Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log di Hijackthis

Log di Hijackthis Opzioni
Topic Precedente · Topic Sucessivo
smazzella62
Inviato: Tuesday, September 28, 2010 3:18:20 PM
Rank: Member

Iscritto dal : 7/19/2003
Posts: 25
Qualcuno avrebbe la gentilezza di controllarmi il log:
Il pc spesso ignora il comando di spengersi e quando è acceso fa un rumore strano come all'avvio di windows (sembra che voglia accendersi quando lo è gia).
Grazie Simona


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.04.36, on 28/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285260083031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1285508611843
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://aiuto.alice.it/ata/static/installers/McciControlInstaller_6.6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Programmi\Common Files\Motive\McciCMService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe

--
End of file - 6109 bytes
Torna in alto
 
Sponsor
Inviato: Tuesday, September 28, 2010 3:18:20 PM

 
Torna in alto
 
a.roselli
Inviato: Tuesday, September 28, 2010 4:54:31 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,052
Fai una scansione completa con questo programma
http://software.aiutamici.com/software?ID=80346

e poi fai una scansione completa con il tuo antivirus.

Il log è pulito da spyware.

alfonso_aiutamici@hotmail.it
Torna in alto
 
lucaxd
Inviato: Tuesday, September 28, 2010 5:19:46 PM
Rank: AiutAmico

Iscritto dal : 9/16/2010
Posts: 90
Ciao Simona. Neanche io vedo niente, a parte questa : O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) è una voce che HijackThis non rivela. Ma dovrebbe essere di Windows Live.

Credo che il tuo, è un problema di "Pulizia" in generale, e del registro. Dai un occhiata qui :
- http://forum.aiutamici.com/yaf_postst72840_un-aiuto-per-Difetti-dopo-rimozione-trojan-Antispy-Safeguard.aspx

Facendo la procedura con CCleaner, dovresti notare dei miglioramenti.

Se vuoi sapere altro, o hai dei dubbi, siamo qui.

Ciao.
Torna in alto
 
smazzella62
Inviato: Thursday, September 30, 2010 11:15:30 AM
Rank: Member

Iscritto dal : 7/19/2003
Posts: 25
Grazie per l'aiuto.
Ccleaner non ha risolto niente, adesso provo con Malware Bytes...
Torna in alto
 
paulr0ck
Inviato: Thursday, September 30, 2010 11:31:35 AM

Rank: AiutAmico

Iscritto dal : 7/1/2010
Posts: 233
.
.
.
Questo intervento è stato cancellato dal Webmaster
in quanto non conforme alle regole del forum.
Clicca qui per leggere le regole di questo forum
.
.
.
Forget your lust for the rich man's gold
All that you need is in your soul
And you can do this, oh baby, if you try
All that I want for you my son is to be satisfied
Torna in alto
 
smazzella62
Inviato: Friday, October 01, 2010 12:40:24 PM
Rank: Member

Iscritto dal : 7/19/2003
Posts: 25
Ho fatto Scandisk e defrag;tutto a posto.
scansione completa con Malwarebytes e avg;niente di rilevato.
Ho scaricato Combofix e scansionato in modalità provvisoria; questo è il log:

ComboFix 10-09-30.01 - SULI 30/09/2010 23.34.42.1.1 - FAT32x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.479.315 [GMT 2:00]
Eseguito da: c:\documents and settings\SULI\Desktop\pippo.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Creati Da 2010-08-28 al 2010-09-30 )))))))))))))))))))))))))))))))))))
.

2010-09-30 21:11 . 2010-09-30 21:11 -------- d-----w- c:\windows\LastGood
2010-09-30 21:11 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-30 21:03 . 2010-09-30 21:03 1 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-30 21:03 . 2010-09-30 21:03 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org
2010-09-30 20:58 . 2010-09-30 20:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-30 19:47 . 2010-09-30 19:47 -------- d-----w- C:\FOUND.002
2010-09-30 19:29 . 2010-09-30 19:29 -------- d-----w- C:\FOUND.001
2010-09-30 16:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-30 16:56 . 2010-09-30 16:56 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-09-30 16:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-30 16:48 . 2008-04-14 02:13 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-09-30 16:46 . 2010-09-30 16:46 -------- d-----w- c:\programmi\Windows Media Connect 2
2010-09-30 16:42 . 2010-09-30 16:42 -------- d-----w- c:\windows\system32\LogFiles
2010-09-30 16:42 . 2010-09-30 16:42 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-09-30 16:09 . 2010-09-30 16:09 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-30 10:04 . 2010-09-30 10:04 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\Malwarebytes
2010-09-30 10:04 . 2010-09-30 10:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-09-30 07:38 . 2010-09-30 07:38 -------- d-----w- C:\FOUND.000
2010-09-28 18:42 . 2010-09-28 18:42 -------- d-----w- C:\Archivos de programa
2010-09-26 20:07 . 2010-09-26 20:07 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-09-26 13:20 . 2010-09-26 13:20 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\MessengerDiscovery 2
2010-09-26 13:19 . 2010-09-26 13:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-09-26 13:19 . 2010-09-26 13:19 -------- d-----w- c:\programmi\MessengerDiscovery 2
2010-09-26 13:19 . 2010-09-26 13:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MessengerDiscovery 2
2010-09-26 13:17 . 2010-09-26 13:17 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-09-26 13:13 . 2010-09-26 13:13 -------- d-----w- c:\programmi\Windows Live
2010-09-26 12:50 . 2010-09-26 12:50 -------- d-----w- c:\documents and settings\SULI\Tracing
2010-09-26 12:49 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-26 12:48 . 2010-09-26 12:49 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2010-09-26 12:48 . 2010-09-26 12:48 -------- d-----w- c:\programmi\Microsoft
2010-09-26 12:47 . 2010-09-26 12:47 -------- d-----w- c:\programmi\Windows Live SkyDrive
2010-09-26 12:40 . 2010-09-26 12:40 -------- d-----w- c:\programmi\File comuni\Windows Live
2010-09-26 12:20 . 2010-09-26 12:20 -------- d-----w- c:\windows\system32\XPSViewer
2010-09-26 12:20 . 2010-09-26 12:20 -------- d-----w- c:\programmi\MSBuild
2010-09-26 12:20 . 2010-09-26 12:20 -------- d-----w- c:\programmi\Reference Assemblies
2010-09-26 12:20 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-09-26 12:17 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-09-26 12:17 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-09-26 12:17 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-09-26 12:17 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-09-26 12:17 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-09-26 12:17 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-09-26 12:17 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-09-26 12:17 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-09-25 17:56 . 2010-09-25 17:57 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\HPAppData
2010-09-25 17:50 . 2010-09-25 17:52 23133 ----a-w- c:\windows\hpqins15.dat
2010-09-25 17:28 . 2010-09-25 17:28 23510720 ----a-w- c:\windows\dotnetfx.exe
2010-09-25 11:09 . 2010-09-25 11:09 -------- d-sh--w- c:\documents and settings\SULI\IECompatCache
2010-09-25 11:09 . 2010-09-25 11:09 -------- d-sh--w- c:\documents and settings\SULI\PrivacIE
2010-09-25 11:06 . 2010-09-25 11:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-09-25 10:53 . 2010-09-25 10:53 -------- d-----w- c:\windows\l2schemas
2010-09-25 10:53 . 2010-09-25 10:53 -------- d-----w- c:\windows\system32\it
2010-09-25 09:47 . 2010-09-25 09:47 -------- d-sh--w- c:\documents and settings\SULI\IETldCache
2010-09-25 09:44 . 2010-09-25 09:44 -------- d-----w- c:\windows\ie8updates
2010-09-25 09:44 . 2010-06-24 12:22 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-25 09:44 . 2010-06-24 12:22 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-25 09:44 . 2010-06-24 12:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-09-25 09:44 . 2010-06-24 12:22 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-25 09:44 . 2010-06-24 12:22 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-25 09:44 . 2010-06-24 15:52 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-09-25 09:44 . 2010-06-24 12:22 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-09-25 09:42 . 2010-09-25 09:42 -------- d--h--w- c:\windows\ie8
2010-09-25 09:42 . 2010-09-25 09:42 -------- d-----w- c:\windows\system32\it-IT
2010-09-25 09:15 . 2007-02-13 15:17 69632 ----a-w- c:\windows\system32\MCCDevice.dll
2010-09-25 09:15 . 2007-02-13 15:17 6048 ----a-w- c:\windows\system32\MCC16.dll
2010-09-25 09:04 . 2010-09-25 09:05 -------- d-----w- c:\documents and settings\SULI\Impostazioni locali\Dati applicazioni\Identities
2010-09-24 17:15 . 2010-09-24 17:15 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\Motive
2010-09-24 14:36 . 2010-09-24 14:36 -------- d-----w- c:\programmi\iTunes
2010-09-24 14:35 . 2010-09-24 14:35 -------- d-----w- c:\programmi\iPod
2010-09-24 14:02 . 2010-09-25 08:14 1 ----a-w- c:\documents and settings\SULI\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-24 13:57 . 2010-09-24 13:57 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\OpenOffice.org
2010-09-24 13:55 . 2010-09-24 13:55 -------- d-----w- c:\windows\ShellNew
2010-09-24 13:54 . 2010-09-24 13:54 -------- d-----w- c:\programmi\OpenOffice.org 3
2010-09-24 13:53 . 2010-09-24 13:53 -------- d-----w- c:\programmi\readmes
2010-09-24 13:53 . 2010-09-24 13:53 -------- d-----w- c:\programmi\licenses
2010-09-24 13:26 . 2010-09-24 13:26 -------- d-----w- c:\programmi\Foxit Software
2010-09-24 13:26 . 2010-09-24 13:26 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\Foxit
2010-09-24 13:26 . 2010-09-24 13:26 -------- d-----w- c:\programmi\FoxitReader
2010-09-24 11:27 . 2008-04-14 02:13 144896 ------w- c:\windows\system32\onex.dll
2010-09-24 11:26 . 2009-01-30 18:34 4096 ------w- c:\windows\system32\dllcache\wmsdmoe2.dll
2010-09-24 11:04 . 2008-06-14 17:32 272768 ------w- c:\windows\system32\dllcache\bthport.sys
2010-09-24 11:03 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-09-24 11:03 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-24 11:03 . 2009-11-21 15:54 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-09-24 11:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-24 11:03 . 2009-10-15 16:29 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-09-24 11:03 . 2009-10-15 16:29 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-09-24 11:00 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-09-24 11:00 . 2008-05-01 14:34 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-09-24 11:00 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-09-24 10:58 . 2009-06-10 07:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-09-24 10:58 . 2008-10-15 16:36 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-09-24 10:57 . 2008-04-21 21:14 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-09-24 07:36 . 2010-09-24 07:36 4093792 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgui.exe
2010-09-24 07:36 . 2010-09-24 07:36 3586912 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-09-24 07:36 . 2010-09-24 07:36 620896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgnsx.exe
2010-09-24 07:36 . 2010-09-24 07:36 1615200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssie.dll
2010-09-24 07:36 . 2010-09-24 07:36 1107296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgxpl.dll
2010-09-24 07:36 . 2010-09-24 07:36 942432 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcfgx.dll
2010-09-24 07:36 . 2010-09-24 07:36 921440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgemc.exe
2010-09-24 07:36 . 2010-09-24 07:36 598368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgsrmx.dll
2010-09-24 07:36 . 2010-09-24 07:36 4368224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2010-09-24 07:36 . 2010-09-24 07:36 300896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchclx.dll
2010-09-24 07:32 . 2010-09-24 07:32 1690952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-09-23 21:37 . 2010-09-23 21:37 -------- d-----w- c:\programmi\IObit
2010-09-23 20:52 . 2010-09-23 20:52 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\IObit
2010-09-23 20:33 . 2010-09-23 20:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WEBREG
2010-09-23 20:30 . 2010-09-23 20:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2010-09-23 20:30 . 2010-09-23 20:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2010-09-23 20:26 . 2010-09-23 20:26 -------- d-----w- c:\programmi\File comuni\HP
2010-09-23 20:22 . 2010-09-23 20:22 -------- d-----w- c:\windows\system32\DRVSTORE
2010-09-23 20:21 . 2010-09-23 20:21 -------- d-----w- c:\programmi\HP
2010-09-23 20:21 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-09-23 20:17 . 2010-09-23 20:33 149018 ----a-w- c:\windows\HPHins15.dat
2010-09-23 20:17 . 2007-08-28 06:45 2828 ------w- c:\windows\hphmdl15.dat
2010-09-23 20:16 . 2010-09-23 20:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hewlett-Packard
2010-09-23 20:16 . 2007-03-30 15:11 267864 ----a-r- c:\windows\system32\hpzids01.dll
2010-09-23 20:16 . 2007-03-28 12:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2010-09-23 20:16 . 2007-03-28 11:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2010-09-23 20:12 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-09-23 20:06 . 2010-09-23 20:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-23 20:06 . 2010-09-23 20:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-23 20:06 . 2010-09-23 20:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-23 20:06 . 2010-09-23 20:06 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-23 20:06 . 2010-09-23 20:06 -------- d-----w- c:\windows\system32\drivers\Avg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 14:09 . 1979-12-31 22:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-09-26 14:09 . 1979-12-31 22:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-09-25 10:56 . 2010-09-23 15:21 86327 ----a-w- c:\windows\pchealth\HelpCtr\OfflineCache\index.dat
2010-09-23 16:31 . 2010-09-23 16:31 2232 ----a-w- c:\windows\java\Packages\Data\NHJ7ZDRP.DAT
2010-09-23 16:31 . 2010-09-23 16:31 155995 ----a-w- c:\windows\java\Packages\DB7PJVDZ.ZIP
2010-09-23 16:31 . 2010-09-23 16:31 2678 ----a-w- c:\windows\java\Packages\Data\GXVTJH7B.DAT
2010-09-23 16:31 . 2010-09-23 16:31 2678 ----a-w- c:\windows\java\Packages\Data\5RVXJVJZ.DAT
2010-09-23 16:31 . 2010-09-23 16:31 2678 ----a-w- c:\windows\java\Packages\Data\F3FRJLNJ.DAT
2010-09-23 16:31 . 2010-09-23 16:31 2678 ----a-w- c:\windows\java\Packages\Data\31R5RNBF.DAT
2010-09-23 16:31 . 2010-09-23 16:31 2678 ----a-w- c:\windows\java\Packages\Data\02SZH7VV.DAT
2010-09-23 15:30 . 2010-09-23 15:30 -------- d-----w- c:\programmi\Java
2010-09-23 15:30 . 2010-09-23 15:30 -------- d-----w- c:\programmi\File comuni\Java
2010-09-23 15:29 . 2010-09-23 15:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2010-09-23 15:29 . 2010-09-23 15:29 -------- d-----w- c:\programmi\CyberLink
2010-09-23 15:29 . 2010-09-23 15:40 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\InterTrust
2010-09-23 15:28 . 2010-09-23 15:28 1024 ---h--r- c:\windows\system32\NTICDMK32.dll
2010-09-23 15:28 . 2010-09-23 15:28 6912 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2010-09-23 15:27 . 2010-09-23 15:27 -------- d-----w- c:\programmi\Realtek Sound Manager
2010-09-23 15:27 . 2010-09-23 15:27 -------- d-----w- c:\programmi\AvRack
2010-09-23 15:27 . 2010-09-23 15:27 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-09-23 15:27 . 2010-09-23 15:27 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-09-23 15:26 . 2010-09-23 15:26 11 ----a-w- c:\windows\system32\drivers\Acer_Aspire T310.MRK
2010-09-23 15:22 . 2010-09-23 15:22 -------- d-----w- c:\programmi\microsoft frontpage
2010-09-23 15:20 . 2010-09-23 15:20 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-23 15:19 . 2010-09-23 15:19 -------- d-----w- c:\programmi\Servizi in linea
2010-09-23 15:18 . 2010-09-23 15:40 0 ----a-w- c:\documents and settings\SULI\vga10F.tmp
2010-09-23 15:18 . 2010-09-23 15:25 0 ----a-w- c:\documents and settings\Administrator\vga10F.tmp
2010-09-23 15:18 . 2010-09-23 15:24 0 ----a-w- c:\windows\system32\config\systemprofile\vga10F.tmp
2010-09-23 15:18 . 2010-09-23 15:18 0 ----a-w- c:\documents and settings\Default User\vga10F.tmp
2010-08-17 13:17 . 2005-06-10 23:55 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2004-03-06 02:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"SunJavaUpdateSched"="c:\programmi\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 32873]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-23 2065760]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2010-9-23 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-23 20:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\BIN\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\BIN\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\BIN\\hpqpsapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\BIN\\hpqpse.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\BIN\\hpqusgm.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\BIN\\hpqusgh.exe"=
"c:\\Programmi\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/09/2010 22.06.36 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/09/2010 22.06.45 243024]
S2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [23/09/2010 22.06.20 921952]
S2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [23/09/2010 22.06.19 308136]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [23/09/2010 18.30.45 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-09-30 c:\windows\Tasks\WebReg Deskjet D2400 series.job
- c:\programmi\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 19:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 23:40
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Ora fine scansione: 2010-09-30 23:42:42
ComboFix-quarantined-files.txt 2010-09-30 21:42

Pre-Run: 52.718.731.264 byte disponibili
Post-Run: 52.814.184.448 byte disponibili

- - End Of File - - 28977A1ECD192E4AF289D02E5F9089BD
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log di Hijackthis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.