Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log

Controllo log Opzioni
Topic Precedente · Topic Sucessivo
loppa
Inviato: Monday, February 01, 2010 10:16:23 PM
Rank: AiutAmico

Iscritto dal : 8/11/2005
Posts: 108
Salve ragazzi, mi si aprono in continuazione delle pagine web non richieste, vi posto il log sperando che possiate risolvermi il problema. Grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.13.41, on 01/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\AVG\AVG9\avgchsvx.exe
F:\Programmi\AVG\AVG9\avgrsx.exe
F:\Programmi\AVG\AVG9\avgcsrvx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
F:\Programmi\AVG\AVG9\avgwdsvc.exe
F:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
F:\Programmi\Power Translator 12\LogoMedia TranslateDotNet Server.exe
F:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
F:\Programmi\AVG\AVG9\avgnsx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
F:\PROGRA~1\AVG\AVG9\avgtray.exe
F:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
F:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
F:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\VTTimer.exe
F:\Programmi\File comuni\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmi\Messenger\msmsgs.exe
F:\documents and settings\aldo\impostazioni locali\dati applicazioni\drhweai.exe
F:\Programmi\Trend Micro\HijackThis\HijackThis.exe
F:\Programmi\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [AVG9_TRAY] F:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] F:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Servizio Acronis Scheduler2] "F:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [drhweai] "f:\documents and settings\aldo\impostazioni locali\dati applicazioni\drhweai.exe" drhweai
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Reboot.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = F:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O17 - HKLM\System\CCS\Services\Tcpip\..\{775B47A9-11BD-4D18-9136-35F8B4A869F3}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\WINDOWS\system32\Skype4COM.dll
O20 - Winlogon Notify: avgrsstarter - F:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Servizio Acronis Scheduler2 (AcrSch2Svc) - Acronis - F:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - F:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - F:\Programmi\Power Translator 12\LogoMedia TranslateDotNet Server.exe
O23 - Service: Start BT in service - Unknown owner - F:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 6661 bytes
Torna in alto
 
Sponsor
Inviato: Monday, February 01, 2010 10:16:23 PM

 
Torna in alto
 
shapiro
Inviato: Monday, February 01, 2010 10:33:28 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

Esegui HJT clicca su Do a system scan only e metti il segno di spunta nella casella a sinistra delle sottoindicate voci:

O4 - HKCU\..\Run: [drhweai] "f:\documents and settings\aldo\impostazioni locali\dati applicazioni\drhweai.exe" drhweai

O4 - Startup: Reboot.exe

scarica
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
1) scaricalo sul sul desktop e installalo.
2) eseguilo, scegli la lingua, dal menù di scelta (5 italiano), seleziona l'opzione 1 (non scegliere le altre).
3) ad un certo punto uscirà una scritta "Analisi terminata", premi un tasto come richiesto e si aprirà un file di testo (il rapporto della scansione).

Postalo nel forum


Scarica http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo
Esegui una scansione completa
Posta il risultato senza rimuovere niente
Torna in alto
 
loppa
Inviato: Monday, February 01, 2010 11:09:04 PM
Rank: AiutAmico

Iscritto dal : 8/11/2005
Posts: 108
Posto il log, spero di aver fatto giusto

Malwarebytes' Anti-Malware 1.44
Versione del database: 3674
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

01/02/2010 23.10.00
mbam-log-2010-02-01 (23-10-00).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 116757
Tempo trascorso: 4 minute(s), 9 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
shapiro
Inviato: Monday, February 01, 2010 11:14:42 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
Posto il log, spero di aver fatto giusto


no ioppa, devi fare una scansione completa, l'ho scritto...la tua e' rapida e potrebbe nascondere qualche minaccia

Tipo di scansione: Scansione rapida
Elementi scansionati: 116757
Tempo trascorso: 4 minute(s), 9 second(s)


esegui anche navilog se vuoi rimuovere il virus che hai nel pc
Torna in alto
 
loppa
Inviato: Monday, February 01, 2010 11:22:55 PM
Rank: AiutAmico

Iscritto dal : 8/11/2005
Posts: 108
Scusa ma lo devo fare in modalità provvisoria o è uguale?
Torna in alto
 
shapiro
Inviato: Tuesday, February 02, 2010 1:26:38 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
falla da modalita' normale
Torna in alto
 
loppa
Inviato: Tuesday, February 02, 2010 9:57:53 PM
Rank: AiutAmico

Iscritto dal : 8/11/2005
Posts: 108
Posto i log

Fix Navipromo version 4.0.6 scansione iniziata il 02/02/2010 21.55.40,71

!!! Attenzione,questa scansione potrebbe rilevare archivi/programmi legittimi !!!
!!! Postate questo log all'interno dei Forum per farlo analizzare !!!

Fix effettuato da F:\Programmi\navilog1

Aggiornamento del 03.01.2010 delle ore 11h00 effettuata da IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2800+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Aldo ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 9.0 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:0 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:29 Go (Free:17 Go)
E:\ (Local Disk) - NTFS - Total:29 Go (Free:18 Go)
F:\ (Local Disk) - NTFS - Total:78 Go (Free:52 Go)
G:\ (Local Disk) - NTFS - Total:161 Go (Free:130 Go)
H:\ (CD or DVD)
I:\ (Local Disk) - NTFS - Total:46 Go (Free:4 Go)
J:\ (Local Disk) - NTFS - Total:76 Go (Free:1 Go)
K:\ (Local Disk) - NTFS - Total:14 Go (Free:14 Go)
L:\ (Local Disk) - NTFS - Total:14 Go (Free:14 Go)
N:\ (CD or DVD)


La Ricerca è stata effettuata in modalità normale


Nessuna Infezione Navipromo/Egdaccess trovata



*** Scan terminato 02/02/2010 21.55.58,64 ***


Malwarebytes' Anti-Malware 1.44
Versione del database: 3674
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

02/02/2010 21.54.24
mbam-log-2010-02-02 (21-54-20).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|G:\|I:\|J:\|K:\|L:\|)
Elementi scansionati: 339794
Tempo trascorso: 2 hour(s), 27 minute(s), 41 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 6

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
E:\PySol-4.60\python\DLLs\msvcrt.dll (Malware.Packer.Gen) -> No action taken.
F:\Documents and Settings\Aldo\Desktop\PacthWindowws\WPA-KILL_CRYPTO.DLL(WWW.CHICCHEDICALA.IT)\CRYPT.DLL (Hacktool) -> No action taken.
G:\Download\Sandra\SandraProBus_Sa_08_05\SandraProBus_Sa_08_05\KeyGen\KeyGen\keygen.exe (Malware.Tool) -> No action taken.
I:\Documents and Settings\Aldo\Desktop\Download\Sandra\SandraProBus_Sa_08_05\SandraProBus_Sa_08_05\KeyGen\KeyGen\keygen.exe (Malware.Tool) -> No action taken.
J:\Aldo\Programmi Importanti\Programmi\revel.exe (HackTool.Snadboy) -> No action taken.
J:\Aldo\Programmi Importanti\Face On Body v2.1.3 - Incl.Crack\Face on Body 2.4 Pro\Crack\FaceOnBodyProv24_Crack.exe (Trojan.Agent) -> No action taken.
Torna in alto
 
shapiro
Inviato: Wednesday, February 03, 2010 11:03:00 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
elimina le infezioni trovate da malwarebytes

navilog non ha rilevato niente, vediamo se combofix rintraccia l'ospite

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!
Torna in alto
 
loppa
Inviato: Wednesday, February 03, 2010 10:11:52 PM
Rank: AiutAmico

Iscritto dal : 8/11/2005
Posts: 108
Ecco il log di combofix

ComboFix 10-02-03.04 - Aldo 03/02/2010 22.03.34.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.991.648 [GMT 1:00]
Eseguito da: f:\documents and settings\Aldo\Documenti\Download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\windows\system32\winlogon.bak

.
((((((((((((((((((((((((( Files Creati Da 2010-01-03 al 2010-02-03 )))))))))))))))))))))))))))))))))))
.

2010-02-01 22:02 . 2010-02-01 22:02 -------- d-----w- f:\documents and settings\Aldo\Dati applicazioni\Malwarebytes
2010-02-01 22:02 . 2010-01-07 15:07 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 22:02 . 2010-02-01 22:02 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-01 22:02 . 2010-02-01 22:02 -------- d-----w- f:\programmi\Malwarebytes' Anti-Malware
2010-02-01 22:02 . 2010-01-07 15:07 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-02-01 21:52 . 2010-02-02 20:55 -------- d-----w- f:\programmi\Navilog1
2010-02-01 21:13 . 2010-02-01 21:13 -------- d-----w- f:\programmi\Trend Micro
2010-01-27 21:08 . 2010-01-27 21:16 -------- d-----w- f:\documents and settings\Aldo\Dati applicazioni\VSO
2010-01-27 21:07 . 2010-01-27 21:07 -------- d-----w- f:\programmi\VSO
2010-01-27 11:12 . 2010-01-18 20:30 1260800 ----a-w- f:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-01-27 11:12 . 2010-01-18 20:30 3777280 ----a-w- f:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-01-11 21:39 . 2010-01-11 21:40 -------- d-----w- f:\documents and settings\Aldo\dwhelper
2010-01-07 21:59 . 2010-01-07 21:59 -------- d-----w- f:\programmi\CCleaner
2010-01-05 15:20 . 2010-01-31 18:30 -------- d-----w- f:\documents and settings\Aldo\Dati applicazioni\vlc
2010-01-05 14:47 . 2001-08-17 20:51 19584 -c--a-w- f:\windows\system32\dllcache\rasirda.sys
2010-01-05 14:47 . 2001-08-17 20:51 19584 ----a-w- f:\windows\system32\drivers\rasirda.sys
2010-01-05 14:47 . 2008-04-13 18:54 88192 -c--a-w- f:\windows\system32\dllcache\irda.sys
2010-01-05 14:47 . 2008-04-13 18:54 88192 ----a-w- f:\windows\system32\drivers\irda.sys
2010-01-05 14:47 . 2005-09-05 01:59 19034 ----a-r- f:\windows\system32\drivers\KS-959.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 18:44 . 2006-03-02 12:00 53820 ----a-w- f:\windows\system32\perfc010.dat
2010-01-03 18:44 . 2006-03-02 12:00 405948 ----a-w- f:\windows\system32\perfh010.dat
2010-01-02 22:17 . 2009-12-27 18:17 -------- d-----w- f:\programmi\File comuni\Real
2010-01-02 22:17 . 2010-01-02 22:17 -------- d-----w- f:\programmi\File comuni\xing shared
2010-01-02 22:16 . 2010-01-02 21:38 499712 ----a-w- f:\windows\system32\msvcp71.dll
2010-01-02 22:16 . 2009-12-27 18:17 348160 ----a-w- f:\windows\system32\msvcr71.dll
2010-01-02 22:02 . 2010-01-02 22:02 -------- d-----w- f:\programmi\S3Inc
2010-01-02 21:38 . 2010-01-02 21:38 -------- d-----w- f:\programmi\Real
2010-01-02 16:00 . 2010-01-02 16:00 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\Bluetooth
2010-01-02 15:58 . 2010-01-02 15:58 -------- d-----w- f:\programmi\IVT Corporation
2010-01-01 17:48 . 2009-12-28 11:01 664 ----a-w- f:\windows\system32\d3d9caps.dat
2010-01-01 11:24 . 2010-01-01 11:24 -------- d-----w- f:\documents and settings\Aldo\Dati applicazioni\gnupg
2010-01-01 10:43 . 2010-01-01 10:41 -------- d-----w- f:\programmi\Power Translator 12
2009-12-31 21:36 . 2009-12-31 21:35 -------- d-----w- f:\documents and settings\Aldo\Dati applicazioni\dvdcss
2009-12-28 10:15 . 2009-12-28 10:15 -------- d-----w- f:\programmi\Alcohol Soft
2009-12-27 23:34 . 2009-12-27 23:34 902592 ----a-w- f:\windows\system32\drivers\tdrpm228.sys
2009-12-27 23:34 . 2009-12-27 22:45 540000 ----a-w- f:\windows\system32\drivers\timntr.sys
2009-12-27 23:34 . 2009-12-27 22:45 44704 ----a-w- f:\windows\system32\drivers\tifsfilt.sys
2009-12-27 23:34 . 2009-12-27 22:45 138208 ----a-w- f:\windows\system32\drivers\snapman.sys
2009-12-27 23:34 . 2009-12-27 23:34 -------- d-----w- f:\programmi\File comuni\Acronis
2009-12-27 23:34 . 2009-12-27 23:34 -------- d-----w- f:\programmi\Acronis
2009-12-27 23:29 . 2009-12-27 23:29 69224 ----a-w- f:\documents and settings\Aldo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-27 21:21 . 2009-12-27 21:21 -------- d-----w- f:\programmi\eMule
2009-12-27 21:14 . 2009-12-27 18:17 -------- d-----w- f:\programmi\converter
2009-12-27 21:10 . 2009-12-27 20:58 -------- d-----w- f:\programmi\VideoLAN
2009-12-27 20:48 . 2009-12-27 20:48 -------- d-----w- f:\programmi\VS Revo Group
2009-12-27 17:06 . 2009-12-27 17:06 -------- d-----w- f:\programmi\Polar
2009-12-27 17:06 . 2009-12-24 18:13 -------- d--h--w- f:\programmi\InstallShield Installation Information
2009-12-26 19:04 . 2009-12-26 19:04 -------- d-----w- f:\documents and settings\Aldo\Dati applicazioni\EPSON
2009-12-26 16:49 . 2009-12-26 16:49 -------- d-----w- f:\documents and settings\Aldo\Dati applicazioni\ACD Systems
2009-12-26 16:48 . 2009-12-26 16:48 -------- d-----w- f:\programmi\File comuni\ACD Systems
2009-12-26 16:48 . 2009-12-26 16:48 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\ACD Systems
2009-12-26 16:48 . 2009-12-26 16:48 -------- d-----w- f:\programmi\ACD Systems
2009-12-26 14:53 . 2009-12-26 14:53 0 ----a-w- f:\windows\nsreg.dat
2009-12-25 22:32 . 2009-12-25 22:29 -------- d-----w- f:\programmi\Canon
2009-12-25 22:18 . 2009-12-25 22:18 -------- d-----w- f:\programmi\File comuni\Adobe
2009-12-25 18:23 . 2009-12-24 08:51 86327 ----a-w- f:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-25 17:46 . 2009-12-25 17:46 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-12-25 10:46 . 2009-12-25 10:46 12464 ----a-w- f:\windows\system32\avgrsstx.dll
2009-12-25 10:46 . 2009-12-25 10:46 360584 ----a-w- f:\windows\system32\drivers\avgtdix.sys
2009-12-25 10:46 . 2009-12-25 10:46 333192 ----a-w- f:\windows\system32\drivers\avgldx86.sys
2009-12-25 10:46 . 2009-12-25 10:46 28424 ----a-w- f:\windows\system32\drivers\avgmfx86.sys
2009-12-25 10:46 . 2009-12-25 10:46 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar
2009-12-25 10:46 . 2009-12-25 10:46 -------- d-----w- f:\programmi\AVG
2009-12-25 10:46 . 2009-12-25 10:46 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\avg9
2009-12-24 18:15 . 2009-12-24 18:12 -------- d-----w- f:\programmi\File comuni\InstallShield
2009-12-24 18:14 . 2009-12-24 18:14 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\UDL
2009-12-24 18:14 . 2009-12-24 18:12 -------- d-----w- f:\programmi\EPSON
2009-12-24 16:20 . 2009-12-24 16:20 69632 ----a-r- f:\documents and settings\Aldo\Dati applicazioni\Microsoft\Installer\{B358DA4D-0918-436E-A0E6-4813B1E5965A}\NewShortcut2_B358DA4D0918436EA0E64813B1E5965A.exe
2009-12-24 16:20 . 2009-12-24 16:20 69632 ----a-r- f:\documents and settings\Aldo\Dati applicazioni\Microsoft\Installer\{B358DA4D-0918-436E-A0E6-4813B1E5965A}\NewShortcut1_B358DA4D0918436EA0E64813B1E5965A.exe
2009-12-24 16:20 . 2009-12-24 16:20 10134 ----a-r- f:\documents and settings\Aldo\Dati applicazioni\Microsoft\Installer\{B358DA4D-0918-436E-A0E6-4813B1E5965A}\ARPPRODUCTICON.exe
2009-12-24 15:03 . 2009-12-24 14:59 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-12-24 15:02 . 2009-12-24 15:02 -------- d-----w- f:\programmi\Microsoft Works
2009-12-24 15:02 . 2009-12-24 15:02 -------- d-----w- f:\programmi\MSBuild
2009-12-24 08:52 . 2009-12-24 08:52 -------- d-----w- f:\programmi\microsoft frontpage
2009-12-24 08:50 . 2009-12-24 08:50 -------- d-----w- f:\programmi\Servizi in linea
2009-12-24 08:49 . 2009-12-24 08:49 21840 ----a-w- f:\windows\system32\emptyregdb.dat
2009-11-25 12:01 . 2009-12-25 10:49 1230080 ----a-w- f:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar\IEToolbar.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "f:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- f:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "f:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "f:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="f:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R240 Series"="f:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE" [2005-04-25 98304]
"TrueImageMonitor.exe"="f:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-05-19 4386216]
"AcronisTimounterMonitor"="f:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-05-19 961080]
"Servizio Acronis Scheduler2"="f:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2009-05-19 377472]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"VTTimer"="VTTimer.exe" [2004-01-15 49152]
"TkBellExe"="f:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-01-02 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

f:\documents and settings\Aldo\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - f:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-25 10:46 12464 ----a-w- f:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- f:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- f:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- f:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-02-09 08:54 65024 ----a-r- f:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"f:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Programmi\\eMule\\emule.exe"=
"f:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R0 a347scsi;a347scsi;f:\windows\system32\drivers\a347scsi.sys [28/12/2009 11.15.59 5248]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);f:\windows\system32\drivers\tdrpm228.sys [28/12/2009 0.34.46 902592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [25/12/2009 11.46.33 333192]
R1 AvgTdiX;AVG Free Network Redirector;f:\windows\system32\drivers\avgtdix.sys [25/12/2009 11.46.41 360584]
R2 avg9wd;AVG Free WatchDog;f:\programmi\AVG\AVG9\avgwdsvc.exe [25/12/2009 11.46.24 285392]
R2 Start BT in service;Start BT in service;f:\programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [19/03/2008 16.52.38 51816]
S0 a347bus;a347bus;f:\windows\system32\drivers\a347bus.sys [28/12/2009 11.15.59 160640]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;f:\windows\system32\drivers\KS-959.sys [05/01/2010 15.47.24 19034]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.repubblica.it/
IE: E&sporta in Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {775B47A9-11BD-4D18-9136-35F8B4A869F3} = 208.67.222.222,208.67.220.220
FF - ProfilePath - f:\documents and settings\Aldo\Dati applicazioni\Mozilla\Firefox\Profiles\yvkenyyp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.repubblica.it/
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-Polar Sync - (no file)
Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 22:06
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2010-02-03 22:07:47
ComboFix-quarantined-files.txt 2010-02-03 21:07

Pre-Run: 56.048.906.240 byte disponibili
Post-Run: 56.027.598.848 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6009DEBF9485E45D1CE617DC96E1D965
Torna in alto
 
loppa
Inviato: Friday, February 05, 2010 11:19:01 AM
Rank: AiutAmico

Iscritto dal : 8/11/2005
Posts: 108
Ciao, dopo aver disattivato il ripristino di configurazione per eseguire hijackthis, adesso ho provato a riattivarlo ma nella scheda non mi appare più l'opzione del ripristino. Credo di aver fatto un errore su combofix, quando mi ha chiesto se volevo installare la "Consolle di ripristino di emergenza" devo aver detto di sì.
Come posso rimediare? A proposito controllatemi il log. di Combofix, Grazie
Torna in alto
 
loppa
Inviato: Saturday, February 06, 2010 11:29:10 PM
Rank: AiutAmico

Iscritto dal : 8/11/2005
Posts: 108
Ciao, scusa, mi potete controllare io log e rispondere alla domanda sul combofix? Grazie
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.