Visualizzazione dei risultati da 1 a 6 su 6
  1. #1

    S.O. infetto! posto hijackthis.log

    ciao a tutti il pc sono 2 giorni che fa il pazzo. tutto è cominciato con dei programmi scaricati che eranoo probabilmente deii virus, poi il pc andava in crash (schermata blu con scritte varie), poi oggi all'avvio mi dava solo una finestra "è stata apportata una modifica non autorizzata a windows" e quindi mi potevo solo collegare a internet. Non riuscendo a risolvere ho avviato il pc con F8 "ultima impostazione funzionante". Avast continua ha trovare (ma non ha debellare ". physicaldrive0 mbr tdl4").

    grazie in anticipo!

    Ecco il file log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8.56.37, on 09/06/2011
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16386)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=88888
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ARIO&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ARIO&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
    O2 - BHO: LEC - {4A241D35-F7EB-401b-8C5B-A904A50F280E} - C:\Program Files\Power Translator 11\Applications\LEC IE Translation Extension.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
    O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 11\Applications\LEC IE Translation Extension.dll
    O3 - Toolbar: (no name) - {627522C4-DD3F-4577-8EF8-C3305DFA2445} - (no file)
    O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [{61EA6A5F-E183-3D93-3BDB-0EFFF21513AB}] C:\Users\Lucia\AppData\Roaming\Byci\nuha.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
    O4 - .DEFAULT User Startup: zaep.exe (User 'Default user')
    O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Esporta nel DataBank - file://C:\Program Files\Interactive Medicine\exp2db.htm
    O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 8017 bytes

  2. #2
    Moderatore di Windows e software L'avatar di darkkik
    Registrato dal
    Dec 2003
    residenza
    Pavia - Milano - Lodi.
    Messaggi
    11,476
    Se hai il PC infetto, perchè non postare in "Sicurezza Informatica e VIRUS"?

    Sposto.
    I can see much clearer now, I'm blind.
    Io fui già quel che voi siete, Quel ch'io son voi anco sarete.
    Remember that death is not the end, but only a transition
    All that we learn this time is carried beyond this life.

  3. #3
    ok grazie

  4. #4
    intanto togli questi:

    O4 - HKCU\..\Run: [{61EA6A5F-E183-3D93-3BDB-0EFFF21513AB}] C:\Users\Lucia\AppData\Roaming\Byci\nuha.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

    poi riavvia la macchina in modalità provvisoria, entra con l'utente administrator (non con il tuo), fai partire dr.web e fai una scansione completa.

    hai la possibilità di staccare l'hd e metterlo su un altro pc?

    voglio vedere se c'è un virus nell'mbr.. quelli se entrano l'av non li toglie, forse in modalità provvisoria, ma non è sicuro

  5. #5
    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Versione database: 6817

    Windows 6.0.6000
    Internet Explorer 7.0.6000.16386

    09/06/2011 14.56.57
    mbam-log-2011-06-09 (14-56-57).txt

    Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|H:\|I:\|)
    Elementi esaminati: 281747
    Tempo impiegato: 1 ore, 10 minuti, 22 secondi

    Processi infetti in memoria: 0
    Moduli di memoria infetti: 0
    Chiavi di registro infette: 3
    Valori di registro infetti: 1
    Voci infette nei dati di registro: 0
    Cartelle infette: 0
    File infetti: 13

    Processi infetti in memoria:
    (Non sono stati rilevati elementi nocivi)

    Moduli di memoria infetti:
    (Non sono stati rilevati elementi nocivi)

    Chiavi di registro infette:
    HKEY_CURRENT_USER\SOFTWARE\KOQMLYTPE7 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\YDZ1QVAGOJ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\idgbn5xehg (Malware.Trace) -> Quarantined and deleted successfully.

    Valori di registro infetti:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\{61EA6A5F-E183-3D93-3BDB-0EFFF21513AB} (Spyware.Passwords.XGen) -> Value: {61EA6A5F-E183-3D93-3BDB-0EFFF21513AB} -> Quarantined and deleted successfully.

    Voci infette nei dati di registro:
    (Non sono stati rilevati elementi nocivi)

    Cartelle infette:
    (Non sono stati rilevati elementi nocivi)

    File infetti:
    c:\Users\Lucia\AppData\Roaming\Byci\nuha.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Lucia\AppData\Local\msLereui.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
    c:\Users\Lucia\AppData\Local\Temp\Nxf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Lucia\AppData\Local\Temp\Nxg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Lucia\AppData\Local\Temp\Nxh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Lucia\AppData\Local\Temp\Nxi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Lucia\AppData\Local\Temp\Nxj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Lucia\AppData\Local\Temp\Nxk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Lucia\AppData\Local\Temp\Nxl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Lucia\AppData\Local\Temp\Nxm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Lucia\AppData\Local\Temp\ecnaormxws.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
    c:\Users\Lucia\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Nbabia.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

  6. #6
    se non aggiorni internet explorer
    e il service pack
    avrai sempre infezioni

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  
Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.