 PM
Rank: Newbie

Iscritto dal : 10/9/2009
Posts: 6
Malwarebytes' Anti-Malware 1.41
Versione del database: 2932
Windows 5.1.2600 Service Pack 3

09/10/2009 22.27.21
mbam-log-2009-10-09 (22-27-16).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 93989
Tempo trascorso: 3 minute(s), 20 second(s)

Processi delle memoria infetti: 1
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 1
Elementi dato del registro infetti: 3
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
C:\WINDOWS\system32\6f7b1ca.exe (Rogue.Installer) -> No action taken.

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6f7b1ca.exe (Rogue.Installer) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\6f7b1ca.exe (Rogue.Installer) -> No action taken.
Torna in alto
 
cristianx81
Inviato: Friday, October 09, 2009 11:10:00 PM
Rank: Newbie

Iscritto dal : 10/9/2009
Posts: 6
shapiro se riesci ad aiutarmi ti saro molto in debito!grazie in anticipo
Torna in alto
 
shapiro
Inviato: Friday, October 09, 2009 11:16:09 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
non devi sentirti in debito, sono qui per dare una mano a chi ne ha bisogno

riavvvia malwarebytes ed elimina quello che ha trovato

esegui nuovamente la scansione, ma questa volta esegui quella completa, come ti avevo consigliato nel post precedente
Torna in alto
 
cristianx81
Inviato: Friday, October 09, 2009 11:16:15 PM
Rank: Newbie

Iscritto dal : 10/9/2009
Posts: 6
allora ce speranza per me?
Torna in alto
 
cristianx81
Inviato: Friday, October 09, 2009 11:17:51 PM
Rank: Newbie

Iscritto dal : 10/9/2009
Posts: 6
grazie!ci provo-----ti faccio sapere dopo
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » nuovo log hijack+LoPsd


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.