Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Richiesta di aiuto

Richiesta di aiuto Opzioni
Topic Precedente · Topic Sucessivo
stewarman
Inviato: Saturday, May 16, 2009 4:40:43 PM
Rank: Member

Iscritto dal : 5/16/2009
Posts: 21
Salve,
mi sono appena iscritto al forum per cercare aiuto in merito ad un trojan ( in realtà sono 2 ) segnalatomi da AVG; leggendo altri post mi sembra di capire che devo innanzitutto postar il log di hijackthis, here we go:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.38.55, on 16/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\winlogon.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programmi\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Lucia Mori')
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c (User 'Lucia Mori')
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Lucia Mori')
O4 - HKUS\S-1-5-21-1085031214-688789844-1343024091-1004\..\Run: [sogcq] "c:\documents and settings\lucia mori\impostazioni locali\dati applicazioni\sogcq.exe" sogcq (User 'Lucia Mori')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212746228003
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe

--
End of file - 8387 bytes

Grazie anticipatamente
Torna in alto
 
Sponsor
Inviato: Saturday, May 16, 2009 4:40:43 PM

 
Torna in alto
 
r16
Inviato: Saturday, May 16, 2009 6:38:27 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
*********************************************************************************

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)

Per ultimo posta un log di HJT.
Torna in alto
 
stewarman
Inviato: Saturday, May 16, 2009 7:29:16 PM
Rank: Member

Iscritto dal : 5/16/2009
Posts: 21
Come da richiesta, ecco il log di Malwarebytes:

Malwarebytes' Anti-Malware 1.36
Versione del database: 2142
Windows 5.1.2600 Service Pack 3

16/05/2009 19.24.43
mbam-log-2009-05-16 (19-24-43).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 84659
Tempo trascorso: 11 minute(s), 36 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
simo95
Inviato: Saturday, May 16, 2009 7:31:30 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
con malwarebyte's devi fare la scansione completa
Torna in alto
 
stewarman
Inviato: Monday, May 18, 2009 9:13:20 AM
Rank: Member

Iscritto dal : 5/16/2009
Posts: 21
Di seguito riporto la scansione completa:

Malwarebytes' Anti-Malware 1.36
Versione del database: 2142
Windows 5.1.2600 Service Pack 3

18/05/2009 9.09.54
mbam-log-2009-05-18 (09-09-54).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 136055
Tempo trascorso: 1 hour(s), 22 minute(s), 51 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)


Di nuovo grazie anticipatamente
Torna in alto
 
stewarman
Inviato: Monday, May 18, 2009 9:16:10 AM
Rank: Member

Iscritto dal : 5/16/2009
Posts: 21
Dimenticavo.... il log file di ComboFix:

ComboFix 09-05-15.06 - Fabio Mori 16/05/2009 19.50.33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.478.130 [GMT 2:00]
Eseguito da: c:\documents and settings\Fabio Mori\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lucia Mori\Impostazioni locali\Dati applicazioni\sogcq.dat
c:\documents and settings\Lucia Mori\Impostazioni locali\Dati applicazioni\sogcq.exe
c:\documents and settings\Lucia Mori\Impostazioni locali\Dati applicazioni\sogcq_nav.dat
c:\documents and settings\Lucia Mori\Impostazioni locali\Dati applicazioni\sogcq_navps.dat
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc1.exe
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc10.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc11.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc12.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc13.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc14.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc15.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc16.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc17.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc18.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc19.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc20.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc21.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc22.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc23.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc24.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc25.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc3.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc4.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc5.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc6.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc7.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc8.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\Dc9.bak
c:\recycler\S-1-5-21-1085031214-688789844-1343024091-1004\INFO2

.
((((((((((((((((((((((((( Files Creati Da 2009-04-16 al 2009-05-16 )))))))))))))))))))))))))))))))))))
.

2009-05-16 16:54 . 2009-05-16 16:54 -------- d-----w c:\documents and settings\Fabio Mori\Dati applicazioni\Malwarebytes
2009-05-16 16:54 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 16:54 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 16:54 . 2009-05-16 16:54 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-05-16 16:54 . 2009-05-16 16:54 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-05-15 14:07 . 2009-05-15 14:07 -------- d-----w c:\documents and settings\Fabio Mori\Dati applicazioni\Image Zone Express
2009-04-22 12:36 . 2009-04-22 12:36 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\1245
2009-04-17 06:18 . 2009-05-11 12:25 -------- d-----w c:\documents and settings\Lucia Mori\Dati applicazioni\AVGTOOLBAR
2009-04-16 18:28 . 2009-05-02 07:13 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-16 18:28 . 2009-05-02 07:13 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-16 18:28 . 2009-05-02 07:13 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-16 18:28 . 2009-05-16 07:59 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-16 18:28 . 2009-05-06 07:50 -------- d-----w c:\documents and settings\Fabio Mori\Dati applicazioni\AVGTOOLBAR
2009-04-16 18:27 . 2009-04-16 18:27 -------- d-----w c:\programmi\AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 10:22 . 2008-06-12 07:14 -------- d-----w c:\programmi\DaneaEasyfatt2006
2009-05-15 14:17 . 2008-07-10 19:17 108608 ----a-w c:\documents and settings\Lucia Mori\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-08 18:46 . 2008-06-10 09:21 -------- d-----w c:\programmi\eMule
2009-04-17 08:15 . 2001-08-31 18:00 77686 ----a-w c:\windows\system32\perfc010.dat
2009-04-17 08:15 . 2001-08-31 18:00 455618 ----a-w c:\windows\system32\perfh010.dat
2009-04-08 16:46 . 2009-04-08 16:46 -------- d-----w c:\programmi\Trend Micro
2009-04-07 16:19 . 2009-04-07 16:17 -------- d-----w c:\programmi\Windows Live Safety Center
2009-04-02 12:55 . 2009-04-02 11:38 -------- d-----w c:\programmi\eboost
2009-04-02 12:55 . 2001-04-23 08:49 790528 ----a-w c:\programmi\eboostBK_Dati.DAT
2009-04-02 12:20 . 2009-04-02 12:20 24576 ----a-w c:\windows\system32\NINOUT32.dll
2009-04-02 12:20 . 2009-04-02 12:20 180224 ----a-w c:\windows\system32\ijl15.dll
2009-04-02 11:37 . 2009-04-02 11:37 249856 ------w c:\windows\Setup1.exe
2009-04-02 11:37 . 2009-04-02 11:37 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-02 11:37 . 2009-04-02 11:37 -------- d-----w c:\programmi\Setup eboost
2009-03-18 17:13 . 2009-03-18 17:13 -------- d-----w c:\programmi\eBay
2009-03-18 17:11 . 2008-06-12 06:56 -------- d-----w c:\programmi\File comuni\InstallShield
2009-03-06 14:19 . 2004-08-19 13:39 286208 ----a-w c:\windows\system32\pdh.dll
2001-08-31 12:00 . 2001-08-31 12:00 94816 --sh--w c:\windows\twain.dll
2008-04-13 17:13 . 2004-08-19 13:39 50688 --sh--w c:\windows\twain_32.dll
2008-04-13 17:13 . 2004-08-19 13:39 1028096 --sh--w c:\windows\system32\mfc42.dll
2008-04-13 17:13 . 2004-08-19 13:39 57344 --sh--w c:\windows\system32\msvcirt.dll
2008-04-13 17:13 . 2004-08-19 13:39 413696 --sh--w c:\windows\system32\msvcp60.dll
2008-04-13 17:13 . 2004-08-19 13:39 343040 --sh--w c:\windows\system32\msvcrt.dll
2008-04-13 17:13 . 2004-08-19 13:39 551936 --sh--w c:\windows\system32\oleaut32.dll
2008-04-13 17:13 . 2004-08-19 13:39 84992 --sh--w c:\windows\system32\olepro32.dll
2008-04-13 17:14 . 2004-08-19 13:39 12288 --sh--w c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Share-to-Web Namespace Daemon"="c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 172032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2008-2-8 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-02 07:13 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\eboost\\ScaricaDati.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16756:TCP"= 16756:TCP:NortonAV
"13336:TCP"= 13336:TCP:NortonAV

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/04/2009 20.28.38 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/04/2009 20.28.45 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/04/2009 20.27.42 298776]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 19:54
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-05-16 19.57.04
ComboFix-quarantined-files.txt 2009-05-16 17:56

Pre-Run: 22.703.468.544 byte disponibili
Post-Run: 23.761.387.520 byte disponibili

164 --- E O F --- 2009-05-14 06:56
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Richiesta di aiuto


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.