Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

File sospetto...mi aiutate?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

File sospetto...mi aiutate?

Postdi kuki01 » 10/03/09 11:59

Ciao a tutti!

...volevo chiedere un'informazione a tutti quellio che sono capaci di leggere correttamente i log di Hijacks...io mi sto cimentando e un paio di file li ho eliminati! (seguendo il vostro consiglio di cercare su google e su liutilities.com)

Il mio logfile è attualmente questo:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.25.25, on 10/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Norton Ghost\Agent\VProTray.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\(Aiuto anti-virus)ThreatFire\TFTray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\(Aiuto anti-virus)ThreatFire\TFService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Programmi\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ThreatFire] C:\Programmi\(Aiuto anti-virus)ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [emaswie] "c:\documents and settings\luca\impostazioni locali\dati applicazioni\emaswie.exe" emaswie
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica link utilizzando Mega Manager... - C:\Programmi\TORRENT MEGAUPLOAD\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3994571640
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThreatFire - PC Tools - C:\Programmi\(Aiuto anti-virus)ThreatFire\TFService.exe

--
End of file - 8672 bytes

MI insospettisce quello seganalo da me in rosso che non capisco da dove provenga e risulta installato pochi giorni fà...

Qualcuno può darmi un parere?
..e soprattutto: qualcuno mi consiglia il modo per tenere un pò in ordine il mio pc (credo che ci siano un pò di programmi che partono in automatico e mi fanno rallemntare di bestia il pc...).

GRazie a tutti quelli che contribuiranno positivamente!

Ciaoooo! :)
kuki01
Utente Junior
 
Post: 11
Iscritto il: 17/02/08 15:13

Sponsor
 

Re: File sospetto...mi aiutate?

Postdi Luke57 » 10/03/09 12:55

Ciao, dovrebbe essere un'infezione da navi promo, scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Fatto questo, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall
Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata la scansione, riavvia il computer e posta il reprot C:\combofix.txt
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: File sospetto...mi aiutate?

Postdi kuki01 » 10/03/09 14:53

Ecco il file txt di combofix...

Cosa ne pensi?

ps. come al solito super rapido nelle risposte! :) Grazie!!!

ComboFix 09-03-06.02 - Luca 2009-03-10 14:36:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2047.1570 [GMT 1:00]
Eseguito da: c:\documents and settings\Luca\desktop\combofix.exe
Opzioni usate :: /killall
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\emaswie.dat
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\emaswie_nav.dat
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\emaswie_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2009-02-10 al 2009-03-10 )))))))))))))))))))))))))))))))))))
.

2009-03-09 12:41 . 2009-03-09 12:41 <DIR> d-------- c:\programmi\Trend Micro
2009-03-09 11:30 . 2009-03-09 11:30 <DIR> d-------- c:\programmi\Rootkit_remover
2009-03-08 15:41 . 2009-03-08 15:41 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-03-08 15:41 . 2009-03-08 15:41 <DIR> d-------- c:\documents and settings\Luca\Dati applicazioni\Malwarebytes
2009-03-08 15:41 . 2009-03-08 15:41 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-03-08 15:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-08 15:41 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-08 12:50 . 2009-03-08 12:50 <DIR> d-------- c:\programmi\Color Scheme Editor
2009-03-05 16:55 . 2008-10-13 21:54 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2009-03-05 16:55 . 2008-10-13 21:54 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2009-03-05 16:55 . 2008-10-13 21:54 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2009-03-05 16:55 . 2008-10-13 20:10 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2009-03-05 16:55 . 2008-10-13 21:54 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2009-03-05 16:55 . 2008-10-13 21:54 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2009-03-05 16:55 . 2008-10-13 21:54 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2009-03-05 16:55 . 2008-10-13 21:54 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2009-03-05 16:54 . 2009-03-05 16:55 <DIR> d-------- c:\documents and settings\Administrator
2009-03-05 16:48 . 2009-03-08 08:54 <DIR> d-------- C:\VEXPLITE
2009-03-05 16:48 . 2009-03-05 16:51 40,960 --a------ c:\windows\system32\drivers\VIRAGTLT.SYS
2009-03-05 11:52 . 2009-03-05 11:52 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2009-03-05 11:52 . 2009-03-05 11:52 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2009-03-05 11:52 . 2009-03-05 11:52 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-03-05 11:52 . 2009-03-05 11:52 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-03-05 11:52 . 2009-03-05 11:52 22,328 --a------ c:\documents and settings\Luca\Dati applicazioni\PnkBstrK.sys
2009-03-05 11:47 . 2009-03-05 11:47 <DIR> d-------- c:\programmi\Ubisoft
2009-03-05 11:41 . 2009-03-05 11:41 <DIR> d-------- c:\windows\Sun
2009-03-05 11:40 . 2009-03-05 11:40 <DIR> d-------- c:\programmi\Java
2009-03-05 11:40 . 2009-03-05 11:40 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-05 11:40 . 2009-03-05 11:40 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-03 17:54 . 2009-03-04 21:07 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-03 16:26 . 2009-03-03 16:26 <DIR> d-------- c:\documents and settings\LocalService\Menu Avvio
2009-03-03 15:45 . 2009-03-03 15:47 <DIR> d-------- c:\programmi\(Aiuto anti-virus)ThreatFire
2009-03-03 15:45 . 2009-03-03 15:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-03-03 15:45 . 2009-02-02 14:03 51,472 --a------ c:\windows\system32\drivers\TfFsMon.sys
2009-03-03 15:45 . 2009-02-02 14:04 39,184 --a------ c:\windows\system32\drivers\TfSysMon.sys
2009-03-03 15:45 . 2009-02-02 14:04 33,040 --a------ c:\windows\system32\drivers\TfNetMon.sys
2009-03-03 15:45 . 2009-02-02 14:04 12,560 --a------ c:\windows\system32\drivers\TfKbMon.sys
2009-03-03 12:35 . 2009-03-03 12:35 <DIR> d-------- c:\programmi\Eidos
2009-03-03 12:26 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-03-03 12:26 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-03-03 12:26 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-03-03 12:26 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2009-03-03 12:26 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-03-03 12:26 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2009-03-03 12:26 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2009-03-03 12:26 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-03-03 12:26 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-03-03 12:26 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2009-03-03 12:17 . 2009-03-03 12:17 <DIR> d-------- c:\windows\Logs
2009-03-03 12:14 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2009-03-03 12:14 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2009-03-03 12:14 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2009-03-03 12:13 . 2009-03-03 12:13 <DIR> d-------- c:\windows\system32\xlive
2009-03-01 17:51 . 2009-03-01 17:51 <DIR> d-------- c:\programmi\SopCast
2009-02-22 16:20 . 2009-02-22 16:20 <DIR> d-------- c:\programmi\Microsoft Silverlight
2009-02-18 13:35 . 2009-02-18 13:35 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\LightScribe
2009-02-10 10:20 . 2009-02-10 10:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 13:43 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-08 19:32 --------- d-----w c:\programmi\SpeedFan
2009-03-05 13:31 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-05 11:29 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\uTorrent
2009-03-05 10:58 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-03 15:53 --------- d-----w c:\programmi\GIOCHI INSTALLATI
2009-02-26 22:45 --------- d-----w c:\programmi\eMule
2009-02-13 19:27 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\U3
2009-02-07 19:49 --------- d-----w c:\programmi\NCH Swift Sound
2009-02-07 19:35 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Nokia
2009-02-07 19:22 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Recordpad
2009-02-07 19:22 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\NCH Swift Sound
2009-02-07 19:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NCH Swift Sound
2009-02-07 19:21 --------- d-----w c:\programmi\NCH Software
2009-02-05 11:45 271,360 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-02-05 11:45 18,048 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-02-04 10:26 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-04 10:26 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-04 10:26 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-04 10:26 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-01-28 10:00 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Megaupload
2009-01-28 10:00 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\EmailNotifier
2009-01-28 10:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Megaupload
2009-01-28 10:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\EmailNotifier
2009-01-27 14:03 --------- d-----w c:\programmi\uTorrent
2009-01-18 18:44 --------- d-----w c:\programmi\No-IP
2009-01-13 21:52 --------- d-----w c:\programmi\SecondLife
2009-01-13 21:18 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\SecondLife
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
2008-12-20 22:31 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-12 20:01 67,584 ----a-w c:\windows\system32\xanalyze.dll
2008-12-12 20:01 164,352 ----a-w c:\windows\system32\SpoonUninstall.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\programmi\File comuni\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Norton Ghost 12.0"="c:\programmi\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352]
"DAEMON Tools-1033"="c:\programmi\D-Tools\daemon.exe" [2004-08-22 81920]
"ThreatFire"="c:\programmi\(Aiuto anti-virus)ThreatFire\TFTray.exe" [2009-02-02 263440]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-05 148888]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-04 11:26 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\SecondLife\\SLVoice.exe"=
"c:\\Programmi\\MC2\\Sniper Elite\\SniperElite.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-03-03 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-03-03 39184]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-14 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-14 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-14 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-14 298264]
R2 ThreatFire;ThreatFire;c:\programmi\(Aiuto anti-virus)ThreatFire\TFService.exe service --> c:\programmi\(Aiuto anti-virus)ThreatFire\TFService.exe service [?]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-03-03 33040]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2008-07-17 347648]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\16.tmp --> c:\windows\system32\16.tmp [?]
S4 JW;JW;c:\docume~1\Luca\IMPOST~1\Temp\JW.exe --> c:\docume~1\Luca\IMPOST~1\Temp\JW.exe [?]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c90a26e2-d423-11dd-91d6-00196680163f}]
\Shell\AutoRun\command - J:\ClickMe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-03-09 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-03-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-emaswie - c:\documents and settings\luca\impostazioni locali\dati applicazioni\emaswie.exe
HKU-Default-Run-PcSync - c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scarica link utilizzando Mega Manager... - c:\programmi\TORRENT MEGAUPLOAD\Megaupload\Mega Manager\mm_file.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\rqzxvkq2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 14:43:13
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\16.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1757981266-1993962763-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:1e,41,36,0d,87,a0,23,c1,9c,c6,44,bf,98,f3,07,e3,d5,65,0e,50,50,
e6,fe,31,fe,39,23,77,a0,38,d6,72,7f,32,c9,d2,86,c4,9d,91,ab,4f,22,04,aa,29,\
"rkeysecu"=hex:1f,ad,4c,07,c2,bf,6e,e0,b7,99,f3,5b,6e,3f,df,37

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\Ati2evxx.dll
c:\programmi\(Aiuto anti-virus)ThreatFire\TFWAH.dll
c:\programmi\(Aiuto anti-virus)ThreatFire\TFNI.dll

- - - - - - - > 'lsass.exe'(824)
c:\programmi\(Aiuto anti-virus)ThreatFire\TFWAH.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WgaTray.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\AVG\AVG8\avgrsx.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmi\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\programmi\(Aiuto anti-virus)ThreatFire\TFService.exe
c:\windows\system32\wscntfy.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-10 14:45:32 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-10 13:45:28

Pre-Run: 58,262,577,152 byte disponibili
Post-Run: 58,496,598,016 byte disponibili

270 --- E O F --- 2009-02-25 18:00:36
kuki01
Utente Junior
 
Post: 11
Iscritto il: 17/02/08 15:13

Re: File sospetto...mi aiutate?

Postdi Luke57 » 10/03/09 19:35

Ciao, apri un file di testo, al suo interno copia e incolla il seguente codice:

Codice: Seleziona tutto
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c90a26e2-d423-11dd-91d6-00196680163f}]
;


salvalo con il nome di fix.reg (cambiando ovviamente l'estensione)
tipo di file=tutti i file.

Doppio click su detto file e accetta le modifiche proposte.

Per il resto, mi pare a posto.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: File sospetto...mi aiutate?

Postdi kuki01 » 18/03/09 15:56

Ciao,

scusa se non ho risposto prima ma sono andato via una settimana e non avevo internet...

Grazie mille per l'aiuto!..ora sembra essere tutto ok!..appena torno a casa ti posto il log, ma non dovrebbero essereci ulteriori problemi...ora dovrei "sbattermi" a eliminare tutti i programmi che si avviano all'inizio perche nel task manager ho 44 processi e mi sembrano un pò troppi! :(

Grazieeeeee! :)
kuki01
Utente Junior
 
Post: 11
Iscritto il: 17/02/08 15:13


Torna a Sicurezza e Privacy


Topic correlati a "File sospetto...mi aiutate?":


Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti