Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Sospetto virus

Sospetto virus Opzioni
Topic Precedente · Topic Sucessivo
sodomino
Inviato: Thursday, December 04, 2008 9:35:34 PM
Rank: AiutAmico

Iscritto dal : 7/17/2008
Posts: 96
mi controllate questo log di hijackthis x piacere

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.32.16, on 04/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
D:\Programmi\System Protect\SysProtect_srv.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRAMMI\VEXPLITE\viritsvc.exe
D:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
D:\Programmi\System Protect\SysProtect_Tray.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\MSN Messenger\msnmsgr.exe
D:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
D:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\Programmi\eMule\emule.exe
D:\Programmi\Internet Explorer\iexplore.exe
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [SystemProtect] D:\Programmi\System Protect\SysProtect_Tray.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [D:\WINDOWS\system32\kdkas.exe] D:\WINDOWS\system32\kdkas.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SmartRAM] "D:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Advanced SystemCare 3] "D:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF:  -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F08C96B-9712-40B5-B841-CB3E17E8B190}: NameServer = 85.255.112.105;85.255.112.224
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: System Protect Deletion Prevention Service (SP_Service) - Xacti Corporation - D:\Programmi\System Protect\SysProtect_srv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - D:\PROGRAMMI\VEXPLITE\viritsvc.exe

--
End of file - 6315 bytes

xkè internet è abbastanza lento e quando apro le pagine spesso vengo reindirizzato su altre pagine sospetto virus grazie in anticipo ;)
Torna in alto
 
Sponsor
Inviato: Thursday, December 04, 2008 9:35:34 PM

 
Torna in alto
 
r16
Inviato: Thursday, December 04, 2008 10:34:11 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Elimina questa voce di HJT:
O16 - DPF:  -
Poi:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .Sempre in questo topic.
Torna in alto
 
sodomino
Inviato: Thursday, December 04, 2008 10:49:43 PM
Rank: AiutAmico

Iscritto dal : 7/17/2008
Posts: 96
ecco il log di combofix:

ComboFix 08-12-04.04 - Joe 2008-12-04 22:43:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.697 [GMT 1:00]
* Creato nuovo punto di ripristino
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\resycled
c:\resycled\boot.com
d:\programmi\Mozilla Firefox\components\iamfamous.dll
D:\resycled
d:\resycled\boot.com
d:\windows\system32\kdkas.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-11-04 al 2008-12-04 )))))))))))))))))))))))))))))))))))
.

2008-12-04 21:32 . 2008-12-04 21:32 <DIR> d-------- d:\programmi\Trend Micro
2008-12-04 20:43 . 2008-12-04 20:43 56 --a------ d:\windows\VideoConvert.INI
2008-12-04 20:42 . 2008-12-04 20:43 <DIR> d-------- d:\programmi\AimOne Video Converter
2008-12-04 11:07 . 2008-12-04 11:07 <DIR> d-------- d:\programmi\File comuni\Adobe
2008-12-03 21:16 . 2008-12-03 21:16 <DIR> d-------- d:\programmi\Illustrate
2008-12-03 21:16 . 2008-12-03 21:17 167,424 --a------ d:\windows\system32\SpoonUninstall.exe
2008-12-03 21:16 . 2008-12-03 21:16 67,584 --a------ d:\windows\system32\xanalyze.dll
2008-12-03 21:16 . 2008-12-03 21:16 27,958 --a------ d:\windows\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.bmp
2008-12-03 21:16 . 2008-12-03 21:16 27,958 --a------ d:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2008-12-03 21:16 . 2008-12-03 21:16 19,295 --a------ d:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-12-03 21:16 . 2008-12-03 21:17 2,177 --a------ d:\windows\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
2008-12-03 21:15 . 2008-12-03 21:15 <DIR> d-------- d:\programmi\MP3SPLITTER
2008-12-03 20:06 . 2008-12-03 20:06 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\Media Player Classic
2008-12-01 19:04 . 2008-04-14 03:13 159,232 --a------ d:\windows\system32\ptpusd.dll
2008-12-01 19:04 . 2008-04-13 19:45 15,104 --a------ d:\windows\system32\drivers\usbscan.sys
2008-12-01 19:04 . 2008-04-13 19:45 15,104 --a------ d:\windows\system32\dllcache\usbscan.sys
2008-12-01 19:04 . 2001-08-30 23:07 5,632 --a------ d:\windows\system32\ptpusb.dll
2008-12-01 13:40 . 2008-12-04 10:59 <DIR> d-------- d:\programmi\Any Video Converter
2008-12-01 13:36 . 2008-12-04 10:58 <DIR> d-------- d:\programmi\Total Video Converter
2008-12-01 13:24 . 2008-12-01 13:24 <DIR> d-------- d:\programmi\K-Lite Codec Pack
2008-12-01 13:24 . 2008-09-19 22:57 3,596,288 --a------ d:\windows\system32\qt-dx331.dll
2008-12-01 13:24 . 2008-09-24 19:41 839,680 --a------ d:\windows\system32\lameACM.acm
2008-12-01 13:24 . 2008-01-10 13:15 755,027 --a------ d:\windows\system32\xvidcore.dll
2008-12-01 13:24 . 2008-10-28 23:35 684,032 --a------ d:\windows\system32\divx.dll
2008-12-01 13:24 . 2007-09-04 17:56 164,352 --a------ d:\windows\system32\unrar.dll
2008-12-01 13:24 . 2008-01-10 13:16 159,839 --a------ d:\windows\system32\xvidvfw.dll
2008-12-01 13:24 . 2007-09-21 01:52 118,784 --a------ d:\windows\system32\ac3acm.acm
2008-12-01 13:24 . 2008-09-25 09:03 81,920 --a------ d:\windows\system32\dpl100.dll
2008-12-01 13:24 . 2008-10-03 13:30 414 --a------ d:\windows\system32\lame_acm.xml
2008-12-01 13:24 . 2008-07-30 20:09 38 --a------ d:\windows\avisplitter.ini
2008-12-01 13:05 . 2008-12-01 13:05 <DIR> d-------- d:\programmi\AviSynth 2.5
2008-12-01 13:05 . 2004-02-22 10:11 719,872 --a------ d:\windows\system32\devil.dll
2008-12-01 13:05 . 2006-10-07 17:43 502,784 --a------ d:\windows\x2.64.exe
2008-12-01 13:05 . 2007-05-17 17:30 318,976 --a------ d:\windows\system32\avisynth.dll
2008-12-01 13:05 . 2005-02-28 13:16 240,128 --a------ d:\windows\system32\x.264.exe
2008-12-01 13:05 . 2006-04-12 09:47 217,073 --a------ d:\windows\meta4.exe
2008-12-01 13:05 . 2004-01-25 00:00 70,656 --a------ d:\windows\system32\yv12vfw.dll
2008-12-01 13:05 . 2004-01-25 00:00 70,656 --a------ d:\windows\system32\i420vfw.dll
2008-12-01 13:05 . 2006-04-05 08:09 66,560 --a------ d:\windows\MOTA113.exe
2008-12-01 13:05 . 2005-07-14 12:31 27,648 --a------ d:\windows\system32\AVSredirect.dll
2008-12-01 13:04 . 2005-02-12 23:00 186,880 -r-hs---- d:\windows\system32\RLOgg.ax
2008-12-01 13:04 . 2005-01-17 23:26 179,200 -r-hs---- d:\windows\system32\DiracSplitter.ax
2008-12-01 13:04 . 2005-02-05 23:00 92,672 -r-hs---- d:\windows\system32\RLVorbisDec.ax
2008-12-01 13:04 . 2005-02-22 16:55 81,920 -r-hs---- d:\windows\system32\aac_parser.ax
2008-12-01 13:04 . 2005-02-12 23:00 67,584 -r-hs---- d:\windows\system32\RLTheoraDec.ax
2008-12-01 13:04 . 2005-02-12 23:00 51,712 -r-hs---- d:\windows\system32\RLSpeexDec.ax
2008-11-29 21:24 . 2008-11-29 21:24 <DIR> d-------- d:\programmi\Spegni Pc
2008-11-28 15:41 . 2008-11-17 21:55 <DIR> d--h----- d:\documents and settings\Franco\Risorse di stampa
2008-11-28 15:41 . 2008-11-17 21:55 <DIR> d--h----- d:\documents and settings\Franco\Risorse di rete
2008-11-28 15:41 . 2008-11-28 15:41 <DIR> dr------- d:\documents and settings\Franco\Preferiti
2008-11-28 15:41 . 2008-11-17 20:59 <DIR> d--h----- d:\documents and settings\Franco\Modelli
2008-11-28 15:41 . 2008-11-17 21:55 <DIR> dr------- d:\documents and settings\Franco\Menu Avvio
2008-11-28 15:41 . 2008-12-04 22:44 <DIR> d--h----- d:\documents and settings\Franco\Impostazioni locali
2008-11-28 15:41 . 2008-11-28 15:41 <DIR> dr------- d:\documents and settings\Franco\Documenti
2008-11-28 15:41 . 2008-11-28 15:41 <DIR> dr-h----- d:\documents and settings\Franco\Dati applicazioni
2008-11-28 15:41 . 2008-11-28 15:41 <DIR> d-------- d:\documents and settings\Franco
2008-11-28 13:10 . 2008-11-28 13:10 <DIR> d-------- d:\programmi\Lavasoft
2008-11-28 13:10 . 2008-11-28 13:10 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\Lavasoft
2008-11-25 09:36 . 2008-12-04 14:25 <DIR> d-------- d:\programmi\NOS
2008-11-25 09:36 . 2008-12-04 14:25 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\NOS
2008-11-24 21:42 . 2008-11-28 10:18 <DIR> d-------- d:\programmi\VEXPLITE
2008-11-24 21:30 . 2008-04-13 20:19 146,048 --a------ d:\windows\system32\drivers\portcls.sys
2008-11-24 21:30 . 2008-04-13 20:19 146,048 --a------ d:\windows\system32\dllcache\portcls.sys
2008-11-24 21:30 . 2008-04-13 20:16 141,056 --a------ d:\windows\system32\drivers\ks.sys
2008-11-24 21:30 . 2008-04-13 20:16 141,056 --a------ d:\windows\system32\dllcache\ks.sys
2008-11-24 21:30 . 2008-04-14 03:14 129,536 --a------ d:\windows\system32\ksproxy.ax
2008-11-24 21:30 . 2008-04-14 03:14 129,536 --a------ d:\windows\system32\dllcache\ksproxy.ax
2008-11-24 21:30 . 2008-04-13 19:45 60,160 --a------ d:\windows\system32\drivers\drmk.sys
2008-11-24 21:30 . 2008-04-13 19:45 60,160 --a------ d:\windows\system32\dllcache\drmk.sys
2008-11-24 21:30 . 2008-04-13 19:45 49,408 --a------ d:\windows\system32\drivers\stream.sys
2008-11-24 21:30 . 2008-04-13 19:45 49,408 --a------ d:\windows\system32\dllcache\stream.sys
2008-11-24 21:29 . 2008-11-24 21:30 <DIR> d-------- d:\programmi\Creative
2008-11-24 21:29 . 2002-09-06 09:54 10,194 --------- d:\windows\system32\PFMODNT.SYS
2008-11-24 21:07 . 2008-11-24 21:49 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Sports Interactive
2008-11-24 21:04 . 2008-11-24 21:04 <DIR> d-------- d:\windows\Logs
2008-11-24 21:04 . 2007-03-12 16:42 1,123,696 --a------ d:\windows\system32\D3DCompiler_33.dll
2008-11-24 21:04 . 2007-03-15 16:57 443,752 --a------ d:\windows\system32\d3dx10_33.dll
2008-11-24 20:58 . 2008-11-24 21:08 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\Sports Interactive
2008-11-24 11:21 . 2008-11-24 11:21 268 --ah----- D:\sqmdata05.sqm
2008-11-24 11:21 . 2008-11-24 11:21 244 --ah----- D:\sqmnoopt05.sqm
2008-11-24 10:56 . 2008-11-24 10:56 <DIR> d-------- d:\programmi\Symantec
2008-11-23 15:45 . 2008-11-23 15:45 <DIR> d-------- d:\programmi\uTorrent
2008-11-23 15:45 . 2008-12-01 13:18 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\uTorrent
2008-11-23 15:20 . 2008-11-23 15:20 754 --a------ d:\windows\WORDPAD.INI
2008-11-23 15:10 . 2008-11-23 15:10 268 --ah----- D:\sqmdata04.sqm
2008-11-23 15:10 . 2008-11-23 15:10 244 --ah----- D:\sqmnoopt04.sqm
2008-11-23 14:50 . 2008-11-23 14:50 <DIR> d-------- d:\programmi\Windows Live
2008-11-23 14:50 . 2008-11-23 14:50 268 --ah----- D:\sqmdata03.sqm
2008-11-23 14:50 . 2008-11-23 14:50 244 --ah----- D:\sqmnoopt03.sqm
2008-11-21 13:48 . 2008-11-21 13:48 268 --ah----- D:\sqmdata02.sqm
2008-11-21 13:48 . 2008-11-21 13:48 244 --ah----- D:\sqmnoopt02.sqm
2008-11-21 13:31 . 2008-12-04 22:34 <DIR> d-------- d:\programmi\eMule
2008-11-21 13:10 . 2008-11-24 21:32 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\IObit
2008-11-21 13:01 . 2008-11-21 13:02 110 --a------ d:\windows\wininit.ini
2008-11-21 12:58 . 2008-11-21 12:58 1,156 --a------ d:\windows\mozver.dat
2008-11-21 12:50 . 2008-11-21 12:50 268 --ah----- D:\sqmdata01.sqm
2008-11-21 12:50 . 2008-11-21 12:50 244 --ah----- D:\sqmnoopt01.sqm
2008-11-21 12:39 . 2008-11-21 12:39 27,904 --a------ d:\windows\system32\drivers\ndisprot.sys
2008-11-21 12:36 . 2008-11-21 12:36 <DIR> d-------- d:\programmi\Runtime Software
2008-11-21 12:30 . 2008-11-21 12:30 <DIR> d-------- D:\Nero
2008-11-21 12:26 . 2008-11-21 12:26 <DIR> d-------- d:\programmi\PC Inspector File Recovery
2008-11-21 12:26 . 2008-11-24 21:31 <DIR> d--h----- d:\programmi\InstallShield Installation Information
2008-11-21 12:26 . 2008-11-24 21:29 <DIR> d-------- d:\programmi\File comuni\InstallShield
2008-11-21 12:16 . 2008-11-21 12:16 <DIR> d-------- d:\programmi\Drive Rescue
2008-11-21 12:00 . 2008-11-21 12:01 <DIR> d--h----- d:\programmi\Zero G Registry
2008-11-21 12:00 . 2008-11-21 12:00 <DIR> d--h----- d:\documents and settings\Joe\InstallAnywhere
2008-11-21 11:07 . 2008-11-24 12:01 <DIR> d-------- d:\documents and settings\Joe\Contacts
2008-11-20 12:14 . 2008-11-20 12:14 <DIR> d-------- d:\windows\system32\xircom
2008-11-20 12:14 . 2008-11-20 12:14 <DIR> d-------- d:\programmi\microsoft frontpage
2008-11-20 12:12 . 2008-11-20 12:12 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\Nero
2008-11-20 11:27 . 2008-05-09 11:53 512,000 --------- d:\windows\system32\dllcache\jscript.dll
2008-11-20 11:27 . 2008-05-09 11:53 430,080 --------- d:\windows\system32\dllcache\vbscript.dll
2008-11-20 11:27 . 2008-05-09 11:53 180,224 --------- d:\windows\system32\dllcache\scrobj.dll
2008-11-20 11:27 . 2008-05-09 11:53 172,032 --------- d:\windows\system32\dllcache\scrrun.dll
2008-11-20 11:27 . 2008-05-08 12:24 155,648 --------- d:\windows\system32\dllcache\wscript.exe
2008-11-20 11:27 . 2008-05-09 09:45 135,168 --------- d:\windows\system32\dllcache\cscript.exe
2008-11-20 11:27 . 2008-05-09 11:53 90,112 --------- d:\windows\system32\dllcache\wshext.dll
2008-11-20 09:08 . 2008-11-20 09:12 191 --a------ d:\windows\Clony2.ini
2008-11-20 08:57 . 2008-11-20 08:57 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\vlc
2008-11-20 08:11 . 2008-11-20 08:11 <DIR> d-------- d:\windows\system32\bits
2008-11-20 08:10 . 2008-12-04 22:30 <DIR> d-------- d:\programmi\VideoLAN
2008-11-20 08:09 . 2008-11-20 08:11 <DIR> d-------- d:\windows\ServicePackFiles
2008-11-18 15:52 . 2008-12-04 14:35 69 --a------ d:\windows\NeroDigital.ini
2008-11-18 14:52 . 2008-12-02 17:54 <DIR> d-------- d:\documents and settings\Giada\Contacts
2008-11-18 14:49 . 2008-11-17 21:55 <DIR> d--h----- d:\documents and settings\Giada\Risorse di stampa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 13:50 --------- d-----w d:\programmi\MSN Messenger
2008-11-17 20:58 --------- d-----w d:\programmi\Alwil Software
2008-11-17 20:39 --------- d-----w d:\programmi\System Protect
2008-11-17 20:36 12,288 ----a-w d:\windows\system32\drivers\sp_prot.sys
2008-11-17 20:25 --------- d-----w d:\programmi\Conexant
2008-11-17 20:10 --------- d-----w d:\programmi\MSBuild
2008-11-17 20:06 --------- d-----w d:\programmi\Reference Assemblies
2008-11-17 20:06 --------- d-----w d:\programmi\MSXML 6.0
2008-11-17 20:01 --------- d-----w d:\programmi\Servizi in linea
2008-11-17 19:59 --------- d-----w d:\programmi\Windows Media Connect 2
2008-10-24 11:21 455,296 ----a-w d:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="d:\programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"SmartRAM"="d:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2008-11-06 202256]
"Advanced SystemCare 3"="d:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2008-11-15 2235920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="d:\programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2003-10-29 462848]
"SystemProtect"="d:\programmi\System Protect\SysProtect_Tray.exe" [2008-11-17 1223680]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="d:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-08-26 d:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Lanterna\\Lantmirc.exe"=
"c:\\zDC++0.668z3Ita\\zDCPlusPlus.exe"=
"d:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"d:\\Programmi\\MSN Messenger\\livecall.exe"=
"d:\\Programmi\\eMule\\emule.exe"=
"d:\\Programmi\\uTorrent\\uTorrent.exe"=

R0 d344bus;d344bus;d:\windows\system32\DRIVERS\d344bus.sys [2008-11-17 137216]
R0 d344prt;d344prt;d:\windows\system32\Drivers\d344prt.sys [2008-11-17 5248]
R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2008-11-17 111184]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-17 20560]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;d:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 SP_Service;System Protect Deletion Prevention Service;"d:\programmi\System Protect\SysProtect_srv.exe" [2008-11-17 598528]
R2 viritsvclite;Virit eXplorer Lite;d:\programmi\VEXPLITE\viritsvc.exe [2006-02-24 57344]
R3 ACSSCR;ACR38 Smart Card Reader;d:\windows\system32\DRIVERS\a38usb.sys [2006-03-24 33536]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;d:\windows\system32\DRIVERS\CnxEtP.sys [2008-11-17 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;d:\windows\system32\DRIVERS\CnxEtU.sys [2008-11-17 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;d:\windows\system32\DRIVERS\CnxTgN.sys [2008-11-17 108675]
R3 sp_prot;System Protect Filter Driver;\??\d:\windows\system32\drivers\sp_prot.sys [2008-11-17 12288]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\d:\windows\system32\drivers\Ndisprot.sys [2008-11-21 27904]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-d:\windows\system32\kdkas.exe - d:\windows\system32\kdkas.exe


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
FireFox -: Profile - d:\documents and settings\Joe\Dati applicazioni\Mozilla\Firefox\Profiles\hzxwmart.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 22:45:53
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
d:\programmi\Alwil Software\Avast4\aswUpdSv.exe
d:\programmi\Alwil Software\Avast4\ashServ.exe
d:\windows\system32\scardsvr.exe
d:\programmi\Alwil Software\Avast4\ashMaiSv.exe
d:\programmi\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-04 22:47:24 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-04 21:47:22

Pre-Run: 45,322,670,080 byte disponibili
Post-Run: 45,408,817,152 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

241

Ecco il log di hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.49.09, on 04/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
D:\Programmi\System Protect\SysProtect_srv.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRAMMI\VEXPLITE\viritsvc.exe
D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
D:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
D:\Programmi\System Protect\SysProtect_Tray.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\MSN Messenger\msnmsgr.exe
D:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
D:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\explorer.exe
D:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\Programmi\Alwil Software\Avast4\setup\avast.setup
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [SystemProtect] D:\Programmi\System Protect\SysProtect_Tray.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SmartRAM] "D:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Advanced SystemCare 3] "D:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F08C96B-9712-40B5-B841-CB3E17E8B190}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: System Protect Deletion Prevention Service (SP_Service) - Xacti Corporation - D:\Programmi\System Protect\SysProtect_srv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - D:\PROGRAMMI\VEXPLITE\viritsvc.exe

--
End of file - 5416 bytes

è tutto apposto???
Torna in alto
 
r16
Inviato: Thursday, December 04, 2008 10:57:30 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina questa voce:
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO.
Adesso è tutto a posto.
Scusa dimenticavo:
Disattiva il ripristino configurazione di sistema, e Riavvia il pc.
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo
Ciao.
Torna in alto
 
sodomino
Inviato: Thursday, December 04, 2008 11:01:11 PM
Rank: AiutAmico

Iscritto dal : 7/17/2008
Posts: 96
grazie r16 cm sempre mi risolvete i problemi ma ki siete?? extraterrestri?? io nn c capisko niente hiih ;)
Torna in alto
 
r16
Inviato: Thursday, December 04, 2008 11:06:01 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
sodomino ha scritto:
grazie r16 cm sempre mi risolvete i problemi ma ki siete?? extraterrestri?? io nn c capisko niente hiih ;)

Guarda che ho aggiunto qualcosa nel post.
Come vedi non siamo extraterrestri, solo gente normale.
Ciao!Drool
Torna in alto
 
sodomino
Inviato: Thursday, December 04, 2008 11:07:03 PM
Rank: AiutAmico

Iscritto dal : 7/17/2008
Posts: 96
r16 un'altra cosa io utilizzo advanced systemcare professional e continua a trovarmi uno spyware io faccio risolvi mi dice ke è risolto ma poi alla scansione successiva me lo ri trova nn è ke c'è uno spyware imboscato da qualche parte??
Torna in alto
 
r16
Inviato: Thursday, December 04, 2008 11:08:50 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Dammi il percorso di dove lo trova.
Magari dopo queste operazioni non lo trova più.
Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Brick wall
Torna in alto
 
sodomino
Inviato: Thursday, December 04, 2008 11:24:35 PM
Rank: AiutAmico

Iscritto dal : 7/17/2008
Posts: 96
tracking cookies advertising livello rischio basso ingresso cookie:Joe@com.com/

questo mi trova
Torna in alto
 
r16
Inviato: Thursday, December 04, 2008 11:30:57 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non è un grosso pericolo. (è un cookies tracciante)
Probabile, che serva solo a monitorare quante volte visiti un determinato sito.
Non ti preoccupare. Questi tipi di cookies non "spiano" l'utente.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Sospetto virus


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.