Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Richiesta controllo log HijackThis.

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Richiesta controllo log HijackThis.

Messaggioda kleo » sab giu 12, 2010 11:02 am

salve...sono decisamente nuova qui (iscrizione avvenuta qualcosa come...mmh...3 minuti fa!) ho dato una luuunga occhiata alle altre discussioni qui, i problemi analoghi al mio sono infiniti, ma ho intuito che è necessario postare il log del simpatico hijackThis...vi prego, aiutatemi..non c'è avira o avg che riesca a fare fuori 1 virus in particolare...pc lentissimo e programmi che girano malissimo...:(

grazie mille anticipatamente!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.38.41, on 12/06/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\VITO\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Users\VITO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\VITO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\VITO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\VITO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gooofullsearch.com/bar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gooofullsearch.com/bar
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://roonic.com/results.html?q=%s&sa=Search&cx=partner-pub-0345395751421741:y8d2vrh2u6t&cof=FORID:10&ie=UTF-8
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: Messenger Plus Live Italy Toolbar - {08d495ab-a86c-47b0-82ef-da87bf92f730} - C:\Program Files\Messenger_Plus_Live_Italy\tbMess.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Deep Exploration 2.0\tbunsw45DA.tmp\tbhelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Messenger Plus Live Italy Toolbar - {08d495ab-a86c-47b0-82ef-da87bf92f730} - C:\Program Files\Messenger_Plus_Live_Italy\tbMess.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux\DLXShellExtension.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: TBSB07458 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Deep Exploration 2.0\tbunsw45DA.tmp\tbcore3.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: (no name) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Messenger Plus Live Italy Toolbar - {08d495ab-a86c-47b0-82ef-da87bf92f730} - C:\Program Files\Messenger_Plus_Live_Italy\tbMess.dll
O3 - Toolbar: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\Deep Exploration 2.0\tbunsw45DA.tmp\tbcore3.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\VITO\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Server di rete.lnk = C:\Program Files\WIBUKEY\Server\WkSvMgr.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14736 bytes
Avatar utente
kleo
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: sab giu 12, 2010 10:53 am

Re: Possibile Virus + Log hijackthis

Messaggioda farbix89 » sab giu 12, 2010 11:26 am

kleo ha scritto:salve...sono decisamente nuova qui (iscrizione avvenuta qualcosa come...mmh...3 minuti fa!) ho dato una luuunga occhiata alle altre discussioni qui, i problemi analoghi al mio sono infiniti, ma ho intuito che è necessario postare il log del simpatico hijackThis...vi prego, aiutatemi..non c'è avira o avg che riesca a fare fuori 1 virus in particolare...pc lentissimo e programmi che girano malissimo...:(

grazie mille anticipatamente!!!!


Meglio aprire un altro thread apposito per i tuoi problemi,rischi di essere assistita male e si crea confusione con i post precedenti,ricordalo per la prossima volta [^]

Inizia a seguire questi consigli:

-Scansione approfondita con Avast.

-Ulteriore scansione con Malwarebytes

-Scarica CCleaner e avvia una pulizia generale.Per velocizzare l'avvio del sistema via in Strumenti-Avvio e rimuovi le voci inutili.
Avatar utente
farbix89
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 14093
Iscritto il: ven feb 13, 2009 10:09 pm

Re: Possibile Virus + Log hijackthis

Messaggioda crazy.cat » sab giu 12, 2010 11:45 am

kleo ha scritto:non c'è avira o avg che riesca a fare fuori 1 virus in particolare..

Dacci qualche dettaglio in più.
Dove viene trovato questo virus perché nel log non si vede.

Intanto comincia a togliere Avg perché due antivirus insieme non servono e appesantiscono per niente.
Rifai la scansione con hijackthis selezioni le caselle di queste righe e premi fix checked per eliminarle.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gooofullsearch.com/bar
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gooofullsearch.com/bar
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://roonic.com/results.html?q=%s&sa=Search&cx=partner-pub-0345395751421741:y8d2vrh2u6t&cof=FORID:10&ie=UTF-8
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Deep Exploration .0\tbunsw45DA.tmp\tbhelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: TBSB07458 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Deep Exploration 2.0\tbunsw45DA.tmp\tbcore3.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
O3 - Toolbar: (no name) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\Deep Exploration 2.0\tbunsw45DA.tmp\tbcore3.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

Qualche programma che si può rimuovere dall'avvio automatico (se non usi Itunes)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

Altri due che si possono eliminare se non usi la google toolbar
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\VITO\AppData\Local\Google\Update\GoogleUpdate.exe" /c

Per navigare meglio le toolbar inutili vanno eliminate.

La scansione con malwarebytes che ti hanno già consigliato dovrebbe risolvere molti problemi.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Re: Possibile Virus + Log hijackthis

Messaggioda kleo » sab giu 12, 2010 1:54 pm

dire che siete rapidissimi è poco...:)
questa è la posizione che da l'avg...dice sia bloccato e inaccessibile :(

"C:\Windows\System32\svchost.exe (5364):\memory_00400000";"Trojan Generic17.BEMO";"L'oggetto non è accessibile."
Avatar utente
kleo
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: sab giu 12, 2010 10:53 am

Re: Possibile Virus + Log hijackthis

Messaggioda crazy.cat » sab giu 12, 2010 2:37 pm

kleo ha scritto:"C:\Windows\System32\svchost.exe (5364):\memory_00400000";"Trojan Generic17.BEMO";"L'oggetto non è accessibile."

Sembra sia un rootkit
http://forums.avg.com/us-en/avg-free-fo ... w&id=89267
fai una scansione con gmer e posta il suo log della sezione rootkit.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Possibile Virus + Log hijackthis

Messaggioda kleo » sab giu 12, 2010 3:26 pm

bene...sia attivando l'Avast che il gmer il pc si riavvia dicendo che così avrebbe protetto il pc! O.o
scansiono con Malwarebytes adesso..sperando che almeno questo possa finire il suo lavoro..

e se levassi l'Avira come antivirus??? l'Avg qualche virus lo trova...l'avira mi da sempre 0 infezioni..
Avatar utente
kleo
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: sab giu 12, 2010 10:53 am

Re: Possibile Virus + Log hijackthis

Messaggioda farbix89 » sab giu 12, 2010 5:05 pm

kleo ha scritto:bene...sia attivando l'Avast che il gmer il pc si riavvia dicendo che così avrebbe protetto il pc! O.o
scansiono con Malwarebytes adesso..sperando che almeno questo possa finire il suo lavoro..

e se levassi l'Avira come antivirus??? l'Avg qualche virus lo trova...l'avira mi da sempre 0 infezioni..


2 antivirus contemporaneamente non sono mai consigliati,si "pestano" i piedi l'un l'altro.

Tieni solo uno.

Per i rootkit usa Gmer come consigliato da crazy.
Avatar utente
farbix89
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 14093
Iscritto il: ven feb 13, 2009 10:09 pm

Re: Possibile Virus + Log hijackthis

Messaggioda crazy.cat » sab giu 12, 2010 5:44 pm

kleo ha scritto:bene...sia attivando l'Avast che il gmer il pc si riavvia dicendo che così avrebbe protetto il pc!

Prova con rootrepeal http://ad13.geekstogo.com/RootRepeal.rar e poi segnala qui tutte le voci in rosso che ti trova.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Possibile Virus + Log hijackthis

Messaggioda kleo » sab giu 12, 2010 6:56 pm

nessuna voce in rosso...mi preoccupo o festeggio?!


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/06/12 19:56
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: 000.fcl
Image Path: C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
Address: 0xA51AA000 Size: 118784 File Visible: - Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x8B1B7000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x8303A000 Size: 3842048 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x9183B000 Size: 294912 File Visible: - Signed: -
Status: -

Name: aswMonFlt.sys
Image Path: C:\Windows\system32\drivers\aswMonFlt.sys
Address: 0x919D7000 Size: 94208 File Visible: - Signed: -
Status: -

Name: aswRdr.SYS
Image Path: C:\Windows\System32\Drivers\aswRdr.SYS
Address: 0x91883000 Size: 16640 File Visible: - Signed: -
Status: -

Name: aswSP.SYS
Image Path: C:\Windows\System32\Drivers\aswSP.SYS
Address: 0x9195C000 Size: 157312 File Visible: - Signed: -
Status: -

Name: aswTdi.SYS
Image Path: C:\Windows\System32\Drivers\aswTdi.SYS
Address: 0x91392000 Size: 39936 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x8B419000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x8B421000 Size: 122880 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\Windows\System32\Drivers\avgldx86.sys
Address: 0x91928000 Size: 209536 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\Windows\System32\Drivers\avgmfx86.sys
Address: 0x91922000 Size: 22848 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\Windows\System32\Drivers\avgtdix.sys
Address: 0x913B0000 Size: 236160 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x91316000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8B080000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x91B52000 Size: 102400 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x9BE50000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xA5214000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8BB1A000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x8B0C9000 Size: 917504 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x8B9B4000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x8B088000 Size: 266240 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x91983000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8B9D5000 Size: 36864 File Visible: - Signed: -
Status: -

Name: DF66.tmp
Image Path: C:\Windows\system32\DF66.tmp
Address: 0xA522A000 Size: 6144 File Visible: No Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x9190B000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8B9A3000 Size: 69632 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x91268000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x9199B000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x91990000 Size: 45056 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x919A3000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x90F42000 Size: 651264 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8B97C000 Size: 159744 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x8B471000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x8B43F000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x91306000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8B754000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Address: 0x8BB32000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x83007000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x90FEE000 Size: 73728 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x91AC8000 Size: 446464 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x912A5000 Size: 77824 File Visible: - Signed: -
Status: -

Name: int15.sys
Image Path: C:\Acer\Empowering Technology\eRecovery\int15.sys
Address: 0xA509D000 Size: 28672 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x8B3E1000 Size: 28672 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8BA12000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\Windows\system32\DRIVERS\ipnat.sys
Address: 0xA51EE000 Size: 155648 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8B7B7000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x8B007000 Size: 32768 File Visible: - Signed: -
Status: -

Name: kpshbk.sys
Image Path: C:\Windows\System32\drivers\kpshbk.sys
Address: 0x8B1A9000 Size: 54016 File Visible: No Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8B7CD000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x8B48A000 Size: 462848 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x91AA5000 Size: 65536 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x919BC000 Size: 110592 File Visible: - Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x8B00F000 Size: 393216 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x919AD000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8B7C2000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x8B409000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x91B6B000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x91B80000 Size: 131072 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x91BA0000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x91BBF000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x8B9DE000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x9135A000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x90800000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8BB38000 Size: 188416 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x8B606000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8B3F6000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8B96D000 Size: 61440 File Visible: - Signed: -
Status: -

Name: muukbnda.sys
Image Path: C:\Windows\System32\Drivers\muukbnda.sys
Address: 0x8B242000 Size: 1273856 File Visible: No Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8B4FB000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8BBC9000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8BBD4000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x9103A000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x9189E000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x91809000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8B631000 Size: 237568 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x91365000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x91901000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8B802000 Size: 1110016 File Visible: - Signed: -
Status: -

Name: NTIDrvr.sys
Image Path: C:\Windows\system32\DRIVERS\NTIDrvr.sys
Address: 0x90808000 Size: 6144 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\Windows\system32\ntoskrnl.exe
Address: 0x8303A000 Size: 3842048 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x9130F000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x9080A000 Size: 7568832 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x91888000 Size: 90112 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\Windows\system32\DRIVERS\parport.sys
Address: 0x9128D000 Size: 98304 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x8B379000 Size: 61440 File Visible: - Signed: -
Status: -

Name: parvdm.sys
Image Path: C:\Windows\system32\DRIVERS\parvdm.sys
Address: 0xA5081000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x8B21B000 Size: 159744 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x8B3E8000 Size: 57344 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA50A4000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x8303A000 Size: 3842048 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x9123B000 Size: 184320 File Visible: - Signed: -
Status: -

Name: psdfilter.sys
Image Path: C:\Windows\system32\DRIVERS\psdfilter.sys
Address: 0x8B481000 Size: 36864 File Visible: - Signed: -
Status: -

Name: PSDNServ.sys
Image Path: C:\Windows\system32\drivers\PSDNServ.sys
Address: 0x8B964000 Size: 36864 File Visible: - Signed: -
Status: -

Name: psdvdisk.sys
Image Path: C:\Windows\system32\drivers\psdvdisk.sys
Address: 0x8B952000 Size: 73728 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8B06F000 Size: 69632 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x91373000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8BBB2000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8B76F000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8B77E000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8B792000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x8303A000 Size: 3842048 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x918C5000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x9134A000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x91352000 Size: 32768 File Visible: - Signed: -
Status: -

Name: RNDISMP.SYS
Image Path: C:\Windows\system32\DRIVERS\RNDISMP.SYS
Address: 0x912E7000 Size: 53248 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA522C000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x91AB5000 Size: 77824 File Visible: - Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x9104B000 Size: 2029568 File Visible: - Signed: -
Status: -

Name: Rtlh86.sys
Image Path: C:\Windows\system32\DRIVERS\Rtlh86.sys
Address: 0x8BAAA000 Size: 98304 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA5182000 Size: 40960 File Visible: - Signed: -
Status: -

Name: SENTINEL.SYS
Image Path: C:\Windows\System32\Drivers\SENTINEL.SYS
Address: 0xA5088000 Size: 84992 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\Windows\system32\DRIVERS\serenum.sys
Address: 0x912D2000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\Windows\system32\DRIVERS\serial.sys
Address: 0x912B8000 Size: 106496 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x9139C000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8B94A000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x919F6000 Size: 716800 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xA5033000 Size: 319488 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0xA500C000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x91B35000 Size: 118784 File Visible: - Signed: -
Status: -

Name: StarOpen.SYS
Image Path: C:\Windows\System32\Drivers\StarOpen.SYS
Address: 0x918AC000 Size: 24576 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8BB66000 Size: 266240 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8BBF7000 Size: 4992 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8B66B000 Size: 954368 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA518C000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8BBA7000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x9137C000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8B7A7000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x9BE30000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8BA09000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8B9FE000 Size: 45056 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8B206000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usb8023.sys
Image Path: C:\Windows\system32\DRIVERS\usb8023.sys
Address: 0x912DC000 Size: 36864 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x912E5000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8BB0B000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x91006000 Size: 212992 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8BACD000 Size: 253952 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x912F4000 Size: 73728 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8BAC2000 Size: 45056 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x9131D000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x91329000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x8B388000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x8B397000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8B911000 Size: 233472 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x918B2000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x90FE1000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x8BA2E000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\DRIVERS\WDFLDR.SYS
Address: 0x8BA21000 Size: 53248 File Visible: - Signed: -
Status: -

Name: WibuKey.sys
Image Path: C:\Windows\SYSTEM32\DRIVERS\WibuKey.sys
Address: 0xA5198000 Size: 72704 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x9BC10000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x9BC10000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x8B1FD000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x8303A000 Size: 3842048 File Visible: - Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0xA51DC000 Size: 73728 File Visible: - Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0xA51C7000 Size: 83328 File Visible: - Signed: -
Status: -
Avatar utente
kleo
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: sab giu 12, 2010 10:53 am

Re: Possibile Virus + Log hijackthis

Messaggioda crazy.cat » dom giu 13, 2010 7:28 am

kleo ha scritto:nessuna voce in rosso...mi preoccupo o festeggio?!

Strano.
Hai guardato in tutte le caselle che ti propone root repeal?

Prova a fare la scansione con combofix.

(oppure avg ha preso una cantonata e il virus non c'è proprio)
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Possibile Virus + Log hijackthis

Messaggioda markinson » dom giu 13, 2010 9:20 am

Mi sono letto tutto il log di RootRepeal. E' la prima volta che perdo la vista ... ops ... volevo dire "leggo" ( [bleh] ) un log di questo programma! [;)]
Pongo all'attenzione degli esperti in sicurezza questa voce:
  • C:\Windows\system32\DF66.tmp
Non sarà determinante, ma per estensione e posizione ... [uhm]

crazy.cat ha scritto:... Prova a fare la scansione con combofix.

Una guida completa (in italiano) a Combofix la trovi QUI e, dalla stessa pagina, puoi scaricare il programma. Per ora, quando richiesto, non installare la console di ripristino.

crazy.cat ha scritto:... Sembra sia un rootkit

Si potrebbe provare anche con Sophos Anti-Rootkit, sia per un ulteriore controllo sia perché, se non ricordo male, ha una modalità di azione abbastanza user-friendly.

P.S. (1)
Hai ancora il SP1, aggiorna con il SP2 --> QUI.

P.S. (2)
Quali e quanti antivirus hai installati attualmente?
Perché (per esempio) "aswTdi.SYS" appartiene ad avast! antivirus, mentre "avgmfx86.sys" ad AVG antivirus (e, sembrerebbe, nemmeno alla versione più recente).

P.S. (3)
Per fare una ulteriore pulizia --> Comodo System Cleaner Portable (Attenzione durante il suo uso, leggi bene cosa vuole andare a cancellare.)
MegaLab.it (MLI) = Gianluigi "Zane" Zanettini - That's all Folks!
Avatar utente
markinson
Bronze Member
Bronze Member
 
Messaggi: 936
Iscritto il: sab mag 01, 2010 9:22 am
Località: Roma

Re: Richiesta controllo log HijackThis.

Messaggioda kleo » lun giu 14, 2010 3:38 pm

mmh sono ufficialmente confusa!

l'avast! antivirus non ne ha voluto sapere assolutamente nulla di partire, però non riesco a trovare il link per disinstallarlo...per cui, in teoria, dovrei avere solo l'AVG, ma aggiornato qualche settimana fa!

con questo Comodo System Cleaner Portable cosa dovrei stare attenta a non cancellare?! :-S
Avatar utente
kleo
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: sab giu 12, 2010 10:53 am

Re: Richiesta controllo log HijackThis.

Messaggioda farbix89 » lun giu 14, 2010 9:29 pm

kleo ha scritto:mmh sono ufficialmente confusa!

l'avast! antivirus non ne ha voluto sapere assolutamente nulla di partire, però non riesco a trovare il link per disinstallarlo...per cui, in teoria, dovrei avere solo l'AVG, ma aggiornato qualche settimana fa


In che senso??Non si installa proprio avast??? [uhm]

Puoi provare ad installare e a scansionare in modalità provvisoria,dove i malware sono di solito inattivi [;)]
Avatar utente
farbix89
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 14093
Iscritto il: ven feb 13, 2009 10:09 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Google [Bot] e 2 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising