Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo LOG & altri problemi (aiutatemi prima possibile se potete)

controllo LOG & altri problemi (aiutatemi prima possibile se potete) Opzioni
Topic Precedente · Topic Sucessivo
jkl
Inviato: Sunday, January 11, 2009 1:49:21 AM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129
CHIEDO SCUSA SE RICHIEDO UN INTERVENTO IL PRIMA POSSIBILE MA HO DIVERSI DOCUMENTI DI LAVORO IMPORTANTI CHIEDO ANCORA SCUSA
Ho il computer pieno di virus, ho fatto in modalità provvisoria una scansione con avg, mi ha trovato un casino di Trojan, un paio penso di averli rimossi con Spybot,ho fatto una pulizia anche con Cccleaner,però se me lo controllato sto più sicuro
un altro problema è che non riesco a disiinstallare un gioco GTA2 o meglio sembra disistallato, perchè non compare diciamo l'immagine di gta2, e comunque quando provo a disiinstallare quel coso li mi viene una finestra con scritto "Istall shield setup launcher ha smesso di funzionare". pe rinformazione ho un Windows Vista.
ora vi posto il LOG hijack che ho ricavato dalla modalità provvisoria (l'ho eseguita dopo aver fatto l'antivirus e lo spybot)
-
-
-
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.46.04, on 11/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [update 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000] %AppData%\wunauclt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: FreePOPs.lnk = C:\Program Files\FreePOPs\freepopsd.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6029 bytes


GRAZIE PER L'AIUTO,
SEITE UNICI COME AL SOLITO
Torna in alto
 
Sponsor
Inviato: Sunday, January 11, 2009 1:49:21 AM

 
Torna in alto
 
shapiro
Inviato: Sunday, January 11, 2009 9:39:25 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Apri hjt, spunta queste voci e premi fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [update 00000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000] %AppData%\wunauclt.exe






scarica Malwarebytes http://www.malwarebytes.org/mbam/program/mbam-setup.exe
1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
Torna in alto
 
jkl
Inviato: Sunday, January 11, 2009 5:22:15 PM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129
per sbaglio ho eseguito prima il programma che mi hai consigliato invece di eliminare i file con hijack this,
cmq sia non ha avuto i ltempo di finire la scansione completa perchè mi è venuta una schermata blu,
e mi si è spento il computer,
cosa mi consigliate?
grazie per le risposte!
Torna in alto
 
shapiro
Inviato: Sunday, January 11, 2009 5:25:17 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
schermata blu con malwarebytes? mah!!!

scarica ► http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Disattiva l'antivirus e i programmi anti-spyware
Disconnetti il pc da internet
Se hai delle icone di collegamento a programmi sul desktop, crea una cartella apposita e copiale al suo interno

Doppio click su combofix.exe e segui le istruzioni passo a passo

Quando avrà finito creerà il log C:\combofix.txt salvalo e postalo come gli altri report.

Nota bene : durante la scansione verranno creati dei file sul desktop e scompariranno le icone, potrebbe succedere che qualche programma ti chiede cosa fare per la rimozione dei drivers, in questo caso accossenti, si tratta probabilmente di drivers infetti.

Il programma creerà la cartella C:\QooBox ed all'interno della stessa verrà posizionato un backup dei files rimossi ed un file di backup del registro di windows chiamato Hiv-backup.

NON TOCCARE MOUSE E TASTIERA durante la scansione.
Torna in alto
 
jkl
Inviato: Sunday, January 11, 2009 6:06:30 PM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129
allora ho eliminato le cose che mi hai detto con hijack, poi ho eseguito il programma malwarbyte, e ti posto qui il LOG:
Malwarebytes' Anti-Malware 1.32
Versione del database: 1643
Windows 6.0.6001 Service Pack 1

11/01/2009 17.58.59
mbam-log-2009-01-11 (17-58-51) MALWARE

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 135002
Tempo trascorso: 29 minute(s), 4 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 2
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Windows\System32\nnnkJDsP.dll (Backdoor.Agent) -> No action taken.
C:\Windows\System32\iifcCSIb.dll (Trojan.Vundo) -> No action taken.
Torna in alto
 
shapiro
Inviato: Sunday, January 11, 2009 6:20:17 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
elimina tutto quello che malwarebytes ha trovato ed esegui combofix

facciamo un bel po' di pulizia

il pc ha ripreso?
Torna in alto
 
jkl
Inviato: Sunday, January 11, 2009 8:26:07 PM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129
ecco questo è il log di malwarbyte(riguarda l'ultima scansione) :
Malwarebytes' Anti-Malware 1.32
Versione del database: 1643
Windows 6.0.6001 Service Pack 1

11/01/2009 19.49.36
mbam-log-2009-01-11 (19-49-36).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 134007
Tempo trascorso: 29 minute(s), 2 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 2
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Windows\System32\nnnkJDsP.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\iifcCSIb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


*************************************************************************************************
questo invece è il log di combofix (ultima scansione)

ComboFix 09-01-10.03 - Marco 2009-01-11 19:59:50.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1022.187 [GMT 1:00]
Eseguito da: c:\users\Marco\Documents\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\TDSSmcmc.sys
c:\windows\system32\TDSScrrx.dll
c:\windows\system32\TDSSfopt.dll
c:\windows\system32\TDSSmbcb.dat
c:\windows\system32\TDSSntlv.log
c:\windows\system32\TDSSogrx.dll
c:\windows\system32\TDSSrfpp.dll
c:\windows\system32\TDSStmei.dll
c:\windows\system32\TDSSwqsc.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Creati Da 2008-12-11 al 2009-01-11 )))))))))))))))))))))))))))))))))))
.

2009-01-11 16:09 . 2009-01-11 16:09 <DIR> d-------- c:\users\Marco\AppData\Roaming\Malwarebytes
2009-01-11 16:09 . 2009-01-11 16:09 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-11 16:09 . 2009-01-11 16:09 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-11 16:09 . 2009-01-11 16:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 16:09 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-11 16:09 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-11 02:13 . 2009-01-11 02:13 <DIR> d-------- c:\program files\Tracker Software
2009-01-11 01:57 . 2009-01-11 01:57 <DIR> d-------- c:\users\Marco\AppData\Roaming\Auslogics
2009-01-11 01:57 . 2009-01-11 01:57 <DIR> d-------- c:\program files\Auslogics
2009-01-10 20:00 . 2009-01-10 20:00 77,561 --a------ c:\program files\update.zip
2009-01-09 17:59 . 2007-02-09 18:34 420,816 --a------ c:\users\Marco\AppData\Roaming\wunauclt.exe
2009-01-02 02:04 . 2009-01-11 00:38 <DIR> d-------- c:\program files\Everest Poker.net
2009-01-01 21:24 . 2009-01-01 21:25 <DIR> d-------- c:\users\All Users\Sports Interactive
2009-01-01 21:24 . 2009-01-01 21:25 <DIR> d-------- c:\programdata\Sports Interactive
2009-01-01 21:23 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-01-01 21:23 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-01-01 21:23 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-01-01 21:23 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-01-01 20:53 . 2009-01-01 20:53 <DIR> d-------- c:\users\Marco\AppData\Roaming\DAEMON Tools Pro
2009-01-01 20:53 . 2009-01-01 20:53 <DIR> d-------- c:\users\Marco\AppData\Roaming\DAEMON Tools
2009-01-01 20:52 . 2009-01-01 20:52 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite
2009-01-01 20:52 . 2009-01-01 20:52 <DIR> d-------- c:\programdata\DAEMON Tools Lite
2009-01-01 20:51 . 2009-01-01 20:52 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-01-01 20:51 . 2009-01-01 20:52 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-01-01 20:40 . 2009-01-01 20:40 717,296 --a------ c:\windows\System32\drivers\sptd.sys
2009-01-01 20:39 . 2009-01-01 20:54 <DIR> d-------- c:\users\Marco\AppData\Roaming\DAEMON Tools Lite
2009-01-01 20:00 . 2009-01-01 20:00 <DIR> dr------- c:\users\Marco\Music
2008-12-31 16:36 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-31 10:48 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-31 10:48 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-31 10:45 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-31 10:45 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-22 17:15 . 2008-12-22 17:15 <DIR> d-------- c:\program files\Rockstar Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 17:11 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-01-11 15:05 --------- d-----w c:\users\Marco\AppData\Roaming\AVG7
2009-01-11 02:55 --------- d-----w c:\program files\Google
2009-01-11 01:23 --------- d-----w c:\program files\Common Files\Adobe
2009-01-10 18:20 --------- d-----w c:\users\Marco\AppData\Roaming\uTorrent
2009-01-10 14:51 --------- d-----w c:\program files\eMule
2009-01-02 04:07 --------- d-----w c:\program files\Sports Interactive
2009-01-02 03:59 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 03:59 --------- d-----w c:\program files\Max Payne
2009-01-01 20:24 --------- d-----w c:\users\Marco\AppData\Roaming\Sports Interactive
2008-12-31 16:07 --------- d-----w c:\program files\Windows Mail
2008-12-31 15:42 --------- d-----w c:\programdata\Microsoft Help
2008-12-31 15:17 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-28 10:14 --------- d-----w c:\users\Marco\AppData\Roaming\PC Suite
2008-11-28 21:28 --------- d-----w c:\programdata\FLEXnet
2008-11-28 21:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-11 19:00 --------- d-----w c:\program files\CCleaner
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-08-08 11:54 174 --sha-w c:\program files\desktop.ini
2004-12-14 10:24 362,331,961 ----a-w c:\users\Marco\GTA2.exe
2008-07-26 09:45 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-26 09:45 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-26 09:45 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-12-10 929224]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-12-10 929224]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-18 590848]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-01-10 219136]

c:\users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FreePOPs.lnk - c:\program files\FreePOPs\freepopsd.exe [2007-11-17 49152]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-11-03 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2008-01-10 10:00 9216 c:\windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3461380361-3916217333-806040310-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{420F1B7A-5344-4D94-85A0-3E0531689767}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{A84FC36D-B7D8-451B-86DA-E7D924E88930}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{DF96124E-BB35-4018-A869-2A4CF01E3AAA}"= TCP:4672:Emule UDP
"{5AFA74E0-3DB6-48A6-BAC1-612D8FAD0EA8}"= UDP:4662:Emule TCP
"{9710076C-4179-458D-92D2-431A0458B644}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F9AA9B36-AC07-4A81-B883-3BA415984441}"= UDP:c:\program files\FreePOPs\freepopsd.exe:FreePOPs
"{E5DC226B-F7A2-4362-B1CE-497DA98591A9}"= TCP:c:\program files\FreePOPs\freepopsd.exe:FreePOPs
"{99217647-74B7-4060-9C04-055EAA493D86}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9570C4C0-B3C5-412F-ACD6-CF09B6F2AB49}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{40347A36-1F44-42EF-A910-0C67321880D5}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{20F24DC4-BECF-4F89-AD3A-EAFA4F516F4F}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{F6B9B592-BE78-4959-9A92-14A3E0626362}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{20874C13-5A95-4E58-85A4-B8E8331CF5C4}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{3740886E-2BB9-4147-8BB1-316BB1FA083E}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{8005B82F-7A5D-4B3A-A960-497FC632DD9C}c:\\program files\\sports interactive\\football manager 2008\\fm (2).exe"= UDP:c:\program files\sports interactive\football manager 2008\fm (2).exe:Football Manager 2008
"UDP Query User{B0790109-F6C5-44DF-8771-2E52F630B093}c:\\program files\\sports interactive\\football manager 2008\\fm (2).exe"= TCP:c:\program files\sports interactive\football manager 2008\fm (2).exe:Football Manager 2008
"TCP Query User{D37F2C8D-78E6-41E4-ADF7-B40636846CCE}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{69EFB253-8E07-422F-A27E-A2A4F3A3B1BC}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{6EA28D51-1D03-4B36-9208-7B7CCE350340}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{8E9834D3-4DFF-4BE6-95B9-5B78C9BFCF89}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{761996CC-2EEF-498B-AC4E-AB22DB8018B1}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{95771CD2-9737-4C19-8AD8-5689C8266BCB}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"{B1DBDC82-05D0-46C5-B7EE-FCC14302208A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{0D0C2935-44A6-49C6-A034-81BA1B1CF63A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{F4084069-FCD6-4010-BA8C-4B4FACD9ACA6}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{26FB2B81-2DF5-427A-99CE-9EC6336C97FC}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [2007-11-01 17920]
S3 digitran;Microsoft Input Tablet;c:\windows\System32\drivers\digitran.sys [2007-11-01 23528]
S4 smscir;SMSCIR Infrared Receiver;c:\windows\System32\drivers\smscir.sys [2007-11-01 62752]
S4 vhiddigi;Microsoft HID Digitizer Driver;c:\windows\System32\drivers\vhiddigi.sys [2007-11-01 23936]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4981f32-d83c-11dd-abf3-0019dbc4c0dd}]
\shell\AutoRun\command - J:\autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-10 c:\windows\Tasks\At1.job
- c:\users\Marco\AppData\Roaming\wunauclt.exe [2007-02-09 18:34]

2009-01-09 c:\windows\Tasks\At2.job
- c:\users\Marco\AppData\Roaming\wunauclt.exe [2007-02-09 18:34]

2009-01-10 c:\windows\Tasks\At3.job
- c:\users\Marco\AppData\Roaming\wunauclt.exe [2007-02-09 18:34]

2009-01-09 c:\windows\Tasks\At4.job
- c:\users\Marco\AppData\Roaming\wunauclt.exe [2007-02-09 18:34]

2009-01-10 c:\windows\Tasks\At5.job
- c:\users\Marco\AppData\Roaming\wunauclt.exe [2007-02-09 18:34]

2009-01-10 c:\windows\Tasks\At6.job
- c:\users\Marco\AppData\Roaming\wunauclt.exe [2007-02-09 18:34]

2009-01-10 c:\windows\Tasks\At7.job
- c:\users\Marco\AppData\Roaming\wunauclt.exe [2007-02-09 18:34]

2009-01-10 c:\windows\Tasks\At8.job
- c:\users\Marco\AppData\Roaming\wunauclt.exe [2007-02-09 18:34]

2009-01-10 c:\windows\Tasks\At9.job
- c:\users\Marco\AppData\Roaming\wunauclt.exe [2007-02-09 18:34]

2009-01-10 c:\windows\Tasks\kafhypbq.job
- c:\windows\system32\rundll32.exe [2006-11-02 10:45]

2009-01-11 c:\windows\Tasks\lurrwbjp.job
- c:\windows\system32\rundll32.exe [2006-11-02 10:45]

2009-01-11 c:\windows\Tasks\User_Feed_Synchronization-{D7B70733-77C3-4D66-8CEB-0CB058008DFB}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe


.
------- Supplementare di scansione -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 20:06:06
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'Explorer.exe'(3116)
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgrssvc.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\progra~1\Grisoft\AVG7\avgrssvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\Grisoft\AVG7\avgcc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-11 20:13:03 - macchina è stato riavviato [Marco]
ComboFix-quarantined-files.txt 2009-01-11 19:12:14

Pre-Run: 133,608,054,784 byte disponibili
Post-Run: 133,324,066,816 byte disponibili




=================
Secondo voi è tutto ok?
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo LOG & altri problemi (aiutatemi prima possibile se potete)


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.