Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuto aiuto

aiuto aiuto Opzioni
Topic Precedente · Topic Sucessivo
sfigato
Inviato: Thursday, June 23, 2011 1:39:13 PM
Rank: AiutAmico

Iscritto dal : 2/16/2005
Posts: 79
help me please.....
il pc mi ha trovato un trojan
Trojan-BNKWin32.keylogger.gen...
mi si apre sto caspita di XP HOme security 2012 che mi blocca tutti i programmi,
malwarebyte, cc cleaner avira hijack ecc.
come lo disattivo...???
aiutatemi, grazie.!!!
Torna in alto
 
Sponsor
Inviato: Thursday, June 23, 2011 1:39:13 PM

 
Torna in alto
 
tulliopinter
Inviato: Thursday, June 23, 2011 4:14:41 PM
Rank: AiutAmico

Iscritto dal : 6/13/2011
Posts: 67
Ciao. Prova ad eseguire una scansione con TDSS Killer e ComboFix.
Se non riesci in modalità normale a procedere, segui questa procedura:
Avvia il sistema in modalità provvisoria, cliccando sui seguenti link:
● modalità provvisoria in Windows XP: http://support.microsoft.com/kb/316434/it#3
● modalità provvisoria in Windows Vista e Seven: http://windowshelp.microsoft.com/Windows/it-IT/help/323ef48f-7b93-4079-a48a-5c58eec904a11040.mspx

Istruzioni:
Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/utils/tdsskiller.exe
● posiziona il file scaricato sul Desktop
● doppio click su TDSSKiller.exe per avviare l'applicazione e successivamente sul pulsante Start Scan

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure, clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip, clicca quindi su Continua

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: clicca su Report e salva il contenuto in un file di testo
● è necessario riavviare il sistema: clicca su Riavvia ora
● una volta riavviato il sistema, il report del programma da allegare si trova in C:\ in questa forma:
TDSSKiller.[Version]_[Date]_[Time]_log.txt

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● segui le istruzioni che verranno rilasciate per eseguire la scansione
● verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
Torna in alto
 
bigelow
Inviato: Thursday, June 23, 2011 5:21:56 PM

Rank: AiutAmico

Iscritto dal : 6/4/2011
Posts: 149
Tulliopinter = FDAC ??
Torna in alto
 
r16
Inviato: Thursday, June 23, 2011 6:18:20 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
bigelow ha scritto:
Tulliopinter = FDAC ??

Esatto.
E lo avevo capito sin da questo topic.
http://forum.aiutamici.com/yaf_postst79165p2_VIRUS--Scleanerexe.aspx

@FDAC:
E non provare a mentire. Whistle
Per fare il "furbo" ci vogliono delle qualità, che tu non hai. Anxious
Torna in alto
 
sfigato
Inviato: Thursday, June 23, 2011 6:40:18 PM
Rank: AiutAmico

Iscritto dal : 2/16/2005
Posts: 79
sembra che abbia intrapreso la buona strada...
in modalità provvisoria ho avviato il COMBOFIX, IL KILLER DELLA KASPERSKI, CC CLEANER....E ADESSO STO FACENDO UNA SCANSIONE CON MALWAREBYTES.....

eccovi i log. di combofix....

ComboFix 11-06-22.05 - sergio 23/06/2011 17.49.13.7.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.227 [GMT 2:00]
Eseguito da: c:\documents and settings\sergio\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {00000000-0000-0015-0000-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\sergio\Impostazioni locali\Dati applicazioni\icy.exe
c:\documents and settings\sergio\Menu Avvio\Programmi\Windows XP Recovery
c:\documents and settings\sergio\Menu Avvio\Programmi\Windows XP Recovery\Uninstall Windows XP Recovery.lnk
c:\documents and settings\sergio\Menu Avvio\Programmi\Windows XP Recovery\Windows XP Recovery.lnk
c:\programmi\codec
c:\programmi\codec\codec vari\DivX52XP2K.exe
c:\programmi\codec\codec vari\XviD-1.0.2-29082004.exe
c:\programmi\codec\codec vari\xvid.exe
c:\programmi\codec\codec vari\XviD_Install.exe
c:\programmi\codec\codec vari\XVid_v21.exe
c:\windows\IsUn0410.exe
c:\windows\unin0410.exe
c:\windows\unin0411.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-05-23 al 2011-06-23 )))))))))))))))))))))))))))))))))))
.
.
2011-06-16 11:37 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-15 14:23 . 2011-06-23 15:48 -------- d-----w- c:\windows\system32\CatRoot2
2011-05-30 08:54 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-30 08:54 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-05-30 08:54 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-05-30 08:54 . 2011-05-30 08:54 -------- d-----w- c:\programmi\Avira
2011-05-30 08:54 . 2011-05-30 08:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2011-05-27 15:36 . 2011-05-27 15:13 441344 ----a-w- c:\programmi\cleanup.exe
2011-05-27 15:05 . 2011-05-27 15:05 1852 ----a-w- c:\programmi\cc_20110527_170500.reg
2011-05-26 14:17 . 2011-05-26 14:17 -------- d-----w- c:\documents and settings\sergio\Impostazioni locali\Dati applicazioni\Western Digital
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-30 09:08 . 2009-05-31 19:17 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-29 07:11 . 2009-12-21 12:36 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2009-12-21 12:36 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31 . 2004-06-07 12:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2002-10-01 17:07 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:05 . 2004-08-23 19:35 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:05 . 2002-10-01 17:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:05 . 2002-10-01 17:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-19 22:26 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2002-10-01 17:07 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 10:16 . 2011-04-14 10:16 17748242 ----a-w- c:\programmi\solarc-3-setup.exe
2011-02-11 17:26 . 2011-02-11 17:25 129030 ----a-w- c:\programmi\cc_20110211_182536.reg
2010-09-16 17:07 . 2010-09-16 16:53 153061304 ----a-w- c:\programmi\OOo_3.2.1_Win_x86_install-wJRE_it.exe
2009-04-15 09:25 . 2009-04-15 09:24 5801368 ----a-w- c:\programmi\ps2pdf995.exe
2006-12-30 14:32 . 2006-12-30 14:32 3124686 -c--a-w- c:\programmi\arrip20.exe
2006-12-30 14:08 . 2006-12-30 14:08 36808256 ----a-w- c:\programmi\iTunesSetup.exe
2006-03-12 15:03 . 2006-03-12 15:03 3957216 ----a-w- c:\programmi\MSASYNC.EXE
2005-05-06 03:20 . 2006-10-13 19:47 6410240 ----a-w- c:\programmi\virtualdj.exe
2004-11-30 20:28 . 2004-11-30 20:28 2423682 ----a-w- c:\programmi\DivX_Total_Pack2.0.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-03-10 273544]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^sergio^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\sergio\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Programmi\\Autodesk\\backburner\\monitor.exe"=
"c:\\Programmi\\Autodesk\\backburner\\manager.exe"=
"c:\\Programmi\\Autodesk\\backburner\\server.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [08/10/2004 11.31.25 190465]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [08/10/2004 11.31.25 5817]
S2 cpwnt;cpwnt;c:\windows\system32\drivers\Cpwnt.sys [17/11/2004 16.01.43 21824]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 14.13.00 38144]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [03/02/2010 20.35.41 135664]
S2 KeyP;KeyP;c:\windows\system32\DRIVERS\KeyP.sys --> c:\windows\system32\DRIVERS\KeyP.sys [?]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [03/02/2010 20.35.41 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [04/08/2010 12.42.47 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [04/08/2010 12.42.48 8320]
S3 PRISM_A00;PRISM 802.11 Driver;c:\windows\system32\drivers\PRISMA00.sys [08/10/2004 11.34.04 388448]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [28/12/2007 16.02.12 287232]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-03 18:35]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-03 18:35]
.
2011-06-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3116029348-4207113801-411729504-1007.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2011-06-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3116029348-4207113801-411729504-1007.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\programmi\Google\GoogleToolbar1.dll/cmtrans.html
TCP: Interfaces\{4132FEEA-2767-4033-B1F7-2FCB06C63BF0}: NameServer = 151.99.125.1
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0410.EXE
AddRemove-Connessione guidata Pocket PC - c:\windows\IsUn0410.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0410.exe
AddRemove-PowerDVD - c:\windows\IsUn0410.exe
AddRemove-Windows CE Services - c:\windows\ISUN0410.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 17:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3116029348-4207113801-411729504-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"Microsoft.Picture.It.Document.9"=hex(0):
.
[HKEY_USERS\S-1-5-21-3116029348-4207113801-411729504-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mix\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"Microsoft.Picture.It.Document.9"=hex(0):
"mix"=hex(0):
.
[HKEY_USERS\S-1-5-21-3116029348-4207113801-411729504-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
@DACL=(02 0000)
@SACL=
"Toolbars"=hex:11,00,00,00,00,00,00,00
"TaskbarWinXP"=hex:0c,00,00,00,08,00,00,00,03,00,00,00,00,00,00,00,b0,e2,2b,d8,
64,57,d0,11,a9,6e,00,c0,4f,d7,05,a2,22,00,1c,00,0a,11,00,00,1a,00,00,00,01,\
"Upgrade"=dword:00000001
.
[HKEY_USERS\S-1-5-21-3116029348-4207113801-411729504-1007\Software\Microsoft\Works Suite\2004]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0]
@DACL=(02 0000)
@SACL=
@="FlashAccessibility"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\DependentComponents]
@DACL=(02 0000)
@SACL=
"AvRack"="AvRack"
"PowerDVD"="PowerDVD"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
@DACL=(02 0000)
@SACL=
"FriendlyName"="DirectX"
"ComponentGUID"="{44BBA855-CC51-11CF-AAFA-00AA00B6015C}"
"Version"=dword:00040009
"Sub-Version"=dword:00000386
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.cat"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AA936DF4-2B08-4B1F-B071-72192E287704}]
@DACL=(02 0000)
@SACL=
"FriendlyName"="DirectX BDA"
"ComponentGUID"="{AA936DF4-2B08-4B1F-B071-72192E287704}"
"Version"=dword:00040009
"Sub-Version"=dword:00000386
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dxbda.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dx9bda.cat"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwDir]
@DACL=(02 0000)
@SACL=
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
@SACL=
"Installed"="1"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(212)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\L3CODECA.ACM
c:\windows\system32\mobilev.acm
.
Ora fine scansione: 2011-06-23 18:03:12
ComboFix-quarantined-files.txt 2011-06-23 16:03
.
Pre-Run: 21.426.274.304 byte disponibili
Post-Run: 21.452.976.128 byte disponibili
.
- - End Of File - - 07A34AC8C9D6C15649BCF6C3C2A681E9



HIJACK...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.34.57, on 23/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4132FEEA-2767-4033-B1F7-2FCB06C63BF0}: NameServer = 151.99.125.1
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7799 bytes


FATEMI SAPERE....!!!!
grazie. sergio.
Torna in alto
 
tulliopinter
Inviato: Thursday, June 23, 2011 8:34:19 PM
Rank: AiutAmico

Iscritto dal : 6/13/2011
Posts: 67
Ciao. I log sono puliti, che problemi riscontri attualmente?
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuto aiuto


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.