Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » HIJACK LOG - potete aiutarmi GRAZIEEEEEEE MILLEEEEE

2 pages: [1] 2
HIJACK LOG - potete aiutarmi GRAZIEEEEEEE MILLEEEEE Opzioni
Topic Precedente · Topic Sucessivo
ceval
Inviato: Friday, November 07, 2008 11:33:02 AM
Rank: Member

Iscritto dal : 11/7/2008
Posts: 18
Ciao a tutti,vorrei sottoporre il log a che ha la competenza necessaria per aiutarmi.Sono abbastanza infognato e non sò come uscirne.
Ecco il log ottenuto con HIJACK

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11.12.05, on 07/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Fighters\spywarefighter\SpywarefighterUser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Fighters\configservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\Programmi\Fighters\licenseservice.exe
C:\Programmi\Fighters\updateservice.exe
C:\Programmi\Fighters\ScannerService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ospite\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1987ef15-23af-2226-8a4e-29c00250d2cc} - (no file)
O2 - BHO: OIN Analytics - {6b221e01-f517-4959-8c41-81948e7f2f17} - C:\Programmi\OINAnalytics\OINAnalytics2.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: HelloWorldBHO - {d88e1558-7c2d-407a-953a-c044f5607cea} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\kb127\SearchSettings.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmi\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAMMI\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Ospite\Dati applicazioni\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Ospite\Dati applicazioni\gadcom\gadcom.exe" 61A847B5BBF72810358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.adecco.it
O15 - Trusted Zone: http://msn.careerbuilder.it
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-40b71ccaceb5f728.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: sysfldr - sysfldr.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: psyche - Unknown owner - C:\WINDOWS\System32\psyche.exe (file missing)
O23 - Service: PTK License-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\configservice.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7891 bytes


Il log è stato ottenuto, secondo vs istruzioni, in modalità normale.
I problemi sono diversi.IE non funziona bene (ora uso Firefox)
I link a cui clikko mi mandano in altri siti mai conosciuti.
Rallentamento PC.
Chiusura improvvisa di programmi
Spesso, usando IE, non si accede alle pagine con referenze ad antivirus.
Task Manager di windows disabilitato (da amministratore dice lo screen, ma non è vero)

Ho provato a risolvere i problemi con Trojan Remover e A-Squared ma senza risultati alcuni.
Mi trova, pare un malware CWS che è sempre presente.

Per ora mi sono fermato qui al LOG e attendo che qualcuno mi dia un aiuto.
GRAZIE MILLE a chiunque mi pyò dare una mano.
Attendo fiducioso.
Saluti a tutti
Torna in alto
 
Sponsor
Inviato: Friday, November 07, 2008 11:33:02 AM

 
Torna in alto
 
r16
Inviato: Friday, November 07, 2008 12:41:02 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao .
Si, non sei messo bene......
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema (consigliato)
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Scarica: Malwarebytes' Anti-MalwareMalwarebyte e salvalo dove vuoi tu. : http://www.besttechie.net/tools/mbam-setup.exe

Doppio click sull'icona di mbam-setup.exe che hai salvato,e procedi con l'installazione

Assicurati che ci siano entrambi i segni di spunta su :Aggiorna Malwarebytes' Anti-Malware e Avvia, e clicca Fine
Al primo avvio, ti comparirà un messaggio di benvenuto, Assicurati che il collegamento Internet sia attivo e clicca OK
Attendi la fine dell'aggiornamento.
Compare la schermata principale.
Clicca Scansiona
Potrebbe volerci parecchio tempo,(dipende quanto è infettato il pc) quindi bisogna avere un pò di pazienza.

Al termine della scansione, clicca OK

Assicurati che tutti i files evidenziati siano selezionati e clicca Rimuovi Selezionati

Quando la disinfezione sarà completata, verrà aperto Notepad con il risultato dell'operazione .
Postalo qui.
*********************************************************************************************************
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .Sempre in questo topic.
Torna in alto
 
ceval
Inviato: Friday, November 07, 2008 12:51:44 PM
Rank: Member

Iscritto dal : 11/7/2008
Posts: 18
Grazie mille r16.
Per ora mi attrezzo col software indicato.
A proposito....io uso Symantec Antivirus e visto che mi hai consigliato di disabilitarlo,potresti pf indicarmi come fare questa operazione?
SA è posizionato come icona in basso a dx del monitor.
Grazie per la cortesia
Ciao
Torna in alto
 
r16
Inviato: Friday, November 07, 2008 12:57:17 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
ceval ha scritto:
Grazie mille r16.
Per ora mi attrezzo col software indicato.
A proposito....io uso Symantec Antivirus e visto che mi hai consigliato di disabilitarlo,potresti pf indicarmi come fare questa operazione?
SA è posizionato come icona in basso a dx del monitor.
Grazie per la cortesia
Ciao

Mi dispiace ceval, non uso Norton, non ho la più pallida idea di come si fà per disabilitarlo.(ogni antivirus usa un sistema diverso).
Quello che è certo, è che per fare la scansione con Combofix, lo si deve disabilitare temporaneamente, altrimenti te la blocca.
Torna in alto
 
lui49
Inviato: Friday, November 07, 2008 12:58:28 PM
Rank: AiutAmico

Iscritto dal : 5/4/2003
Posts: 2,845
se non ricordo male: clic tasto destro sull'icona nella tray....disattiva antivirus auto-protect
Torna in alto
 
r16
Inviato: Friday, November 07, 2008 12:59:13 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
lui49 ha scritto:
se non ricordo male: clic tasto destro sull'icona nella tray....disattiva antivirus auto-protect

Grazie lui49 Drool
Torna in alto
 
ceval
Inviato: Friday, November 07, 2008 1:05:22 PM
Rank: Member

Iscritto dal : 11/7/2008
Posts: 18
Come immaginavo,questi maledetti virus mi impediscono di scaricare i files indicati.
Dopo molti giri sono riuscito a trovare e scaricare Malwarebytes' Anti-MalwareMalwarebyte
ma Combofix è impossibile.Sembra che appena si clikki su un link con questo nome,non ci si possa collegare....è frustrante.
Hai suggerimenti?
Grazie
Torna in alto
 
ceval
Inviato: Friday, November 07, 2008 1:06:54 PM
Rank: Member

Iscritto dal : 11/7/2008
Posts: 18
Si questo funziona (la disattivazione intendo)
Grazie
Attendo per il resto
Ciao
Torna in alto
 
r16
Inviato: Friday, November 07, 2008 1:08:45 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Purtoppo devo andare, e non voglio fare le cose di fretta .
Ti riprendo stasera.
Torna in alto
 
ceval
Inviato: Friday, November 07, 2008 1:11:45 PM
Rank: Member

Iscritto dal : 11/7/2008
Posts: 18
Niente da fare...tutti i link funzionano correttamente
ma se provo a collegarmi ad uno con la parola Combofix, si apre pagina dova dice che nn
è possibile ottenere il collegegamento.
Idee?
Grazie
Torna in alto
 
ceval
Inviato: Friday, November 07, 2008 1:12:41 PM
Rank: Member

Iscritto dal : 11/7/2008
Posts: 18
r16 ha scritto:
Purtoppo devo andare, e non voglio fare le cose di fretta .
Ti riprendo stasera.


OK per ora grazie mille
Torna in alto
 
ceval
Inviato: Friday, November 07, 2008 1:24:28 PM
Rank: Member

Iscritto dal : 11/7/2008
Posts: 18
Ciao r16
Alla fine sono riuscito a ottenere Combofix
Ora ho entrambi i programmi indicati
Ci sentiamo
Torna in alto
 
ceval
Inviato: Friday, November 07, 2008 6:35:36 PM
Rank: Member

Iscritto dal : 11/7/2008
Posts: 18
Allora, ho fatto quanto mi hai detto.
Ecco il primo log fornito da mbam:



Malwarebytes' Anti-Malware 1.26
Versione del database: 1103
Windows 5.1.2600 Service Pack 3

07/11/2008 17.37.15
mbam-log-2008-11-07 (17-37-05).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 78844
Tempo trascorso: 8 minute(s), 15 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 11
Valori di registro infetti: 1
Elementi dato del registro infetti: 1
Cartelle infette: 3
File infetti: 6

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpeedRunner (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysfldr (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> No action taken.

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.
C:\Programmi\Microsoft Common (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ospite\Dati applicazioni\speedrunner (Adware.SurfAccuracy) -> No action taken.

File infetti:
C:\WINDOWS\system32\shdocvw.oca (Rogue.AntiSpamBoy) -> No action taken.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ospite\Dati applicazioni\speedrunner\config.cfg (Adware.SurfAccuracy) -> No action taken.
C:\Documents and Settings\Ospite\Impostazioni locali\Temp\v3xd1.g22me (Heuristics.Malware) -> No action taken.
C:\Documents and Settings\Ospite\Impostazioni locali\Temp\v5xd4.ga2me (Heuristics.Malware) -> No action taken.
C:\Documents and Settings\Ospite\Impostazioni locali\Temp\v4xd6.gam5e (Heuristics.Malware) -> No action taken.


DOPO HO USATO COMBOFIX
E QUESTO E' IL LOG:



ComboFix 08-11-06.01 - Ospite 2008-11-07 18:11:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.582 [GMT 1:00]

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ospite\Dati applicazioni\ASKS~1
c:\documents and settings\Ospite\Dati applicazioni\ASKS~1\?asks\
c:\documents and settings\Ospite\Dati applicazioni\gadcom
c:\documents and settings\Ospite\Impostazioni locali\Dati applicazioni\qksicyg_navfx.dat
c:\documents and settings\Ospite\Impostazioni locali\Dati applicazioni\seoiu_navfx.dat
c:\documents and settings\Ospite\Impostazioni locali\Dati applicazioni\zercim_navfx.dat
c:\documents and settings\Ospite\Menu Avvio\Programmi\Videos.url
c:\windows\system32\drivers\ati3yxxx.sys
c:\windows\system32\drivers\TDSSmxoe.sys
c:\windows\system32\Oleopri20081.dll
c:\windows\system32\smbols~1
c:\windows\system32\sysmwwod.dll
c:\windows\system32\TDSScfub.log
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSoitu.dll
c:\windows\system32\TDSSosvd.dll
c:\windows\system32\TDSSpaxt.dat
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.log
c:\windows\system32\timedefw32ex.dll
c:\windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Psyche
-------\Legacy_Psyche
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_ATI3YXXX
-------\Service_ati3yxxx


((((((((((((((((((((((((( Files Creati Da 2008-10-07 al 2008-11-07 )))))))))))))))))))))))))))))))))))
.

2008-11-07 17:51 . 2008-11-07 17:51 <DIR> d-------- c:\documents and settings\PF\Dati applicazioni\Malwarebytes
2008-11-07 17:18 . 2008-11-07 17:37 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-11-07 17:18 . 2008-11-07 17:18 <DIR> d-------- c:\documents and settings\Ospite\Dati applicazioni\Malwarebytes
2008-11-07 17:18 . 2008-11-07 17:18 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-07 17:18 . 2008-09-02 00:16 38,528 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-07 17:18 . 2008-09-02 00:16 17,200 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-06 17:43 . 2008-11-06 17:47 <DIR> d-------- c:\programmi\Fighters
2008-11-06 17:43 . 2008-11-06 17:43 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Fighters
2008-11-06 17:17 . 2008-11-07 10:12 <DIR> d-------- c:\programmi\a-squared Anti-Malware
2008-11-06 17:08 . 2008-11-06 17:08 32,768 --a------ c:\windows\system32\drivers\ati4pdxx.sys.vir
2008-11-06 17:06 . 2008-11-06 18:16 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-06 17:05 . 2008-11-06 17:06 <DIR> d-------- c:\programmi\Trojan Remover
2008-11-06 17:05 . 2008-11-06 17:05 <DIR> d-------- c:\documents and settings\Ospite\Dati applicazioni\Simply Super Software
2008-11-06 17:05 . 2008-11-06 17:05 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Simply Super Software
2008-11-06 17:05 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-06 17:05 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-06 17:05 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-06 17:05 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-06 17:05 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-06 16:40 . 2008-11-06 16:40 16 --a------ c:\windows\system32\dlds8.exe.vir
2008-11-05 16:39 . 2008-11-05 16:38 724,992 --a------ c:\windows\iun6002.exe
2008-11-05 14:07 . 2008-11-05 14:07 <DIR> d-------- c:\programmi\Lavasoft
2008-11-05 14:07 . 2008-11-05 14:07 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-11-05 12:24 . 2008-11-06 18:16 <DIR> d-------- c:\programmi\OINAnalytics
2008-11-04 17:42 . 2008-11-04 17:42 1,106 --a------ c:\windows\system32\lcsm.dat
2008-11-04 17:41 . 2008-11-04 17:41 79,360 --a------ c:\windows\system32\lcldmupd.dll
2008-11-04 17:41 . 2008-11-04 17:41 79,360 --a------ c:\windows\system32\dllcache\lcldmupd.dll
2008-11-04 17:41 . 2008-11-04 17:41 0 --a------ c:\windows\system32\tq5ew2nw.tmp
2008-11-03 17:41 . 2008-11-03 17:41 32,768 --a------ C:\jywbc.exe
2008-11-03 17:41 . 2008-11-03 17:41 2 --a------ C:\-1405141347
2008-11-03 17:41 . 2008-11-05 14:10 0 --a------ c:\windows\system32\drivers\8e63f5b.sys
2008-11-03 11:52 . 2008-11-03 11:54 <DIR> d-------- c:\programmi\Free Hide Folder
2008-11-03 11:47 . 2008-11-03 11:50 <DIR> d-------- c:\programmi\Hide Folders XP 2
2008-11-03 11:10 . 2008-11-03 11:10 <DIR> d-------- C:\recycled
2008-11-03 11:05 . 2000-10-02 00:00 102,160 --a------ c:\windows\system32\VB6CHT.DLL
2008-11-01 12:17 . 2008-11-01 12:19 <DIR> d-------- c:\programmi\WinAce
2008-10-31 16:08 . 2008-11-04 15:51 754 --a------ c:\windows\WORDPAD.INI
2008-10-31 14:50 . 2008-10-31 14:50 <DIR> d-------- c:\windows\system32\ffdshow
2008-10-31 14:50 . 2008-10-31 14:50 <DIR> d-------- c:\programmi\SourceTec
2008-10-31 14:50 . 2006-03-11 04:56 438,272 --a------ c:\windows\system32\Mpeg2DecFilter.ax
2008-10-31 14:50 . 2006-03-11 04:48 434,176 --a------ c:\windows\system32\MatroskaSplitter.ax
2008-10-31 14:50 . 2007-03-28 11:27 364,544 --a------ c:\windows\system32\RealMediaSplitter.ax
2008-10-31 14:50 . 2005-07-10 02:12 241,664 --a------ c:\windows\system32\CoreVorbis.ax
2008-10-31 14:50 . 2004-08-18 00:04 217,088 --a------ c:\windows\system32\CoreFLACDecoder.ax
2008-10-31 14:50 . 2007-03-28 16:08 122,880 --a------ c:\windows\system32\stQTSource.ax
2008-10-31 12:56 . 2008-10-31 13:09 <DIR> d-------- c:\programmi\MediaCoder
2008-10-31 12:38 . 2008-10-31 12:45 <DIR> d-------- c:\programmi\Virtual Dub
2008-10-30 17:16 . 2008-10-30 17:16 <DIR> d-------- c:\programmi\File comuni\xing shared
2008-10-30 17:16 . 2008-11-06 09:56 <DIR> d-------- C:\Program Files
2008-10-30 16:08 . 2008-10-30 16:11 <DIR> d-------- c:\programmi\RM-X Player V5.2
2008-10-28 09:17 . 2008-10-28 09:23 <DIR> d-------- c:\programmi\RegCleaner
2008-10-26 13:13 . 2008-11-03 17:53 <DIR> d-------- c:\programmi\Yahoo!
2008-10-26 13:13 . 2008-10-26 13:13 <DIR> d-------- c:\programmi\CCleaner
2008-10-24 08:18 . 2008-10-15 17:36 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 11:57 . 2008-10-23 11:57 <DIR> d--h----- c:\windows\PIF
2008-10-20 14:47 . 2008-10-24 16:59 <DIR> d-------- c:\programmi\Haihaisoft Universal Player
2008-10-20 14:47 . 2008-10-30 17:16 <DIR> d-------- c:\programmi\File comuni\Real
2008-10-20 14:47 . 2008-10-20 14:47 <DIR> d-------- c:\documents and settings\Ospite\Dati applicazioni\Haihaisoft Universal Player
2008-10-20 14:47 . 2008-10-20 14:47 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Haihaisoft
2008-10-20 09:15 . 2008-10-24 17:00 <DIR> d-------- c:\programmi\ScreenShot Wizard
2008-10-16 16:04 . 2008-10-16 16:04 <DIR> d-------- c:\documents and settings\Ospite\WINDOWS
2008-10-16 15:52 . 2008-10-24 17:00 <DIR> d-------- c:\programmi\Serif
2008-10-16 15:42 . 2008-11-06 12:42 <DIR> d-------- c:\programmi\File comuni\InstallShield
2008-10-16 08:31 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-16 08:30 . 2008-08-14 14:22 2,192,896 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 08:30 . 2008-08-14 14:22 2,148,864 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 08:30 . 2008-08-14 14:22 2,069,760 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 08:30 . 2008-08-14 14:22 2,027,520 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 08:30 . 2008-09-15 16:24 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-14 10:51 . 2008-10-14 10:51 102 --a------ C:\qehjlhawlh
2008-10-14 10:51 . 2008-10-14 10:51 101 --a------ c:\windows\system32\nocfhjfaujf
2008-10-14 10:51 . 2008-10-14 10:51 100 --a------ c:\windows\plmadfhdashd
2008-10-09 11:07 . 2008-10-09 11:07 4,968 --a------ C:\UFFICISALE CONFERENZE.jpg
2008-10-09 10:54 . 2008-10-09 11:00 3,744 --a------ C:\BIGLIETTERIA.jpg
2008-10-09 10:45 . 2008-10-09 10:45 <DIR> d-------- c:\documents and settings\Ospite\Dati applicazioni\3D Button Visual Editor
2008-10-08 10:16 . 2008-10-14 08:24 <DIR> d-------- c:\documents and settings\Ospite\Dati applicazioni\skypePM
2008-10-08 10:16 . 2008-10-08 10:16 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-08 10:12 . 2008-10-14 08:42 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Skype
2008-10-07 13:44 . 2008-10-24 17:00 <DIR> d--h----- c:\programmi\InstallShield Installation Information
2008-10-07 13:44 . 2008-10-07 13:44 31 --a------ c:\windows\tdlp32.ini
2008-10-07 08:34 . 2002-10-21 14:31 1,013,760 --a------ c:\windows\system32\Ltwvc13n.dll
2008-10-07 08:34 . 2002-10-21 14:01 446,464 --a------ c:\windows\system32\ltimg13n.dll
2008-10-07 08:34 . 2002-10-24 16:08 443,392 --a------ c:\windows\system32\ltkrn13n.dll
2008-10-07 08:34 . 2002-10-22 12:53 393,216 --a------ c:\windows\system32\LFCMP13n.DLL
2008-10-07 08:34 . 2002-10-21 13:53 265,728 --a------ c:\windows\system32\LTDIS13n.dll
2008-10-07 08:34 . 2002-10-21 14:01 205,824 --a------ c:\windows\system32\ltefx13n.dll
2008-10-07 08:34 . 2002-10-21 14:39 181,248 --a------ c:\windows\system32\Lfpng13n.dll
2008-10-07 08:34 . 2002-10-21 14:00 139,776 --a------ c:\windows\system32\ltfil13n.DLL
2008-10-07 08:34 . 2002-10-21 14:03 35,328 --a------ c:\windows\system32\lfgif13n.dll
2008-10-07 08:34 . 2002-10-21 14:02 30,208 --a------ c:\windows\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 17:13 --------- d-----w c:\programmi\Symantec AntiVirus
2008-11-07 17:03 --------- d-----w c:\documents and settings\Ospite\Dati applicazioni\OpenOffice.org2
2008-11-07 16:51 --------- d-----w c:\documents and settings\PF\Dati applicazioni\OpenOffice.org2
2008-10-24 16:03 --------- d-----w c:\programmi\Total Video Converter
2008-10-24 15:59 --------- d-----w c:\programmi\Free WMV Converter
2008-10-24 15:58 --------- d-----w c:\programmi\File comuni\Adobe
2008-10-24 15:58 --------- d-----w c:\programmi\DivX
2008-10-07 12:59 --------- d-----w c:\documents and settings\Ospite\Dati applicazioni\LimeWire
2008-10-01 15:33 --------- d-----w c:\programmi\Free Audio Pack
2008-10-01 08:29 --------- d-----w c:\documents and settings\Ospite\Dati applicazioni\SmartDraw
2008-09-26 15:33 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys
2008-09-10 14:25 --------- d-----w c:\programmi\File comuni\AVSMedia
2008-09-10 13:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 125536]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128]
"HPHUPD05"="c:\programmi\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-05 491520]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-10-30 185872]
"TrojanScanner"="c:\programmi\Trojan Remover\Trjscan.exe" [2008-10-25 968072]
"spywarefighterguard"="c:\programmi\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-09-26 180872]
"a-squared"="c:\programmi\A-SQUARED ANTI-MALWARE\a2guard.exe" [2008-11-02 2780816]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\PF\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.2.lnk - c:\programmi\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3fexx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

R2 PTK License-FIGHTERS-18665827;PTK License-FIGHTERS-18665827;c:\programmi\Fighters\licenseservice.exe [2008-09-26 283272]
R2 PTK Live Update-FIGHTERS-18665827;PTK Live Update-FIGHTERS-18665827;c:\programmi\Fighters\updateservice.exe [2008-09-26 307848]
R2 PTK Scanner-FIGHTERS-18665827;PTK Scanner-FIGHTERS-18665827;c:\programmi\Fighters\ScannerService.exe [2008-09-26 311944]
R2 PTK SharedAccess-FIGHTERS-18665827;PTK SharedAccess-FIGHTERS-18665827;c:\programmi\Fighters\configservice.exe [2008-09-26 139912]
R3 Vfscan;Vfscan;c:\windows\system32\DRIVERS\vffilter.sys [2008-09-26 15496]
S0 ati3fexx;ati3fexx;c:\windows\system32\Drivers\ati3fexx.sys [ ]
S1 8e63f5b;8e63f5b;c:\windows\system32\drivers\8e63f5b.sys [2008-11-05 0]
S2 lcldmupd;Local Domain Server Updater;c:\windows\System32\svchost.exe [2008-04-14 14336]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 USBSTOR;Driver archiviazione di massa USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lcldmupd
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-03 c:\windows\Tasks\HP Usg Daily.job
- c:\programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 16:03]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{1987ef15-23af-2226-8a4e-29c00250d2cc} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKU-Default-Run-[system] - c:\windows\system32\drivers\services.exe


.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Ospite\Dati applicazioni\Mozilla\Firefox\Profiles\35jgkqz5.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/|http://www.ircdown.com/it/index.php?rvs=hompag&d=79918969e=6150
FF -: plugin - c:\programmi\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-07 18:14:45
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Symantec Shared\ccSetMgr.exe
c:\programmi\File comuni\Symantec Shared\ccEvtMgr.exe
c:\programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\programmi\a-squared Anti-Malware\a2service.exe
c:\programmi\Symantec AntiVirus\DefWatch.exe
c:\programmi\Symantec AntiVirus\Rtvscan.exe
c:\programmi\Symantec AntiVirus\DoScan.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-07 18:16:53 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-07 17:16:48

Pre-Run: 12,586,827,776 byte disponibili
Post-Run: 12,528,603,136 byte disponibili

246 --- E O F --- 2008-10-24 16:08:59


E QUESTO E' L'ULTIMO LOG DI HIJACK THIS:



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18.20.26, on 07/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Fighters\configservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\Programmi\Fighters\licenseservice.exe
C:\Programmi\Fighters\updateservice.exe
C:\Programmi\Fighters\ScannerService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Fighters\spywarefighter\SpywarefighterUser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\OpenOffice.org 2.2\program\soffice.exe
C:\Programmi\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ospite\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmi\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAMMI\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.adecco.it
O15 - Trusted Zone: http://msn.careerbuilder.it
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-40b71ccaceb5f728.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PTK License-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\configservice.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7053 bytes


Ora tocca a te scoprire in che situazione mi trovo.
Spero sia tutto chiaro.
Io sarò al pc domenica (questo è un pc in ufficio)
per cui leggerò la tua risposta nel pomeriggio credo.

Per ora grazie e a presto
Valter
Torna in alto
 
r16
Inviato: Friday, November 07, 2008 6:45:30 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Torna in alto
 
r16
Inviato: Friday, November 07, 2008 6:50:14 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
La risposta è :
AGGIORNA Malwarebytes' Anti-Malware , hai fatto una scansione, con una versione STRAVECCHIA. ( 1.26) l'ultima è 1.30
No action taken vuol dire "nessuna iniziativa intrapresa" Non ha eliminato niente.
Torna in alto
 
ceval
Inviato: Sunday, November 09, 2008 10:52:01 AM
Rank: Member

Iscritto dal : 11/7/2008
Posts: 18
Ciao r16
ho rifatto le procedure usando MBAM ver.1.3 scaricata regolarmente.
Allego i log ottenuti.
Prime considerazioni:
1) Ora il task manager funziona
2) c'è un po' di lentezza ad aprire i programmi (come se ci fosse qualcosa ancora che gira in background)
3) Nonostante l'uso aggiornato di MBAM nel log si legge ancora "no action taken"

Ecco i log:

MBAM

Malwarebytes' Anti-Malware 1.30
Versione del database: 1375
Windows 5.1.2600 Service Pack 3

09/11/2008 10.27.30
mbam-log-2008-11-09 (10-27-01).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 83413
Tempo trascorso: 11 minute(s), 40 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 1
File infetti: 6

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.Agent) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Programmi\OINAnalytics (Trojan.Agent) -> No action taken.

File infetti:
C:\jywbc.exe (Virus.Virut) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnrsr.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoeqh.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoitu.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSosvd.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSmxoe.sys.vir (Trojan.TDSS) -> No action taken.


COMBOFIX

ComboFix 08-11-06.01 - Ospite 2008-11-09 10.37.16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.463 [GMT 1:00]
Eseguito da: c:\documents and settings\Ospite\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-10-09 al 2008-11-09 )))))))))))))))))))))))))))))))))))
.

2008-11-09 09:35 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-09 09:35 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-07 17:51 . 2008-11-07 17:51 <DIR> d-------- c:\documents and settings\PF\Dati applicazioni\Malwarebytes
2008-11-07 17:18 . 2008-11-09 10:27 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-11-07 17:18 . 2008-11-07 17:18 <DIR> d-------- c:\documents and settings\Ospite\Dati applicazioni\Malwarebytes
2008-11-07 17:18 . 2008-11-07 17:18 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-06 17:43 . 2008-11-06 17:47 <DIR> d-------- c:\programmi\Fighters
2008-11-06 17:43 . 2008-11-06 17:43 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Fighters
2008-11-06 17:17 . 2008-11-09 09:34 <DIR> d-------- c:\programmi\a-squared Anti-Malware
2008-11-06 17:08 . 2008-11-06 17:08 32,768 --a------ c:\windows\system32\drivers\ati4pdxx.sys.vir
2008-11-06 17:06 . 2008-11-06 18:16 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-06 17:05 . 2008-11-06 17:06 <DIR> d-------- c:\programmi\Trojan Remover
2008-11-06 17:05 . 2008-11-06 17:05 <DIR> d-------- c:\documents and settings\Ospite\Dati applicazioni\Simply Super Software
2008-11-06 17:05 . 2008-11-06 17:05 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Simply Super Software
2008-11-06 17:05 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-06 17:05 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-06 17:05 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-06 17:05 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-06 17:05 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-06 16:40 . 2008-11-06 16:40 16 --a------ c:\windows\system32\dlds8.exe.vir
2008-11-05 16:39 . 2008-11-05 16:38 724,992 --a------ c:\windows\iun6002.exe
2008-11-05 14:07 . 2008-11-05 14:07 <DIR> d-------- c:\programmi\Lavasoft
2008-11-05 14:07 . 2008-11-05 14:07 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-11-04 17:42 . 2008-11-04 17:42 1,106 --a------ c:\windows\system32\lcsm.dat
2008-11-04 17:41 . 2008-11-04 17:41 79,360 --a------ c:\windows\system32\lcldmupd.dll
2008-11-04 17:41 . 2008-11-04 17:41 79,360 --a------ c:\windows\system32\dllcache\lcldmupd.dll
2008-11-04 17:41 . 2008-11-04 17:41 0 --a------ c:\windows\system32\tq5ew2nw.tmp
2008-11-03 17:41 . 2008-11-03 17:41 2 --a------ C:\-1405141347
2008-11-03 17:41 . 2008-11-05 14:10 0 --a------ c:\windows\system32\drivers\8e63f5b.sys
2008-11-03 11:52 . 2008-11-03 11:54 <DIR> d-------- c:\programmi\Free Hide Folder
2008-11-03 11:47 . 2008-11-03 11:50 <DIR> d-------- c:\programmi\Hide Folders XP 2
2008-11-03 11:10 . 2008-11-03 11:10 <DIR> d-------- C:\recycled
2008-11-03 11:05 . 2000-10-02 00:00 102,160 --a------ c:\windows\system32\VB6CHT.DLL
2008-11-01 12:17 . 2008-11-01 12:19 <DIR> d-------- c:\programmi\WinAce
2008-10-31 16:08 . 2008-11-04 15:51 754 --a------ c:\windows\WORDPAD.INI
2008-10-31 14:50 . 2008-10-31 14:50 <DIR> d-------- c:\windows\system32\ffdshow
2008-10-31 14:50 . 2008-10-31 14:50 <DIR> d-------- c:\programmi\SourceTec
2008-10-31 14:50 . 2006-03-11 04:56 438,272 --a------ c:\windows\system32\Mpeg2DecFilter.ax
2008-10-31 14:50 . 2006-03-11 04:48 434,176 --a------ c:\windows\system32\MatroskaSplitter.ax
2008-10-31 14:50 . 2007-03-28 11:27 364,544 --a------ c:\windows\system32\RealMediaSplitter.ax
2008-10-31 14:50 . 2005-07-10 02:12 241,664 --a------ c:\windows\system32\CoreVorbis.ax
2008-10-31 14:50 . 2004-08-18 00:04 217,088 --a------ c:\windows\system32\CoreFLACDecoder.ax
2008-10-31 14:50 . 2007-03-28 16:08 122,880 --a------ c:\windows\system32\stQTSource.ax
2008-10-31 12:56 . 2008-10-31 13:09 <DIR> d-------- c:\programmi\MediaCoder
2008-10-31 12:38 . 2008-10-31 12:45 <DIR> d-------- c:\programmi\Virtual Dub
2008-10-30 17:16 . 2008-10-30 17:16 <DIR> d-------- c:\programmi\File comuni\xing shared
2008-10-30 17:16 . 2008-11-06 09:56 <DIR> d-------- C:\Program Files
2008-10-30 16:08 . 2008-10-30 16:11 <DIR> d-------- c:\programmi\RM-X Player V5.2
2008-10-28 09:17 . 2008-10-28 09:23 <DIR> d-------- c:\programmi\RegCleaner
2008-10-26 13:13 . 2008-11-09 09:16 <DIR> d-------- c:\programmi\Yahoo!
2008-10-26 13:13 . 2008-10-26 13:13 <DIR> d-------- c:\programmi\CCleaner
2008-10-24 08:18 . 2008-10-15 17:36 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 11:57 . 2008-10-23 11:57 <DIR> d--h----- c:\windows\PIF
2008-10-20 14:47 . 2008-10-24 16:59 <DIR> d-------- c:\programmi\Haihaisoft Universal Player
2008-10-20 14:47 . 2008-10-30 17:16 <DIR> d-------- c:\programmi\File comuni\Real
2008-10-20 14:47 . 2008-10-20 14:47 <DIR> d-------- c:\documents and settings\Ospite\Dati applicazioni\Haihaisoft Universal Player
2008-10-20 14:47 . 2008-10-20 14:47 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Haihaisoft
2008-10-20 09:15 . 2008-10-24 17:00 <DIR> d-------- c:\programmi\ScreenShot Wizard
2008-10-16 16:04 . 2008-10-16 16:04 <DIR> d-------- c:\documents and settings\Ospite\WINDOWS
2008-10-16 15:52 . 2008-10-24 17:00 <DIR> d-------- c:\programmi\Serif
2008-10-16 15:42 . 2008-11-06 12:42 <DIR> d-------- c:\programmi\File comuni\InstallShield
2008-10-16 08:31 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-16 08:30 . 2008-08-14 14:22 2,192,896 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 08:30 . 2008-08-14 14:22 2,148,864 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 08:30 . 2008-08-14 14:22 2,069,760 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 08:30 . 2008-08-14 14:22 2,027,520 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 08:30 . 2008-09-15 16:24 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-14 10:51 . 2008-10-14 10:51 102 --a------ C:\qehjlhawlh
2008-10-14 10:51 . 2008-10-14 10:51 101 --a------ c:\windows\system32\nocfhjfaujf
2008-10-14 10:51 . 2008-10-14 10:51 100 --a------ c:\windows\plmadfhdashd
2008-10-09 11:07 . 2008-10-09 11:07 4,968 --a------ C:\UFFICISALE CONFERENZE.jpg
2008-10-09 10:54 . 2008-10-09 11:00 3,744 --a------ C:\BIGLIETTERIA.jpg
2008-10-09 10:45 . 2008-10-09 10:45 <DIR> d-------- c:\documents and settings\Ospite\Dati applicazioni\3D Button Visual Editor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 09:34 --------- d-----w c:\programmi\Symantec AntiVirus
2008-11-09 08:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo!
2008-11-07 17:37 --------- d-----w c:\documents and settings\Ospite\Dati applicazioni\OpenOffice.org2
2008-11-07 16:51 --------- d-----w c:\documents and settings\PF\Dati applicazioni\OpenOffice.org2
2008-10-24 16:03 --------- d-----w c:\programmi\Total Video Converter
2008-10-24 16:00 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-24 15:59 --------- d-----w c:\programmi\Free WMV Converter
2008-10-24 15:58 --------- d-----w c:\programmi\File comuni\Adobe
2008-10-24 15:58 --------- d-----w c:\programmi\DivX
2008-10-14 07:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2008-10-14 07:24 --------- d-----w c:\documents and settings\Ospite\Dati applicazioni\skypePM
2008-10-07 12:59 --------- d-----w c:\documents and settings\Ospite\Dati applicazioni\LimeWire
2008-10-03 16:58 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-01 15:33 --------- d-----w c:\programmi\Free Audio Pack
2008-10-01 08:29 --------- d-----w c:\documents and settings\Ospite\Dati applicazioni\SmartDraw
2008-09-26 15:33 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 14:25 --------- d-----w c:\programmi\File comuni\AVSMedia
2008-09-10 13:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2008-08-27 08:57 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 13:22 2,148,864 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:22 2,027,520 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys
2008-08-11 19:11 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-08-11 19:10 952,360 ------w c:\windows\system32\dllcache\WgaTray.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-07_18.16.25.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-09 09:30:51 16,384 ----atw c:\windows\temp\Perflib_Perfdata_100.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\programmi\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 125536]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128]
"HPHUPD05"="c:\programmi\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-05 491520]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-10-30 185872]
"TrojanScanner"="c:\programmi\Trojan Remover\Trjscan.exe" [2008-10-25 968072]
"spywarefighterguard"="c:\programmi\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-09-26 180872]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\PF\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.2.lnk - c:\programmi\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3fexx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 PTK License-FIGHTERS-18665827;PTK License-FIGHTERS-18665827;c:\programmi\Fighters\licenseservice.exe [2008-09-26 283272]
R2 PTK Live Update-FIGHTERS-18665827;PTK Live Update-FIGHTERS-18665827;c:\programmi\Fighters\updateservice.exe [2008-09-26 307848]
R2 PTK Scanner-FIGHTERS-18665827;PTK Scanner-FIGHTERS-18665827;c:\programmi\Fighters\ScannerService.exe [2008-09-26 311944]
R2 PTK SharedAccess-FIGHTERS-18665827;PTK SharedAccess-FIGHTERS-18665827;c:\programmi\Fighters\configservice.exe [2008-09-26 139912]
R3 Vfscan;Vfscan;c:\windows\system32\DRIVERS\vffilter.sys [2008-09-26 15496]
S0 ati3fexx;ati3fexx;c:\windows\system32\Drivers\ati3fexx.sys [ ]
S1 8e63f5b;8e63f5b;c:\windows\system32\drivers\8e63f5b.sys [2008-11-05 0]
S2 lcldmupd;Local Domain Server Updater;c:\windows\System32\svchost.exe [2008-04-14 14336]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 USBSTOR;Driver archiviazione di massa USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lcldmupd
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-03 c:\windows\Tasks\HP Usg Daily.job
- c:\programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 16:03]
.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Ospite\Dati applicazioni\Mozilla\Firefox\Profiles\35jgkqz5.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/|http://www.ircdown.com/it/index.php?rvs=hompag&d=79918969e=6150
FF -: plugin - c:\programmi\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\programmi\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 10:39:05
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-11-09 10.39.40
ComboFix-quarantined-files.txt 2008-11-09 09:39:35
ComboFix2.txt 2008-11-07 17:16:55

Pre-Run: 12.543.651.840 byte disponibili
Post-Run: 12,529,754,112 byte disponibili

199 --- E O F --- 2008-10-24 16:08:59


HIJACK THIS

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10.42.44, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Fighters\configservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\Programmi\Fighters\licenseservice.exe
C:\Programmi\Fighters\updateservice.exe
C:\Programmi\Fighters\ScannerService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Fighters\spywarefighter\SpywarefighterUser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ospite\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmi\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.adecco.it
O15 - Trusted Zone: http://msn.careerbuilder.it
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-40b71ccaceb5f728.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PTK License-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\configservice.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7048 bytes


Cosa ne evinci?

Ciao Grazie
Torna in alto
 
r16
Inviato: Sunday, November 09, 2008 12:09:25 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao .
Il mio consiglio è di disistallare completamente da Installazioni Applicazione, questo programma scritto in rosso:
C:\Programmi\Fighters\spywarefighter\SpywarefighterUser.exe
E installare questo:
http://www.aiutaamici.com/software?ID=11397
La prima cosa che devi fare è configurarlo in questo modo:
Installa Super Antispyware
una volta installato, da Preferences, accedi al Pannello Control Center, apri la sezione Scanning Control e spunta, esclusivamente, questi voci: (togli le altre)

Scan only known file types (exe,.com,dll ecc...)
Scan for tracking cookies
Resolve link/shortcuts during scan
Scan alternate data streams
Use kernel direct file access
Use kernel direct registry access
Use Direct Disk Access (recommended)
Display scan option in explorer context

e, conferma le impostazioni cliccando su Close, poi, clicca sulla voce Scan you computer e, nella finestra successiva:

nel menu a sinistra nella sezione Scan location spunta solo la voce C:\fixed drive (ntfs)
nel menu a destra, spunta la voce Perform complete scan
clicca su Avanti e verrà avviata la scansione
al termine della scansione avrai la possibilità di salvare il relativo log
salva il log che verrà rilasciato

Terminate le scansioni, devi riavviare il sistema .
N.B: PRIMA di queste operazioni, bisogna AGGIORNARLO cliccando su :"Check for Updates.
Dovrebbe eliminare gli ultimi "rimasugli di quell'Adware.BHO.
Dopo rifai la scansione con Malwarebytes, e vediamo se ha fatto il suo dovere.
Altrimenti lo leviamo manualmente.

Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Dimenticavo:
Disinstalla combofix in questo modo: ( il log è pulito)
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Torna in alto
 
ceval
Inviato: Sunday, November 09, 2008 1:29:11 PM
Rank: Member

Iscritto dal : 11/7/2008
Posts: 18
OK fatto tutto (a proposito,avevo già disinstallato spywarefighter perchè mi sembrava che rallentasse il pc!!!)
Ecco il file log di MBAM

Malwarebytes' Anti-Malware 1.30
Versione del database: 1375
Windows 5.1.2600 Service Pack 3

09/11/2008 13.19.37
mbam-log-2008-11-09 (13-19-37).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 81916
Tempo trascorso: 13 minute(s), 6 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)


Cosa ne pensi?
Ciao
Torna in alto
 
ceval
Inviato: Sunday, November 09, 2008 1:30:28 PM
Rank: Member

Iscritto dal : 11/7/2008
Posts: 18
Dimenticavo....
Superantispyware si attiva da solo all'avvio.
Devo ritenerlo utile e lasciarlo lavorare?
Ciao
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » HIJACK LOG - potete aiutarmi GRAZIEEEEEEE MILLEEEEE


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.