Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log

Controllo Log

Opzioni

Topic Precedente · Topic Sucessivo

lauraz

Inviato: Thursday, March 11, 2010 11:36:50 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195

Ciao,avevo scritto nelle sezione Windows 7 perchè avevo problemi con il mini pc di mia figlia,adesso funziona bene ma vorrei ugualmente che mi controllaste il log per favore.

questo è il log di ieri :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:27, on 10/03/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\MD-@ HSUPA\MD-@ HSUPA.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\WerFault.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcanvas.com/?ot=6
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: P2P Max IT Toolbar - {d22b76bb-abbd-4eb6-9bbb-f387bf27f76b} - C:\Program Files\P2P_Max_IT\tbP2P_.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TBSB07286 - {C23D0D6A-8CBA-4B33-9735-47D81F5B2B85} - C:\Program Files\ecobar\ecobar.dll
O2 - BHO: P2P Max IT Toolbar - {d22b76bb-abbd-4eb6-9bbb-f387bf27f76b} - C:\Program Files\P2P_Max_IT\tbP2P_.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: P2P Max IT Toolbar - {d22b76bb-abbd-4eb6-9bbb-f387bf27f76b} - C:\Program Files\P2P_Max_IT\tbP2P_.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ecobar - {59382727-9048-6123-1523-597264847187} - C:\Program Files\ecobar\ecobar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\Asus\Eee Docking\Eee Docking.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\MD-@ HSUPA\MD-@ HSUPA.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [__c00819D1] rundll32.exe "C:\Users\Chiara\AppData\Local\Temp\__c00819D1.dat",B
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Global Startup: HotKeyMon.lnk = C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99BEC8E5-9820-4EDC-AC88-F1EDA9BF7CA9}: NameServer = 62.13.171.5 62.13.171.4
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

questo è di oggi dopo che ho fixato alcune voci:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:59, on 11/03/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcanvas.com/?ot=6
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TBSB07286 - {C23D0D6A-8CBA-4B33-9735-47D81F5B2B85} - C:\Program Files\ecobar\ecobar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ecobar - {59382727-9048-6123-1523-597264847187} - C:\Program Files\ecobar\ecobar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\Asus\Eee Docking\Eee Docking.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\MD-@ HSUPA\MD-@ HSUPA.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Global Startup: HotKeyMon.lnk = C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Questo è il log di MalwareBytes ;

Malwarebytes' Anti-Malware 1.44
Versione del database: 3852
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/03/2010 17:11:36
mbam-log-2010-03-11 (17-11-36).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 105675
Tempo trascorso: 8 minute(s), 29 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 2
Chiavi di registro infette: 17
Valori di registro infetti: 2
Elementi dato del registro infetti: 0
Cartelle infette: 7
File infetti: 15

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\Program Files\ecobar\ecobar.dll (Adware.Ecobar) -> Delete on reboot.
C:\Program Files\ecobar\tbhelper.dll (Adware.Ecobar) -> Delete on reboot.

Chiavi di registro infette:
HKEY_CLASSES_ROOT\TypeLib\{65dcd8fe-a6f4-47b5-a5bd-13952364defc} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f55c26ae-bdb0-4cc3-ba4e-ba5a0806438e} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f6bb6a9a-e77b-4d5b-82d0-15ffb881e963} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59382727-9048-6123-1523-597264847187} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{59382727-9048-6123-1523-597264847187} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{59382727-9048-6123-1523-597264847187} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.ietoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.ietoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.tbsb07286 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.tbsb07286.3 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb07286 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb07286.1 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07286.TBSB07286Toolbar (Adware.Ecobar) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{59382727-9048-6123-1523-597264847187} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{59382727-9048-6123-1523-597264847187} (Adware.Ecobar) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Program Files\ecobar (Adware.Ecobar) -> Delete on reboot.
C:\sysmon\mhqmh74418 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\nhrmi74428 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\nirni74428 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\asex02886 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\cvhc13007 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\ewid24107 (Trojan.Downloader) -> Quarantined and deleted successfully.

File infetti:
C:\Program Files\ecobar\ecobar.dll (Adware.Ecobar) -> Delete on reboot.
C:\Program Files\ecobar\tbhelper.dll (Adware.Ecobar) -> Delete on reboot.
C:\Users\Chiara\AppData\Local\Temp\__c0078F22.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\basis.xml (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\ecobar.crc (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\icons.bmp (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\info.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\uninstall.exe (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\version.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\your_logo.png (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\sysmon\nhrmi74428\kdiue732.txt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\nhrmi74428\pvet7842.txt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\asex02886\akqx85620.txt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\asex02886\bdur48600.txt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\asex02886\kdiue732.txt (Trojan.Downloader) -> Quarantined and deleted successfully

Gli amici della sezione win7 mi hanno consigliato di farvi vedere i log.
Il problema era questo,il pc era connesso ma funzionava solo Messenger a singhiozzo,non si poteva navigare,dopo una scansione con Cloud Panda sono riuscita a navigare,allora ho scaricato Hijack e Malwarebytes e questi sono i log.

Torna in alto

Sponsor

Inviato: Thursday, March 11, 2010 11:36:50 PM

Torna in alto

tamagon

Inviato: Thursday, March 11, 2010 11:42:34 PM

Rank: AiutAmico

Iscritto dal : 3/6/2009
Posts: 2,913

la scansione con malwarebytes falla completa non rapida,aspetta gli esperti poi,ciao

Torna in alto

r16

Inviato: Thursday, March 11, 2010 11:44:20 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Torna in alto

dannato

Inviato: Thursday, March 11, 2010 11:58:30 PM

Rank: AiutAmico

Iscritto dal : 3/5/2010
Posts: 75

WOW..
il tuo pc è nel raparto infetti hiv dei pc =D
consiglio appena R16 finisce di farti pulire il pc e rimuovere tutti i virus trojan eccetra .
scaricati avast 5-0 come antivirus, pc tools firewall plus come firewall , e spywar terminetor.
cosi hai gia una buona difesa di base. li trovi tutti su i programmi scricabili di aiuta amici.
mi raccomando se decidi di installarli distalla quelli che hai gia.
ciao =)

Torna in alto

lauraz

Inviato: Friday, March 12, 2010 5:05:55 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195

r16 ha scritto:

Alla faccia.....ne avevi di fetecchie.
Hai riavviato il pc?
Alcune infezioni richiedono il riavvio per essere eliminate.

Fai anche questa scansione:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Ecco il log:
ComboFix 10-03-11.05 - Chiara 12/03/2010 16:45:36.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.39.1040.18.1015.495 [GMT 1:00]
Eseguito da: c:\users\Chiara\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\temp
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotKeyMon.lnk
c:\windows\system32\service
c:\windows\system32\service\06012010_TIS17_SfFniAU.log
c:\windows\system32\service\08012010_TIS17_SfFniAU.log
c:\windows\system32\service\17012010_TIS17_PccScan.log
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Creati Da 2010-02-12 al 2010-03-12 )))))))))))))))))))))))))))))))))))
.

2010-03-12 15:58 . 2010-03-12 15:59 -------- d-----w- c:\users\Chiara\AppData\Local\temp
2010-03-12 15:58 . 2010-03-12 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-11 15:56 . 2010-03-11 15:56 -------- d-----w- c:\users\Chiara\AppData\Roaming\Malwarebytes
2010-03-11 15:56 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-11 15:56 . 2010-03-11 15:56 -------- d-----w- c:\programdata\Malwarebytes
2010-03-11 15:56 . 2010-03-11 15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 15:56 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 20:22 . 2010-03-10 20:22 -------- d-----w- c:\program files\Trend Micro
2010-03-10 20:00 . 2010-03-10 20:00 -------- d-----w- c:\users\Chiara\AppData\Roaming\Panda Security
2010-03-10 19:59 . 2010-03-10 19:59 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-03-10 19:59 . 2010-03-10 19:59 -------- d-----w- c:\programdata\Panda Security
2010-03-10 19:59 . 2010-03-10 19:59 -------- d-----w- c:\program files\Panda Security
2010-03-07 19:31 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-01 20:17 . 2010-03-01 20:17 -------- d-----w- c:\users\Chiara\AppData\Local\bluesoleil
2010-03-01 20:13 . 2010-03-01 20:13 -------- d-----w- c:\program files\IVT Corporation
2010-02-28 09:36 . 2010-02-28 09:36 -------- d-----w- c:\users\Chiara\AppData\Roaming\AVS4YOU
2010-02-28 09:35 . 2010-03-07 18:59 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-28 09:34 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-02-28 09:34 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-02-28 09:34 . 2010-03-07 18:59 -------- d-----w- c:\program files\AVS4YOU
2010-02-28 09:34 . 2010-02-28 09:36 -------- d-----w- c:\programdata\AVS4YOU
2010-02-28 09:34 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-02-28 09:34 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-24 19:18 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 19:18 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 19:15 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-21 12:38 . 2010-02-28 09:07 -------- d-----w- c:\users\Chiara\AppData\Local\WMTools Downloaded Files
2010-02-21 12:36 . 2010-03-11 18:18 -------- d-----w- c:\program files\Movie Maker 2.6
2010-02-14 12:19 . 2010-02-14 12:19 -------- d-----w- c:\program files\CCleaner
2010-02-14 12:07 . 2010-02-14 12:07 -------- d-----w- c:\users\Chiara\RegSeeker
2010-02-14 11:47 . 2010-02-14 11:36 2585872 ----a-w- c:\users\Chiara\WindowsInstaller-KB893803-v2-x86.exe
2010-02-14 10:41 . 2010-02-14 10:41 -------- d-----w- c:\programdata\Bluetooth
2010-02-14 08:51 . 2010-02-14 08:51 -------- d-----w- c:\program files\Microsoft Recommendation Agent
2010-02-14 08:49 . 2010-02-14 08:49 -------- d-----w- c:\users\Chiara\AppData\Roaming\Techno Design IP
2010-02-13 19:39 . 2010-02-13 19:39 -------- d-----w- c:\users\Chiara\AppData\Local\Netlog
2010-02-13 19:39 . 2010-02-13 19:39 -------- d-----w- c:\program files\Netlog Uploader
2010-02-12 22:22 . 2010-02-12 22:22 -------- d--h--w- c:\windows\AxInstSV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 18:18 . 2009-08-19 05:06 -------- d-----w- c:\programdata\Microsoft Help
2010-03-10 18:55 . 2009-07-26 01:49 689472 ----a-w- c:\windows\system32\perfh010.dat
2010-03-10 18:55 . 2009-07-26 01:49 124626 ----a-w- c:\windows\system32\perfc010.dat
2010-03-08 18:00 . 2010-01-24 18:18 -------- d-----w- c:\programdata\Electronic Arts
2010-03-07 19:02 . 2009-12-26 13:09 -------- d-----w- c:\users\Chiara\AppData\Roaming\LimeWire
2010-02-14 11:59 . 2010-01-24 21:05 -------- d-----w- c:\programdata\Innovative Solutions
2010-02-13 15:00 . 2009-12-25 16:28 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-31 18:37 . 2010-01-31 18:37 -------- d-----w- c:\program files\Duo
2010-01-24 21:06 . 2010-01-24 21:06 -------- d-----w- c:\windows\Fonts\AdvUninstal
2010-01-24 21:05 . 2010-01-24 21:05 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2010-01-24 20:01 . 2010-01-24 19:48 -------- d-----w- c:\users\Chiara\AppData\Roaming\DAEMON Tools Lite
2010-01-24 19:52 . 2010-01-24 19:51 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-24 19:52 . 2010-01-24 19:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-24 19:50 . 2009-12-25 15:04 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-24 19:48 . 2010-01-24 19:48 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-01-24 18:13 . 2010-01-24 18:13 10134 ----a-r- c:\users\Chiara\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-01-24 18:13 . 2010-01-24 18:13 -------- d-----w- c:\program files\Microsoft WSE
2010-01-24 18:06 . 2009-08-19 18:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 21:32 . 2010-01-21 21:32 -------- d-----w- c:\program files\Zeallsoft
2010-01-21 21:17 . 2010-01-21 21:10 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-21 21:09 . 2010-01-21 21:09 -------- d-----w- c:\program files\Corel
2010-01-18 23:29 . 2010-02-10 21:10 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 21:10 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 21:10 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 21:10 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 21:10 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 21:10 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 21:10 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 21:10 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-17 11:35 . 2010-01-17 11:35 -------- d-----w- c:\program files\Nokia
2010-01-17 11:35 . 2010-01-17 11:35 -------- d-----w- c:\program files\DIFX
2010-01-17 11:34 . 2010-01-17 11:34 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-17 11:34 . 2010-01-17 11:34 8192 ----a-w- c:\programdata\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-17 11:34 . 2010-01-17 11:34 -------- d-----w- c:\programdata\Installations
2010-01-17 11:12 . 2010-01-15 20:09 10752 ----a-w- c:\windows\DCEBoot.exe
2010-01-08 03:18 . 2010-02-10 21:10 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 21:10 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-06 14:07 . 2009-12-03 14:24 79136 ----a-w- c:\users\Chiara\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-27 13:59 . 2009-12-27 13:59 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-26 13:07 . 2009-12-26 13:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-19 09:02 . 2010-01-21 19:24 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-10 21:10 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 21:10 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 21:10 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 21:10 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 21:10 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 21:10 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 21:10 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 21:10 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\System32\ieframe.dll" [2009-12-19 10976768]

[HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "c:\program files\Windows Live\Toolbar\wltcore.dll" [2009-02-06 1068904]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2009-11-24 953800]

[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "c:\program files\Windows Live\Toolbar\wltcore.dll" [2009-02-06 1068904]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2009-11-24 953800]

[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Pending Delete Icon]
@="{0847B599-9191-4A27-BD61-DE11598D3B1B}"
[HKEY_CLASSES_ROOT\CLSID\{0847B599-9191-4A27-BD61-DE11598D3B1B}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\Asus\Eee Docking\Eee Docking.exe" [2009-08-17 402608]
"Mobile Partner"="c:\program files\MD-@ HSUPA\MD-@ HSUPA.exe" [2009-12-25 110592]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"SuperHybridEngine"="AsusSender.exe" [2009-08-18 27648]
"HotkeyService"="AsusSender.exe" [2009-08-18 27648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-26 149280]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-09-10 258134]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-10-30 361728]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Chiara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Chiara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-24 691696]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-09-24 22528]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2008-07-31 20616]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2009-10-13 114184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2009-10-30 136448]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2009-10-30 146440]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2009-10-13 97800]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2009-10-13 101384]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.searchcanvas.com/?ot=6
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)
WebBrowser-{D22B76BB-ABBD-4EB6-9BBB-F387BF27F76B} - (no file)
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2010-03-12 17:02:20
ComboFix-quarantined-files.txt 2010-03-12 16:02

Pre-Run: 81.962.078.208 byte disponibili
Post-Run: 81.916.289.024 byte disponibili

- - End Of File - - 00C24F6C000809E10CA71B6B98EBAD58

Torna in alto

r16

Inviato: Friday, March 12, 2010 7:17:40 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao lauraz .
Per favore non quotare le mie risposte, mi trovo meglio grazie.

Apri un file di testo con il Block Note, sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
[-HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
N.B: se il pc non si riavvia, riavvialo tu.

Vai in Installazione Applicazioni, e rimuovi tutte le Toolbar che trovi.

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded