Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo Log. HIjack this

3 pages: 1 2 [3]
controllo Log. HIjack this Opzioni
Topic Precedente · Topic Sucessivo
sfigato
Inviato: Tuesday, June 09, 2009 6:12:42 PM
Rank: AiutAmico

Iscritto dal : 2/16/2005
Posts: 79
sembra che va tutto okkei...
adesso ti posto due nuovi log.

1. COMBOFIX.

ComboFix 09-06-03.04 - sergio 09/06/2009 17.05.28.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.209 [GMT 2:00]
Eseguito da: c:\documents and settings\sergio\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000000-0000-0015-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {00000002-0002-0000-7C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-05-09 al 2009-06-09 )))))))))))))))))))))))))))))))))))
.

2009-06-04 10:54 . 2009-06-04 10:54 -------- d-----w- c:\programmi\Trend Micro
2009-06-03 11:05 . 2009-06-03 11:05 -------- d-----w- c:\documents and settings\sergio\Dati applicazioni\Malwarebytes
2009-06-03 11:04 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 11:04 . 2009-06-03 11:05 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-06-03 11:04 . 2009-06-03 11:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-06-03 11:04 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-01 16:16 . 2009-06-04 16:15 -------- d-----w- c:\programmi\avenger
2009-05-31 19:17 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-31 19:17 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-31 19:17 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-31 19:17 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-31 19:17 . 2009-05-31 19:17 -------- d-----w- c:\programmi\Avira
2009-05-31 19:17 . 2009-05-31 19:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-05-31 18:44 . 2009-06-08 14:52 -------- d-----w- c:\programmi\CCleaner
2009-05-27 09:51 . 2009-05-27 09:56 -------- d-----w- c:\programmi\AutoCAD 2008
2009-05-22 07:53 . 2009-05-27 10:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-05-11 15:42 . 2009-05-11 15:42 1011844 ----a-w- c:\programmi\SetupPoigpsGo.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 15:01 . 2002-10-01 17:08 1287442 ----a-w- c:\windows\system32\perfh010.dat
2009-06-09 15:01 . 2002-10-01 17:08 718424 ----a-w- c:\windows\system32\perfc010.dat
2009-05-31 09:06 . 2005-02-16 14:22 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-05-31 08:55 . 2005-02-16 14:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-05-27 11:16 . 2004-12-19 15:46 114976 ----a-w- c:\documents and settings\sergio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-27 09:56 . 2004-11-12 20:48 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2009-05-04 16:39 . 2007-11-06 20:28 60 ----a-w- c:\windows\wpd99.drv
2009-05-04 16:39 . 2007-11-06 20:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\pdf995
2009-04-15 09:28 . 2007-11-06 20:28 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-04-15 09:28 . 2007-11-06 20:28 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-04-15 09:25 . 2009-04-15 09:24 5801368 ----a-w- c:\programmi\ps2pdf995.exe
2009-04-14 15:32 . 2008-10-21 10:36 -------- d-----w- c:\documents and settings\sergio\Dati applicazioni\Nokia Multimedia Player
2009-02-05 14:48 . 2009-04-15 09:21 8945438 ----a-w- c:\programmi\Stampante PDF.rar
2008-12-05 17:41 . 2008-12-05 17:38 128992670 ----a-w- c:\programmi\rh40eval_it_20080827.exe
2008-07-04 15:57 . 2008-07-04 15:56 7726360 ----a-w- c:\programmi\Google_Earth_CZXV.exe
2006-12-30 14:32 . 2006-12-30 14:32 3124686 -c--a-w- c:\programmi\arrip20.exe
2006-12-30 14:08 . 2006-12-30 14:08 36808256 ----a-w- c:\programmi\iTunesSetup.exe
2006-03-14 22:50 . 2006-03-14 22:50 758296 ----a-w- c:\programmi\CMWsetup.exe
2006-03-12 15:03 . 2006-03-12 15:03 3957216 ----a-w- c:\programmi\MSASYNC.EXE
2005-05-06 03:20 . 2006-10-13 19:47 6410240 ----a-w- c:\programmi\virtualdj.exe
2004-12-01 20:56 . 2004-12-01 20:56 544 ----a-w- c:\programmi\changelog.txt
2004-11-30 20:28 . 2004-11-30 20:28 2423682 ----a-w- c:\programmi\DivX_Total_Pack2.0.exe
2005-01-29 10:31 . 2004-11-22 21:43 56 --sh--r- c:\windows\system32\E784F277D9.sys
2005-01-29 10:31 . 2004-11-22 21:43 11270 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-04_17.15.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-09 15:01 . 2009-06-09 15:01 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat
+ 2002-10-01 17:07 . 2009-06-09 15:01 650170 c:\windows\system32\perfc009.dat
+ 2002-10-01 17:07 . 2009-06-09 15:01 1201862 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-08-27 185896]
"NSLauncher"="c:\programmi\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CnxDslTaskBar"="c:\programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 462848]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-06-18 67584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Programmi\\itunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Programmi\\Autodesk\\backburner\\monitor.exe"=
"c:\\Programmi\\Autodesk\\backburner\\manager.exe"=
"c:\\Programmi\\Autodesk\\backburner\\server.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\skype\\Phone\\Skype.exe"=

R2 cpwnt;cpwnt;c:\windows\system32\drivers\Cpwnt.sys [17/11/2004 16.01.43 21824]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [08/10/2004 11.31.25 190465]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [08/10/2004 11.31.25 5817]
R3 PRISM_A00;PRISM 802.11 Driver;c:\windows\system32\drivers\PRISMA00.sys [08/10/2004 11.34.04 388448]
S2 KeyP;KeyP;c:\windows\system32\DRIVERS\KeyP.sys --> c:\windows\system32\DRIVERS\KeyP.sys [?]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [25/12/2008 16.13.15 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [25/12/2008 16.13.15 646784]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [25/12/2008 16.13.14 108675]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [22/01/2009 12.57.04 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [22/01/2009 12.57.04 8320]
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.msn.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\programmi\Google\GoogleToolbar1.dll/cmtrans.html
TCP: {4132FEEA-2767-4033-B1F7-2FCB06C63BF0} = 151.99.125.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 17:10
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3116029348-4207113801-411729504-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"Microsoft.Picture.It.Document.9"=hex(0):

[HKEY_USERS\S-1-5-21-3116029348-4207113801-411729504-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mix\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"Microsoft.Picture.It.Document.9"=hex(0):
"mix"=hex(0):

[HKEY_USERS\S-1-5-21-3116029348-4207113801-411729504-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
@DACL=(02 0000)
@SACL=
"Toolbars"=hex:11,00,00,00,00,00,00,00
"TaskbarWinXP"=hex:0c,00,00,00,08,00,00,00,03,00,00,00,00,00,00,00,b0,e2,2b,d8,
64,57,d0,11,a9,6e,00,c0,4f,d7,05,a2,22,00,1c,00,0a,11,00,00,1a,00,00,00,01,\
"Upgrade"=dword:00000001

[HKEY_USERS\S-1-5-21-3116029348-4207113801-411729504-1007\Software\Microsoft\Works Suite\2004]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0]
@DACL=(02 0000)
@SACL=
@="FlashAccessibility"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\DependentComponents]
@DACL=(02 0000)
@SACL=
"AvRack"="AvRack"
"PowerDVD"="PowerDVD"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
@DACL=(02 0000)
@SACL=
"FriendlyName"="DirectX"
"ComponentGUID"="{44BBA855-CC51-11CF-AAFA-00AA00B6015C}"
"Version"=dword:00040009
"Sub-Version"=dword:00000386
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AA936DF4-2B08-4B1F-B071-72192E287704}]
@DACL=(02 0000)
@SACL=
"FriendlyName"="DirectX BDA"
"ComponentGUID"="{AA936DF4-2B08-4B1F-B071-72192E287704}"
"Version"=dword:00040009
"Sub-Version"=dword:00000386
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dxbda.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dx9bda.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwDir]
@DACL=(02 0000)
@SACL=
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
@SACL=
"Installed"="1"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(108)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-06-09 17.16.15
ComboFix-quarantined-files.txt 2009-06-09 15:16
ComboFix2.txt 2009-06-04 17:40

Pre-Run: 37.403.942.912 byte disponibili
Post-Run: 37.401.784.320 byte disponibili

207 --- E O F --- 2009-05-13 11:51


E HIJACK THIS.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.17.30, on 09/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NSLauncher] C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4132FEEA-2767-4033-B1F7-2FCB06C63BF0}: NameServer = 151.99.125.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7574 bytes

FAMMI SAPERE.
Torna in alto
 
r16
Inviato: Tuesday, June 09, 2009 6:36:37 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok, i log sono puliti.
Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix (qoobox)
Puoi eliminare anche Avenger.
E' sempre un pò dura, quando trovi un virus che utilizza tecniche rootkit, ma è andata bene.
Ricorda di tenere l'antivirus aggiornato, e fai spesso delle scansioni .
Se mi sono dimenticato qualcosa, o hai dubbi, sono qui.
Ciao!
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: 1 2 [3]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo Log. HIjack this


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.