Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Trojan Mebroot.B ha infettato il pc!

7 pages: 1 2 3 4 [5] 6 7
Trojan Mebroot.B ha infettato il pc! Opzioni
Topic Precedente · Topic Sucessivo
parthenopea
Inviato: Thursday, March 19, 2009 3:11:19 PM
Rank: Newbie

Iscritto dal : 3/16/2009
Posts: 0
Shapiro buongiorno eccomi di ritorno... allora che ne pensi del log?
Torna in alto
 
shapiro
Inviato: Thursday, March 19, 2009 3:20:06 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
sembra che abbia eliminato le ultime infezioni rimaste

hai ancora problemi col pc? riesci ad installare l'antivirus?
Torna in alto
 
parthenopea
Inviato: Thursday, March 19, 2009 3:27:36 PM
Rank: Newbie

Iscritto dal : 3/16/2009
Posts: 0
Ah che bello!!!!!
Shapiro ti faccio i miei complimenti... mi hai salvata... non esagero e sai bene che non scherzo... sei un mago:-)))))))) ho apprezzato molto la tua professionalita' e la tua preparazione.... GRAZIE!!!!! e Grazie a questo forum che mi ha dato la possibilita' di essere aiutata da una persona come te!

Emmo' passiamo all'antivirus:-) non l'ho ancora installato e non vorrei reinstallare avast... cosa mi consigli?
Torna in alto
 
shapiro
Inviato: Thursday, March 19, 2009 4:33:37 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
no Marina ma che mago, sono uno che cerca solo di aiutare

per l'antivirus ti posso consigliare avira free - non scansiona la posta ma puoi farlo tu prima di aprirla, oppure con circa 20 euro l'anno acquisti avira premium che te la scansiona....oppure metti avg, buono anche lui ma un po' tropppo pesante


fammi sapere se riesci ad installarlo, e togli combofix in questo modo


Da Start >> Esegui, scrivi ( o copia e incolla) la stringa ComboFix /u
cancella la cartella C\qoobox
cancella la cartella ComboFix del desktop
Torna in alto
 
parthenopea
Inviato: Thursday, March 19, 2009 5:07:13 PM
Rank: Newbie

Iscritto dal : 3/16/2009
Posts: 0
Sei solo troppo modesto:-)

Ok nel frattempo ho installato BitDefender
ho fatto come hai detto per ComboFix ma la cartella sul desktop non c'e' mai stata la sto cercando... dove potrebbe essere?
Torna in alto
 
parthenopea
Inviato: Thursday, March 19, 2009 5:15:45 PM
Rank: Newbie

Iscritto dal : 3/16/2009
Posts: 0
Shapiro ho trovato una cartella in C con questo nome 32788R22FWJFW ci sono tantissimi files tra cui ComboFix-Download.cfexe e ndis_combofix.dat e' questa la cartella che devo eliminare?
Torna in alto
 
shapiro
Inviato: Thursday, March 19, 2009 5:27:47 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
devi trovare la cartella di combofix in C:\
cancella la cartella C\qoobox
Torna in alto
 
parthenopea
Inviato: Thursday, March 19, 2009 5:35:08 PM
Rank: Newbie

Iscritto dal : 3/16/2009
Posts: 0
ahhhh ma qoobox l'ho cancellata .... avevo capito che ci fosse un altra cartella chiamata combofix... ok e' tutto fatto allora
Torna in alto
 
shapiro
Inviato: Thursday, March 19, 2009 5:36:59 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
fai quest'ultimo sforzo dai

Scarica Lop S&D | http://eric.71.mespages.googlepages.com/LopSD.exe
con tutte le applicazioni chiuse e disconnesso
doppio click su LopSD
scegli la lingua E (invio)
1 (ricerca) invio

al termine dello scan riavvia LopSD
questa volta scegli l'opzione 2 (invio)

allega il report C:\LopR.txt insieme ad un nuovo log di hijackthis
Torna in alto
 
parthenopea
Inviato: Thursday, March 19, 2009 5:38:03 PM
Rank: Newbie

Iscritto dal : 3/16/2009
Posts: 0
ok vado
Torna in alto
 
parthenopea
Inviato: Thursday, March 19, 2009 6:18:31 PM
Rank: Newbie

Iscritto dal : 3/16/2009
Posts: 0

rieccomi


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2400+ )
BIOS : Default System BIOS
USER : Maru Rita Ily ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Antivirus 12.0 (Activated)
Firewall : BitDefender Firewall 12.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:27 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:86 Go (Free:58 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
I:\ (Local Disk) - NTFS - Total:298 Go (Free:167 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 19/03/2009|18.02 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in DATIAP~1

[19/03/2009|14.51] C:\DOCUME~1\ADMINI~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte disponibili

[07/03/2009|19.39] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe
[19/03/2009|14.50] C:\DOCUME~1\ALLUSE~1\DATIAP~1\avg8
[19/03/2009|16.28] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Avira
[19/03/2009|16.29] C:\DOCUME~1\ALLUSE~1\DATIAP~1\BitDefender
[07/03/2009|18.57] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Downloaded Installations
[07/03/2008|16.47] C:\DOCUME~1\ALLUSE~1\DATIAP~1\DVD Shrink
[07/03/2009|20.00] C:\DOCUME~1\ALLUSE~1\DATIAP~1\FLEXnet
[30/03/2008|14.54] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Friday's games
[21/12/2008|14.51] C:\DOCUME~1\ALLUSE~1\DATIAP~1\GameHouse
[07/03/2009|17.11] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google
[14/02/2008|22.08] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Grisoft
[30/01/2009|14.56] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[17/02/2008|10.23] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Messenger Plus!
[03/04/2008|19.27] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[10/04/2008|13.29] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Motive
[27/12/2008|18.09] C:\DOCUME~1\ALLUSE~1\DATIAP~1\MumboJumbo
[14/12/2008|14.54] C:\DOCUME~1\ALLUSE~1\DATIAP~1\NOS
[26/02/2008|16.52] C:\DOCUME~1\ALLUSE~1\DATIAP~1\PC Suite
[24/01/2009|17.04] C:\DOCUME~1\ALLUSE~1\DATIAP~1\PlayFirst
[07/01/2009|19.04] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Playrix Entertainment
[08/10/2008|21.37] C:\DOCUME~1\ALLUSE~1\DATIAP~1\PopCap
[09/05/2008|14.50] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Sony Ericsson
[15/03/2009|17.21] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[16/02/2009|16.41] C:\DOCUME~1\ALLUSE~1\DATIAP~1\SUPERAntiSpyware.com
[14/12/2008|15.37] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TreeCardGames
[23/02/2008|18.19] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Trymedia
[09/01/2009|17.55] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Vivendi Universal Games
[22/02/2008|20.55] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[14/02/2008|20.00] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Live Toolbar
[01/03/2008|21.33] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WindowsLiveInstaller
[01/03/2008|21.33] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WLInstaller
[18/03/2009|21.07] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Yahoo! Companion
[19/12/2008|21.48] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Zylom
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[35|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[13/02/2008|19.44] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[14/02/2008|16.35] C:\DOCUME~1\LOCALS~1\DATIAP~1\Ahead
[18/12/2008|16.25] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[08/03/2009|10.38] C:\DOCUME~1\MARURI~1\DATIAP~1\Adobe
[28/02/2008|14.35] C:\DOCUME~1\MARURI~1\DATIAP~1\AdobeUM
[24/02/2008|19.43] C:\DOCUME~1\MARURI~1\DATIAP~1\Ahead
[20/05/2008|14.26] C:\DOCUME~1\MARURI~1\DATIAP~1\ArcSoft
[14/02/2008|18.17] C:\DOCUME~1\MARURI~1\DATIAP~1\ATI
[19/03/2009|16.22] C:\DOCUME~1\MARURI~1\DATIAP~1\BitDefender
[07/03/2009|19.44] C:\DOCUME~1\MARURI~1\DATIAP~1\com.adobe.ExMan
[14/02/2008|18.17] C:\DOCUME~1\MARURI~1\DATIAP~1\DAEMON Tools
[06/04/2008|15.37] C:\DOCUME~1\MARURI~1\DATIAP~1\Datalayer
[18/03/2009|20.44] C:\DOCUME~1\MARURI~1\DATIAP~1\drivers
[09/03/2009|17.04] C:\DOCUME~1\MARURI~1\DATIAP~1\FileMaker
[05/03/2009|16.47] C:\DOCUME~1\MARURI~1\DATIAP~1\FileZilla
[21/12/2008|22.37] C:\DOCUME~1\MARURI~1\DATIAP~1\GameHouse
[11/10/2008|21.23] C:\DOCUME~1\MARURI~1\DATIAP~1\GanymedeNet
[17/11/2008|10.22] C:\DOCUME~1\MARURI~1\DATIAP~1\Google
[31/07/2008|16.03] C:\DOCUME~1\MARURI~1\DATIAP~1\Help
[13/02/2008|19.50] C:\DOCUME~1\MARURI~1\DATIAP~1\Identities
[07/10/2008|16.48] C:\DOCUME~1\MARURI~1\DATIAP~1\iLike
[21/12/2008|15.44] C:\DOCUME~1\MARURI~1\DATIAP~1\Jane s Hotel Family Hero
[07/03/2008|01.43] C:\DOCUME~1\MARURI~1\DATIAP~1\Leadertech
[07/03/2009|18.53] C:\DOCUME~1\MARURI~1\DATIAP~1\Macromedia
[14/12/2008|21.04] C:\DOCUME~1\MARURI~1\DATIAP~1\MahJong Suite
[30/01/2009|14.56] C:\DOCUME~1\MARURI~1\DATIAP~1\Malwarebytes
[19/03/2009|14.47] C:\DOCUME~1\MARURI~1\DATIAP~1\Microsoft
[16/07/2008|15.15] C:\DOCUME~1\MARURI~1\DATIAP~1\Motive
[26/08/2008|11.18] C:\DOCUME~1\MARURI~1\DATIAP~1\Mozilla
[20/12/2008|21.30] C:\DOCUME~1\MARURI~1\DATIAP~1\My Games
[06/04/2008|15.39] C:\DOCUME~1\MARURI~1\DATIAP~1\Nokia
[06/04/2008|15.38] C:\DOCUME~1\MARURI~1\DATIAP~1\Nokia Multimedia Player
[26/02/2008|16.50] C:\DOCUME~1\MARURI~1\DATIAP~1\PC Suite
[24/01/2009|17.04] C:\DOCUME~1\MARURI~1\DATIAP~1\PlayFirst
[07/03/2008|20.40] C:\DOCUME~1\MARURI~1\DATIAP~1\SecuROM
[08/05/2008|13.39] C:\DOCUME~1\MARURI~1\DATIAP~1\Sony Ericsson
[14/02/2008|20.56] C:\DOCUME~1\MARURI~1\DATIAP~1\Sun
[16/02/2009|16.41] C:\DOCUME~1\MARURI~1\DATIAP~1\SUPERAntiSpyware.com
[22/02/2008|16.27] C:\DOCUME~1\MARURI~1\DATIAP~1\Talkback
[08/05/2008|13.40] C:\DOCUME~1\MARURI~1\DATIAP~1\Teleca
[16/02/2008|20.00] C:\DOCUME~1\MARURI~1\DATIAP~1\WinRAR
[18/03/2009|21.07] C:\DOCUME~1\MARURI~1\DATIAP~1\Yahoo!
[0|File] C:\DOCUME~1\MARURI~1\DATIAP~1\byte
[41|Directory] C:\DOCUME~1\MARURI~1\DATIAP~1\byte disponibili

[18/12/2008|16.25] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[19/03/2009 17.16][--a------] C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[19/03/2009 16.40][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/08/2001 13.00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[07/03/2009|19.26] C:\Programmi\Adobe
[30/11/2008|21.56] C:\Programmi\AGEIA Technologies
[10/04/2008|13.29] C:\Programmi\Alice ti aiuta
[14/02/2008|16.27] C:\Programmi\ATI Technologies
[18/03/2009|21.07] C:\Programmi\CCleaner
[24/02/2008|17.33] C:\Programmi\C-Media 3D Audio
[10/04/2008|13.29] C:\Programmi\Common Files
[13/02/2008|19.41] C:\Programmi\ComPlus Applications
[12/11/2008|13.20] C:\Programmi\Core Design
[26/02/2008|16.52] C:\Programmi\DIFX
[17/02/2008|16.33] C:\Programmi\D-Tools
[06/03/2008|21.54] C:\Programmi\EA GAMES
[17/03/2009|19.24] C:\Programmi\eMule
[18/03/2009|20.44] C:\Programmi\File comuni
[18/03/2009|22.36] C:\Programmi\FindyKill
[07/03/2009|17.11] C:\Programmi\Google
[16/03/2009|11.00] C:\Programmi\hijackthis
[07/03/2009|18.54] C:\Programmi\InstallShield Installation Information
[14/02/2008|16.22] C:\Programmi\Internet Explorer
[05/12/2008|22.14] C:\Programmi\Java
[08/11/2008|15.42] C:\Programmi\Logitech
[13/02/2008|19.40] C:\Programmi\Messenger
[06/02/2009|14.08] C:\Programmi\Messenger Plus! Live
[03/03/2008|08.01] C:\Programmi\MessengerPlus! 3
[13/02/2008|19.45] C:\Programmi\microsoft frontpage
[06/03/2008|17.56] C:\Programmi\Microsoft Office
[09/04/2008|15.04] C:\Programmi\Microsoft.NET
[10/04/2008|13.29] C:\Programmi\Motive
[13/02/2008|19.42] C:\Programmi\Movie Maker
[13/02/2008|19.40] C:\Programmi\MSN Gaming Zone
[06/02/2009|14.08] C:\Programmi\MSN Messenger
[14/02/2008|16.19] C:\Programmi\Nero
[13/02/2008|19.42] C:\Programmi\NetMeeting
[14/12/2008|14.54] C:\Programmi\NOS
[13/02/2008|19.42] C:\Programmi\Outlook Express
[16/03/2009|10.12] C:\Programmi\Panda Security
[04/10/2008|14.36] C:\Programmi\ReflexiveArcade
[08/04/2008|23.36] C:\Programmi\SAMSUNG
[13/02/2008|19.43] C:\Programmi\Servizi in linea
[08/05/2008|13.55] C:\Programmi\Sony Ericsson
[10/04/2008|13.27] C:\Programmi\Telecom Italia
[16/03/2009|11.08] C:\Programmi\Trend Micro
[13/02/2008|19.50] C:\Programmi\Uninstall Information
[01/03/2008|21.33] C:\Programmi\Windows Live
[14/02/2008|21.55] C:\Programmi\Windows Live Toolbar
[23/07/2008|08.57] C:\Programmi\Windows Media Connect 2
[04/10/2008|14.59] C:\Programmi\Windows Media Player
[13/02/2008|19.40] C:\Programmi\Windows NT
[13/02/2008|19.43] C:\Programmi\WindowsUpdate
[14/02/2008|19.57] C:\Programmi\WinRAR
[13/02/2008|19.45] C:\Programmi\xerox
[18/03/2009|21.07] C:\Programmi\Yahoo!
[15/03/2009|16.08] C:\Programmi\Your Company Name
[07/03/2009|18.58] C:\Programmi\Zylom Games
[0|File] C:\Programmi\byte
[56|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[07/03/2009|19.36] C:\Programmi\File comuni\Adobe
[07/03/2009|19.28] C:\Programmi\File comuni\Adobe AIR
[07/03/2008|20.55] C:\Programmi\File comuni\Ahead
[20/05/2008|14.23] C:\Programmi\File comuni\ArcSoft
[19/03/2009|16.21] C:\Programmi\File comuni\BitDefender
[09/04/2008|15.04] C:\Programmi\File comuni\DESIGNER
[24/02/2008|16.29] C:\Programmi\File comuni\InstallShield
[14/02/2008|20.54] C:\Programmi\File comuni\Java
[23/10/2008|19.47] C:\Programmi\File comuni\Logitech
[07/03/2009|18.54] C:\Programmi\File comuni\Macromedia
[25/02/2009|19.06] C:\Programmi\File comuni\Macrovision Shared
[30/11/2008|21.55] C:\Programmi\File comuni\Microsoft Shared
[10/04/2008|13.29] C:\Programmi\File comuni\Motive
[13/02/2008|19.42] C:\Programmi\File comuni\MSSoap
[13/02/2008|20.29] C:\Programmi\File comuni\ODBC
[13/02/2008|19.42] C:\Programmi\File comuni\Services
[13/02/2008|20.29] C:\Programmi\File comuni\SpeechEngines
[09/04/2008|15.04] C:\Programmi\File comuni\System
[09/01/2009|17.55] C:\Programmi\File comuni\Vivendi Universal Games
[16/02/2009|16.40] C:\Programmi\File comuni\Wise Installation Wizard
[0|File] C:\Programmi\File comuni\byte
[22|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 37 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 18:08:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 6

--------------------\\ Searching for other infections


No other infections found !

[F:18][D:5]-> C:\DOCUME~1\MARURI~1\IMPOST~1\Temp
[F:6][D:0]-> C:\DOCUME~1\MARURI~1\Cookies
[F:207][D:4]-> C:\DOCUME~1\MARURI~1\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 19/03/2009|17.59 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 19/03/2009|18.09 - Option : [2]

--------------------\\ Scan completed at 18.09.46
Torna in alto
 
parthenopea
Inviato: Thursday, March 19, 2009 6:19:17 PM
Rank: Newbie

Iscritto dal : 3/16/2009
Posts: 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.16.13, on 19/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
D:\Bit defender\programma installato\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
D:\Adobe Acrobat PDF\PROGRAMMA INSTALLATO\Acrobat\Acrotray.exe
D:\Malwarebytes.Anti-Malware\Programma installato\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
D:\Bit defender\programma installato\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
D:\Gadwin\PrintScreen\PrintScreen.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Bit defender\programma installato\BitDefender 2009\seccenter.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Maru Rita Ily\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dt-updates.com/activate?query=Tbz%2btLjMtUO3Ju4%2fq0OeMxwNpcrobKjLola6hTdNF%2ftW7Daz2J2xWiSwfHnh%2b9LgdY14wijU%2bpyxiM0GSD2uP7bPgXhQZQV2FB7TOzsmhoGaWZM%2b1y4BUlSpQQEGn0bAxU0ZAfIg3Yl8pueYsKISPXoEc%2bk8T%2fzTCzmgh84EO0ZXIwVJVZ8T8SY%2fAgkXrQnjNkrsEtwAD2oT7EZUerjgwTkCD%2fj2c2tNlV7%2fXV2flZgyWfzfa77dDvC4BcdWi3cVORe%2fpj3PG682TXFj%2fmDxvFr9w5LYF0dwIKiykxbxCok%3d
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe Acrobat PDF\PROGRAMMA INSTALLATO\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe Acrobat PDF\PROGRAMMA INSTALLATO\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\Bit defender\programma installato\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Name of App] C:\Programmi\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Adobe Acrobat PDF\PROGRAMMA INSTALLATO\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Malwarebytes.Anti-Malware\Programma installato\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "D:\Avira antivirus\Avira Premium Security Suite v8.1.00.206 FULL Edition + KEY\Programma installato\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [BDAgent] "D:\Bit defender\programma installato\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\Bit defender\programma installato\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] D:\Gadwin\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Superantispyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Adobe Acrobat PDF\PROGRAMMA INSTALLATO\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Aggiungi a PDF esistente - res://D:\Adobe Acrobat PDF\PROGRAMMA INSTALLATO\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?fddcd304f22846059e2a0b5a79083526
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?fddcd304f22846059e2a0b5a79083526
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://D:\Adobe Acrobat PDF\PROGRAMMA INSTALLATO\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://D:\Acrobat PDF\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://D:\Acrobat PDF\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://D:\Acrobat PDF\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://D:\Adobe Acrobat PDF\PROGRAMMA INSTALLATO\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://D:\Adobe Acrobat PDF\PROGRAMMA INSTALLATO\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://D:\Acrobat PDF\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://194.244.16.117/g_bin/eng/breakout_2_0_0_29.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://194.244.16.123/g_bin/eng/words_2_0_0_51.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://194.244.16.117/g_bin/eng/mahjong_2_0_0_31.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{13BD9FF6-15F2-4993-A9CF-D1ACC2698988}: NameServer = 85.37.17.11 85.38.28.69
O20 - Winlogon Notify: !SASWinLogon - D:\Superantispyware\SASWINLO.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Programmi\File comuni\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - D:\AVG Antispyware\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Malwarebytes.Anti-Malware\Programma installato\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - D:\Bit defender\programma installato\BitDefender 2009\vsserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

--
End of file - 12220 bytes
Torna in alto
 
shapiro
Inviato: Thursday, March 19, 2009 8:05:49 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
sembra tutto a posto

elimina questa voce con hjt

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

una cosa molto importante e' scaricare il service pack 3

scaricalo da qui

http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&DisplayLang=it
Torna in alto
 
parthenopea
Inviato: Thursday, March 19, 2009 8:22:33 PM
Rank: Newbie

Iscritto dal : 3/16/2009
Posts: 0
ok ti ringrazio ## shapiro sei sempre molto gentile!
Torna in alto
 
shapiro
Inviato: Friday, March 20, 2009 9:59:48 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
hai ancora problemi parthenopea?
Torna in alto
 
steven75
Inviato: Friday, March 20, 2009 10:11:38 AM
Rank: Member

Iscritto dal : 5/8/2006
Posts: 0
giusto per la cronaca, questa voce non và eliminata e non é missing, appartiene a messenger
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

il log indica che non esiste il file ma vi è una voce in una sottochiave con alcuni richiami, quindi non andrebbe fixata
Torna in alto
 
shapiro
Inviato: Friday, March 20, 2009 10:35:52 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao steve75

la chiave O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) mi dici a cosa serve se manca il file?
Torna in alto
 
steven75
Inviato: Friday, March 20, 2009 12:31:24 PM
Rank: Member

Iscritto dal : 5/8/2006
Posts: 0
ciao shapiro,

quello che dice hijackthis non é sacrosanto, e anche se lui segnala file missing, la chiave contiene una sottocartella, nella quale sono presenti altri valori



quindi a mio avviso e non solo, quella voce é meglio lasciarla li dov'é

se ti fai un giro nel registro, vedrai che molte delle altre chiavi presenti in quel percorso che non ti sogneresti mai di eliminare, non sono legate a dei file, ma a delle sotto cartelle, esattamente come la voce in questione
Torna in alto
 
shapiro
Inviato: Friday, March 20, 2009 1:14:36 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao steve 75

sara' anche come dici, ma ci sono delle versioni contrastanti su quella chiave


http://forum.swzone.it/showthread.php?t=85508

http://www.megalab.it/forum/viewtopic.php?p=296207&sid=622c60b2b4e73380cb2e39bc51661251

http://www.notrace.it/forum2/post.asp?method=ReplyQuote&REPLY_ID=61308&TOPIC_ID=9850&FORUM_ID=4
Torna in alto
 
steven75
Inviato: Friday, March 20, 2009 2:00:02 PM
Rank: Member

Iscritto dal : 5/8/2006
Posts: 0
shapiro, ognuno fà come meglio crede, anche io all'inizio dicevo di fixarla, ma poi guardando bene ho deciso di non farlo piu , e quindi resto dell'idea che é meglio lasciarla li
Torna in alto
 
Utenti presenti in questo topic
Guest

7 pages: 1 2 3 4 [5] 6 7

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Trojan Mebroot.B ha infettato il pc!


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.