|
| Precedente :: Successivo |
| Autore |
Messaggio |
GIANLUCA.GIUSTO
Mortale adepto
Registrato: 13/07/07 17:23
Messaggi: 32
Residenza: AVELLINO
|
 Inviato: 14 Gen 2008 19:38 Oggetto: AIUTO......Win32Agent NGH |
 |
|
Ho provato scansioni con Nod32,AVG,Asquared,spybot e tanti altri, ma ogni volta che mi collego Avast mi segnala il virus Win32AgentNGH.Non riesco proprio a rimuoverlo.Non sono molto bravo col pc,ma ho bisogno del vostro aiuto,per favore.Vi posto il log di HJACTHIS, da dove non riesco a cancellare le voci 023 NO FILE..........GRAZIE.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\WINDOWS\system32\LEXBCES.EXE
c:\windows\system32\svchost.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\hijackthis\hjackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - TELE2Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{500F4F81-A590-4FDC-9AD1-1525F46B42FA}: NameServer = 85.37.17.9 85.38.28.75
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Acer Laboratories Inc. - (no file)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Acer Laboratories Inc. - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe |
|
| Top |
|
 |
ste_95
Dio maturo
Registrato: 03/08/07 14:41
Messaggi: 1920
Residenza: Italy
|
| Inviato: 14 Gen 2008 22:11 Oggetto: |
|
|
Segui alla lettera questo post per postare i logs di GMER, Attenzione, è importante farli entrambi! |
|
| Top |
|
|
GIANLUCA.GIUSTO
Mortale adepto
Registrato: 13/07/07 17:23
Messaggi: 32
Residenza: AVELLINO
|
| Inviato: 15 Gen 2008 13:34 Oggetto: |
|
|
Scusa,ma sono riuscito solo a fare i log.L'icona dell'alimentazione non esce piu', quando metto un dvd non parte piu' l'auto play.VIRLT segnala,ma non rimuove C:\WINDOWS\system32\sysofwcm.exe Infetto da Trojan.Win32.Agent.AUF
autostart12.txt
rootkit10.txt |
|
| Top |
|
|
ste_95
Dio maturo
Registrato: 03/08/07 14:41
Messaggi: 1920
Residenza: Italy
|
| Inviato: 15 Gen 2008 15:01 Oggetto: |
|
|
Avast dove segnala l'infezione?
VirIT segnala altro? |
|
| Top |
|
|
GIANLUCA.GIUSTO
Mortale adepto
Registrato: 13/07/07 17:23
Messaggi: 32
Residenza: AVELLINO
|
| Inviato: 15 Gen 2008 15:58 Oggetto: |
|
|
| Virlt no. Avast in C:\ WINDOWS\ TEMP |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 16 Gen 2008 00:43 Oggetto: |
|
|
| Segui le istruzioni di questo topic per postare il log di combofix. |
|
| Top |
|
|
GIANLUCA.GIUSTO
Mortale adepto
Registrato: 13/07/07 17:23
Messaggi: 32
Residenza: AVELLINO
|
| Inviato: 17 Gen 2008 21:51 Oggetto: |
|
|
Logfile of HijackThis v1.99.1
Scan saved at 20.49.28, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\WINDOWS\system32\LEXBCES.EXE
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\hijackthis\hjackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{500F4F81-A590-4FDC-9AD1-1525F46B42FA}: NameServer = 85.37.17.9 85.38.28.75
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Acer Laboratories Inc. - (no file)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Acer Laboratories Inc. - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - (no file)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
ComboFix 08-01-09.2 - Gianluca 2008-01-17 20.43.01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.594 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Gianluca\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dati applicazioni\Starware371
.
((((((((((((((((((((((((( Files Creati Da 2007-12-17 al 2008-01-17 )))))))))))))))))))))))))))))))))))
.
2008-01-17 20:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 17:57 . 2008-01-15 17:57 <DIR> d-------- C:\Programmi\Multi_Media_Italy
2008-01-15 15:14 . 2008-01-15 15:13 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-15 15:14 . 2008-01-15 15:13 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-15 14:49 . 2008-01-15 14:49 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-01-15 13:36 . 2008-01-15 13:36 74 --a------ C:\WINDOWS\lsoon.ini
2008-01-13 10:41 . 2008-01-13 10:41 <DIR> d-------- C:\Documents and Settings\Gianluca\Dati applicazioni\Regrun
2008-01-13 10:40 . 2003-09-06 15:55 57,556 --a------ C:\WINDOWS\guard.bmp
2008-01-13 10:31 . 2008-01-13 10:31 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-01-12 16:47 . 2008-01-12 16:47 5,392,501 --a------ C:\WINDOWS\system32\SBSP.dat
2008-01-11 21:25 . 2008-01-12 16:47 100 --a------ C:\WINDOWS\system32\SBFC.dat
2008-01-11 21:13 . 2008-01-11 21:13 <DIR> d-------- C:\Programmi\CCleaner
2008-01-11 21:12 . 2008-01-11 21:12 <DIR> d-------- C:\Programmi\RogueRemover FREE
2008-01-11 21:12 . 2008-01-12 12:40 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2008-01-11 20:43 . 2008-01-11 20:43 <DIR> d-------- C:\Documents and Settings\Gianluca\Dati applicazioni\Sunbelt Software
2008-01-07 20:19 . 2008-01-07 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-01-06 16:34 . 2008-01-06 16:34 <DIR> d-------- C:\Programmi\MultiMedia Italy Toolbar
2008-01-06 16:34 . 2008-01-06 16:34 <DIR> d-------- C:\Programmi\Audacity
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 13:27 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-15 19:58 --------- d-----w C:\Programmi\SUPERAntiSpyware
2008-01-15 17:26 --------- d-----w C:\Programmi\eMule
2008-01-15 16:33 --------- d-----w C:\Documents and Settings\Gianluca\Dati applicazioni\Smart PC Solutions
2008-01-15 16:29 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-15 16:13 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-01-15 12:32 --------- d-----w C:\Programmi\a-squared Free
2007-12-13 18:45 --------- d-----w C:\Documents and Settings\Gianluca\Dati applicazioni\AdobeUM
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-07-21 11:42 48,360 ----a-w C:\Documents and Settings\Gianluca\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-07-07 12:27 4 ----a-w C:\Documents and Settings\Gianluca\Dati applicazioni\wklnhst.dat
2007-07-12 19:31 5 --sha-w C:\WINDOWS\system32\fadacabbfbdce_s.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 11:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 11:32 126976]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544]
"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 11:12 88209 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Programmi\Apoint2K\Apoint.exe" [2005-02-08 17:38 159744]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 02:52 36975]
"hpWirelessAssistant"="C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59 794624]
"HP Software Update"="C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2004-10-13 15:04 278528]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2005-08-04 19:41 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 12:54 253952]
"eabconfg.cpl"="C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24 290816]
"Cpqset"="C:\Programmi\HPQ\Default Settings\cpqset.exe" [2005-03-29 13:45 233534]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 14:41 438359]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-23 15:00 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-06-13 17:32:34]
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-05-31 13:29:16]
HP Digital Imaging Monitor.lnk - C:\Programmi\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S4 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2006-09-03 18:48]
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-17 19:21:33 C:\WINDOWS\Tasks\jmazpo.job"
- c:\windows\system32\sysofwcm.exe
"2008-01-17 19:21:36 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Programmi\RegCure\RegCure.exe
"2008-01-07 19:02:53 C:\WINDOWS\Tasks\RegCure.job"
- C:\Programmi\RegCure\RegCure.exe
"2007-10-30 02:30:00 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Programmi\RegSweep\RegSweep.ex
- C:\Programmi\RegSweep
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 20:45:18
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmi\HPQ\Default Settings\cpqset.exe????????????3?7?3?8??????? ???B?????????????hLC????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-01-17 20.46.01
.
2007-07-05 12:00:23 --- E O F --- |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 18 Gen 2008 11:13 Oggetto: |
|
|
scarica Avenger e scompattalo sul desktop
avvialo, seleziona Input script manually
clicca sulla lente d'ingrandimento
nella finestra che si apre View/Edit scrit copia/incolla queste righe:
| Citazione: | Files to delete:
C:\Documents and Settings\Gianluca\Dati applicazioni\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\Gianluca\Dati applicazioni\wklnhst.dat
C:\WINDOWS\system32\fadacabbfbdce_s.dll
C:\WINDOWS\Tasks\jmazpo.job
c:\windows\system32\sysofwcm.exe |
Clicca Done
poi sul icona del semaforo
rispondi Yes (a questo punto il PC dovrebbe riavviarsi. se così non fosse riavvialo manualmente) Al riavvio posta il log generato. |
|
| Top |
|
|
GIANLUCA.GIUSTO
Mortale adepto
Registrato: 13/07/07 17:23
Messaggi: 32
Residenza: AVELLINO
|
| Inviato: 30 Gen 2008 18:49 Oggetto: |
 |
|
| Grazie a tutti,comunque ho formattato .Siete gentilissimi. |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
