Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il LOG di Hijack?

Mi controllate il LOG di Hijack? Opzioni
Topic Precedente · Topic Sucessivo
bart84
Inviato: Friday, November 21, 2008 10:28:55 AM
Rank: Newbie

Iscritto dal : 11/21/2008
Posts: 0
Ciao, ho un piccolo problema! L'utilizzazione della CPU è spesso al 100% quando uso un qualsiasi browser, a volte scende per qualche secondo ma poi risale rendendo la navigazione quasi impossibile! Il problema è che se controllo su Gestione attività IE o FF sono al massimo al 25% e tutti gli altri programmi sono al di sotto del 5% di utilizzazione! Non so se formattare, cambiare antivirus (attualmente uso Kaspersky) o cos'altro fare! Mi sareste di grande aiuto se dal LOG di Hijack riusciste a capire qualcosa!

Grazie mille!!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:30, on 21.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\st.ar\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\st.ar\AppData\Local\Temp\Temp1_hijackthis.zip\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://print.photocity.it/InvioFoto/ImageUploader5.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://download.tv.sina.com.cn/downloader.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10527 bytes
Torna in alto
 
Sponsor
Inviato: Friday, November 21, 2008 10:28:55 AM

 
Torna in alto
 
bart84
Inviato: Sunday, November 23, 2008 8:03:43 PM
Rank: Newbie

Iscritto dal : 11/21/2008
Posts: 0
Ti prego r16, dai una mano anche a me! Ho fatto la scansione con malwarebyte ma non ha trovato nulla! È possibile che anche il mio pc è infestato dal Beagle!

Grazie mille!
Torna in alto
 
r16
Inviato: Sunday, November 23, 2008 10:25:13 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao bart84 .
Non esageriamo......
Da come hai scritto, Kaspersky funziona, e la CPU non centra con il Beagle.
Se avessi il Beagle, non avresti neppure fatto la scansione con malwarebyte.
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://print.photocity.it/InvioFoto/ImageUploader5.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://download.tv.sina.com.cn/downloader.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
*********************************************************************************************************
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
*********************************************************************************************************
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .Sempre in questo topic.
Aggiorna il Java:
http://www.aiutaamici.com/software?ID=11134
Torna in alto
 
bart84
Inviato: Monday, November 24, 2008 10:57:22 AM
Rank: Newbie

Iscritto dal : 11/21/2008
Posts: 0
Grazie r16, sei sempre gentilissimo!

Questo è il log di combofix:


ComboFix 08-11-23.01 - st.ar 2008-11-24 10:48:54.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1965 [GMT 1:00]
ausgeführt von:: c:\users\st.ar\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64
c:\windows\system32\x64\csnp2uvc.dll
c:\windows\system32\x64\rsnpvc64.dll
c:\windows\system32\x64\sncduvc.sys
c:\windows\system32\x64\snp2uvc.sys
c:\windows\system32\x64\vsnpvc64.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-10-24 bis 2008-11-24 ))))))))))))))))))))))))))))))
.

2008-11-22 22:36 . 2008-11-22 22:36 <DIR> d-------- c:\users\st.ar\AppData\Roaming\Malwarebytes
2008-11-22 22:36 . 2008-11-22 22:36 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-22 22:36 . 2008-11-22 22:36 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-22 22:36 . 2008-11-22 22:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-22 22:36 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-22 22:36 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-22 21:06 . 2008-11-22 21:07 <DIR> d-------- c:\users\st.ar\AppData\Roaming\SopCast
2008-11-22 21:06 . 2008-11-22 21:06 <DIR> d-------- c:\program files\SopCast
2008-11-21 10:38 . 2008-11-21 10:38 <DIR> d-------- c:\program files\CCleaner
2008-11-21 10:11 . 2008-11-21 10:11 <DIR> d-------- c:\program files\Trend Micro
2008-11-19 11:56 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-19 11:56 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-19 11:56 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-19 11:56 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-19 11:55 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-19 11:55 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-19 11:55 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-19 11:55 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-19 11:55 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-15 19:48 . 2008-11-15 19:48 <DIR> d-------- c:\users\All Users\FLEXnet
2008-11-15 19:48 . 2008-11-15 19:48 <DIR> d-------- c:\programdata\FLEXnet
2008-11-15 19:23 . 2008-11-15 19:23 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-15 19:06 . 2008-11-15 19:06 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-15 18:51 . 2008-11-15 18:51 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-15 16:27 . 2008-11-15 18:12 <DIR> d-------- c:\users\st.ar\AppData\Roaming\Download Manager
2008-11-12 11:36 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 11:36 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 11:36 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-05 11:55 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-05 11:55 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-05 11:55 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-05 11:55 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-05 11:55 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-04 12:40 . 2008-11-04 13:10 <DIR> d-------- c:\users\st.ar\AppData\Roaming\U3
2008-10-29 06:39 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 06:39 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 06:39 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-27 13:50 . 2008-10-27 18:17 <DIR> d-a------ c:\users\All Users\TEMP
2008-10-27 13:50 . 2008-10-27 18:17 <DIR> d-a------ c:\programdata\TEMP

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 09:36 --------- d-----w c:\users\st.ar\AppData\Roaming\OpenOffice.org2
2008-11-24 09:32 75,993,376 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-24 09:32 --------- d-----w c:\programdata\Kaspersky Lab
2008-11-24 00:17 1,021,880 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-23 18:45 --------- d-----w c:\users\st.ar\AppData\Roaming\skypePM
2008-11-23 18:44 --------- d-----w c:\users\st.ar\AppData\Roaming\Skype
2008-11-21 05:51 27,335 ----a-w c:\users\st.ar\AppData\Roaming\nvModes.dat
2008-11-15 18:27 --------- d-----w c:\program files\Common Files\Adobe
2008-10-25 07:48 583,915 ----a-w c:\windows\system32\drivers\ar5211.sys
2008-10-23 11:10 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 15:35 --------- d-----w c:\users\st.ar\AppData\Roaming\PeerNetworking
2008-10-16 12:06 --------- d-----w c:\program files\Windows Mail
2008-10-13 09:41 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-05 14:53 --------- d-----w c:\program files\uusee
2008-10-05 09:16 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 09:16 --------- d-----w c:\program files\iTunes
2008-10-05 09:16 --------- d-----w c:\program files\iPod
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-27 20:48 --------- d-----w c:\program files\Google
2008-09-27 19:47 --------- d-----w c:\programdata\GRETECH
2008-09-27 19:46 --------- d-----w c:\users\st.ar\AppData\Roaming\GRETECH
2008-09-27 19:45 --------- d-----w c:\program files\GRETECH
2008-09-18 12:59 110 ----a-w c:\users\st.ar\AppData\Roaming\wklnhst.dat
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll
2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe
2008-08-31 20:08 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-07-07 21:16 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-07-07 21:16 56 ---ha-w c:\programdata\ezsidmv.dat
2008-06-18 19:02 174 --sha-w c:\program files\desktop.ini
2008-04-28 13:18 32 ----a-w c:\users\All Users\ezsid.dat
2008-04-28 13:18 32 ----a-w c:\programdata\ezsid.dat
2008-07-16 14:11 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-16 14:11 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-16 14:11 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-08-15 772616]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-29 185896]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-25 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-25 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe]

c:\users\st.ar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-07-28 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll,c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E2F1A78-1C3D-492D-9957-8E9581487425}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{F3646932-7A75-40D6-BEEE-C5366675653E}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{0E5DEFB0-FF0C-48DE-9412-720274AD2AC4}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{1C185533-4B0F-4322-917F-ED8F386D4653}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{925C0C20-8AD8-478F-9D5C-7E59D9694C28}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{5A5F257D-766F-442D-AE06-9819C7FCD323}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{A9DEBBCA-DFD4-45D6-8414-C87D2A35EE5D}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{7FDE0FEB-48D3-4AC0-8665-97A984C4D156}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{10F77775-4486-48DA-BABD-969D41E3F77E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3281AF66-A869-476A-A610-03ADBA7386C2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7A9195DC-B25D-4F39-8648-C4E330CCC931}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{934242C2-F840-4F30-85C2-5F37D81E3092}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{AB7B8E55-A93B-4DC2-BEA1-C42B35076DBB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6D2CEC77-49D9-427A-81E0-2C312DE20F8F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{421DF317-BC54-4D46-824B-671AE441E7EB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{499102CE-D8E7-4B3E-97D4-8AEA67D64AB0}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{FEC4C5C3-AC0C-4784-ACAB-A2F7FBE3F695}c:\\users\\st.ar\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:c:\users\st.ar\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"UDP Query User{C47E746E-90EF-4FDF-AA0D-71D0C4F269A5}c:\\users\\st.ar\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= TCP:c:\users\st.ar\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"{0C7297EB-8317-4711-9B61-0A712C7E76CC}"= UDP:5353:Adobe CSI CS4
"{5CAF9B8B-E9B6-497A-A8DE-24A7AEF93F6F}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{709CDE41-6ED3-4AEE-ABD7-1C73D71E3BF9}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{562C72BA-D6C1-4B4A-903A-7D9E144E31BD}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{66AB1167-D7B2-447E-972D-AE32C7363B94}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{72768452-78D1-470A-B310-6B6B382433EF}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{305EB721-C2C1-4072-8996-0DDB789AC608}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{8FEE54CB-36D4-4381-9757-4946A6A297B8}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{35104476-7FF8-4A85-9E08-482A6AF1E4EE}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{D7155B80-CCF1-4316-818A-0F8800181E30}c:\\program files\\gretech\\gomplayer\\gom.exe"= UDP:c:\program files\gretech\gomplayer\gom.exe:GOM Player
"UDP Query User{B3D1A28A-CD45-4F25-9D66-97AF84910926}c:\\program files\\gretech\\gomplayer\\gom.exe"= TCP:c:\program files\gretech\gomplayer\gom.exe:GOM Player

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-04-04 20760]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-02-21 02:25:58 13560]
R2 adfs;adfs;c:\windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-07-28 50688]
R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-07-28 32256]
S3 ms6823;IEEE802.11b Wireless USB Adapter;c:\windows\system32\DRIVERS\ms6823.sys [2004-06-10 55168]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adbc9158-aa61-11dd-844b-001b38d00b9b}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - c:\users\st.ar\AppData\Roaming\Mozilla\Firefox\Profiles\vsof6zna.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 10:51:31
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll

- - - - - - - > 'lsass.exe'(648)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
.
Zeit der Fertigstellung: 2008-11-24 10:53:00
ComboFix-quarantined-files.txt 2008-11-24 09:52:55

Vor Suchlauf: 45.872.713.728 byte disponibili
Nach Suchlauf: 45,818,765,312 byte disponibili

217 --- E O F --- 2008-11-21 06:21:54
Torna in alto
 
bart84
Inviato: Monday, November 24, 2008 10:59:56 AM
Rank: Newbie

Iscritto dal : 11/21/2008
Posts: 0
Spero di aver fatto tutto ciò che mi hai detto in modo esatto, non ne capisco niente di queste cose! Questo è il log di Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:22, on 24.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7312 bytes
Torna in alto
 
r16
Inviato: Monday, November 24, 2008 10:55:26 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non ti preoccupare hai fatto tutto giusto
Combofix ha levato un pò di fetecchie.
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.malwarebytes.org/
esegui una scansione completa del sistema e, una volta terminata la scansione, allega il log che verrà rilasciato, per postarlo qui.
Prima di fare la scansione AGGIORNALO.
Ci sono miglioramenti?
Torna in alto
 
bart84
Inviato: Tuesday, November 25, 2008 12:45:10 PM
Rank: Newbie

Iscritto dal : 11/21/2008
Posts: 0
Mi sembra che Malwarebytes non ha trovato nulla, dei piccoli miglioramenti effettivamente ci sono ma ogni tanto la CPU continua stare al 100% di utilizzo (soprattutto con applicazioni flashplayer), posto qua sotto il log di Malwarebytes. Come posso fare per eliminare le fetecchie presenti sul mio pc?

Infinitamente grazie per l'attenzione!



Malwarebytes' Anti-Malware 1.30
Versione del database: 1422
Windows 6.0.6001 Service Pack 1

25.11.2008 12:38:01
mbam-log-2008-11-25 (12-38-01).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|)
Elementi scansionati: 160105
Tempo trascorso: 1 hour(s), 18 minute(s), 9 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
r16
Inviato: Tuesday, November 25, 2008 12:59:46 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao
Dici:ma ogni tanto la CPU continua stare al 100% di utilizzo (soprattutto con applicazioni flashplayer).
Potrebbe essere qualche conflitto fra programmi.
Prova a disistallarne qualcuno, oppure aggiornarlo.
Poi prova a fare questa scansione:
Scarica Norman Malware Cleaner: http://download.norman.no/public/Norman_Malware_Cleaner.exe e salvalo sul desktop
Avvia in MODALITA PROVVISORIA

Si avvia
si accetta la licenza
si clicca Start Scan
si attende la fine della scansione
Viene generato un log sul desktop, postalo qui.
In alcuni casi Norman Malware Cleaner potrebbe richiedere il riavvio del computer per rimuovere completamente l'infezione, in
questo caso è raccomandata una seconda esecuzione del programma dopo aver riavviato il PC per garantire la completa rimozione di tutti i files infetti.
Torna in alto
 
bart84
Inviato: Tuesday, November 25, 2008 5:25:36 PM
Rank: Newbie

Iscritto dal : 11/21/2008
Posts: 0
Ho fatto quanto detto e posto il log di Normal Malware Cleaner, ma durante la scansione il pc si è spento improvvisamente quindi non so se è tutto corretto! Ho scoperto che ogni volta che provo a fare riavvia il sistema il pc si spegne e non si può riaccendere prima che siano trascorsi ca 5 minuti, cosa potrebbe essere?



Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/11/24 22:39:07

Norman Scanner Engine Version: 5.93.01
Nvcbin.def Version: 5.93.00, Date: 2008/11/24 22:39:07, Variants: 2194993

Running pre-scan cleanup routine:
Operating System: Microsoft Windows Vista 6.0.6001(Safe mode) Service Pack 1
Logged on user: PC-star\st.ar

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Scan started: 25/11/2008 16:51:03


Scanning running processes and process memory...

Number of processes/threads found: 769
Number of processes/threads scanned: 769
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 20s


Scanning file system...

Scanning: C:\*.*


Running post-scan cleanup routine:

Number of files found: 1394
Number of archives unpacked: 6
Number of files scanned: 1391
Number of files not scanned: 3
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 28s
Torna in alto
 
r16
Inviato: Tuesday, November 25, 2008 5:45:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
bart84, il pc è pulito, il problema della CPU, si deve ricercare in un qualche programma che hai installato.
Quando vedi la CPU alta, apri il Task Manager, e guarda nei "processi" qual'è il programma che ti "ciuccia" tutta quella CPU.
Potrebbe essere anche un discorso di surriscaldamento del pc.
Controlla se le ventole all'interno del case funzionano bene.
Potrebbe pure essere un problema hardware.
Il log di Norman è pulito.
Torna in alto
 
bart84
Inviato: Tuesday, November 25, 2008 6:06:21 PM
Rank: Newbie

Iscritto dal : 11/21/2008
Posts: 0
Avevo già controllato il task manager ma non c'era nulla che utilizzava la cpu per più del 30%! Proverò a disinstallare qualche altro programma altrimenti andrò in un acerpoint e farò valere la mia garanzia! Come posso risolvere il problema del riavvio? Da cosa può essere causato? Se la batteria è scarica e il pc non è collegato alla rete elettrica il pc si spegne senza preavviso alcuno e quando si prova a riaccendere si rispegne, devono sempre passare almeno 3 o 4 minuti prima che riprende a funzionare normalmente!


Non so come posso ricambiare tutta l'attenzione che mi avete rivolto!
Grazie mille!
Torna in alto
 
r16
Inviato: Tuesday, November 25, 2008 6:32:32 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
bart84 ha scritto:
Avevo già controllato il task manager ma non c'era nulla che utilizzava la cpu per più del 30%! Proverò a disinstallare qualche altro programma altrimenti andrò in un acerpoint e farò valere la mia garanzia! Come posso risolvere il problema del riavvio? Da cosa può essere causato? Se la batteria è scarica e il pc non è collegato alla rete elettrica il pc si spegne senza preavviso alcuno e quando si prova a riaccendere si rispegne, devono sempre passare almeno 3 o 4 minuti prima che riprende a funzionare normalmente!


Non so come posso ricambiare tutta l'attenzione che mi avete rivolto!
Grazie mille!

A mio avviso bart84, ci sono moltissime probabilità che sia un problema hardware.
Se il pc è ancora in garanzia, portalo in assistenza e fallo visionare.
Solo per curiosità: fammi sapere.
Torna in alto
 
bart84
Inviato: Tuesday, November 25, 2008 6:39:18 PM
Rank: Newbie

Iscritto dal : 11/21/2008
Posts: 0
r16 lo farò sicuramente! Sei sempre stato gentilissimo e questo forum sarà per me sempre un punto di riferimento!

Ancora grazie!
Torna in alto
 
bart84
Inviato: Tuesday, November 25, 2008 7:16:43 PM
Rank: Newbie

Iscritto dal : 11/21/2008
Posts: 0
Mi son dimenticato di chiedere un'ultimissima cosa: da quando ho fatto le operazioni con Malwarebytes e Combofix (quando ho disattivato kaspersky) per controllare la pagina del mio router (D-Link) devo disattivare ancora l'antivirus! Da cosa può dipendere?

Ciao!
Torna in alto
 
r16
Inviato: Wednesday, November 26, 2008 12:39:54 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il LOG di Hijack?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.