Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log per favore

Controllo Log per favore Opzioni
Topic Precedente · Topic Sucessivo
pilu
Inviato: Sunday, January 04, 2009 5:54:49 PM
Rank: AiutAmico

Iscritto dal : 2/21/2006
Posts: 56
Salve, facendo una scansione ho trovato il file TROYAN "Troyan Dialer.28.bs" che mi aveva bloccato l'home page sul sito enterpage ma ora non posso più connettermi e navigare un qualunque sito.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.42.52, on 04/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Fighters\configservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Fighters\licenseservice.exe
C:\Programmi\Fighters\updateservice.exe
C:\Programmi\Fighters\ScannerService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\csrcs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\sysmgr.exe
C:\Programmi\Fighters\spywarefighter\SpywarefighterUser.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
c:\programmi\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Documents and Settings\PASQUALE\Desktop\Nuovi programmi PAPY\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: (no name) - {3f14a731-697b-4873-bece-1b50a7db0bbf} - C:\WINDOWS\system32\fuwobozu.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: C:\WINDOWS\system32\jkse73hedfdgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jkse73hedfdgf.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Programmi\Mjcore\Mjcore.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Alice ti aiuta\SmartBridge\MotiveSB.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmi\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [wibezudoge] Rundll32.exe "C:\WINDOWS\system32\panosuba.dll",s
O4 - HKLM\..\Run: [CPM67c6cc21] Rundll32.exe "c:\windows\system32\seregapo.dll",a
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKUS\S-1-5-19\..\Run: [wibezudoge] Rundll32.exe "C:\WINDOWS\system32\panosuba.dll",s (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [wibezudoge] Rundll32.exe "C:\WINDOWS\system32\panosuba.dll",s (User 'SERVIZIO DI RETE')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O20 - AppInit_DLLs: c:\windows\system32\seregapo.dll,C:\WINDOWS\system32\gadonesi.dll
O20 - Winlogon Notify: jkkKefGa - jkkKefGa.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\seregapo.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jkse73hedfdgf.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\seregapo.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: PTK License-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\configservice.exe
O23 - Service: Servizio SNMP (SNMP) - Unknown owner - (no file)
O23 - Service: Servizio Trap SNMP (SNMPTRAP) - Unknown owner - (no file)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6700 bytes
Torna in alto
 
Sponsor
Inviato: Sunday, January 04, 2009 5:54:49 PM

 
Torna in alto
 
shapiro
Inviato: Sunday, January 04, 2009 8:36:18 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao e....complimenti per la famigliola che hai sul pc



scarica Avenger da qui

http://swandog46.geekstogo.com/avenger.zip

lo installi e lo lanci

Copi e incolli nella finestra: "Input script here" il testo in rosso così come lo vedi scritto:


files to delete:
C:\WINDOWS\system32\csrcs.exe
C:\WINDOWS\system32\sysmgr.exe




Spunta "Automatically disable any rootkits found"

clicca sul pulsante "Execute"
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

posta il log di avenger che trovi in c:\






Apri hjt, spunta queste voci e premi fix checked


F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: (no name) - {3f14a731-697b-4873-bece-1b50a7db0bbf} - C:\WINDOWS\system32\fuwobozu.dll

O2 - BHO: C:\WINDOWS\system32\jkse73hedfdgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jkse73hedfdgf.dll

O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Programmi\Mjcore\Mjcore.dll

O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe

O4 - HKLM\..\Run: [wibezudoge] Rundll32.exe "C:\WINDOWS\system32\panosuba.dll",s

O4 - HKLM\..\Run: [CPM67c6cc21] Rundll32.exe "c:\windows\system32\seregapo.dll",a

O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKUS\S-1-5-19\..\Run: [wibezudoge] Rundll32.exe "C:\WINDOWS\system32\panosuba.dll",s (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [wibezudoge] Rundll32.exe "C:\WINDOWS\system32\panosuba.dll",s (User 'SERVIZIO DI RETE')

O20 - AppInit_DLLs: c:\windows\system32\seregapo.dll,C:\WINDOWS\system32\gadonesi.dll

O20 - Winlogon Notify: jkkKefGa - jkkKefGa.dll (file missing)

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\seregapo.dll

O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jkse73hedfdgf.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\seregapo.dll

O23 - Service: Servizio SNMP (SNMP) - Unknown owner - (no file)

O23 - Service: Servizio Trap SNMP (SNMPTRAP) - Unknown owner - (no file)




scarica Malwarebytes http://www.malwarebytes.org/mbam/program/mbam-setup.exe
1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
Torna in alto
 
pilu
Inviato: Sunday, January 04, 2009 11:58:15 PM
Rank: AiutAmico

Iscritto dal : 2/21/2006
Posts: 56
Ciao fatto tutto tranne l'aggiornamento di malwarebytes perchè non posso connetermi.
Ti allego il log di avenger:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun Jan 04 22:56:30 2009

22:56:30: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSpaxt.sys
Driver disabled successfully.

Rootkit scan completed.

File "C:\WINDOWS\system32\csrcs.exe" deleted successfully.
File "c:\WINDOWS\system32\sysmgr.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



E quindi quello di malwarebytes:
Malwarebytes' Anti-Malware 1.31
Versione del database: 1456
Windows 5.1.2600 Service Pack 3

04/01/2009 23.39.19
mbam-log-2009-01-04 (23-39-12).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 84486
Tempo trascorso: 20 minute(s), 48 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 4
Chiavi di registro infette: 35
Valori di registro infetti: 5
Elementi dato del registro infetti: 7
Cartelle infette: 6
File infetti: 44

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\WINDOWS\system32\gadonesi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\panosuba.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\seregapo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkse73hedfdgf.dll (Trojan.BHO) -> No action taken.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f14a731-697b-4873-bece-1b50a7db0bbf} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f14a731-697b-4873-bece-1b50a7db0bbf} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Zlob.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{50a1aa3b-80e3-15cf-0f1a-83a98ad98fe9} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7f68785e-4894-7bb2-5fde-cc3eee2ebc82} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e698e657-649e-5d40-752d-9a3b78ea832a} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{fe3af205-54df-b146-1f0e-c9262829ed18} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{84d39d08-a551-a4e5-c8d1-3327573d4640} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f608c2d0-846d-4f0e-e47a-88367c887707} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d0661233-42d4-f7f1-80e1-8a9e0e99e71d} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BrowsingTool (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BrowsingTool.DLL (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm67c6cc21 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wibezudoge (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Zlob.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\gadonesi.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gadonesi.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\gadonesi.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\seregapo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\seregapo.dll -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
C:\Programmi\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Programmi\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Programmi\Webtools (Trojan.Agent) -> No action taken.
C:\Programmi\Mjcore (Trojan.BHO) -> No action taken.
C:\Documents and Settings\PASQUALE\Dati applicazioni\gadcom (Trojan.Agent) -> No action taken.
C:\Documents and Settings\PASQUALE\Dati applicazioni\speedrunner (Adware.SurfAccuracy) -> No action taken.

File infetti:
C:\WINDOWS\system32\gifepujo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ojupefig.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\motufoyo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\oyofutom.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nogilini.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\iniligon.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sekanawo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\owanakes.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wazuloro.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\oroluzaw.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\seregapo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\panosuba.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkse73hedfdgf.dll (Trojan.Zlob.H) -> No action taken.
C:\WINDOWS\system32\gadonesi.dll (Trojan.Vundo.H) -> No action taken.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Documents and Settings\PASQUALE\Desktop\Nuovi programmi PAPY\HiJackThis\backups\backup-20090102-024937-931.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\PASQUALE\Desktop\Nuovi programmi PAPY\HiJackThis\backups\backup-20090104-230756-973.dll (Trojan.Vundo.H) -> No action taken.
C:\Programmi\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\System Volume Information\_restore{908AD44F-A1AD-4BB2-ABD3-176C91A68107}\RP434\A0087899.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\TDSScfum.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSofxh.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\zesifimi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSpaxt.sys (Trojan.TDSS) -> No action taken.
C:\Programmi\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Programmi\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Programmi\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Programmi\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Programmi\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Documents and Settings\PASQUALE\Dati applicazioni\gadcom\gadcom.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\PASQUALE\Dati applicazioni\gadcom\gadcom.exe6g0 (Trojan.Agent) -> No action taken.
C:\Documents and Settings\PASQUALE\Dati applicazioni\speedrunner\config.cfg (Adware.SurfAccuracy) -> No action taken.
C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winsrc.dll (Adware.Toolbar) -> No action taken.
C:\WINDOWS\system32\Explorer32.exe (Backdoor.PoisonIvy) -> No action taken.
C:\WINDOWS\system32\tugokubu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hgGvwtTK.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayxyWPf.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\PASQUALE\Impostazioni locali\Temp\TDSS8d1e.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\PASQUALE\Impostazioni locali\Temp\TDSS8dba.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\TDSSfxwp.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> No action taken.


Grazie tante. A presto ...spero.
Torna in alto
 
pilu
Inviato: Monday, January 05, 2009 2:00:44 AM
Rank: AiutAmico

Iscritto dal : 2/21/2006
Posts: 56
Scusami, sono riuscito ad aggiornare Malwarebytes e ti allego il nuovo log:

Malwarebytes' Anti-Malware 1.31
Versione del database: 1571
Windows 5.1.2600 Service Pack 3

05/01/2009 1.53.11
mbam-log-2009-01-05 (01-52-58).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 86917
Tempo trascorso: 19 minute(s), 45 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 4
Chiavi di registro infette: 33
Valori di registro infetti: 5
Elementi dato del registro infetti: 7
Cartelle infette: 6
File infetti: 45

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\WINDOWS\system32\gadonesi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\panosuba.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\seregapo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkse73hedfdgf.dll (Trojan.Clicker) -> No action taken.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f14a731-697b-4873-bece-1b50a7db0bbf} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f14a731-697b-4873-bece-1b50a7db0bbf} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Zlob.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Clicker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{50a1aa3b-80e3-15cf-0f1a-83a98ad98fe9} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7f68785e-4894-7bb2-5fde-cc3eee2ebc82} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e698e657-649e-5d40-752d-9a3b78ea832a} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{fe3af205-54df-b146-1f0e-c9262829ed18} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{84d39d08-a551-a4e5-c8d1-3327573d4640} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f608c2d0-846d-4f0e-e47a-88367c887707} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d0661233-42d4-f7f1-80e1-8a9e0e99e71d} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BrowsingTool (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BrowsingTool.DLL (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm67c6cc21 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wibezudoge (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Zlob.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\gadonesi.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gadonesi.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\gadonesi.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\seregapo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\seregapo.dll -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
C:\Programmi\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Programmi\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Programmi\Webtools (Trojan.Agent) -> No action taken.
C:\Programmi\Mjcore (Trojan.BHO) -> No action taken.
C:\Documents and Settings\PASQUALE\Dati applicazioni\gadcom (Trojan.Agent) -> No action taken.
C:\Documents and Settings\PASQUALE\Dati applicazioni\speedrunner (Adware.SurfAccuracy) -> No action taken.

File infetti:
C:\WINDOWS\system32\gifepujo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ojupefig.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\motufoyo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\oyofutom.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nogilini.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\iniligon.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sekanawo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\owanakes.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wazuloro.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\oroluzaw.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\seregapo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\panosuba.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkse73hedfdgf.dll (Trojan.Zlob.H) -> No action taken.
C:\WINDOWS\system32\gadonesi.dll (Trojan.Vundo.H) -> No action taken.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Documents and Settings\PASQUALE\Dati applicazioni\gadcom\gadcom.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\PASQUALE\Dati applicazioni\gadcom\gadcom.exe6g0 (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\PASQUALE\Desktop\Nuovi programmi PAPY\HiJackThis\backups\backup-20090102-024937-931.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\PASQUALE\Desktop\Nuovi programmi PAPY\HiJackThis\backups\backup-20090104-230756-350.dll (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\PASQUALE\Desktop\Nuovi programmi PAPY\HiJackThis\backups\backup-20090104-230756-973.dll (Trojan.Vundo.H) -> No action taken.
C:\Programmi\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\System Volume Information\_restore{908AD44F-A1AD-4BB2-ABD3-176C91A68107}\RP434\A0087899.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\TDSScfum.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSofxh.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\explorer32.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\ieupdates.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\tugokubu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zesifimi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wolizapa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSpaxt.sys (Trojan.TDSS) -> No action taken.
C:\Programmi\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Programmi\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Programmi\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Programmi\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Programmi\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Documents and Settings\PASQUALE\Dati applicazioni\speedrunner\config.cfg (Adware.SurfAccuracy) -> No action taken.
C:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winsrc.dll (Adware.Toolbar) -> No action taken.
C:\WINDOWS\system32\hgGvwtTK.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayxyWPf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\volorume.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\TDSSfxwp.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> No action taken.

Grazie ancora.
Torna in alto
 
shapiro
Inviato: Monday, January 05, 2009 9:41:14 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
bene - avvia di nuovo malwarebytes e togli tutto quello che ti ha trovato
Torna in alto
 
dario-vr
Inviato: Monday, January 05, 2009 7:11:29 PM

Rank: AiutAmico

Iscritto dal : 3/28/2007
Posts: 633
Ciao Pilu ho letto che hai solo ClamWin come antivirus ma questi non ti garantisce la protezione in tempo reale, un consiglio:
installa un antivirus residente anche freeware come puoi trovare qui nella sezione software sicurezza

http://software.aiutamici.com/software?ID=11537

ed un antispyware con protezione in tempo reale

http://software.aiutamici.com/software?ID=11418

seguendo le valide istruzioni delle schede di A.Roselli


Come firewall ho visto che usi ZoneAlarm e può andare bene, anche se preferisco di gran lunga PcTools, meno pesante ed a parer mio, molto sindacabile, più valido.
Ciao
Torna in alto
 
pilu
Inviato: Monday, January 05, 2009 9:17:11 PM
Rank: AiutAmico

Iscritto dal : 2/21/2006
Posts: 56
Ciao shapiro e grazie infinite per la tua disponibilità. Ho fatto tutto e fatto scansioni varie: tutto OK. Volevo dirti che stanotte,direi stamattina, ho fatto di testa mia per disinstallare SP3 ed Explorer con l'uso del cd originale di microsoft XP home ed in effetti sembra che ci sia riuscito. Ho installato AVG8 e SPYBOT aggiornandoli entrambi. Sono riuscito a connettermi a Internet wireless ma non con collegamento diretto USB ( Alice Home TV ). Il problema attuale è che non mi permette di fare Windows update ma soprattutto di entrare nel nostro forumaiuti dandomi entrambe le volte " impossibile trovare la chiave di ricerca richiesta nei contesti di attivazione correnti ". ( !? ). Ti allego il log di hijack rilevato qualche minuto fa. ( Avrei voluto farlo dal PC in convalescenza ma non sono riuscito ). Ti ringrazio anticipatamente per un ulteriore aiuto.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.49.24, on 05/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Wireless USB adapter Alice G-132\AirPlusCFG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\PASQUALE\Desktop\Nuovi programmi PAPY\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Alice ti aiuta\SmartBridge\MotiveSB.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG Utility] C:\Programmi\Wireless USB adapter Alice G-132\AirPlusCFG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1409082233-1788223648-682003330-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servizio SNMP (SNMP) - Unknown owner - (no file)
O23 - Service: Servizio Trap SNMP (SNMPTRAP) - Unknown owner - (no file)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5818 bytes
Torna in alto
 
pilu
Inviato: Monday, January 05, 2009 9:19:38 PM
Rank: AiutAmico

Iscritto dal : 2/21/2006
Posts: 56
Grazie anche a Dario -vr; credo di essermi attrezzato sufficientememte se hai la voglia di leggere il log hijack che ho postato poco fa per il grande shapiro.
Torna in alto
 
shapiro
Inviato: Monday, January 05, 2009 9:45:54 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
scusa tanto non per farmi i fatti tuoi ma hai tolto sp3??? e per quale motivo????
Torna in alto
 
pilu
Inviato: Monday, January 05, 2009 9:58:17 PM
Rank: AiutAmico

Iscritto dal : 2/21/2006
Posts: 56
Perchè durante l'aggiornamento di SP3 è successo tutto il pasticcio; poi ho letto su più parti che SP3 crea problemi ad Explorer 7. Ho intenzione però di riaggiornare.
Spero di non aver fatto una cavolata.
Torna in alto
 
shapiro
Inviato: Monday, January 05, 2009 10:08:06 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ma hai tolto il service pack 3 ti rendi conto? semmai trova IE6 che crea meno problemi ma reinstalla subito sp3
Torna in alto
 
pilu
Inviato: Monday, January 05, 2009 10:15:04 PM
Rank: AiutAmico

Iscritto dal : 2/21/2006
Posts: 56
Ma ora ho IE6; non posso fare l'update perchè viene fuori quel messaggio che ti ho scritto prima. Che faccio?
Torna in alto
 
shapiro
Inviato: Monday, January 05, 2009 10:22:12 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
quale messaggio?......
Torna in alto
 
pilu
Inviato: Monday, January 05, 2009 10:35:19 PM
Rank: AiutAmico

Iscritto dal : 2/21/2006
Posts: 56
Quello delle 21.17. Ti riscrivo il messaggio di errore quando cerco di andare in windows update o nel forum di aiutamici: " Impossibile trovare la chiave di ricerca richiesta nei contesti di attivazione correnti". Scusami se non sono stato molto chiaro.
Torna in alto
 
pilu
Inviato: Wednesday, January 07, 2009 12:09:47 AM
Rank: AiutAmico

Iscritto dal : 2/21/2006
Posts: 56
Ciao a tutti, desidero ringraziare Shapiro per l'aiuto che mi ha dato e sto scrivendo dal PC guarito.
Installato IE7+SP3; fatte tutte le scansioni ed il risultato è sempre OK.
Ti allego l'ultimo log di Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.06.20, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\Wireless USB adapter Alice G-132\AirPlusCFG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\PASQUALE\Desktop\Nuovi programmi PAPY\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Alice ti aiuta\SmartBridge\MotiveSB.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG Utility] C:\Programmi\Wireless USB adapter Alice G-132\AirPlusCFG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servizio SNMP (SNMP) - Unknown owner - (no file)
O23 - Service: Servizio Trap SNMP (SNMPTRAP) - Unknown owner - (no file)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6222 bytes


Grazie ancora e buona notte.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log per favore


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.