Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » salve potete controllarmi i file log di hijack per favore?

salve potete controllarmi i file log di hijack per favore? Opzioni
Topic Precedente · Topic Sucessivo
trebor89
Inviato: Monday, January 26, 2009 9:53:02 PM
Rank: Member

Iscritto dal : 11/15/2008
Posts: 11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:35, on 26/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\documents and settings\robert\impostazioni locali\dati applicazioni\bdwaf.exe
C:\Programmi\Orbitdownloader\orbitdm.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Orbitdownloader\orbitnet.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyBa.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyBa.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [XboxStat] "c:\Programmi\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [bdwaf] "c:\documents and settings\robert\impostazioni locali\dati applicazioni\bdwaf.exe" bdwaf
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Orbit.lnk = C:\Programmi\Orbitdownloader\orbitdm.exe
O4 - Global Startup: WeGame.lnk = C:\Programmi\WeGame\wegame.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06CA1489-7A07-44F8-AC7C-CE71BEE165C4}: NameServer = 212.17.192.216,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{06CA1489-7A07-44F8-AC7C-CE71BEE165C4}: NameServer = 212.17.192.216,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{06CA1489-7A07-44F8-AC7C-CE71BEE165C4}: NameServer = 212.17.192.216,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 11819 bytes
Torna in alto
 
Sponsor
Inviato: Monday, January 26, 2009 9:53:02 PM

 
Torna in alto
 
r16
Inviato: Monday, January 26, 2009 10:00:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.malwarebytes.org/
Prima di fare la scansione AGGIORNALO.
Esegui una scansione completa del sistema e, una volta terminata la scansione,assicurati che tutti i files evidenziati, siano selezionati, e clicca Rimuovi Selezionati
Posta il log.


Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Posta un nuovo log di HJT.
Se non funziona eseguiremo le rimozioni manualmente.
Torna in alto
 
trebor89
Inviato: Tuesday, January 27, 2009 12:27:49 AM
Rank: Member

Iscritto dal : 11/15/2008
Posts: 11
Malwarebytes' Anti-Malware 1.33
Versione del database: 1696
Windows 5.1.2600 Service Pack 2

26/01/2009 22:49:30
mbam-log-2009-01-26 (22-49-23).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 126691
Tempo trascorso: 44 minute(s), 41 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 6

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Programmi\myBabylon_English\myBabylon_EnglishToolbarHelper.exe (Adware.NetPumper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\efcAQGxv.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\efcDTLBQ.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\geBtSJaa.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqPgGaX.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6335EDD2-D6DE-4FC1-957F-421D83CF4739}\RP32\A0051823.exe (Adware.NetPumper) -> No action taken.
Torna in alto
 
trebor89
Inviato: Tuesday, January 27, 2009 1:11:36 PM
Rank: Member

Iscritto dal : 11/15/2008
Posts: 11
ComboFix 09-01-21.04 - Robert 2009-01-27 13:01:58.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.2046.1430 [GMT 1:00]
Eseguito da: c:\documents and settings\Robert\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Robert\Dati applicazioni\.#
c:\documents and settings\Robert\Impostazioni locali\Dati applicazioni\bdwaf.dat
c:\documents and settings\Robert\Impostazioni locali\Dati applicazioni\bdwaf.exe
c:\documents and settings\Robert\Impostazioni locali\Dati applicazioni\bdwaf_nav.dat
c:\documents and settings\Robert\Impostazioni locali\Dati applicazioni\bdwaf_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2008-12-27 al 2009-01-27 )))))))))))))))))))))))))))))))))))
.

2009-01-27 12:53 . 2009-01-27 12:53 <DIR> d-------- C:\COMBO-FIX-exe
2009-01-21 14:07 . 2009-01-21 14:07 <DIR> d-------- c:\documents and settings\Robert\Dati applicazioni\NASA
2009-01-21 14:06 . 2009-01-21 14:06 <DIR> d-------- c:\programmi\NASA
2009-01-20 21:41 . 2009-01-20 21:50 <DIR> d-------- c:\programmi\StreamerOne
2009-01-20 14:32 . 2009-01-20 14:32 <DIR> d-------- c:\programmi\MSXML 6.0
2009-01-19 19:43 . 2009-01-19 19:43 323 --a------ c:\windows\doom3.ini
2009-01-19 19:33 . 2009-01-21 23:20 <DIR> d-------- c:\programmi\Doom 3
2009-01-19 12:47 . 2009-01-19 12:47 <DIR> dr-h----- c:\documents and settings\Robert\Dati applicazioni\SecuROM
2009-01-19 12:18 . 2009-01-19 12:18 <DIR> d-------- c:\windows\system32\it-IT
2009-01-19 12:15 . 2009-01-19 12:18 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-19 12:14 . 2009-01-19 12:14 <DIR> d-------- c:\programmi\Reference Assemblies
2009-01-19 12:14 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-16 12:38 . 2009-01-16 12:40 <DIR> d-------- c:\windows\NV2716740.TMP
2009-01-16 12:30 . 2009-01-16 12:30 10 --a------ c:\windows\Win.i_o
2009-01-16 12:26 . 2009-01-16 12:32 77,824 --a------ c:\windows\SysDat.dll
2009-01-16 12:23 . 2009-01-16 12:33 <DIR> d-------- c:\programmi\Smith
2009-01-16 00:20 . 2009-01-16 00:20 <DIR> d-------- c:\programmi\Bit Che
2009-01-16 00:20 . 2009-01-16 00:20 <DIR> d-------- c:\documents and settings\Robert\Dati applicazioni\Convivea
2009-01-16 00:20 . 2004-03-09 00:00 124,688 --a------ c:\windows\system32\mswinsck.ocx
2009-01-02 00:40 . 2004-08-19 15:39 21,504 --a------ c:\windows\system32\hidserv.dll
2009-01-02 00:40 . 2004-08-19 15:39 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2009-01-02 00:40 . 2001-08-30 20:41 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-02 00:40 . 2001-08-30 20:41 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 12:05 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\Orbit
2009-01-27 01:06 --------- d-----w c:\programmi\eMule
2009-01-27 00:08 --------- d-----w c:\programmi\myBabylon_English
2009-01-26 21:03 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-01-26 13:20 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\uTorrent
2009-01-26 10:42 --------- d-----w c:\programmi\Call of Duty
2009-01-26 10:17 138,376 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-24 15:45 --------- d-----w c:\programmi\Registry Easy
2009-01-22 16:02 --------- d-----w c:\programmi\Messenger Plus! Live
2009-01-19 18:05 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\Xfire
2009-01-19 16:14 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-19 15:24 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-19 11:16 --------- d-----w c:\programmi\MSBuild
2009-01-16 11:39 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-01-16 11:39 --------- d-----w c:\programmi\AGEIA Technologies
2009-01-15 02:02 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-11 13:24 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\AVGTOOLBAR
2009-01-09 20:41 --------- d-----w c:\programmi\Xfire
2009-01-06 22:21 --------- d-----w c:\programmi\Windows Live Safety Center
2009-01-06 16:35 --------- d-----w c:\programmi\TVAnts
2009-01-04 11:23 --------- d-----w c:\programmi\Orbitdownloader
2008-12-25 23:08 6,301,344 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-12-21 19:44 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe
2008-12-21 19:44 --------- d-----w c:\programmi\Veetle
2008-12-20 21:48 --------- d-----w c:\programmi\Java
2008-12-20 11:43 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-12-19 21:16 --------- d-----w c:\programmi\SiSoftware
2008-12-19 19:03 --------- d-----w c:\programmi\Conduit
2008-12-18 18:13 --------- d-----w c:\programmi\AVG
2008-12-18 18:13 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avg8
2008-12-18 18:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2008-12-18 17:57 --------- d-----w c:\programmi\Gothic III
2008-12-18 17:54 --------- d-----w c:\programmi\Serious Sam 2
2008-12-18 17:53 --------- d-----w c:\programmi\Tube Explorer
2008-12-18 17:51 --------- d-----w c:\programmi\YhUpPY
2008-12-18 17:48 --------- d-----w c:\programmi\Raxco
2008-12-18 13:38 --------- d-----w c:\programmi\Google
2008-12-18 11:26 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\Malwarebytes
2008-12-18 11:26 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-17 15:49 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2008-12-15 21:50 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\GrabPro
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-30 15:12 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\SopCast
2008-11-24 22:30 22,328 ----a-w c:\documents and settings\Robert\Dati applicazioni\PnkBstrK.sys
2008-11-14 22:15 282 ----a-w C:\sccfg.sys.REN
2008-06-16 17:32 30,601 ----a-w c:\documents and settings\Robert\x.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2008-08-20 23:03 1780248 --a------ c:\programmi\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\programmi\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-27 68856]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Creative WebCam Tray"="c:\programmi\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"XboxStat"="c:\programmi\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-20 1261336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Robert\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Orbit.lnk - c:\programmi\Orbitdownloader\orbitdm.exe [2008-12-15 1711304]
WeGame.lnk - c:\programmi\WeGame\wegame.exe [2008-06-02 3760640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Xfire\\xfire.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\Call of Duty\\CoDMP.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Documents and Settings\\Robert\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\StreamerOne\\StreamerOne.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-18 97928]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-11-03 178913]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-18 231704]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\27.tmp --> c:\windows\system32\27.tmp [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programmi\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2008-12-19 98488]
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-23 c:\windows\Tasks\Schedule Task Weekly.job
- c:\programmi\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-bdwaf - c:\documents and settings\robert\impostazioni locali\dati applicazioni\bdwaf.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {06CA1489-7A07-44F8-AC7C-CE71BEE165C4} = 212.17.192.216,208.67.222.222
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 13:04:25
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\27.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1614895754-484763869-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A20BFBA4-B4D1-B9A9-F298-8D06F6BC5DDB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abdepjjlpdlgljefoccmhhlcpgbohnphod"=hex:61,61,00,00
"bbdepjjlpdlgljefocnlkgkkmapaeopgajfb"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-1614895754-484763869-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:38,da,54,2f,f7,9c,d4,b5,bf,2a,24,c4,93,80,07,3e,02,0c,18,cc,ca,
71,89,16,6e,fc,88,41,35,fd,7f,e8,5e,0e,9b,5d,50,f4,45,19,9e,00,42,1c,f3,cb,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\PCSuite\Services\ServiceLayer.exe
c:\windows\system32\rundll32.exe
c:\progra~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
c:\programmi\Orbitdownloader\orbitnet.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-27 13:06:28 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-01-27 12:06:26

Pre-Run: 69.731.897.344 byte disponibili
Post-Run: 69,739,487,232 byte disponibili

242 --- E O F --- 2009-01-20 13:32:48
Torna in alto
 
r16
Inviato: Tuesday, January 27, 2009 5:30:50 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
CIao.
Rifai la scansione co Malwarebytes, e alla fine della scansione elimina tutto cliccando Rimuovi Selezionati
Poi posta un nuovo log di HJT.
Riferisci se i problemi sono risolti.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » salve potete controllarmi i file log di hijack per favore?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.