Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log da controllare. grazie

Log da controllare. grazie Opzioni
Topic Precedente · Topic Sucessivo
peronblack
Inviato: Wednesday, November 25, 2009 8:25:44 AM

Rank: AiutAmico

Iscritto dal : 11/3/2008
Posts: 915
Salve praticamente vorrei farvi controllora il mio log perchè credo di avere un virus che ogni tanto mi stacca la corrente al portatile e poi si rimette.
ecco il log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.24.40, on 25/11/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ManyCam 2.4\ManyCam.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.4\ManyCam.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

--
End of file - 8421 bytes
Grazie ciao.
Forum: Http://mcminecraftcreep.altervista.org/
Youtube: Http://Youtube.it/mcminecraftgreeper
Facebook: http://www.facebook.com/pages/Multigaming-Creeper/206307562741464
Twitter Peronblack: http://twitter.com/Peronblack
Torna in alto
 
Sponsor
Inviato: Wednesday, November 25, 2009 8:25:44 AM

 
Torna in alto
 
peronblack
Inviato: Wednesday, November 25, 2009 8:57:15 AM

Rank: AiutAmico

Iscritto dal : 11/3/2008
Posts: 915
Ho provato con Combofix ecco il log
ComboFix 09-11-24.04 - Nino 25/11/2009 8.38.34.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.39.1040.18.2038.892 [GMT 1:00]
Eseguito da: c:\users\Nino\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 091124-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1335 [VPS 091124-1] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

.
((((((((((((((((((((((((( Files Creati Da 2009-10-25 al 2009-11-25 )))))))))))))))))))))))))))))))))))
.

2009-11-25 07:49 . 2009-11-25 07:49 -------- d-----w- c:\users\Nino\AppData\Local\temp
2009-11-25 07:49 . 2009-11-25 07:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-25 07:24 . 2009-11-25 07:24 -------- d-----w- c:\program files\Trend Micro
2009-11-25 07:16 . 2009-11-25 07:16 -------- d-----w- c:\program files\CCleaner
2009-11-23 10:55 . 2009-11-23 10:56 -------- d-----w- c:\users\Nino\AppData\Roaming\ManyCam
2009-11-23 10:55 . 2009-11-23 10:56 12288 d-----w- c:\program files\ManyCam 2.4
2009-11-15 14:05 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-11-14 17:35 . 2009-11-14 17:35 -------- d-----w- c:\users\Nino\AppData\Roaming\KompoZer
2009-11-12 20:25 . 2009-11-24 17:22 4096 d-----w- c:\users\Nino\AppData\Roaming\FileZilla
2009-11-12 20:18 . 2009-11-18 18:00 4096 d-----w- c:\program files\Adsen FavIcon
2009-11-11 09:39 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 09:39 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-03 19:24 . 2009-11-08 12:05 4096 d-----w- c:\program files\Rockstar Games
2009-11-01 21:20 . 2009-11-01 21:20 4096 d-----w- c:\program files\DAEMON Tools Lite
2009-11-01 18:42 . 2009-11-01 18:42 -------- d-----w- c:\program files\GTA3Mods
2009-10-28 06:21 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 06:21 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-28 06:21 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-28 06:21 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 19:58 . 2009-10-27 20:09 8192 d-----w- c:\program files\Cheat Engine

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 07:32 . 2009-10-04 10:55 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-24 18:58 . 2006-11-06 01:52 685278 ----a-w- c:\windows\system32\perfh010.dat
2009-11-24 18:58 . 2006-11-06 01:52 115804 ----a-w- c:\windows\system32\perfc010.dat
2009-11-21 17:36 . 2009-08-29 10:41 4096 d-----w- c:\users\Nino\AppData\Roaming\HpUpdate
2009-11-15 14:19 . 2009-06-01 11:32 4096 d-----w- c:\users\Nino\AppData\Roaming\uTorrent
2009-11-14 02:23 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-01 21:20 . 2009-06-04 17:54 4096 d-----w- c:\program files\DAEMON Tools Toolbar
2009-11-01 21:20 . 2009-06-04 17:47 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-01 21:20 . 2009-06-04 17:55 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-01 14:51 . 2009-05-27 14:52 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-25 11:19 . 2009-05-29 12:24 1 ----a-w- c:\users\Nino\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-16 18:37 . 2009-10-15 18:38 4096 d-----w- c:\program files\Winamp
2009-10-15 18:50 . 2009-10-15 18:38 4096 d-----w- c:\users\Nino\AppData\Roaming\Winamp
2009-10-15 18:39 . 2009-10-15 18:39 4096 d-----w- c:\program files\Winamp Toolbar
2009-10-15 18:39 . 2009-10-15 18:39 -------- d-----w- c:\programdata\Winamp Toolbar
2009-10-15 18:38 . 2009-10-15 18:38 4096 d-----w- c:\program files\Common Files\PX Storage Engine
2009-10-15 13:30 . 2009-10-15 13:30 4096 d-----w- c:\program files\DivX
2009-10-15 13:30 . 2009-10-15 13:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-05 12:14 . 2009-08-31 09:36 4096 d-----w- c:\users\Nino\AppData\Roaming\dvdcss
2009-10-01 18:00 . 2009-10-01 18:00 -------- d-----r- c:\users\Nino\AppData\Roaming\Brother
2009-10-01 12:25 . 2009-10-01 12:24 28672 d-----w- c:\program files\Classic PhoneTools
2009-10-01 12:24 . 2009-10-01 12:24 -------- d-----w- c:\programdata\BVRP Software
2009-09-14 09:50 . 2009-10-14 05:19 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 17:38 . 2009-10-14 05:23 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 12:38 . 2009-10-14 05:19 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 15:21 . 2009-10-14 05:21 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-31 15:17 . 2009-10-14 05:21 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-08-31 15:16 . 2009-10-14 05:21 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-08-29 03:41 . 2009-09-02 21:03 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40 . 2009-09-02 21:03 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31 . 2009-09-02 21:03 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-05-27 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2009-08-19 1824040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-05-27 1006264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-21 133656]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-03-13 1466368]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

c:\users\Nino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-6-4 576000]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2888517670-3160565996-1953176412-1000]
"EnableNotificationsRef"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [27/05/2009 18.17.42 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/05/2009 18.17.42 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/05/2009 18.17.19 51792]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\System32\drivers\ManyCam.sys [14/01/2008 11.06.32 21632]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 14.40.22 3668480]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [04/06/2009 18.47.10 691696]
S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);c:\windows\System32\drivers\v800bus.sys [09/08/2004 12.51.24 52416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-25 c:\windows\Tasks\User_Feed_Synchronization-{5D0CD61A-2D8D-4189-8DFD-F031A3C76BA4}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/ig?hl=it
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-25 08:49
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Ora fine scansione: 2009-11-25 08:53
ComboFix-quarantined-files.txt 2009-11-25 07:53

Pre-Run: 11.219.210.240 byte disponibili
Post-Run: 11.192.287.232 byte disponibili

- - End Of File - - D9CF5567ED6B16305ED329707711365A

Forum: Http://mcminecraftcreep.altervista.org/
Youtube: Http://Youtube.it/mcminecraftgreeper
Facebook: http://www.facebook.com/pages/Multigaming-Creeper/206307562741464
Twitter Peronblack: http://twitter.com/Peronblack
Torna in alto
 
antonpaco
Inviato: Wednesday, November 25, 2009 12:29:24 PM
Rank: AiutAmico

Iscritto dal : 11/7/2006
Posts: 1,180
il log di hijack mi sembra pulito, continua a controllare il post quanto prima qualche amico esperto dara' uno sguardo alla scansione di combofix.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log da controllare. grazie


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.