Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Win32/Adware.Virtumonde
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
devil13
Mortale devoto
Mortale devoto


Registrato: 13/12/07 12:12
Messaggi: 6
MessaggioInviato: 13 Dic 2007 19:36    Oggetto: Win32/Adware.Virtumonde Rispondi citando
Salve a tutti, il mio antivirus NOD 32 ha rilevato il seguente virus Win32/Adware.Virtumonde
Ogni volta che accendo il modem tenta di aprirmi un'applicazione e puntualmente mi compaiono 2-3 finestre consecutive di nod 32.
Ho seguito i primi passi e ho fatto girare hijacthis.
Riporto di seguito il risultati della scansione.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.26.01, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi 2\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi 2\Winamp\winampa.exe
C:\WINDOWS\system32\winsock32.exe
C:\Programmi 2\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Programmi\BitTorrent_DNA\dna.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi 2\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi 2\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [] winsock32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi 2\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\RunServices: [] winsock32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\BitTorrent_DNA\dna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Unknown owner - c:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi 2\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8877 bytes


COME MI DEVO COMPORTARE ADESSO???
GRAZIE!!!
Top
Profilo Invia messaggio privato
devil13
Mortale devoto
Mortale devoto


Registrato: 13/12/07 12:12
Messaggi: 6
MessaggioInviato: 13 Dic 2007 19:38    Oggetto: Rispondi citando
SCUSATE...MA SE FORMATTASSI IL PC, RISOLVEREI IL PROBLEMA O RISCHIEREI DI TROVARMELO NUOVAMENTE??? Sad
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 13 Dic 2007 20:29    Oggetto: Rispondi citando
Ciao devil13 Smile
Guarda
questa discussione e disattiva il ripristino di sistema . Avvia HJT e seleziona a sinistra queste righe:
Citazione:
O4 - HKLM\..\Run: [] winsock32.exe
O4 - HKLM\..\RunServices: [] winsock32.exe

Clicca fix Checked.
Riavvia il PC e posta un nuovo log di Hjijackthis.
Poi salva questo sul desktop.
Avvia il pc in modalità provvisoria.
Esegui il programma appena scaricato.
Al termine, riavvia il pc in modalità normale e posta qui il log generato.
Top
Profilo Invia messaggio privato
devil13
Mortale devoto
Mortale devoto


Registrato: 13/12/07 12:12
Messaggi: 6
MessaggioInviato: 13 Dic 2007 21:28    Oggetto: Rispondi citando
Salve Sante62 Very Happy ,
grazie per l'aiuto.

Ho riavviato il pc e questo è quanto emerge dalla nuova scansione

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.25.12, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi 2\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi 2\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi 2\Winamp\winampa.exe
C:\Programmi 2\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\BitTorrent_DNA\dna.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi 2\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi 2\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi 2\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\BitTorrent_DNA\dna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Unknown owner - c:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi 2\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8664 bytes
Top
Profilo Invia messaggio privato
devil13
Mortale devoto
Mortale devoto


Registrato: 13/12/07 12:12
Messaggi: 6
MessaggioInviato: 13 Dic 2007 21:47    Oggetto: Rispondi citando
non so se è andato tutto bene...
in modalità provvisoria ho avviato VirtumundoBeGone ma alla fine è comparsa una schermata blu di windows e ho dovuto spegnere il pc con il tasto di accensione.Ho trovato sul desktop questo file VBG che riporta quanto segue:


[12/13/2007, 20:36:41] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\FEDERICO.PC143002839268\Desktop\VirtumundoBeGone.exe" )
[12/13/2007, 20:36:58] - Detected System Information:
[12/13/2007, 20:36:58] - Windows Version: 5.1.2600, Service Pack 2
[12/13/2007, 20:36:58] - Current Username: FEDERICO (Admin)
[12/13/2007, 20:36:58] - Windows is in SAFE mode with Networking.
[12/13/2007, 20:36:58] - Searching for Browser Helper Objects:
[12/13/2007, 20:36:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[12/13/2007, 20:36:58] - BHO 2: {21f57b92-ac46-4a6c-96a7-384984dabf3e} ()
[12/13/2007, 20:36:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/13/2007, 20:36:58] - Checking for HKLM\...\Winlogon\Notify\ixnkxktr
[12/13/2007, 20:36:58] - Key not found: HKLM\...\Winlogon\Notify\ixnkxktr, continuing.
[12/13/2007, 20:36:58] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[12/13/2007, 20:36:58] - BHO 4: {63F6C638-10C7-40AE-A605-E8E1BB4A6B58} ()
[12/13/2007, 20:36:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/13/2007, 20:36:58] - Checking for HKLM\...\Winlogon\Notify\ddaby
[12/13/2007, 20:36:58] - Key not found: HKLM\...\Winlogon\Notify\ddaby, continuing.
[12/13/2007, 20:36:58] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/13/2007, 20:36:58] - BHO 6: {79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50} ()
[12/13/2007, 20:36:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/13/2007, 20:36:58] - Checking for HKLM\...\Winlogon\Notify\rqronop
[12/13/2007, 20:36:58] - Found: HKLM\...\Winlogon\Notify\rqronop - This is probably Virtumundo.
[12/13/2007, 20:36:58] - Assigning {79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50} MSEvents Object
[12/13/2007, 20:36:58] - BHO list has been changed! Starting over...
[12/13/2007, 20:36:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[12/13/2007, 20:36:58] - BHO 2: {21f57b92-ac46-4a6c-96a7-384984dabf3e} ()
[12/13/2007, 20:36:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/13/2007, 20:36:58] - Checking for HKLM\...\Winlogon\Notify\ixnkxktr
[12/13/2007, 20:36:58] - Key not found: HKLM\...\Winlogon\Notify\ixnkxktr, continuing.
[12/13/2007, 20:36:58] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[12/13/2007, 20:36:58] - BHO 4: {63F6C638-10C7-40AE-A605-E8E1BB4A6B58} ()
[12/13/2007, 20:36:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/13/2007, 20:36:58] - Checking for HKLM\...\Winlogon\Notify\ddaby
[12/13/2007, 20:36:58] - Key not found: HKLM\...\Winlogon\Notify\ddaby, continuing.
[12/13/2007, 20:36:58] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/13/2007, 20:36:58] - BHO 6: {79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50} (MSEvents Object)
[12/13/2007, 20:36:58] - ALERT: Found MSEvents Object!
[12/13/2007, 20:36:58] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/13/2007, 20:36:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/13/2007, 20:36:58] - No filename found. Continuing.
[12/13/2007, 20:36:58] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[12/13/2007, 20:36:58] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/13/2007, 20:36:58] - Finished Searching Browser Helper Objects
[12/13/2007, 20:36:58] - *** Detected MSEvents Object
[12/13/2007, 20:36:58] - Trying to remove MSEvents Object...
[12/13/2007, 20:36:59] - Terminating Process: IEXPLORE.EXE
[12/13/2007, 20:37:00] - Terminating Process: RUNDLL32.EXE
[12/13/2007, 20:37:00] - Disabling Automatic Shell Restart
[12/13/2007, 20:37:00] - Terminating Process: EXPLORER.EXE
[12/13/2007, 20:37:00] - Suspending the NT Session Manager System Service
[12/13/2007, 20:37:00] - Terminating Windows NT Logon/Logoff Manager
[12/13/2007, 20:37:00] - Re-enabling Automatic Shell Restart
[12/13/2007, 20:37:00] - File to disable: C:\WINDOWS\system32\rqronop.dll
[12/13/2007, 20:37:00] - Renaming C:\WINDOWS\system32\rqronop.dll -> C:\WINDOWS\system32\rqronop.dll.vir
[12/13/2007, 20:37:00] - File successfully renamed!
[12/13/2007, 20:37:00] - Removing HKLM\...\Browser Helper Objects\{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}
[12/13/2007, 20:37:00] - Removing HKCR\CLSID\{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}
[12/13/2007, 20:37:00] - Adding Kill Bit for ActiveX for GUID: {79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}
[12/13/2007, 20:37:00] - Deleting ATLEvents/MSEvents Registry entries
[12/13/2007, 20:37:00] - Removing HKLM\...\Winlogon\Notify\rqronop
[12/13/2007, 20:37:00] - Searching for Browser Helper Objects:
[12/13/2007, 20:37:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[12/13/2007, 20:37:00] - BHO 2: {21f57b92-ac46-4a6c-96a7-384984dabf3e} ()
[12/13/2007, 20:37:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/13/2007, 20:37:00] - Checking for HKLM\...\Winlogon\Notify\ixnkxktr
[12/13/2007, 20:37:00] - Key not found: HKLM\...\Winlogon\Notify\ixnkxktr, continuing.
[12/13/2007, 20:37:00] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[12/13/2007, 20:37:00] - BHO 4: {63F6C638-10C7-40AE-A605-E8E1BB4A6B58} ()
[12/13/2007, 20:37:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/13/2007, 20:37:00] - Checking for HKLM\...\Winlogon\Notify\ddaby
[12/13/2007, 20:37:00] - Key not found: HKLM\...\Winlogon\Notify\ddaby, continuing.
[12/13/2007, 20:37:00] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/13/2007, 20:37:00] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/13/2007, 20:37:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/13/2007, 20:37:00] - No filename found. Continuing.
[12/13/2007, 20:37:00] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[12/13/2007, 20:37:00] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/13/2007, 20:37:00] - Finished Searching Browser Helper Objects
[12/13/2007, 20:37:00] - Finishing up...
[12/13/2007, 20:37:00] - A restart is needed.
[12/13/2007, 20:37:14] - Attempting to Restart via STOP error (Blue Screen!)

Ho rifatto girare Hijackthis ed è uscito:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.45.58, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi 2\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi 2\Winamp\winampa.exe
C:\Programmi 2\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\BitTorrent_DNA\dna.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi 2\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi 2\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi 2\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\BitTorrent_DNA\dna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi 2\mc4 Suite 2006\acctrl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Unknown owner - c:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi 2\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8643 bytes


Però in questa nuova sessione non ho ancora ricevuto un avviso di presenza virus da parte di NOD 32.

GRAZIE per il prezioso aiuto!!!
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 13 Dic 2007 22:15    Oggetto: Rispondi citando
Fai una passata anche con ComboFix.
Top
Profilo Invia messaggio privato
devil13
Mortale devoto
Mortale devoto


Registrato: 13/12/07 12:12
Messaggi: 6
MessaggioInviato: 13 Dic 2007 22:53    Oggetto: Rispondi citando
purtroppo il problema non è risolto...mi è appena apparsa la finestra di nod32...ha rilevato sempre Win32/Aware.Virtumonde e Win32/Aware.Ezula.

Help me please! Idea
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 13 Dic 2007 22:56    Oggetto: Rispondi citando
Posta il log di ComboFix che trovi in C:\Combofix.txt
Top
Profilo Invia messaggio privato
devil13
Mortale devoto
Mortale devoto


Registrato: 13/12/07 12:12
Messaggi: 6
MessaggioInviato: 13 Dic 2007 23:26    Oggetto: Rispondi citando
log di combofix:

ComboFix 07-12-12.3 - FEDERICO 2007-12-13 21.59.58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.607 [GMT 1:00]
Eseguito da: C:\Documents and Settings\FEDERICO.PC143002839268\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtqnkj.dll
C:\WINDOWS\system32\awttsqp.dll
C:\WINDOWS\system32\axvrlldt.dll
C:\WINDOWS\system32\btlqhshp.dll
C:\WINDOWS\system32\byxvsqn.dll
C:\WINDOWS\system32\cbxuvwx.dll
C:\WINDOWS\system32\cbxxuts.dll
C:\WINDOWS\system32\cbxxvwx.dll
C:\WINDOWS\system32\cbxxywt.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\ddccbab.dll
C:\WINDOWS\system32\ddccccy.dll
C:\WINDOWS\system32\ddccyax.dll
C:\WINDOWS\system32\efcbbcc.dll
C:\WINDOWS\system32\efcdedc.dll
C:\WINDOWS\system32\fccbaxy.dll
C:\WINDOWS\system32\fcccdab.dll
C:\WINDOWS\system32\gebcaya.dll
C:\WINDOWS\system32\gxcrfydp.dll
C:\WINDOWS\system32\hggebcb.dll
C:\WINDOWS\system32\hggebcc.dll
C:\WINDOWS\system32\hgghhij.dll
C:\WINDOWS\system32\ixnkxktr.dll
C:\WINDOWS\system32\jkkhgfd.dll
C:\WINDOWS\system32\jkklmji.dll
C:\WINDOWS\system32\jsdhbisp.dll
C:\WINDOWS\system32\khfefda.dll
C:\WINDOWS\system32\khffeeb.dll
C:\WINDOWS\system32\nnnnkkl.dll
C:\WINDOWS\system32\opnliij.dll
C:\WINDOWS\system32\opnllkh.dll
C:\WINDOWS\system32\opnmljg.dll
C:\WINDOWS\system32\pmnlkij.dll
C:\WINDOWS\system32\pmnoppq.dll
C:\WINDOWS\system32\qomjkkj.dll
C:\WINDOWS\system32\qomkkii.dll
C:\WINDOWS\system32\qommmjk.dll
C:\WINDOWS\system32\qomnkkl.dll
C:\WINDOWS\system32\rqrpmmn.dll
C:\WINDOWS\system32\tuvvvtt.dll
C:\WINDOWS\system32\tuvvwuv.dll
C:\WINDOWS\system32\urqnkji.dll
C:\WINDOWS\system32\urxbkfan.dll
C:\WINDOWS\system32\vfxjfvbs.dll
C:\WINDOWS\system32\vturqrs.dll
C:\WINDOWS\system32\vtutuvw.dll
C:\WINDOWS\system32\wrotphgq.dll
C:\WINDOWS\system32\wvussqo.dll
C:\WINDOWS\system32\wvutqop.dll
C:\WINDOWS\system32\yayaxxv.dll
C:\WINDOWS\system32\yayvtut.dll
C:\WINDOWS\system32\yaywvtr.dll
C:\WINDOWS\system32\ybadd.bak1
C:\WINDOWS\system32\ybadd.bak2
C:\WINDOWS\system32\ybadd.ini
C:\WINDOWS\system32\ybadd.ini2
C:\WINDOWS\system32\ybadd.tmp
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2007-11-13 al 2007-12-13 )))))))))))))))))))))))))))))))))))
.

2007-12-13 18:24 . 2007-12-13 20:46 <DIR> d-------- C:\HiJackThis
2007-12-12 21:30 . 2007-12-12 21:30 <DIR> d-------- C:\Programmi\Creative
2007-12-12 21:30 . 2002-06-06 14:38 139,264 --a------ C:\WINDOWS\system32\eax.dll
2007-12-12 21:08 . 2002-08-08 05:11 319,488 -ra------ C:\WINDOWS\system32\MafiaSetup.exe
2007-12-12 14:41 . 2007-11-05 05:34 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-12-12 14:41 . 2007-11-05 05:34 118,056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-12-12 04:51 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-12 04:51 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-12 04:51 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-11 16:09 . 2007-12-11 16:09 <DIR> d-------- C:\Programmi\BitTorrent_DNA
2007-12-11 16:09 . 2007-12-13 22:10 <DIR> d-------- C:\Documents and Settings\FEDERICO.PC143002839268\Dati applicazioni\BitTorrent DNA
2007-12-11 12:28 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-11 12:27 . 2007-12-11 12:27 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2007-12-11 12:00 . 2007-12-11 12:00 <DIR> d-------- C:\Documents and Settings\FEDERICO.PC143002839268\Contacts
2007-12-11 11:17 . 2007-12-11 12:28 <DIR> d-------- C:\Programmi\Windows Live
2007-12-11 11:17 . 2007-12-11 11:28 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2007-12-11 11:16 . 2007-12-12 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-08 17:02 . 2007-12-11 17:37 <DIR> d-------- C:\Documents and Settings\FEDERICO.PC143002839268\Dati applicazioni\Azureus
2007-12-08 17:02 . 2007-12-08 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2007-12-08 10:57 . 2007-12-13 18:23 59,904 --a------ C:\WINDOWS\system32\euibh.exe
2007-12-08 10:57 . 2007-12-08 10:57 35,840 --a------ C:\WINDOWS\system32\rqronop.dll.vir
2007-12-08 10:56 . 2007-12-08 10:56 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-12-07 22:20 . 2007-12-07 23:00 <DIR> d--hs---- C:\Documents and Settings\FEDERICO.PC143002839268\Dati applicazioni\.#
2007-12-05 14:59 . 2007-12-05 14:59 1,142 --a------ C:\WINDOWS\mozver.dat
2007-12-03 18:44 . 2007-12-03 18:44 <DIR> dr-h----- C:\Documents and Settings\FEDERICO.PC143002839268\Dati applicazioni\SecuROM
2007-12-03 18:44 . 2007-12-03 18:44 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-02 20:51 . 2007-12-02 20:51 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-02 19:41 . 2007-12-02 19:41 <DIR> d-------- C:\Programmi\File comuni\Skype
2007-12-02 19:41 . 2007-12-13 16:26 <DIR> d-------- C:\Documents and Settings\FEDERICO.PC143002839268\Dati applicazioni\Skype
2007-12-01 16:10 . 2007-12-01 16:20 <DIR> d-------- C:\Documents and Settings\FEDERICO.PC143002839268\Dati applicazioni\HP
2007-12-01 16:03 . 2007-12-01 16:03 <DIR> d-------- C:\Programmi\File comuni\Hewlett-Packard
2007-12-01 16:02 . 2006-01-03 18:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-12-01 16:02 . 2006-04-12 11:04 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-12-01 16:02 . 2006-04-10 14:03 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll
2007-12-01 16:02 . 2006-04-12 11:04 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-12-01 16:02 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-01 16:02 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-01 16:01 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-12-01 16:01 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-12-01 16:01 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-12-01 16:01 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-12-01 16:01 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-12-01 16:01 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-12-01 16:01 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-12-01 15:59 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-01 15:59 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-01 15:57 . 2007-12-01 16:10 120,330 --a------ C:\WINDOWS\hpoins11.dat
2007-12-01 13:17 . 2003-01-10 10:56 30,921 --a------ C:\WINDOWS\system32\drivers\SQCaptur.sys
2007-12-01 13:17 . 2003-01-10 09:30 25,449 --a------ C:\WINDOWS\system32\drivers\SQCamD.sys
2007-11-30 14:36 . 2007-11-30 14:36 13,758 --a------ C:\WINDOWS\EPISMI00.SWB
2007-11-30 14:33 . 2007-12-01 20:01 <DIR> d-------- C:\Programmi\File comuni\EPSON
2007-11-30 14:33 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-30 14:33 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-30 14:32 . 2002-04-15 03:23 70,924 --a------ C:\WINDOWS\system32\EBPMON2.DLL
2007-11-30 14:32 . 2002-02-20 03:23 56,832 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2007-11-30 14:32 . 2000-06-07 02:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2007-11-30 14:32 . 2001-09-04 03:04 182 --a------ C:\WINDOWS\system32\EBPPORT.DAT
2007-11-29 18:19 . 2005-07-08 14:44 159,616 --a------ C:\WINDOWS\system32\drivers\vax347b.sys
2007-11-29 18:19 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\vax347s.sys
2007-11-29 14:54 . 2007-11-29 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MinigolfAdventures
2007-11-29 14:50 . 2007-11-29 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Trymedia
2007-11-29 11:19 . 2007-11-29 14:49 <DIR> d-------- C:\Downloads
2007-11-28 19:30 . 2007-11-28 19:31 <DIR> d-------- C:\Documents and Settings\FEDERICO.PC143002839268\Dati applicazioni\Winamp
2007-11-28 19:30 . 2007-11-05 05:34 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-11-28 19:30 . 2007-03-08 00:51 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-28 19:30 . 2007-03-08 00:51 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-28 18:12 . 2007-11-28 18:12 <DIR> d-------- C:\WINDOWS\Sun
2007-11-27 14:38 . 2007-11-27 14:38 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-26 19:20 . 2007-11-26 19:20 <DIR> d-------- C:\Programmi\File comuni\Adobe Systems Shared
2007-11-26 19:20 . 2007-11-26 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Adobe Systems
2007-11-26 16:05 . 2007-12-12 19:15 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-11-26 00:40 . 2007-11-26 00:40 <DIR> d-------- C:\Programmi\MSXML 6.0
2007-11-26 00:36 . 2007-11-26 00:36 <DIR> d-------- C:\Programmi\MSXML 4.0
2007-11-25 18:54 . 2007-12-13 21:58 <DIR> d-------- C:\Documents and Settings\FEDERICO.PC143002839268\Dati applicazioni\BitTorrent
2007-11-24 12:42 . 2007-11-27 14:23 70,279 --a------ C:\acadminidump.dmp
2007-11-24 12:42 . 2007-11-27 14:23 520 --a------ C:\WINDOWS\system32\winsusrm.dll
2007-11-24 12:42 . 2007-11-24 12:42 344 --a------ C:\WINDOWS\system32\winsusrx.dll
2007-11-24 12:28 . 2007-11-24 12:28 <DIR> d-------- C:\Documents and Settings\FEDERICO.PC143002839268\Dati applicazioni\mc4 software
2007-11-24 12:26 . 2007-11-24 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\mc4 software
2007-11-24 12:17 . 2007-12-06 16:32 <DIR> d-------- C:\Documents and Settings\FEDERICO.PC143002839268\Dati applicazioni\Autodesk
2007-11-24 12:17 . 2007-12-06 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2007-11-24 12:14 . 2007-11-24 12:27 <DIR> d-------- C:\Programmi\File comuni\Autodesk Shared
2007-11-24 01:08 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-24 01:08 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-24 01:08 . 2006-08-21 13:26 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-24 01:06 . 2007-10-25 17:42 8,489,472 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2007-11-24 01:06 . 2007-07-09 14:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-24 01:06 . 2006-12-19 19:17 334,336 --------- C:\WINDOWS\system32\dllcache\wiaservc.dll
2007-11-24 01:06 . 2006-08-16 10:37 225,664 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2007-11-24 01:06 . 2006-06-22 11:47 181,248 --------- C:\WINDOWS\system32\dllcache\rasmans.dll
2007-11-24 01:06 . 2006-12-19 22:50 134,656 --------- C:\WINDOWS\system32\dllcache\shsvcs.dll
2007-11-24 01:06 . 2006-08-16 12:59 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll
2007-11-24 01:04 . 2006-10-20 02:38 714,752 --------- C:\WINDOWS\system32\dllcache\sxs.dll
2007-11-24 01:04 . 2007-08-21 07:16 683,520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-11-24 01:04 . 2006-08-25 16:51 617,472 --------- C:\WINDOWS\system32\dllcache\comctl32.dll
2007-11-24 01:04 . 2007-08-13 18:38 491,520 --a------ C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-24 01:04 . 2006-04-20 12:51 359,808 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2007-11-24 01:04 . 2006-10-12 12:09 256,512 --------- C:\WINDOWS\system32\dllcache\agentsvr.exe
2007-11-24 01:04 . 2006-07-13 09:48 202,240 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2007-11-24 01:04 . 2007-03-09 14:48 57,344 --a------ C:\WINDOWS\system32\dllcache\agentdpv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-06-13 13:22 1,561,600 --sha-r C:\WINDOWS\system32\winsock32.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Gestore icona firma digitale di AutoCAD]
@={36A21736-36C2-4C11-8ACB-D4136F2B57BD}

[HKEY_CLASSES_ROOT\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}]
2007-02-12 08:12 44648 --a------ C:\WINDOWS\system32\AcSignIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 09:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"BitTorrent DNA"="C:\Programmi\BitTorrent_DNA\dna.exe" [2007-12-11 16:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 09:00 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-19 09:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-12-15 12:42 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-02-16 14:16 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 09:04]
"hpWirelessAssistant"="C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 15:45]
"QPService"="C:\Programmi\HP\QuickPlay\QPService.exe" [2005-12-12 10:39]
"eabconfg.cpl"="C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 07:57]
"Cpqset"="C:\Programmi\HPQ\Default Settings\cpqset.exe" [2005-06-29 12:48]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-11-22 10:01]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"Adobe Reader Speed Launcher"="C:\Programmi 2\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"WinampAgent"="C:\Programmi 2\Winamp\winampa.exe" [2007-10-10 06:28]
"ISUSPM Startup"="C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" [2005-08-11 14:30]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-08-11 14:30]
"Adobe Photo Downloader"="C:\Programmi 2\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 05:32]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 09:00]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 00:39:30]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 22:11:52
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmi\HPQ\Default Settings\cpqset.exe???????????????????|?????? ???B?????????????hLC????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2007-12-13 22:13:50 - machine was rebooted
.
2007-12-13 00:57:14 --- E O F ---



log di hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.18.32, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi 2\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi 2\Winamp\winampa.exe
C:\Programmi 2\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\BitTorrent_DNA\dna.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi 2\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi 2\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi 2\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\BitTorrent_DNA\dna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Unknown owner - c:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi 2\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 9260 bytes
[/b]
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 14 Dic 2007 09:11    Oggetto: Rispondi
Vedo che combofix ha eliminato un po di schifezze. Wink
Per cortesia, fai questi passaggi:
Scansione con FindAWF
Scansioni con GMER e posta i logs su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi