Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Problema con la P maiuscola!

Problema con la P maiuscola! Opzioni
Topic Precedente · Topic Sucessivo
linkin
Inviato: Friday, May 02, 2008 6:06:49 PM

Rank: AiutAmico

Iscritto dal : 1/4/2008
Posts: 427
Salve ragazzi, in questo momento solo voi mi potete aiutare!
Poco tempo fa ho acceso il computer e ho pulite le tracce (tranne di firefox) con CCleaner, mi sono connesso a internet con IE e la mia pagina principale non era + google, mi si è aperta un pubblicità e un popup, di seguito si è aperto windows defender e mi ha segnalato 1 trojan.d'oh! d'oh! d'oh!
Mi si apre un'altro popup con scritto "vuoi connetterti ancora" oppure "vuoi connetterti adesso", scusate ma non ricordo bene. Sul desktop ora era presente un'icona con scritto accesso l'ho immediatamente cancellata!

Di seguito riporto due screenshot




E di seguito riporto i log di HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.05.36, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmi\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6613 bytes

Grazie a tutti per l'ascolto.
Torna in alto
 
Sponsor
Inviato: Friday, May 02, 2008 6:06:49 PM

 
Torna in alto
 
r16
Inviato: Friday, May 02, 2008 7:41:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disabilita il tuo antivirus.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Il log è pulito . ma dopo la scansione di Combofix postane un'altro.

Sempre qui
Torna in alto
 
antonpaco
Inviato: Saturday, May 03, 2008 3:24:49 PM
Rank: AiutAmico

Iscritto dal : 11/7/2006
Posts: 1,180
ma quando si e' aperta la finestra del defender hai cliccato su remove all? perche' in quel caso non dovresti avere piu' problemi, dovrebbe trattarsi di un browser modifier. Ho avuto lo stesso tuo problema qualche settimana fa, pero' l'ho risolto subito con il defender, speriamo che ci riesci anche te.
Torna in alto
 
linkin
Inviato: Tuesday, May 06, 2008 5:35:08 PM

Rank: AiutAmico

Iscritto dal : 1/4/2008
Posts: 427
Si ho cliccato su rimuovi :).

r16 ho cliccato su rimuovi quindi il virus non c'è più. Allora la scansione con combofix la devo ancora fare?

Comunque grazie antonpaco.
Torna in alto
 
r16
Inviato: Tuesday, May 06, 2008 6:33:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Ti assicuro che male non fa.
Torna in alto
 
linkin
Inviato: Wednesday, May 14, 2008 1:30:40 PM

Rank: AiutAmico

Iscritto dal : 1/4/2008
Posts: 427
Ok, questo è il log di Combofix

ComboFix 08-05-12.1 - Francesco 2008-05-14 13:20:42.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.164 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Francesco\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-14 al 2008-05-14 )))))))))))))))))))))))))))))))))))
.

2008-05-14 08:17 . 2008-05-14 08:17 <DIR> d-------- C:\Programmi\Winamp
2008-05-14 08:17 . 2008-05-14 08:54 <DIR> d-------- C:\Documents and Settings\Francesco\Dati applicazioni\Winamp
2008-05-12 19:50 . 2008-05-13 17:46 <DIR> d-------- C:\Programmi\Live_TV
2008-05-12 19:49 . 2008-05-13 11:56 <DIR> d-------- C:\Programmi\Babylon
2008-05-12 19:49 . 2008-05-14 11:48 <DIR> d-------- C:\Documents and Settings\Francesco\Dati applicazioni\Babylon
2008-05-12 19:49 . 2008-05-14 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Babylon
2008-05-09 18:57 . 2008-05-09 18:57 34 --a------ C:\WINDOWS\system32\oeminfo.ini
2008-05-07 14:44 . 2008-05-07 18:34 <DIR> d-------- C:\Programmi\Blaero Start Orb
2008-05-07 14:42 . 2007-02-28 18:02 2,184,064 --a------ C:\WINDOWS\system32\ntoskrnl.exe.zottel
2008-05-07 14:42 . 2007-02-28 18:02 2,061,312 --a------ C:\WINDOWS\system32\ntkrnlpa.exe.zottel
2008-05-06 16:56 . 2008-05-06 16:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-06 16:56 . 2008-05-06 16:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-06 14:52 . 2008-05-06 14:53 <DIR> d-------- C:\Programmi\CamStudio
2008-05-06 14:41 . 2008-05-06 14:41 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ashampoo
2008-05-06 14:38 . 2005-09-06 14:14 260,880 --a------ C:\WINDOWS\system32\msflxgrd.ocx
2008-05-06 14:27 . 2008-05-06 14:57 <DIR> d-------- C:\Programmi\Ashampoo
2008-05-03 10:04 . 2008-05-03 10:04 <DIR> d-------- C:\Programmi\Premium Booster
2008-05-02 20:44 . 2008-05-02 20:44 <DIR> d-------- C:\Documents and Settings\Francesco\Dati applicazioni\SAU KP
2008-05-02 17:56 . 2008-05-02 17:56 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-02 16:37 . 2008-05-02 16:38 <DIR> d-------- C:\Programmi\TweakRAM
2008-04-28 22:31 . 2008-04-28 22:31 <DIR> d-------- C:\Documents and Settings\Francesco\Dati applicazioni\PCToolsFirewallPlus
2008-04-24 21:16 . 2008-04-24 21:17 <DIR> d-------- C:\Programmi\iTunes
2008-04-24 21:16 . 2008-04-24 21:16 <DIR> d-------- C:\Programmi\iPod
2008-04-24 21:15 . 2008-04-24 21:15 <DIR> d-------- C:\Programmi\QuickTime
2008-04-24 21:10 . 2008-04-24 21:10 <DIR> d-------- C:\Programmi\Apple Software Update
2008-04-23 15:21 . 2008-04-23 15:21 <DIR> d-------- C:\Programmi\FileZilla FTP Client
2008-04-20 18:55 . 2008-04-20 18:55 <DIR> d-------- C:\WINDOWS\speech
2008-04-20 18:55 . 2008-04-20 18:55 <DIR> d-------- C:\Programmi\CFS-Technologies
2008-04-18 15:05 . 2008-05-09 18:54 1,088 --a------ C:\WINDOWS\mgutil_reg.ini
2008-04-18 15:05 . 2008-04-18 15:05 52 --a------ C:\WINDOWS\mgutil_win.ini
2008-04-18 15:04 . 2008-05-09 18:51 <DIR> d-------- C:\Programmi\Mgutil
2008-04-17 22:06 . 2008-05-09 18:49 <DIR> d-------- C:\Programmi\Macromedia
2008-04-17 14:57 . 2008-04-17 14:57 <DIR> d-------- C:\Programmi\Aplus DVD Ripper
2008-04-16 15:19 . 2008-05-14 09:39 <DIR> d-------- C:\Programmi\PokerStars
2008-04-16 11:52 . 2008-04-16 11:52 <DIR> d-------- C:\WINDOWS\AllMedia Grabber
2008-04-15 12:57 . 2008-04-15 12:57 666 --a------ C:\WINDOWS\VisualTooltip.ini
2008-04-14 21:20 . 2008-04-14 21:20 <DIR> d-------- C:\Programmi\Vasilios Applications
2008-04-14 21:19 . 2008-04-14 21:19 17,408 --a------ C:\psapi.dll
2008-04-14 13:38 . 2008-04-14 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\FogelSoft
2008-04-14 13:21 . 2008-04-14 13:21 <DIR> d-------- C:\Documents and Settings\Francesco\Dati applicazioni\FogelSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 11:17 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\SiteAdvisor
2008-05-14 06:18 --------- d-----w C:\Programmi\AdunanzA
2008-05-12 14:16 --------- d-----w C:\Programmi\ScreenShot Wizard
2008-05-12 13:23 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\FileZilla
2008-05-09 16:49 --------- d-----w C:\Programmi\File comuni\Macromedia
2008-05-04 10:25 --------- d-----w C:\Documents and Settings\Chiara\Dati applicazioni\LimeWire
2008-05-03 09:59 --------- d-----w C:\Programmi\Ahead
2008-05-01 17:43 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\Skype
2008-05-01 16:57 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\skypePM
2008-04-30 14:12 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\LimeWire
2008-04-28 20:37 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-19 13:33 --------- d-----w C:\Programmi\Graffiti Studio 2.0
2008-04-18 18:35 --------- d-----w C:\Programmi\DivX
2008-04-15 11:02 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-11 11:55 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\BID
2008-04-09 16:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-04-08 17:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-04-08 17:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-04-07 19:22 --------- d-----w C:\Documents and Settings\Mamma\Dati applicazioni\MailFrontier
2008-04-05 09:36 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\DivX
2008-04-04 15:16 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\Apple Computer
2008-04-04 13:17 --------- d-----w C:\Programmi\Microsoft Games
2008-04-03 12:29 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\CyberPower Audio Editing Lab
2008-04-03 12:16 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\Hamachi
2008-04-03 12:16 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\Desktop Sidebar
2008-04-03 12:16 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\Azureus
2008-03-31 13:59 --------- d-----w C:\Programmi\NSS
2008-03-30 16:39 --------- d-----w C:\Programmi\Windows Defender
2008-03-30 16:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-03-30 16:17 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-03-29 14:30 --------- d-----w C:\Programmi\MSXML 4.0
2008-03-29 13:17 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-29 13:17 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\DAEMON Tools
2008-03-28 13:58 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-03-22 16:11 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\Ahead
2008-03-21 16:18 --------- d-----w C:\Programmi\My Lockbox
2008-03-20 15:43 --------- d-----w C:\Programmi\LimeWire
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 09:16 --------- d-----w C:\Programmi\Java
2008-03-17 18:31 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-17 13:49 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\Cream Software
2008-03-17 13:48 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\Smart PC Solutions
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-01-06 16:24 102 --sha-w C:\Programmi\desktop.ini
2007-11-27 12:42 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= "C:\Programmi\Babylon\Babylon Toolbar\BabylonIEToolBar.dll" [2008-03-11 09:22 267488]

[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Programmi\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [2008-03-11 09:22 267488]

[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 19:06 577536 C:\WINDOWS\SOUNDMAN.EXE]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-09-27 18:06 917504]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"Ashampoo FireWall"="C:\Programmi\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
"Babylon Client"="C:\Programmi\Babylon\Babylon-Pro\Babylon.exe" [2008-03-11 09:23 3551456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]

C:\Documents and Settings\Chiara\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office Groove.lnk - C:\Programmi\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 16:37:44 338216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di HP Image Zone.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Francesco^Menu Avvio^Programmi^Esecuzione automatica^Blaero Start Orb.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Francesco^Menu Avvio^Programmi^Esecuzione automatica^Thoosje Sidebar.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Francesco^Menu Avvio^Programmi^Esecuzione automatica^Thoosje Vista Sidebar.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Francesco^Menu Avvio^Programmi^Esecuzione automatica^WinFlip.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare V2 Pro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flockbox]
--a------ 2007-12-14 17:59 1071472 C:\Programmi\My Lockbox\flockbox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 15:18 241664 C:\Programmi\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Programmi\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsAloud]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Shutdown Simulator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Titan Backup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueTransparency]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakRAM]
--a------ 2008-05-01 18:29 1188352 C:\Programmi\TweakRAM\TweakRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ybzecpjzux]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 21:13]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2004-11-14 07:01]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys []
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce56c659-91ec-11dc-ba79-0013d4d3ee60}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-24 19:10:20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-14 06:23:42 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2008-05-14 10:28:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 13:23:42
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\WINDOWS\TEMP\ASFWHide"
.
Ora fine scansione: 2008-05-14 13:24:57
ComboFix-quarantined-files.txt 2008-05-14 11:24:40

7 Directory 209,580,060,672 byte disponibili
12 Directory 209,609,936,896 byte disponibili

235 --- E O F --- 2008-05-09 11:38:51






Adesso posso cancellare la cartella (QooBox) e il file (ComboFix) creato da ComboFix?
Torna in alto
 
r16
Inviato: Wednesday, May 14, 2008 10:42:06 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Si li puoi eliminare.
Ciao.
Torna in alto
 
linkin
Inviato: Thursday, May 15, 2008 6:11:47 PM

Rank: AiutAmico

Iscritto dal : 1/4/2008
Posts: 427
Grazie mille per l'aiuto r16
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Problema con la P maiuscola!


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.