Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » problema virus - allego LOG di hijack this

2 pages: [1] 2
problema virus - allego LOG di hijack this Opzioni
Topic Precedente · Topic Sucessivo
maxweb
Inviato: Monday, February 15, 2010 4:57:24 PM
Rank: Member

Iscritto dal : 2/15/2010
Posts: 22
Ciao a tutti.
arrivo subito al dunque:
qualche giorno fa Avast mi ha segnalato un attacco da Rootkit - gen [Rtk].
messo subito in quarantena, se ne apre subito un altro, e un altro ancora..
ogni volta che mettevo in quarantena ne compariva un altro.
dopo una decina decido di spegnere tutto.
- ho fatto una scansione con Avast in modalità provvisoria e mi ha trovato dei virus che ha cancellato.
- ho fatto la scansione con Malware's byte, ha trovato due files infetti e li ha cancellati
- ho eliminato un programma 'nuovo' che andava in esecuzione automatica dopo l'attacco del virus
- ho fatto la scansione con Avenger e ha trovato il sistema pulito.
- ho pulito tutto con Ccleaner
- ho rifatto la scansione con Avast, Malware e nn rilevano nulla.

Continuo, però, ad avere problemi.

la barra delle applicazioni è lentissima a caricarsi, più di 5 minuti. e sono saprite alcune icone.

che abbia ancora il virus e nn lo vedo più? che altro posso fare?

posso copiare gli hard-disk del pc infetto su un hard-disk esterno?

allego file LOG di Hijack this. grazie per l'aiuto.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.26.21, on 15/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\DCSHost.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
C:\Programmi\EeePC\ACPI\AsEPCMon.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Elantech\ETDCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ClocX\ClocX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Vista Start Menu\VistaStartMenu.exe
C:\Programmi\AnVir Task Manager\AnVir.exe
C:\Programmi\VisualTaskTips\VisualTaskTips.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\MAX-NE~1\IMPOST~1\Temp\Rar$EX01.500\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programmi\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmi\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ETDWare] C:\Programmi\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ClocX] C:\Programmi\ClocX\ClocX.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Programmi\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Max-Netbook\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Programmi\AnVir Task Manager\AnVir.exe" Minimized
O4 - HKCU\..\Run: [VisualTaskTips] C:\Programmi\VisualTaskTips\VisualTaskTips.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Scarica con Mipony - file://C:\Programmi\MiPony\Browser\IEContext.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DCSHost.exe - Unknown owner - C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\DCSHost.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe

--
End of file - 9082 bytes
Torna in alto
 
Sponsor
Inviato: Monday, February 15, 2010 4:57:24 PM

 
Torna in alto
 
bazzurlone
Inviato: Monday, February 15, 2010 7:11:58 PM

Rank: AiutAmico

Iscritto dal : 1/20/2005
Posts: 1,537
Rifai la scansione con malawarebites,completa.alla fine posta il log
Torna in alto
 
maxweb
Inviato: Monday, February 15, 2010 7:27:56 PM
Rank: Member

Iscritto dal : 2/15/2010
Posts: 22
sto facendo la scansione. appena finisce la posto.
grazie!
Torna in alto
 
paolopa
Inviato: Monday, February 15, 2010 8:50:15 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
il log di hijack,all analisi online,rileva infezioni,ma io non sono la persona piu' titolata per dirti cosa e come fixarle.hai aggiornato malwarebytes prima di fare la scansione?è importante.puoi anche provare a fare una scansione all avvio con avast,puo' darsi che con il sistema operativo non caricato riesca a risolverti il problema,purtroppo non hai neppure l ultima versione di avast,quando avrai risolto ricordati di installarla.se non risolvi cosi' ti verranno indicati rimedi piu' drastici.fai sapere.
Torna in alto
 
maxweb
Inviato: Monday, February 15, 2010 9:03:43 PM
Rank: Member

Iscritto dal : 2/15/2010
Posts: 22
Malwarebytes' Anti-Malware 1.42
Versione del database: 3443
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/02/2010 21.03.06
mbam-log-2010-02-15 (21-03-06).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 160663
Tempo trascorso: 40 minute(s), 55 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
r16
Inviato: Monday, February 15, 2010 11:12:40 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao maxweb .
Finchè usi, quella versione obsoleta di Malwarebytes, (Malwarebytes' Anti-Malware 1.42 ) difficile che ti trovi qualcosa.Whistle
Prova ad AGGIORNARLO, (alla versione 1.44) e forse, rileva qualcosa in più.
Torna in alto
 
maxweb
Inviato: Monday, February 15, 2010 11:29:37 PM
Rank: Member

Iscritto dal : 2/15/2010
Posts: 22
ok, ho aggiornato e sto facendo la scansione.
appena finito posto il log.
grazie!
Torna in alto
 
maxweb
Inviato: Tuesday, February 16, 2010 12:13:29 AM
Rank: Member

Iscritto dal : 2/15/2010
Posts: 22
Malwarebytes' Anti-Malware 1.44
Versione del database: 3743
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/02/2010 0.13.50
mbam-log-2010-02-16 (00-13-50).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 168069
Tempo trascorso: 44 minute(s), 13 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
r16
Inviato: Tuesday, February 16, 2010 12:17:59 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok.
Adesso (o domani) fai questa scansione, seguendo alla lettera le indicazioni:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
maxweb
Inviato: Tuesday, February 16, 2010 12:29:36 AM
Rank: Member

Iscritto dal : 2/15/2010
Posts: 22
ok, grazie. al più presto posterò il log.
mi dici solo se posso salvare l'hard-disk del pc infetto su un hard-disk esterno senza portarmi dietro l'eventuale virus?
magari prima salvo quello che mi serve e poi faccio tutte le prove possibili.
grazie ancora.
Torna in alto
 
fdaccc
Inviato: Tuesday, February 16, 2010 1:42:03 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
no, prima devi eliminare il virus.
Torna in alto
 
maxweb
Inviato: Wednesday, February 17, 2010 4:14:44 PM
Rank: Member

Iscritto dal : 2/15/2010
Posts: 22
ho appena finito la scansione con combofix, adesso posterò il report, ma
è scomparsa l'icona di avast nella barra applicazioni..
avast, comunque, sta funzionando.
avevo disattivato avast per combofix, ma quando mi ha riavviato il pc avast è ripartito..
qualche consiglio?
grazie.
Torna in alto
 
maxweb
Inviato: Wednesday, February 17, 2010 4:25:31 PM
Rank: Member

Iscritto dal : 2/15/2010
Posts: 22
ComboFix 10-02-12.01 - Max-Netbook 17/02/2010 15.56.00.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2039.1586 [GMT 1:00]
Eseguito da: c:\documents and settings\Max-Netbook\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100217-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\recycler\S-1-5-21-527237240-1644491937-1547161642-1003
c:\windows\system32\Thumbs.db
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2010-01-17 al 2010-02-17 )))))))))))))))))))))))))))))))))))
.

2010-02-15 22:27 . 2010-02-15 22:27 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-10 02:38 . 2008-04-13 17:47 30208 -c--a-w- c:\windows\system32\dllcache\modem.sys
2010-02-10 02:38 . 2008-04-13 17:47 30208 ----a-w- c:\windows\system32\drivers\modem.sys
2010-02-10 02:27 . 2008-04-13 10:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-10 02:27 . 2008-04-13 10:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-10 02:25 . 2008-04-13 10:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-10 02:25 . 2008-04-13 10:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-10 02:21 . 2008-04-13 10:41 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-10 02:15 . 2010-02-10 02:15 140 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-02-03 13:11 . 2010-02-03 13:27 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\Mipony
2010-02-03 13:11 . 2010-02-03 13:11 -------- d-----w- c:\programmi\MiPony
2010-01-20 04:32 . 2010-01-20 04:32 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\MyPhoneExplorer
2010-01-20 04:32 . 2010-01-20 04:32 -------- d-----w- c:\programmi\MyPhoneExplorer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 15:05 . 2009-06-15 17:10 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\OpenOffice.org2
2010-02-17 01:50 . 2009-05-27 12:45 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\Skype
2010-02-16 23:44 . 2009-05-27 12:46 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\skypePM
2010-02-16 21:40 . 2009-05-28 01:33 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\Vista Start Menu
2010-02-15 22:28 . 2009-12-11 15:07 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-10 02:38 . 2009-01-14 04:10 0 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-02-10 02:15 . 2010-02-10 02:15 16 ----a-w- c:\windows\system32\config\systemprofile\Dati applicazioni\sgcpom.dat
2010-02-08 03:40 . 2009-07-03 00:15 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\uTorrent
2010-02-07 02:08 . 2009-07-08 00:32 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\dvdcss
2010-02-04 13:33 . 2009-09-08 12:47 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-21 18:21 . 2009-06-24 02:22 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-14 21:01 . 2010-01-14 03:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2010-01-14 03:42 . 2010-01-14 03:42 -------- d-----w- c:\programmi\DVD Shrink
2010-01-07 17:07 . 2010-01-06 15:35 -------- d-----w- c:\programmi\File comuni\SourceTec
2010-01-07 15:07 . 2009-12-11 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-11 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 14:14 . 2010-01-01 14:14 -------- d-----w- c:\programmi\VisualTaskTips
2009-12-30 19:52 . 2009-12-30 19:52 -------- d-----w- c:\programmi\Opera
2009-12-28 15:00 . 2009-12-28 15:00 -------- d-----w- c:\programmi\Auslogics
2009-12-28 02:37 . 2009-09-30 20:22 1 ----a-w- c:\documents and settings\Max-Netbook\Dati applicazioni\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-12-27 14:30 . 2009-01-14 04:10 63600 ----a-w- c:\windows\system32\perfc010.dat
2009-12-27 14:30 . 2009-01-14 04:10 426042 ----a-w- c:\windows\system32\perfh010.dat
2009-12-21 19:06 . 2009-01-14 04:10 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-20 17:59 . 2009-12-20 17:59 -------- d-----w- c:\programmi\Insofta Cover Commander
2009-11-24 23:54 . 2009-05-27 02:09 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-05-27 02:10 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-05-27 02:10 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-05-27 02:10 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-05-27 02:10 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-05-27 02:10 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 15:54 . 2009-01-14 04:09 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-05-07 08:34 . 2009-01-14 06:20 15523560 ----a-w- c:\programmi\U1 Setup.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaStartMenu"="c:\programmi\Vista Start Menu\VistaStartMenu.exe" [2009-03-06 2171392]
"Google Update"="c:\documents and settings\Max-Netbook\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-07-12 133104]
"AnVir Task Manager"="c:\programmi\AnVir Task Manager\AnVir.exe" [2009-10-12 3102944]
"VisualTaskTips"="c:\programmi\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 16855040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\programmi\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\programmi\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\programmi\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"ETDWare"="c:\programmi\Elantech\ETDCtrl.exe" [2008-11-24 329728]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-09-16 198160]
"ClocX"="c:\programmi\ClocX\ClocX.exe" [2007-07-26 270336]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-09-05 417792]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2009-11-03 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Max-Netbook\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - c:\programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-1-14 376832]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Ratajik Software\\StationRipper\\StationRipperConsole.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Max-Netbook\\Impostazioni locali\\Dati applicazioni\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programmi\\Eurekr.com\\YouTube Batch Downloader\\bin\\utdman.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\MiPony\\MiPony.exe"=
"c:\\Programmi\\Tele-Streamer v1.0\\TeleStreamer.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/05/2009 3.10.06 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/05/2009 3.10.06 20560]
R2 DCSHost.exe;DCSHost.exe;c:\documents and settings\All Users\Dati applicazioni\DatacardService\DCSHOST.exe [27/11/2009 15.13.17 110592]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846897231-1677807300-2401843770-1006Core.job
- c:\documents and settings\Max-Netbook\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-07-12 00:34]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846897231-1677807300-2401843770-1006UA.job
- c:\documents and settings\Max-Netbook\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-07-12 00:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://eeepc.asus.com/global
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
FF - ProfilePath - c:\documents and settings\Max-Netbook\Dati applicazioni\Mozilla\Firefox\Profiles\ncduv3hl.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - component: c:\programmi\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Max-Netbook\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-CTFMON - c:\windows\Temp\_ex-08.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
AddRemove-HijackThis - c:\docume~1\MAX-NE~1\IMPOST~1\Temp\Rar$EX01.500\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 16:02
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2552)
c:\windows\system32\WININET.dll
c:\programmi\AnVir Task Manager\AnvirHook61.dll
c:\programmi\VisualTaskTips\VttHooks.dll
c:\windows\system32\btmmhook.dll
c:\programmi\Vista Start Menu\VistaStartMenu.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxext.exe
c:\programmi\OpenOffice.org 2.3\program\soffice.exe
c:\programmi\OpenOffice.org 2.3\program\soffice.BIN
.
**************************************************************************
.
Ora fine scansione: 2010-02-17 16:08:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-17 15:08

Pre-Run: 24.214.294.528 byte disponibili
Post-Run: 24.976.433.152 byte disponibili

- - End Of File - - F1917B8D1D5710628E3FC1A6EBE23F84
Torna in alto
 
r16
Inviato: Wednesday, February 17, 2010 4:43:15 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Fai queste operazioni:
Bisogna disattivare momentaneamente il riconoscimento automatico delle periferiche USB;
serve il programma TweakUI scaricabile in questa pagina (lo trovi sulla destra verso metà pagina) e installalo:
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
Una volta installato, eseguilo e procedi con questi passaggi:

clicca sul simbolo + la sezione My Computer
clicca sul simbolo [+] la sottosezione Autoplay
Spostati in Types
Togli il segno di spunta a Enable Autoplay for removable drives
Clicca su Apply
Chiudi TweakUI

Da questo momento tutti gli apparati USB smetteranno di avviarsi automaticamente.
Inserisci le tue chiavette (o HD esterni) e fai una scansione delle stesse, con il tuo antivirus. (e con Malwarebytes)
Quando sei sicuro che tutto è a posto, puoi riabilitare l'avvio automatico, rifacendo lo stesso percorso che ti ho indicato.
*********************************************************************************

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript
Code:
File::
c:\windows\system32\fjhdyfhsn.bat

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched"=-


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
maxweb
Inviato: Wednesday, February 17, 2010 11:21:09 PM
Rank: Member

Iscritto dal : 2/15/2010
Posts: 22
ComboFix 10-02-12.01 - Max-Netbook 17/02/2010 23.08.53.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2039.1501 [GMT 1:00]
Eseguito da: c:\documents and settings\Max-Netbook\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Max-Netbook\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100217-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\fjhdyfhsn.bat"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((( Files Creati Da 2010-01-17 al 2010-02-17 )))))))))))))))))))))))))))))))))))
.

2010-02-15 22:27 . 2010-02-15 22:27 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-10 02:38 . 2008-04-13 17:47 30208 -c--a-w- c:\windows\system32\dllcache\modem.sys
2010-02-10 02:38 . 2008-04-13 17:47 30208 ----a-w- c:\windows\system32\drivers\modem.sys
2010-02-10 02:27 . 2008-04-13 10:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-10 02:27 . 2008-04-13 10:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-10 02:25 . 2008-04-13 10:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-10 02:25 . 2008-04-13 10:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-10 02:21 . 2008-04-13 10:41 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-03 13:11 . 2010-02-03 13:27 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\Mipony
2010-02-03 13:11 . 2010-02-03 13:11 -------- d-----w- c:\programmi\MiPony
2010-01-20 04:32 . 2010-01-20 04:32 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\MyPhoneExplorer
2010-01-20 04:32 . 2010-01-20 04:32 -------- d-----w- c:\programmi\MyPhoneExplorer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 21:06 . 2009-06-15 17:10 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\OpenOffice.org2
2010-02-17 01:50 . 2009-05-27 12:45 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\Skype
2010-02-16 23:44 . 2009-05-27 12:46 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\skypePM
2010-02-16 21:40 . 2009-05-28 01:33 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\Vista Start Menu
2010-02-15 22:28 . 2009-12-11 15:07 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-10 02:38 . 2009-01-14 04:10 0 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-02-10 02:15 . 2010-02-10 02:15 16 ----a-w- c:\windows\system32\config\systemprofile\Dati applicazioni\sgcpom.dat
2010-02-08 03:40 . 2009-07-03 00:15 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\uTorrent
2010-02-07 02:08 . 2009-07-08 00:32 -------- d-----w- c:\documents and settings\Max-Netbook\Dati applicazioni\dvdcss
2010-02-04 13:33 . 2009-09-08 12:47 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-21 18:21 . 2009-06-24 02:22 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-14 21:01 . 2010-01-14 03:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2010-01-14 03:42 . 2010-01-14 03:42 -------- d-----w- c:\programmi\DVD Shrink
2010-01-07 17:07 . 2010-01-06 15:35 -------- d-----w- c:\programmi\File comuni\SourceTec
2010-01-07 15:07 . 2009-12-11 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-11 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 14:14 . 2010-01-01 14:14 -------- d-----w- c:\programmi\VisualTaskTips
2009-12-30 19:52 . 2009-12-30 19:52 -------- d-----w- c:\programmi\Opera
2009-12-28 15:00 . 2009-12-28 15:00 -------- d-----w- c:\programmi\Auslogics
2009-12-28 02:37 . 2009-09-30 20:22 1 ----a-w- c:\documents and settings\Max-Netbook\Dati applicazioni\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-12-27 14:30 . 2009-01-14 04:10 63600 ----a-w- c:\windows\system32\perfc010.dat
2009-12-27 14:30 . 2009-01-14 04:10 426042 ----a-w- c:\windows\system32\perfh010.dat
2009-12-21 19:06 . 2009-01-14 04:10 916480 ------w- c:\windows\system32\wininet.dll
2009-12-20 17:59 . 2009-12-20 17:59 -------- d-----w- c:\programmi\Insofta Cover Commander
2009-11-24 23:54 . 2009-05-27 02:09 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-05-27 02:10 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-05-27 02:10 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-05-27 02:10 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-05-27 02:10 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-05-27 02:10 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 15:54 . 2009-01-14 04:09 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-05-07 08:34 . 2009-01-14 06:20 15523560 ----a-w- c:\programmi\U1 Setup.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaStartMenu"="c:\programmi\Vista Start Menu\VistaStartMenu.exe" [2009-03-06 2171392]
"Google Update"="c:\documents and settings\Max-Netbook\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-07-12 133104]
"AnVir Task Manager"="c:\programmi\AnVir Task Manager\AnVir.exe" [2009-10-12 3102944]
"VisualTaskTips"="c:\programmi\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 16855040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\programmi\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\programmi\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\programmi\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"ETDWare"="c:\programmi\Elantech\ETDCtrl.exe" [2008-11-24 329728]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-09-16 198160]
"ClocX"="c:\programmi\ClocX\ClocX.exe" [2007-07-26 270336]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-09-05 417792]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2009-11-03 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Max-Netbook\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - c:\programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-1-14 376832]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Ratajik Software\\StationRipper\\StationRipperConsole.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Max-Netbook\\Impostazioni locali\\Dati applicazioni\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programmi\\Eurekr.com\\YouTube Batch Downloader\\bin\\utdman.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\MiPony\\MiPony.exe"=
"c:\\Programmi\\Tele-Streamer v1.0\\TeleStreamer.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/05/2009 3.10.06 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/05/2009 3.10.06 20560]
S2 DCSHost.exe;DCSHost.exe;c:\documents and settings\All Users\Dati applicazioni\DatacardService\DCSHOST.exe [27/11/2009 15.13.17 110592]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846897231-1677807300-2401843770-1006Core.job
- c:\documents and settings\Max-Netbook\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-07-12 00:34]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846897231-1677807300-2401843770-1006UA.job
- c:\documents and settings\Max-Netbook\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-07-12 00:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://eeepc.asus.com/global
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
FF - ProfilePath - c:\documents and settings\Max-Netbook\Dati applicazioni\Mozilla\Firefox\Profiles\ncduv3hl.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - component: c:\programmi\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Max-Netbook\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
Ora fine scansione: 2010-02-17 23:14:57
ComboFix-quarantined-files.txt 2010-02-17 22:14
ComboFix2.txt 2010-02-17 15:08

Pre-Run: 25.039.810.560 byte disponibili
Post-Run: 24.997.396.480 byte disponibili

- - End Of File - - 578B42F4B47E6CC20CA4BD4BFA034353
Torna in alto
 
r16
Inviato: Wednesday, February 17, 2010 11:33:05 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Riscontri problemi?
Torna in alto
 
maxweb
Inviato: Wednesday, February 17, 2010 11:54:35 PM
Rank: Member

Iscritto dal : 2/15/2010
Posts: 22
ho notato che già dal primo utilizzo di combofix il pc si avviava più velocemente.
adesso devo ancora riavviare, anzi, riavvio e ti dico.
Torna in alto
 
r16
Inviato: Thursday, February 18, 2010 12:06:24 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Da Installazione Applicazioni, disinstalla TUTTE le versioni installate di Java.
Fai una pulizia con CCleaner.
Installa questa versione:
http://www.aiutamici.com/software?ID=11134

Hai installato HJT in una cartella Temp.
Disistallalo, e lo reistalli in "Programmi" oppure in "Documenti".
Poi posta un log aggiornato di HJT.
Torna in alto
 
maxweb
Inviato: Thursday, February 18, 2010 12:34:17 AM
Rank: Member

Iscritto dal : 2/15/2010
Posts: 22
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.31.55, on 18/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\DCSHost.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\EeePC\ACPI\AsTray.exe
C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
C:\Programmi\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\Elantech\ETDCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ClocX\ClocX.exe
C:\Programmi\Vista Start Menu\VistaStartMenu.exe
C:\Programmi\AnVir Task Manager\AnVir.exe
C:\Programmi\VisualTaskTips\VisualTaskTips.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programmi\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmi\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ETDWare] C:\Programmi\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ClocX] C:\Programmi\ClocX\ClocX.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Programmi\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Max-Netbook\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Programmi\AnVir Task Manager\AnVir.exe" Minimized
O4 - HKCU\..\Run: [VisualTaskTips] C:\Programmi\VisualTaskTips\VisualTaskTips.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Scarica con Mipony - file://C:\Programmi\MiPony\Browser\IEContext.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DCSHost.exe - Unknown owner - C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\DCSHost.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 9296 bytes
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » problema virus - allego LOG di hijack this


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.