Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Il mio log

Il mio log Opzioni
Topic Precedente · Topic Sucessivo
latino70
Inviato: Friday, August 10, 2012 6:08:57 PM
Rank: AiutAmico

Iscritto dal : 6/18/2005
Posts: 103
vi ringrazio anicipatamente se vogliate dare un occhiata al mio log, penso di avere dei virus, ho problemi con tastiera e mouse.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7.58.54, on 10/08/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\AVG Secure Search\vprot.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Microsoft Security Client\msseces.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Programmi\WINDEasyConnect\WTGService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Programmi\Mobile Partner\Mobile Partner.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Utente\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\Documents and Settings\Utente\Documenti\Dropbox\PandaCloudAntivirus\PandaCloudAntivirus.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\RarSFX1\StubInstaller.exe
C:\WINDOWS\system32\msiexec.exe
F:\HiJackThis.exe
C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Programmi\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe
C:\Programmi\Panda Security\Panda Cloud Antivirus\Psunmain.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={F709BDFC-F71B-4763-A8AA-A1961A8BD26A}&mid=e6bb0266b12147d0a18ad14427f2e569-06ce4fc639803a2e3563922518183d8e94088cb9&lang=it&ds=od011&pr=sa&d=2012-04-05 15:24:50&v=11.1.0.7&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://http://www.yahoo.com/?ilc=8.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://http://www.yahoo.com/?ilc=8.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programmi\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programmi\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vProt] "C:\Programmi\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [MSC] "c:\Programmi\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [PSUAMain] "C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Utente\Dati applicazioni\Dropbox\bin\Dropbox.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programmi\File comuni\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUAService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: WTGService - Unknown owner - C:\Programmi\WINDEasyConnect\WTGService.exe

--
End of file - 7989 bytes
Torna in alto
 
Sponsor
Inviato: Friday, August 10, 2012 6:08:57 PM

 
Torna in alto
 
r16
Inviato: Friday, August 10, 2012 9:08:59 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Hai 2 antivirus (AVG e Panda Cloud Antivirus)
Vai in "Programmi e funzionalità" e disistallane 1.

Dai una pulita (registro compreso)con CCleaner:
http://www.aiutamici.com/software?ID=11223

Poi:
Scarica OTL, e salvalo sul desktop:

http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul tuo desktop .

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta : minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend, per postarli sul forum.

Per postare i log:
Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
Torna in alto
 
latino70
Inviato: Saturday, August 11, 2012 11:59:18 AM
Rank: AiutAmico

Iscritto dal : 6/18/2005
Posts: 103
Il forum link lo posto qui? comunque mi diventa possibile accedere a fare la scansione vorrei entrare in modalità provisoria con f7 o f8 ma questo pc stranamente non mi fa entrare, esiste qualche altre modo per accedere in questa modalità soprascritta?
Torna in alto
 
latino70
Inviato: Saturday, August 11, 2012 12:40:58 PM
Rank: AiutAmico

Iscritto dal : 6/18/2005
Posts: 103
OTL.Txt

Extras.Txt

ok questi sono i forum link che ho ottenuto
Torna in alto
 
r16
Inviato: Saturday, August 11, 2012 1:39:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:


Code:
:OTL
IE - HKU\S-1-5-21-1123561945-1592454029-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={F709BDFC-F71B-4763-A8AA-A1961A8BD26A}&mid=e6bb0266b12147d0a18ad14427f2e569-06ce4fc639803a2e3563922518183d8e94088cb9&lang=it&ds=od011&pr=sa&d=2012-04-05 15:24:50&v=11.1.0.12&sap=hp
IE - HKU\S-1-5-21-1123561945-1592454029-682003330-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F709BDFC-F71B-4763-A8AA-A1961A8BD26A}&mid=e6bb0266b12147d0a18ad14427f2e569-06ce4fc639803a2e3563922518183d8e94088cb9&lang=it&ds=od011&pr=sa&d=2012-04-05 15:24:50&v=10.2.0.3&sap=dsp&q={searchTerms}
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B42e68440-cf91-4ebd-b5e9-4680c02de383%7D&mid=e6bb0266b12147d0a18ad14427f2e569-06ce4fc639803a2e3563922518183d8e94088cb9&ds=od011&v=11.1.0.7&lang=it&pr=sa&d=2012-04-05%2015%3A24%3A50&sap=ku&q="
[2012/07/22 19.05.27 | 000,003,769 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\avg-secure-search.xml
O33 - MountPoints2\{880a6951-7f15-11e1-822e-000d61160c9a}\Shell - "" = AutoRun
O33 - MountPoints2\{880a6951-7f15-11e1-822e-000d61160c9a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9ce0e7a6-a309-11e1-82d2-000d61160c9a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ce0e7a6-a309-11e1-82d2-000d61160c9a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a52989f0-7f36-11e1-8232-000d61160c9a}\Shell - "" = AutoRun
O33 - MountPoints2\{a52989f0-7f36-11e1-8232-000d61160c9a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d848d570-7f37-11e1-8233-000d61160c9a}\Shell - "" = AutoRun
O33 - MountPoints2\{d848d570-7f37-11e1-8233-000d61160c9a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e7c2cc68-8076-11e1-823d-000d61160c9a}\Shell - "" = AutoRun
O33 - MountPoints2\{e7c2cc68-8076-11e1-823d-000d61160c9a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fe3daad4-7fdc-11e1-8238-000d61160c9a}\Shell - "" = AutoRun
O33 - MountPoints2\{fe3daad4-7fdc-11e1-8238-000d61160c9a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fe3daad7-7fdc-11e1-8238-000d61160c9a}\Shell - "" = AutoRun
O33 - MountPoints2\{fe3daad7-7fdc-11e1-8238-000d61160c9a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ff442476-f198-11e0-9a2d-000d6136ed59}\Shell\AutoRun\command - "" = E:\et3ypes.exe
O33 - MountPoints2\{ff442476-f198-11e0-9a2d-000d6136ed59}\Shell\open\Command - "" = E:\et3ypes.exe
[2012/08/09 14.06.47 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/08/11 12.03.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG Secure Search

:Files
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[CLEARALLRESTOREPOINTS]
[Reboot]

Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.

Posta il log con le modalità precedenti.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Il mio log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.