Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » gentilmente mi controllate il file log

gentilmente mi controllate il file log Opzioni
Topic Precedente · Topic Sucessivo
florata57
Inviato: Tuesday, December 22, 2009 7:39:28 PM
Rank: AiutAmico

Iscritto dal : 2/9/2004
Posts: 73
ciao a Tutti e prima di ogni cosa Buon Natale e Felice Anno

ora Vi chiedo gentilmente di controllarmi il file di log in quanto mi si aprono continuamente delle pagine pubblicitarie senza alcuna richiesta da parte mia. Grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.31.06, on 22/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Programmi\Cobian Backup 8\cbInterface.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Cobian Backup 8\cbService.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://it.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {01A811AD-8ED2-4524-9AD9-4DFCFB756F28} - C:\WINDOWS\System32\d3drm32.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [OlStatusMon] "C:\Programmi\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Programmi\Cobian Backup 8\cbInterface.exe" -service
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A81CD129-8E43-4312-BEE6-B9031E3C4A30}: NameServer = 212.216.112.222,212.216.172.162
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\ciadmin32.dll
O20 - Winlogon Notify: 703a5ccb705 - C:\WINDOWS\System32\ciadmin32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 8 servizio (CobBMService) - Luis Cobian - C:\Programmi\Cobian Backup 8\cbService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: olMntrService - Olivetti - C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12304 bytes
Think
Torna in alto
 
Sponsor
Inviato: Tuesday, December 22, 2009 7:39:28 PM

 
Torna in alto
 
florata57
Inviato: Tuesday, December 22, 2009 7:40:51 PM
Rank: AiutAmico

Iscritto dal : 2/9/2004
Posts: 73
dimenticavo di dirvi che l'indirizzo email corrispondente alla pagina commerciale che si apre autonomamente è:
http://media2.tmlatn.com/images/defaults41/approved/404.html
ciao e grazie
Florata
Torna in alto
 
shapiro
Inviato: Tuesday, December 22, 2009 8:03:56 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao Florata77 Auguri anche a te

dal rapporto riesco a vedere un'infezione nel pc, ma non e' escluso che ce ne siano altre

solitamente l'apertura delle pagine e' provocata dal virus navipromo

disattiva il tuo antivirus

esegui questa scansione

scarica la versione beta di combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!
Torna in alto
 
fdaccc
Inviato: Tuesday, December 22, 2009 8:29:14 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
per curiosità lo utilizzi MSN?
Torna in alto
 
florata57
Inviato: Tuesday, December 22, 2009 9:45:26 PM
Rank: AiutAmico

Iscritto dal : 2/9/2004
Posts: 73
grazie per la pronta risposta ecco il file:

ComboFix 09-12-21.08 - Utente 22/12/2009 21.30.12.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.275 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Utente\Dati applicazioni\020000003c84f05b705C.manifest
c:\documents and settings\Utente\Dati applicazioni\020000003c84f05b705O.manifest
c:\documents and settings\Utente\Dati applicazioni\020000003c84f05b705P.manifest
c:\documents and settings\Utente\Dati applicazioni\020000003c84f05b705S.manifest
c:\documents and settings\Utente\Dati applicazioni\Desktopicon
c:\documents and settings\Utente\Dati applicazioni\Desktopicon\config.ini
c:\documents and settings\Utente\Dati applicazioni\Desktopicon\eBayShortcuts.exe
c:\documents and settings\Utente\Documenti\backup di chiave unit….reg
c:\windows\system32\Aq19N4AgbSSbC.vbs
c:\windows\system32\CNVFAT32.DLL
c:\windows\system32\DBGENG32.DLL
c:\windows\system32\DMLOADER32.DLL
c:\windows\system32\FvyHfhBADc0lb.vbs
c:\windows\system32\sJEAsXP.vbs
c:\windows\system32\vlxiv8yWosjlhjS.vbs

.
((((((((((((((((((((((((( Files Creati Da 2009-11-22 al 2009-12-22 )))))))))))))))))))))))))))))))))))
.

2009-12-22 20:16 . 2009-12-22 20:16 193024 ----a-w- c:\windows\system32\dhcpqec32.dll
2009-12-22 20:07 . 2009-12-22 20:08 -------- d-----w- c:\programmi\FrostWire
2009-12-22 19:26 . 2009-12-22 20:17 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\AskToolbar
2009-12-22 19:09 . 2009-12-22 19:09 -------- d-----w- c:\programmi\Ask.com
2009-12-22 19:04 . 2009-12-22 19:04 193024 ----a-w- c:\windows\system32\credui32.dll
2009-12-22 18:33 . 2009-12-22 18:33 193024 ----a-w- c:\windows\system32\d3dx9_2732.dll
2009-12-22 18:17 . 2009-12-22 18:17 193024 ----a-w- c:\windows\system32\d3drm32.dll
2009-12-21 10:36 . 2009-12-21 10:36 193024 ----a-w- c:\windows\system32\evr32.dll
2009-12-16 14:59 . 2009-12-16 14:59 193024 ----a-w- c:\windows\system32\faultrep32.dll
2009-12-15 11:48 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-15 11:48 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-15 11:48 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-15 11:48 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-15 11:48 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-15 11:48 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-15 11:48 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-15 11:48 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-15 11:45 . 2009-12-15 11:45 193024 ----a-w- c:\windows\system32\drmclien32.dll
2009-12-14 15:52 . 2009-12-14 15:52 193024 ----a-w- c:\windows\system32\icmp32.dll
2009-12-13 13:33 . 2008-12-11 11:32 132976 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-13 13:33 . 2008-12-11 11:32 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-13 13:32 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-13 13:32 . 2008-12-11 16:01 95640 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-12-02 16:19 . 2009-12-02 16:19 187904 ----a-w- c:\windows\system32\cmprops32.dll
2009-12-01 10:42 . 2009-12-01 10:42 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-30 14:08 . 2009-11-30 14:08 190464 ----a-w- c:\windows\system32\cmcfg3232.dll
2009-11-30 14:08 . 2009-11-30 14:08 119808 ----a-w- c:\windows\system32\ciadmin32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 20:14 . 2007-11-11 18:10 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-12-22 20:12 . 2009-07-17 15:33 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\FrostWire
2009-12-22 19:20 . 2008-04-27 13:51 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Skype
2009-12-22 18:25 . 2009-08-12 14:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-12-22 18:25 . 2009-08-12 14:07 -------- d-----w- c:\programmi\Spyware Terminator
2009-12-22 18:05 . 2009-08-12 14:07 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Spyware Terminator
2009-12-22 18:04 . 2008-04-27 13:55 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\skypePM
2009-12-21 12:27 . 2007-11-15 20:42 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-12-15 19:35 . 2008-01-05 19:12 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-12-14 15:47 . 2007-11-11 18:08 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2009-12-14 15:47 . 2007-11-11 18:08 -------- d-----w- c:\programmi\File comuni\PC Tools
2009-12-10 18:30 . 2006-03-02 12:00 88412 ----a-w- c:\windows\system32\perfc010.dat
2009-12-10 18:30 . 2006-03-02 12:00 497068 ----a-w- c:\windows\system32\perfh010.dat
2009-12-10 18:05 . 2007-11-21 16:55 4544 ----a-w- c:\documents and settings\Utente\Dati applicazioni\wklnhst.dat
2009-12-03 19:16 . 2007-11-11 20:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-30 14:08 . 2009-11-30 14:08 0 ----a-w- c:\windows\system32\D2.tmp
2009-11-30 10:56 . 2007-04-25 17:38 -------- d-----w- c:\programmi\LimeWire
2009-11-25 12:46 . 2009-08-12 10:16 -------- d-----w- c:\programmi\QuickTime
2009-11-25 12:44 . 2008-04-28 08:05 -------- d-----w- c:\programmi\File comuni\Apple
2009-10-29 07:42 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-03-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-30 17:49 . 2007-04-09 08:28 52656 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-11-04 15:58 . 2007-04-09 15:55 450114 ----a-w- c:\programmi\RegSeeker.zip
2007-04-09 20:18 . 2007-04-09 20:18 2558732 ----a-w- c:\programmi\MV790_MV800_Series_CUG_IT.pdf
2006-01-11 11:30 . 2006-01-11 11:30 19968 ----a-w- c:\programmi\Gif98.oca
1998-04-14 06:41 . 1998-04-14 06:41 18700 ----a-w- c:\programmi\B_los.gif
1998-03-16 21:49 . 1998-03-16 21:49 1971 ----a-w- c:\programmi\Alert.gif
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01A811AD-8ED2-4524-9AD9-4DFCFB756F28}]
2009-12-22 20:16 193024 ----a-w- c:\windows\system32\dhcpqec32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 13:56 1175944 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]
"Messenger (Yahoo!)"="c:\programmi\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"SpywareTerminatorUpdate"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-08-12 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"OlStatusMon"="c:\programmi\Olivetti\ANY_WAY\olDvcStatus.exe" [2005-08-05 90112]
"Cobian Backup 8 interface"="c:\programmi\Cobian Backup 8\cbInterface.exe" [2007-03-20 2424320]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2007-04-30 185896]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2008-12-11 2652056]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-08-12 2171904]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-11-10 417792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
Utilit… controllo supporti di Picture Motion Browser.lnk - c:\programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-7-5 376832]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-5-11 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\703a5ccb705]
2009-11-30 14:08 119808 ----a-w- c:\windows\system32\ciadmin32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\FrostWire\\FrostWire.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/12/2009 12.48.34 114768]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [13/12/2009 14.32.53 159600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [12/08/2009 15.07.19 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/12/2009 12.48.34 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [28/09/2009 18.57.38 54752]
R2 olMntrService;olMntrService;c:\programmi\Olivetti\ANY_WAY\olMntrService.exe [05/08/2005 12.21.26 69632]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [13/12/2009 14.33.00 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [13/12/2009 14.32.03 95640]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [22/11/2008 8.29.38 8192]
S3 Dual Mode;Dual Mode Video Capture;c:\windows\system32\drivers\CoachVc.sys [15/04/2007 17.13.14 44928]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21.48.42 704864]
S3 SFC4;SFC4;c:\windows\system32\drivers\SFC4.SYS [30/12/2007 9.12.34 41472]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
TCP: {A81CD129-8E43-4312-BEE6-B9031E3C4A30} = 212.216.112.222,212.216.172.162
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\0qss05dk.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101677&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 21:35
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\windows\System32\ciadmin32.dll
.
Ora fine scansione: 2009-12-22 21:36:45
ComboFix-quarantined-files.txt 2009-12-22 20:36

Pre-Run: 53.972.889.600 byte disponibili
Post-Run: 54.051.389.440 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0597428CAA1C756B220EAC5568927C78


ciao grazie flora
Torna in alto
 
a.roselli
Inviato: Tuesday, December 22, 2009 9:47:57 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,055
Ciao,
esegui queste operazioni

ATTENZIONE prima di procedere con le riparazioni, fate la copia di riserva dei vostri dati, a volte eliminando un virus il sistema potrebbe non riavviarsi.
____________________________

Disattiva il ripristino di configurazione, leggi qui come fare
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Riavvia in modalità provvisoria, leggi qui come fare
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

apri HIJAC THIS ed elimina come indicato in questo articolo
http://guide.aiutamici.com/software?ID=11175
le righe che seguono.

==================================
O2 - BHO: (no name) - {01A811AD-8ED2-4524-9AD9-4DFCFB756F28} - C:\WINDOWS\System32\d3drm32.dll
-
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
-
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
-
O20 - AppInit_DLLs: C:\WINDOWS\System32\ciadmin32.dll
O20 - Winlogon Notify: 703a5ccb705 - C:\WINDOWS\System32\ciadmin32.dll
==================================


Utilizza questo programma per eliminare eventuali spyware
http://www.aiutamici.com/software?ID=10831

sempre in modalità provvisoria fai una scansione Antivirus,
se non hai un antivirus, utilizza questo programma
http://www.aiutamici.com/software?ID=11485

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura e crea un nuovo punto di ripristino, leggi qui http://guide.aiutamici.com/guide?C1=7&C2=16&ID=80161
in caso di problemi lascialo disattivato fino alla soluzione dei problemi

Fai una scansione antivirus on line da questo indirizzo
http://security.symantec.com/sscv6/default.asp?productid=globalsites&langid=it&venid=sym
se la scansione on line rileva dei virus significa che il tuo antivirus è stato infettato o non è in grado di risolvere il problema, ti consiglio di formattare il disco fisso e reinstallare tutto, altrimenti prosegui

Utilizza questo programma
http://www.aiutamici.com/software?ID=11041

Sostituisci Avast con Microsoft Security Essentials
http://www.aiutamici.com/software?ID=11289

Ti consiglio di utilizzare questo programma per fare la copia di riserva del sistema, cosi se vieni infettato puoi ripristinare il sistema cosi come si trova, leggi la descrizione su aiutamici
http://www.aiutamici.com/software?ID=80274

alfonso_aiutamici@hotmail.it
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » gentilmente mi controllate il file log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.