Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 3 su 3

Discussione: aiuto spywere...

  1. 03-04-2008, 22:03 #1
    mircoski
    mircoski non è in linea
    Utente di HTML.it
    Registrato dal
    Apr 2008
    Messaggi
    4

    aiuto spywere...

    Scusatemi ragazzi ma sono disperato!!!
    Mi si aprono finestre di continuo, ho provato con spybot ma non è servito a nuiente....con panda activescan il controllo antivirus nemmeno parte....il pc è di mio fratello se quando torna dalla gita lo trova così mi fa nuovo nuovo....l'unica soluzione siete voi...ho scaricato HijackThis e l'ho usato....vi posto il lo di HijackThis spero sappiate trovarmi il problema, premetto che non ne so nulla di sto programma...grazie....

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21.55.13, on 03/04/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programmi\Eset\nod32krn.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe
    C:\Programmi\Eset\nod32kui.exe
    C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    C:\Programmi\Java\jre1.6.0_04\bin\jucheck.exe
    C:\Programmi\Internet Explorer\IEXPLORE.EXE
    C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Programmi\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe "
    O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {BD0D1F18-5561-11DC-A0D9-692F56D89593} - http://safe-download-secure.com/code/2026.exe
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

    --
    End of file - 4801 bytes

    GRAZIE ANCORA
    Rispondi quotando Rispondi quotando
  2. 04-04-2008, 16:44 #2
    mircoski
    mircoski non è in linea
    Utente di HTML.it
    Registrato dal
    Apr 2008
    Messaggi
    4
    vi prego ragazzi....aiuttemi rispondetemi....ho usato anche combofix....ecco il log...

    ComboFix 08-04-03.5 - Alessio 2008-04-04 16.31.51.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1040.18.75 [GMT 2:00]
    Eseguito da: C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9W52HUP\ComboFix[1].exe
    * Creato nuovo punto di ripristino
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .

    C:\Documents and Settings\Alessio\Dati applicazioni\inst.exe
    C:\Documents and Settings\Alessio\Impostazioni locali\Dati applicazioni\rbbdrdk.dat
    c:\documents and settings\alessio\impostazioni locali\dati applicazioni\rbbdrdk.exe
    c:\Documents and Settings\Alessio\Impostazioni locali\Dati applicazioni\rbbdrdk_nav.dat
    c:\Documents and Settings\Alessio\Impostazioni locali\Dati applicazioni\rbbdrdk_navps.dat
    C:\Documents and Settings\All Users\Desktop\webmediaplayer.lnk
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
    C:\Programmi\webmediaplayer
    C:\Programmi\webmediaplayer\resources\languages_v2 .xml
    C:\Programmi\webmediaplayer\resources\webmedias
    C:\Programmi\webmediaplayer\skins\classic.skn
    C:\Programmi\webmediaplayer\sqlite3.dll
    C:\Programmi\webmediaplayer\uninst.exe
    C:\Programmi\webmediaplayer\WebMediaPlayer.exe

    .
    ((((((((((((((((((((((((( Files Creati Da 2008-03-04 al 2008-04-04 )))))))))))))))))))))))))))))))))))
    .

    2008-04-04 16:15 . 2008-04-04 16:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-04-04 16:15 . 2008-04-04 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
    2008-04-03 21:53 . 2008-04-03 21:53 <DIR> d-------- C:\Programmi\Trend Micro
    2008-04-03 21:25 . 2008-04-03 21:25 <DIR> d-------- C:\Programmi\Lavasoft
    2008-04-03 21:25 . 2008-04-03 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
    2008-04-03 21:24 . 2008-04-03 21:24 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
    2008-04-03 20:55 . 2008-04-03 20:55 <DIR> d-------- C:\Programmi\ESET
    2008-04-03 20:55 . 2008-04-03 20:55 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
    2008-04-03 20:55 . 2008-04-03 20:55 298,104 --a------ C:\WINDOWS\system32\imon.dll
    2008-04-03 20:55 . 2008-04-03 20:55 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
    2008-04-03 20:55 . 2008-04-03 20:55 0 --a------ C:\WINDOWS\system32\mapisvc.inf
    2008-04-03 19:06 . 2008-04-03 19:06 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
    2008-04-03 19:06 . 2008-04-03 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
    2008-04-02 17:10 . 2008-04-02 17:10 <DIR> d-------- C:\Programmi\CCleaner
    2008-04-02 16:57 . 2008-04-02 16:57 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2008-04-02 16:57 . 2008-04-03 19:01 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2008-04-02 16:57 . 2008-04-03 19:01 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-04-02 16:57 . 2008-04-03 19:01 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2008-03-29 23:27 . 2008-03-29 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
    2008-03-15 18:00 . 2008-03-15 18:00 <DIR> d-------- C:\Documents and Settings\Alessio\Dati applicazioni\LimeWire
    2008-03-15 17:59 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-03-15 17:58 . 2008-03-15 17:58 <DIR> d-------- C:\Programmi\Java
    2008-03-15 17:57 . 2008-03-15 17:57 <DIR> d-------- C:\Programmi\LimeWire
    2008-03-15 17:57 . 2008-03-15 17:57 <DIR> d-------- C:\Programmi\File comuni\Java

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    2008-03-30 19:42 47,360 ----a-w C:\Documents and Settings\Alessio\Dati applicazioni\pcouffin.sys
    2008-02-27 13:05 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
    2008-02-27 13:05 --------- d-----w C:\Documents and Settings\Alessio\Dati applicazioni\Vso
    2008-02-10 17:44 --------- d-----w C:\Programmi\uTorrent
    2008-02-10 17:44 --------- d-----w C:\Documents and Settings\Alessio\Dati applicazioni\uTorrent
    2008-02-09 08:56 --------- d-----w C:\Programmi\eMule
    .

    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 16:55 579072]
    "ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2006-03-20 17:34 86960]
    "NWEReboot"="" []
    "QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
    "NeroFilterCheck"="C:\WINDOWS\System32\NeroCheck.e xe" [2001-07-09 11:50 155648]
    "SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_0 4\bin\jusched.exe" [2007-12-14 03:42 144784]
    "nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-04-03 20:55 949376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-31 14:00 13312]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 09:55 219136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.scg726"= scg726.acm
    "msacm.alf2cd"= alf2cd.acm
    "msacm.ac3acm"= AC3ACM.acm
    "vidc.dvsd"= mcdvd_32.dll
    "VIDC.WMV3"= wmv9vcm.dll


    .
    Contenuto della cartella 'Scheduled Tasks'
    "2008-03-29 10:02:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Programmi\Apple Software Update\SoftwareUpdate.exe
    .
    ************************************************** ************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-04 16:34:09
    Windows 5.1.2600 FAT NTAPI

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0

    ************************************************** ************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Programmi\Eset\pr_imon.dll
    .
    Ora fine scansione: 2008-04-04 16.34.27
    ComboFix-quarantined-files.txt 2008-04-04 14:34:26
    5 Directory 3,049,816,064 byte disponibili
    11 Directory 3,040,239,616 byte disponibili
    .
    2008-02-03 13:01:23 --- E O F ---
    grazie mille....
    Rispondi quotando Rispondi quotando
  3. 06-04-2008, 02:51 #3
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    dovresti aver risolto..
    C:\Documents and Settings\Alessio\Impostazioni locali\Dati applicazioni\rbbdrdk.dat
    c:\documents and settings\alessio\impostazioni locali\dati applicazioni\rbbdrdk.exe
    c:\Documents and Settings\Alessio\Impostazioni locali\Dati applicazioni\rbbdrdk_nav.dat
    c:\Documents and Settings\Alessio\Impostazioni locali\Dati applicazioni\rbbdrdk_navps.dat

    se hai ancora problemi utilizziamo un altro tool ma il problema erano solo questi files, credo.
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.