Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Logfile "Computer infetto"

Logfile "Computer infetto" Opzioni
Topic Precedente · Topic Sucessivo
massimob
Inviato: Tuesday, September 02, 2008 6:43:19 PM

Rank: AiutAmico

Iscritto dal : 12/13/2005
Posts: 162
Salve a tutti, ho il computer infettato da "antispyware 2008 XP" e "windows antivirus 2008 security center"
e mi da molti problemi, spero che qulcuno possa guardare il logfile che allego.
Grazie a tutti Massimo.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.52.30, on 02/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\Panda Global Protection 2009\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRAMMI\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Programmi\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Programmi\File comuni\Panda Security\PavShld\pavprsrv.exe
C:\Programmi\Panda Security\Panda Global Protection 2009\PsImSvc.exe
C:\Programmi\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\Panda Global Protection 2009\pavsrv51.exe
C:\Programmi\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
c:\programmi\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\Programmi\Applications\wcs.exe
C:\Programmi\Applications\iebtm.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Applications\wcm.exe
C:\Programmi\Mouse Driver\mousedriver.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Programmi\WAV\wav.exe
C:\Programmi\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE
C:\Programmi\Applications\iebtmm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ubpr01.exe
C:\documents and settings\user\impostazioni locali\dati applicazioni\iaaku.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Documents and Settings\All Users\Dati applicazioni\Secure Solutions\Antispyware 2008 XP\as2008xp.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
C:\Programmi\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BurstWriting module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Documents and Settings\All Users\Dati applicazioni\services\services.dll
O2 - BHO: 995937 helper - {1E1465F3-56CF-4FC4-8684-1BD6245AA30D} - (no file)
O2 - BHO: mxlivemedia browser optimizer - {c5d14793-c1fc-9858-4f7c-af715503d791} - C:\WINDOWS\system32\ifeihroglurhesifl.dll
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - C:\Programmi\Applications\iebt.dll
O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Programmi\Applications\iebr.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SANSUNMouse ] C:\Programmi\Mouse Driver\mousedriver.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [{ac4ce8c9-0f27-fa8f-5242-ab937c278865}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\ifeihroglurhesifl.dll" DllStart
O4 - HKLM\..\Run: [Antivirus] C:\Programmi\WAV\wav.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmi\Panda Security\Panda Global Protection 2009\Inicio.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
O4 - HKCU\..\Run: [iaaku] "c:\documents and settings\user\impostazioni locali\dati applicazioni\iaaku.exe" iaaku
O4 - HKCU\..\Run: [Antivirus] C:\Programmi\WAV\wav.exe
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Dati applicazioni\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programmi\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programmi\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerclue.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerclue.com/redirect.php (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O22 - SharedTaskScheduler: hypoch - {2f199d0e-f3e7-41a7-a060-816c24cceea0} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Global Protection 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Programmi\File comuni\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Global Protection 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programmi\panda security\panda global protection 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Programmi\Panda Security\Panda Global Protection 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Global Protection 2009\PskSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Global Protection 2009\TPSrv.exe

--
End of file - 10540 bytes
Torna in alto
 
Sponsor
Inviato: Tuesday, September 02, 2008 6:43:19 PM

 
Torna in alto
 
linkin
Inviato: Tuesday, September 02, 2008 6:47:50 PM

Rank: AiutAmico

Iscritto dal : 1/4/2008
Posts: 427
Ho controllato il tuo log sul sito di HijackThis e devo dire che il log è messo proprio male. Non vorrei farti spaventare... attendi un consiglio di qualche esperto del forum come monsee o r16... loro ti daranno la risposta definitiva.
Torna in alto
 
antonpaco
Inviato: Tuesday, September 02, 2008 7:28:12 PM
Rank: AiutAmico

Iscritto dal : 11/7/2006
Posts: 1,180
ho letto su di un sito che un tipo con il tuo stesso problema lo ha risolto con il programma malwarebytes, provalo.
www.malwarebytes.org
Torna in alto
 
shapiro
Inviato: Tuesday, September 02, 2008 7:28:53 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
vai in mod. provvisoria

Scarica http://download.norman.no/public/Norman_Malware_Cleaner.exe

Per entrare in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^).


avvia la scansione e togli tutto quello che trova infetto(ne hai molti)

quando avra' finito, posta il log che ti rilascia e torna in mod. normale
Torna in alto
 
pidue
Inviato: Tuesday, September 02, 2008 9:05:31 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ciao, il falso antivirus ti ha letteralmente devastato il computer. Ma possiamo farcela. Alla peggio formatti. Drool
Fai bene attenzione a quello che devi fare:
Chiudi HijackThis in una cartella a lui dedicata (possibilmente non sul desktop), altrimenti perdi i backup;

Disattiva il Ripristino configurazione di Sistema come qui descritto;
avvia in modalità provvisoria come qui descritto;
rendi visibili le cartelle nascoste ------ > procedura:
da Risorse del computer:
Strumenti >> Opzioni cartella >> visualizzazione;
metti la spunta su:
Visualizza file e cartelle nascoste;
togli la spunta da:
Nascondi file protetti del sistema(consigliato)

Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
O2 - BHO: BurstWriting module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Documents and Settings\All Users\Dati applicazioni\services\services.dll
O2 - BHO: 995937 helper - {1E1465F3-56CF-4FC4-8684-1BD6245AA30D} - (no file)
O2 - BHO: mxlivemedia browser optimizer - {c5d14793-c1fc-9858-4f7c-af715503d791} - C:\WINDOWS\system32\ifeihroglurhesifl.dll
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - C:\Programmi\Applications\iebt.dll
O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Programmi\Applications\iebr.dll
O4 - HKLM\..\Run: [{ac4ce8c9-0f27-fa8f-5242-ab937c278865}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\ifeihroglurhesifl.dll" DllStart
O4 - HKLM\..\Run: [Antivirus] C:\Programmi\WAV\wav.exe
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
O4 - HKCU\..\Run: [iaaku] "c:\documents and settings\user\impostazioni locali\dati applicazioni\iaaku.exe" iaaku
O4 - HKCU\..\Run: [Antivirus] C:\Programmi\WAV\wav.exe
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Dati applicazioni\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" –onlytray
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programmi\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programmi\Applications\iebtm.exe
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cabù

Trova e cancella i file in rosso:
___________________________________________
C:\Documents and Settings\All Users\Dati applicazioni\Secure Solutions\Antispyware 2008 XP\as2008xp.exe
C:\Programmi\Applications\iebtm.exe
C:\Programmi\Applications\wcs.exe
C:\Programmi\WAV\wav.exe
C:\WINDOWS\system32\ubpr01.exe
C:\documents and settings\user\impostazioni locali\dati applicazioni\iaaku.exe
C:\Documents and Settings\All Users\Dati applicazioni\services\services.dll
C:\WINDOWS\system32\ifeihroglurhesifl.dll
C:\Programmi\Applications\iebt.dll
C:\Programmi\Applications\iebr.dll
___________________________________________

Start >> Esegui. Scrivi (o copia e incolla) la stringa %temp%, clicca su Ok, svuota la cartella temp;
Vai su Strumenti >> Opzioni Internet, elimina la cronologia, i files temporanei internet, i cookies;
svuota il cestino;

Scarica VirIt , installalo e aggiornalo. Fai due scansioni in modalità provvisoria e pubblica il rapporto. Non serve disattivare il tuo antivirus residente.
Pubblica un log aggiornato di HjiackThis.
Torna in alto
 
massimob
Inviato: Thursday, September 04, 2008 6:41:31 PM

Rank: AiutAmico

Iscritto dal : 12/13/2005
Posts: 162
Grazie pidue, ho fatto come hai scritto e ho risolto tutti i problemi, però mi sono accorto che in Pannello di controllo, è rimasta l'icona ( che è identica a "Centro Sicurezza PC" di WINDOWS ) con scritto "Windows Antivirus 2008". Ho aperto il menu con il tasto destro, e ci sono le voci "Apri e collegamento", non vorrei che se per sbaglio lo apro, ritorna il virus, come posso fare per toglierla?
Comunque pubblico il logfile aggiornato come hai chiesto.
Un saluto e ancora grazie Massimo.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.59.44, on 04/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Mouse Driver\mousedriver.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SANSUNMouse ] C:\Programmi\Mouse Driver\mousedriver.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerclue.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerclue.com/redirect.php (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: hypoch - {2f199d0e-f3e7-41a7-a060-816c24cceea0} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 5918 bytes
Torna in alto
 
pidue
Inviato: Friday, September 05, 2008 8:00:59 AM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ciao, massmo. rimangono queste righe:
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerclue.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerclue.com/redirect.php (file missing)
O22 - SharedTaskScheduler: hypoch - {2f199d0e-f3e7-41a7-a060-816c24cceea0} - (no file)

Per eliminare quell'icona usa Unlocker, lo puoi scaricare da questo sito. Leggi bene le istruzioni.
Buona giornata.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Logfile "Computer infetto"


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.