Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi controllate il log di hijack...grazie

2 pages: [1] 2
mi controllate il log di hijack...grazie Opzioni
Topic Precedente · Topic Sucessivo
m6m6m
Inviato: Tuesday, March 09, 2010 9:59:11 AM
Rank: Member

Iscritto dal : 3/9/2010
Posts: 28



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.47.09, on 09/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.EXE
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\VNICMon-GE.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Mozilla Firefox\firefox.exe
E:\Applicazioni varie\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NIC Monitor GE] VNICMon-GE.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1EE104B2-B32A-43D2-8DF1-2FD84BD00B14} (WebIntelligence 2.6 Report Editor Control) - http://www.census.istat.it/wi/ActiveX/WIPanelXIT.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183123881895
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ARCGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ERMLicSrv_ATL71 - Unknown owner - C:\WINDOWS\system32\ERM\7.1\ERMLicSrv_ATL71.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6586 bytes
Torna in alto
 
Sponsor
Inviato: Tuesday, March 09, 2010 9:59:11 AM

 
Torna in alto
 
logic
Inviato: Tuesday, March 09, 2010 10:11:37 AM

Rank: AiutAmico

Iscritto dal : 2/25/2010
Posts: 1,008
Che anomalia presenta il PC per inviare il log di HJT. Conoscendo i motivi si puo analizzarlo meglio.

Il log non presenta niente di grave e, comunque, fixerei queste due voci:

O4 - HKLM\..\Run: [NIC Monitor GE] VNICMon-GE.exe
O16 - DPF: {1EE104B2-B32A-43D2-8DF1-2FD84BD00B14} (WebIntelligence 2.6 Report Editor Control) - http://www.census.istat.it/wi/ActiveX/WIPanelXIT.cab

In avvio automatico vedo che hai Kaspersky ed altri antimalware. Sugerirei di lasciare soltanto l' AV e, l' antimalware (Malwarebytes), occasionalmente oppure alla bisogna.

Start --> Esegui, scrivi: msconfig e ti porti sulla linguetta "avvio".

Suggerirei, anche, di eliminare le toolbar inutili.
Torna in alto
 
m6m6m
Inviato: Tuesday, March 09, 2010 10:41:11 AM
Rank: Member

Iscritto dal : 3/9/2010
Posts: 28

il problema è all'avvio...ci mette un sacco ad avviarsi la barra delle applicazioni!!ho provato anche a togliere qualche programma all'avvio ma niente.il probleme c'è,perche fino a due giorni fa' era rapido il caricamento.comunque dopo la lunga attesa il pc va normalmente.grazie per l'aiuto.
Torna in alto
 
m6m6m
Inviato: Tuesday, March 09, 2010 10:42:23 AM
Rank: Member

Iscritto dal : 3/9/2010
Posts: 28

nel task manager nella voce prestazioni ci sono dei picchi dal 0,4% al 30 o piu %...potrebbe essere un indizio?
Torna in alto
 
fdaccc
Inviato: Tuesday, March 09, 2010 1:35:15 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
non vorrei intromettermi, ma potresti provare a fare cosi.

Scarica ed installa MalwareBytes:

http://www.aiutamici.com/software?id=80346

Prima di fare la scansione AGGIORNALO.(è molto importante)

Esegui una scansione completa del sistema.

Elimina tutto ciò che trova.

Posta il log.
Torna in alto
 
logic
Inviato: Tuesday, March 09, 2010 1:51:17 PM

Rank: AiutAmico

Iscritto dal : 2/25/2010
Posts: 1,008
Malwarebytes lo ha già installato. Angel

Suggerirei, inoltre, l'installazione del SP3 in quanto mancante nel SO.
Torna in alto
 
thepiratebay
Inviato: Tuesday, March 09, 2010 1:54:41 PM
Rank: AiutAmico

Iscritto dal : 12/27/2008
Posts: 2,018
siccome fdaccc è un giovane ranpante a consigliato : Elimina tutto ciò che trova. Shame on you


fdaccc.exe Think
Torna in alto
 
m6m6m
Inviato: Tuesday, March 09, 2010 5:24:04 PM
Rank: Member

Iscritto dal : 3/9/2010
Posts: 28
come dice logic,il malwarebytes è gia installato...cmq grazie per i consigli......se avete altri consigli ve sarò grato....
Torna in alto
 
dannato
Inviato: Tuesday, March 09, 2010 5:34:51 PM
Rank: AiutAmico

Iscritto dal : 3/5/2010
Posts: 75
Ciao ti dira R16 cosa fare se ci sono problemi , pero ti consiglio di editare il primo messaggio e dire qual'è il problema,tipo gira lento si impalla eccetra.oppure è solo un controllo per verificare che tutto sia apposto?
Torna in alto
 
paolopa
Inviato: Tuesday, March 09, 2010 5:38:32 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
m6m6m ha scritto:
come dice logic,il malwarebytes è gia installato...cmq grazie per i consigli......se avete altri consigli ve sarò grato....

si,è gia installato e ti parte all avvio,se è la versione free non dovrebbe...
Torna in alto
 
m6m6m
Inviato: Tuesday, March 09, 2010 9:30:24 PM
Rank: Member

Iscritto dal : 3/9/2010
Posts: 28

SCUSATE MA è LA PRIMA VOLTA CHE SCRIVO SU QUESTO FORUM.ALLORA IL MIO PROBLEMA è ALL'AVVIO.IL PC VA MA LABARRA APPLICAZIONI CI METTE PARECCHIO A CARICARSI.MALWAREBYTES ORA L'HO TOLTO ALL'AVVIO....ORA RIEDDITO IL HIJACK.
Torna in alto
 
m6m6m
Inviato: Tuesday, March 09, 2010 9:34:52 PM
Rank: Member

Iscritto dal : 3/9/2010
Posts: 28
ecco il hijack,grazie per l'attenzione.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.34.26, on 09/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.EXE
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Applicazioni varie\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183123881895
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ARCGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ERMLicSrv_ATL71 - Unknown owner - C:\WINDOWS\system32\ERM\7.1\ERMLicSrv_ATL71.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6139 bytes
Torna in alto
 
r16
Inviato: Tuesday, March 09, 2010 9:36:04 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non serve per il momento HJT.

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
m6m6m
Inviato: Wednesday, March 10, 2010 3:13:37 PM
Rank: Member

Iscritto dal : 3/9/2010
Posts: 28

AIUTO!!!ho fatto partire combofix ma è ormai da due ore che il pc è piantato sulla finestra blu dell'autoscan!!!che succede?devo interromperlo?il disco sembra che non stia lavorando!!!!!!
Torna in alto
 
r16
Inviato: Wednesday, March 10, 2010 3:17:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ferma la scansione, (è bloccato) e tenta di farlo partire in Modalità provvisoria.
Torna in alto
 
m6m6m
Inviato: Wednesday, March 10, 2010 3:26:31 PM
Rank: Member

Iscritto dal : 3/9/2010
Posts: 28
è tutto bloccato,non riesco a riavviarlo....riavvio col tasto di riavvio?per andare in modalita provisoria come faccio con xp?io vado sempre da:esegiu>msconfig ecc....grazie per l'aiuto,ma credo che me ne servira dell'altro :-)....grazie ancora
Torna in alto
 
r16
Inviato: Wednesday, March 10, 2010 3:35:18 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Bisogna pur riavviarlo....
Prova spegnerlo con il tasto.
Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122
Torna in alto
 
m6m6m
Inviato: Wednesday, March 10, 2010 3:42:29 PM
Rank: Member

Iscritto dal : 3/9/2010
Posts: 28

grazie....lo sto riavviando in modalita provisoria.ora faccio partire combofix.
Torna in alto
 
m6m6m
Inviato: Wednesday, March 10, 2010 4:11:43 PM
Rank: Member

Iscritto dal : 3/9/2010
Posts: 28

Ciao R16 questo è il file log di combofix:
GRAZIE PER L'ASSISTENZA

ComboFix 10-03-09.06 - Mary 10/03/2010 15.52.29.1.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2046.1772 [GMT 1:00]
Eseguito da: c:\documents and settings\Mary\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\temp
c:\programmi\temp\Admin.exe
c:\programmi\temp\Message.ini
c:\programmi\temp\MSG.INI
c:\programmi\temp\MSG_CHS.INI
c:\programmi\temp\MSG_CHT.INI
c:\programmi\temp\MSG_KOR.INI
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Legacy_SYSDRV32
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Creati Da 2010-02-10 al 2010-03-10 )))))))))))))))))))))))))))))))))))
.

2010-03-09 14:39 . 2001-10-19 13:40 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-03-09 14:39 . 2001-10-19 13:40 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2010-03-09 14:39 . 2001-10-19 13:40 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2010-03-09 14:39 . 2001-10-19 13:39 572752 ----a-w- c:\windows\system32\wmvdmoe.dll
2010-03-09 14:38 . 2010-03-09 14:48 -------- d-----w- c:\programmi\coolpro2
2010-03-09 09:15 . 2010-03-09 09:15 -------- d-----w- c:\programmi\CCleaner
2010-03-08 13:41 . 2010-03-08 13:41 -------- d-----w- c:\documents and settings\Mary\Dati applicazioni\Malwarebytes
2010-03-08 13:41 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-08 13:41 . 2010-03-08 13:41 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-08 13:41 . 2010-03-08 13:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-08 13:41 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-08 12:47 . 2005-04-12 11:54 331184 ------w- c:\windows\system32\difxapi.dll
2010-03-08 08:27 . 2010-03-08 08:27 -------- d-----w- c:\documents and settings\Mary\Dati applicazioni\InstallShield
2010-03-07 15:50 . 2010-03-07 15:50 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\McAfee
2010-03-07 15:27 . 2010-03-07 15:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2010-03-06 21:15 . 2010-03-06 21:15 -------- d-----w- c:\documents and settings\Mary\Impostazioni locali\Dati applicazioni\www.pro-evo.xooit.fr
2010-03-06 21:15 . 2010-03-06 21:15 -------- d-----w- c:\documents and settings\Mary\Dati applicazioni\www.pro-evo.xooit.fr
2010-03-06 21:13 . 2010-03-06 21:13 -------- d-----w- c:\programmi\Microsoft Chart Controls
2010-03-06 20:40 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-03-06 20:40 . 2010-03-06 20:40 -------- d-----w- c:\windows\system32\it-IT
2010-03-06 20:37 . 2010-03-06 20:37 181936 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-03-06 20:36 . 2010-03-06 20:36 -------- d-----w- c:\windows\system32\XPSViewer
2010-03-06 20:36 . 2010-03-06 20:36 -------- d-----w- c:\programmi\MSBuild
2010-03-06 20:36 . 2010-03-06 20:36 -------- d-----w- c:\programmi\Reference Assemblies
2010-03-06 20:35 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-03-06 20:35 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-06 20:35 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-03-06 20:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-03-06 20:35 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-03-06 20:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-03-06 20:35 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-03-06 20:35 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-06 20:35 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-03-06 20:31 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-03-06 20:30 . 2010-03-06 20:30 -------- d-----w- c:\programmi\MSXML 6.0
2010-03-06 20:25 . 2010-03-07 11:49 -------- d-----w- c:\programmi\PRO-EVO Editing Studio 2010
2010-03-04 19:22 . 2010-03-04 19:22 -------- d-----w- c:\programmi\Game Graphic Studio
2010-03-04 13:59 . 2010-03-04 13:59 -------- d-----w- c:\programmi\Lavalys
2010-02-28 18:36 . 2007-10-23 08:27 110592 ----a-w- c:\documents and settings\Mary\Dati applicazioni\U3\temp\cleanup.exe
2010-02-28 18:24 . 2008-05-02 09:41 3493888 ---ha-w- c:\documents and settings\Mary\Dati applicazioni\U3\temp\Launchpad Removal.exe
2010-02-28 18:24 . 2010-03-01 19:08 -------- d-----w- c:\documents and settings\Mary\Dati applicazioni\U3
2010-02-27 12:51 . 2006-11-23 19:48 40960 ----a-w- c:\windows\system32\ps3sixaxis_en.exe
2010-02-27 12:39 . 2005-03-09 19:50 33792 ----a-w- c:\windows\system32\drivers\libusb0.sys
2010-02-27 12:39 . 2005-03-09 19:50 46592 ----a-w- c:\windows\system32\libusb0.dll
2010-02-15 17:29 . 2010-02-15 17:29 -------- d-----w- c:\documents and settings\Mary\Impostazioni locali\Dati applicazioni\World in Conflict
2010-02-15 16:01 . 2010-02-15 16:01 -------- d-----w- c:\programmi\GUT
2010-02-15 15:18 . 2010-02-15 15:18 -------- d-----w- c:\documents and settings\Mary\Dati applicazioni\Red Alert 3
2010-02-10 11:10 . 2010-02-11 14:12 -------- d-----w- c:\documents and settings\Mary\Dati applicazioni\My Games
2010-02-10 10:26 . 2010-02-11 14:17 -------- d-----w- c:\documents and settings\Mary\Impostazioni locali\Dati applicazioni\My Games
2010-02-09 16:32 . 2010-03-07 18:53 -------- d-----w- c:\programmi\Electronic Arts
2010-02-09 16:31 . 2008-09-05 00:22 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2010-02-09 16:31 . 2010-02-09 16:31 10134 ----a-r- c:\documents and settings\Mary\Dati applicazioni\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-02-09 16:31 . 2010-02-09 16:31 -------- d-----w- c:\programmi\Microsoft WSE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 15:01 . 2009-11-05 13:47 28704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-10 15:00 . 2009-11-05 13:47 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-10 14:47 . 2009-11-05 13:47 1792032 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-10 14:47 . 2009-11-05 13:47 174200 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-10 14:33 . 2009-11-05 13:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-03-08 08:26 . 2006-11-28 20:48 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-06 20:48 . 2006-12-04 12:18 93680 ----a-w- c:\documents and settings\Mary\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-06 20:37 . 2001-08-31 12:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-03-06 20:37 . 2001-08-31 12:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-02-15 18:56 . 2009-11-06 21:09 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-02-15 18:56 . 2009-11-06 21:09 -------- d-----w- c:\programmi\AGEIA Technologies
2010-02-15 16:50 . 2009-12-05 14:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2010-02-11 14:22 . 2008-03-09 19:00 -------- d-----w- c:\programmi\Diablo II
2010-02-10 11:06 . 2004-07-17 09:36 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-02-06 20:59 . 2010-02-06 20:59 -------- d--h--w- c:\programmi\FX Uninstall Information
2010-02-05 10:20 . 2010-02-05 10:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sports Interactive
2010-02-05 10:20 . 2010-02-05 10:20 -------- d-----w- c:\documents and settings\Mary\Dati applicazioni\Sports Interactive
2010-02-05 10:15 . 2010-02-05 10:12 -------- d--h--w- c:\programmi\Zero G Registry
2010-02-02 19:10 . 2010-02-02 19:10 118114 ----a-w- c:\windows\system32\J-tg6O-_iN.exe
2010-02-02 19:10 . 2010-02-02 19:10 -------- d-----w- c:\programmi\FLV Direct Player
2010-02-02 18:46 . 2010-02-02 18:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Solidshield
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atwtusb"="atwtusb.exe beta" [X]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mary^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=c:\documents and settings\Mary\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 01:12 483328 ----a-w- c:\programmi\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\programmi\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 13:53 1312080 ----a-w- c:\programmi\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2009-09-10 13:54 420176 ----a-w- c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NIC Monitor GE]
2006-04-11 09:38 45056 ----a-w- c:\windows\system32\VNICMon-GE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\WinDVD\\DVD6\\WinDVD.exe"=
"c:\\Programmi\\World of Warcraft\\WoW-2.4.2-enGB-downloader.exe"=
"e:\\Applicazioni varie\\giochi\\Pes 2010\\pes2010_nodvd_1.3\\pes2010.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader: 3724

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/11/2009 13.41.04 717296]
R2 ARCGIS License Manager;ARCGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [05/04/2007 21.35.26 467968]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [08/03/2010 14.41.07 269648]
R3 GETND5BV;VIA Networking Velocity-Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5bv.sys [06/12/2006 23.11.32 45568]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [04/04/2007 14.58.26 24344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/03/2010 14.41.03 19160]
S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [08/01/2008 14.33.55 22272]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [06/10/2004 9.39.14 283904]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [04/10/2004 5.28.38 43392]
S3 ERMLicSrv_ATL71;ERMLicSrv_ATL71;c:\windows\system32\ERM\7.1\ERMLicSrv_ATL71.exe [04/12/2006 14.35.44 94208]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [27/02/2010 13.39.15 33792]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [11/01/2007 18.06.14 15104]
S3 VNICPKT5;VNICPKT5 Protocol Driver;c:\windows\system32\VNICPKT5.sys [06/12/2006 23.11.59 16066]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mary\Dati applicazioni\Mozilla\Firefox\Profiles\yy42jd3e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-dllcache



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 16:00
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89C111F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bfc3
\Driver\ACPI -> ACPI.sys @ 0xf7477cb8
\Driver\atapi -> 0x89c111f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: VIA Networking Velocity-Family Giga-bit Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xbae73ba0
PacketIndicateHandler -> NDIS.sys @ 0xbae62a0b
SendHandler -> NDIS.sys @ 0xbae76b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-861567501-813497703-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:b9,e0,33,39,68,03,51,18,5d,8b,27,67,1d,b9,e6,a8,62,c8,70,17,94,
38,64,a1,da,c8,af,e6,ce,7b,a0,de,cc,26,bf,bc,f7,2b,53,4d,74,b7,18,fc,8e,47,\
"rkeysecu"=hex:6f,bc,c8,b6,e7,d6,37,77,c2,2f,ad,d2,ba,6a,d4,1b
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1148)
c:\programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

- - - - - - - > 'explorer.exe'(3892)
c:\programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\msi.dll
c:\programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\progra~1\ESRI\License\arcgis9x\ARCGIS.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Ora fine scansione: 2010-03-10 16:05:05 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-10 15:05

Pre-Run: 29.804.552.192 byte disponibili
Post-Run: 29.646.946.304 byte disponibili

- - End Of File - - 5C7F2E051A4F76536ED26A22CD545825
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi controllate il log di hijack...grazie


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.