|
| Precedente :: Successivo |
| Autore |
Messaggio |
Irnerio
Eroe
Registrato: 23/01/08 21:49
Messaggi: 44
|
 Inviato: 07 Apr 2008 22:28 Oggetto: Internet Connection...Di Nuovo... |
 |
|
Ciao  ,
sono riuscito ad eseguire la scansione con kaspersky on line, ed ho caricato il file su freefilehosting.
Questo è il relativo link:
Forum Link: Analisi_7_aprile_2008.html
Se ho compreso il risulato, il mio pc è affetto da un trojan  , presente in una mail ricevuta (ma credo di averla cancellata, proprio perchè sospettavo non fosse autentica...).
E adesso?  |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 07 Apr 2008 23:28 Oggetto: |
|
|
Come hai giustamente notato, viene rilevato un trojan in un messaggio di posta in arrivo di OE.
Se l'hai già cancellato, devi provare a comprimere la cartella Posta in arrivo di OE:
- Avvia OE
- Seleziona la cartella Posta in arrivo
- Clicca File
- Clicca Cartella
- Clicca Comprimi
In teoria, dovresti essere a posto così. 
Se non riscontri problemi, puoi riattivare il ripristino di sistema. |
|
| Top |
|
|
Irnerio
Eroe
Registrato: 23/01/08 21:49
Messaggi: 44
|
| Inviato: 08 Apr 2008 23:12 Oggetto: Internet Connection...Di Nuovo... |
|
|
Ciao
effettivamente, avevo cancellato il messaggio col trojan il giorno in cui l'ho ricevuto.
Ho quindi seguito le tue istruzioni ed ho compresso la cartella di posta in arrivo in OE: l'ho fatto per tutti e tre gli indirizzi mail, per i quali ho configurato OE.
Ho visto il "messaggio di compressione", ma non è cambiato nulla in outlook.
E' giusto così?
Mi chiedevo poi, come ha fatto il trojan ad infettare il pc, dato che, sono sicuro, non ho aperto il messaggio infetto.
Intendo dire, che abitualmente apro solo i messaggi di mittenti conosciuti e cancello gli altri; tutt'al più, controllo il testo dei messaggi sconosciuti, cliccando su proprietà, ma sempre senza aprire la mail sospetta.
Il pc può essere infettato anche senza aprire la mail col malware? 
Ad ogni modo, aspetto ancora un giorno o due a riattivare il ripristino di sistema, per vedere se il problema si ripresenta (speriamo di no..  ) |
|
| Top |
|
|
Irnerio
Eroe
Registrato: 23/01/08 21:49
Messaggi: 44
|
| Inviato: 14 Apr 2008 22:25 Oggetto: Internet Connection...Di Nuovo... |
|
|
Ciao bdoriano,
internet connection ha colpito per l'ennesima volta  poco fa...
Ero collegato a internet e sono stato disconnesso.
Inoltre, è apparsa una nuova icona sul desktop che rimanda al seguente file: rundll32.exe bthprops
Cosa posso fare?
Non so proprio come liberarmi di questa maledizione..  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 15 Apr 2008 22:32 Oggetto: |
|
|
Un'altra volta? 
Ricominciamo... segui le istruzioni di questo topic per postare il log di combofix.
Poi dovremo capire da dove arriva.
PS: gli aggiornamenti di Windows, Java, etc... li fai regolarmente?  |
|
| Top |
|
|
Irnerio
Eroe
Registrato: 23/01/08 21:49
Messaggi: 44
|
| Inviato: 15 Apr 2008 23:01 Oggetto: Internet Connection...Di Nuovo... |
|
|
Anche io quasi non ci credo...
Comunque mi metto subito al lavoro con Combofix.
Ho fatto, ad ogni buon conto una scansione con Kaspersky on line: è venuto fuori che ho due virus: il Trojan.Win32.Agent.kag, ed il Trojan-Spy.HTML.Bankfraud.tx, sparpagliati in 18 files.
Se può servire, ho caricato il risultato su freefilehosting, qua:
Analisi_15_aprile_2008.html
Per quanto riguarda gli aggiornamenti di Windows e Java, posso dirti che ho il download automatico, ma non so come fare a controllare se sono effettivamente "aggiornato" o meno.. |
|
| Top |
|
|
Irnerio
Eroe
Registrato: 23/01/08 21:49
Messaggi: 44
|
| Inviato: 16 Apr 2008 21:22 Oggetto: Internet Connection...Di Nuovo... |
|
|
Ciao
ti posto di seguito, il log di combofix e quello di hijackthis:
ComboFix 08-04-14.2 - LORENZO 2008-04-15 23.16.24.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.404 [GMT 2:00]
Eseguito da: C:\Documents and Settings\LORENZO\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-03-15 al 2008-04-15 )))))))))))))))))))))))))))))))))))
.
2008-04-15 20:40 . 2008-04-14 22:10 14,348 --a------ C:\Documents and Settings\LORENZO\rundll32.exe bthprops .exe
2008-04-06 16:33 . 2008-04-06 20:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-04 23:19 . 2008-04-04 23:19 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-03-30 00:14 . 2008-04-14 22:05 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-29 21:55 . 2008-03-29 21:55 <DIR> d-------- C:\Programmi\TechSmith
2008-03-29 21:50 . 2008-03-29 21:50 <DIR> d-------- C:\WINDOWS\system32\it-IT
2008-03-29 21:49 . 2008-03-29 21:49 <DIR> d-------- C:\Programmi\MSBuild
2008-03-29 21:46 . 2008-03-29 21:50 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-29 21:45 . 2008-03-29 21:45 <DIR> d-------- C:\Programmi\Reference Assemblies
2008-03-29 21:45 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-29 21:42 . 2008-04-09 23:31 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-29 18:06 . 2008-03-29 18:07 2,945,816 --a------ C:\Programmi\Net Framework 3.0 dotnetfx3setup.exe
2008-03-29 16:08 . 2008-03-29 16:08 5,549,888 --a------ C:\Programmi\jing_setup.exe
2008-03-20 22:06 . 2008-03-20 22:06 16,648,248 --a------ C:\Programmi\Norman_Malware_Cleaner.exe
2008-03-19 22:24 . 2008-03-19 22:24 <DIR> d-------- C:\Programmi\CCleaner
2008-03-19 22:10 . 2008-03-19 22:10 671,968 --a------ C:\Programmi\ccsetup205_slim.exe
2008-03-19 22:05 . 2008-03-19 22:05 50,688 --a------ C:\Programmi\ATF-Cleaner.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 18:44 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-04-14 18:42 35,248 ----a-w C:\Documents and Settings\LORENZO\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-03-29 21:20 13,067 ----a-w C:\Programmi\hijackthis.log
2008-03-29 15:47 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-03-21 11:40 --------- d-----w C:\Programmi\Norton Internet Security
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 14:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-03-15 14:12 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-03-15 14:12 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-03-15 14:12 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-08 22:18 53,248 ----a-w C:\Programmi\Process.exe
2008-01-25 17:19 127,378 ----a-w C:\Programmi\avenger.zip
2008-01-24 21:17 189,718 ----a-w C:\Programmi\FindAWF.exe
2008-01-15 21:47 143,428 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2008-01-15 14:09 401,720 ----a-w C:\Programmi\HiJackThis.exe
2008-01-13 11:45 17,990,864 ----a-w C:\Programmi\AAW2007.EXE
.
| Codice: | <pre>
----a-w 14,348 2008-04-14 20:10:53 C:\Documents and Settings\LORENZO\rundll32.exe bthprops .exe
----a-w 14,348 2008-03-18 19:28:19 C:\Documents and Settings\LORENZO\Desktop\rundll32.exe bthprops .exe
----a-w 171,448 2007-01-27 15:49:00 C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w 14,348 2008-04-14 20:10:53 C:\Programmi\Java\jre1.5.0_06\bin\jusched .exe
----a-w 81,920 2008-02-08 22:12:18 C:\Programmi\Sony\SonicStage\SsAAD .exe
----a-w 709,888 2008-01-28 11:48:58 C:\Programmi\TechSmith\Jing\Jing .exe
----a-w 59,392 2004-08-10 03:04:42 C:\WINDOWS\ehome\ehtray .exe
----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\ctfmon .exe
</pre> |
((((((((((((((((((((((((((((( snapshot_2008-04-01_20.45.39,25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-20 07:57:45 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:48:10 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:48:15 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:48:08 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:49:24 390,880 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-02-20 06:52:28 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:48:10 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:48:15 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:48:08 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:49:24 390,880 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2008-04-06 14:34:01 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-04-06 14:34:02 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-04-06 14:34:04 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-04-06 14:34:39 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-04-06 14:35:04 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-04-06 14:34:14 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2008-04-15 18:44:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2004-09-07 12:00:00 2,589 ----a-r C:\WINDOWS\I386\RUNW32.BAT
- 2008-03-30 18:25:18 59,904 ----a-r C:\WINDOWS\Installer\{0AF0F8DC-7C92-4B7C-A376-127B9AD061D2}\IconA3AFE979.exe
+ 2008-04-04 20:44:35 59,904 ----a-r C:\WINDOWS\Installer\{0AF0F8DC-7C92-4B7C-A376-127B9AD061D2}\IconA3AFE979.exe
+ 2007-10-04 13:20:35 2,560 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2006-10-30 02:34:02 2,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2004-09-07 12:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2004-09-07 12:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2004-09-07 12:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2004-09-07 12:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
- 2008-03-31 19:07:39 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-05 13:15:13 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-31 19:07:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-04-05 13:15:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2008-03-31 19:07:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-05 13:15:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2004-09-07 12:00:00 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin
- 2006-06-26 17:41:31 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:33:54 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:33:54 45,568 -c----w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-06-19 13:30:47 282,112 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:50:40 282,624 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-11-14 07:27:20 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-03-08 15:33:54 1,843,584 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-20 08:06:49 1,845,248 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
- 2006-06-26 17:41:31 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:33:54 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2005-11-03 01:00:00 2,432 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2005-11-03 01:00:00 2,560 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2004-08-03 21:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2004-09-07 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2008-03-29 20:08:03 196,160 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-10 20:31:51 196,160 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-11-14 07:27:20 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2004-09-07 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2004-09-07 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2004-09-07 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-09-01 11:08:02 1,334,032 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2007-05-15 13:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2004-09-07 12:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv
- 2008-04-01 18:44:21 77,808 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-13 20:25:54 77,808 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-01 18:44:21 91,594 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-04-13 20:25:54 91,594 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-04-01 18:44:21 454,326 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-13 20:25:54 454,326 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-01 18:44:21 504,598 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-04-13 20:25:54 504,598 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2004-09-07 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
- 2004-09-07 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2004-09-07 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2004-09-07 12:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2004-09-07 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2004-09-07 12:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
+ 2008-04-15 18:44:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_29c.dat
+ 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,019,392 2004-09-23 09:33:44 C:\Programmi\File comuni\PCSuite\DataLayer\bak\DATALA~1.EXE
----a-w 49,152 2004-02-12 12:38:56 C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 241,664 2004-05-12 14:18:56 C:\Programmi\HP\hpcoretech\bak\hpcmpmgr.exe
----a-w 148,992 2004-09-15 14:36:06 C:\Programmi\Nokia\Nokia PC Suite 6\bak\TRAYAP~1.EXE
----a-w 29,696 2006-06-22 14:11:18 C:\Programmi\Sony\AppMonUtil\bak\AppMonUtility.exe
----a-w 69,632 2005-12-27 11:58:10 C:\Programmi\Sony\VAIO Camera Utility\bak\VCUServe.exe
----a-w 151,552 2005-10-11 19:36:38 C:\Programmi\Sony\VAIO Update 2\bak\VAIOUpdt.exe
----a-w 64,512 2005-08-17 20:40:06 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 59,392 2004-08-10 03:04:42 C:\WINDOWS\ehome\ehtray.exe
----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 14:00 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [ ]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"Jing"="C:\Programmi\TechSmith\Jing\Jing.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-23 01:32 7561216]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04 59392]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2007-02-22 13:11 52840]
"URLLSTCK.exe"="C:\Programmi\Norton Internet Security\UrlLstCk.exe" [2007-02-01 18:21 23168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-07 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"Acrobat Assistant 7.0"="C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [ ]
"VAIOCameraUtility"="C:\Programmi\Sony\VAIO Camera Utility\VCUServe.exe" [ ]
"VAIO Update 2"="C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [ ]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [ ]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [ ]
"Norton Ghost 10.0"="C:\Programmi\Norton Ghost\Agent\GhostTray.exe" [ ]
"AppMon Utility"="C:\Programmi\Sony\AppMonUtil\AppMonUtility.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 14:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Audio Filter.lnk - C:\Programmi\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2006-08-19 09:16:02 5649408]
Avvio rapido di HP Image Zone.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Photo Loader residente.lnk - C:\Programmi\Casio\Photo Loader\Plauto.exe [2006-12-29 19:03:56 229376]
VAIO Action Setup (Server).lnk - C:\Programmi\Sony\VAIO Action Setup\VAServ.exe [2006-07-17 15:21:26 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:56]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 18:45]
R3 AVerM115S;AVerM115S service;C:\WINDOWS\system32\DRIVERS\AVerM115S.sys [2006-06-14 10:22]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 11:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 11:32]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Programmi\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 19:10]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-21 21:55:13 C:\WINDOWS\Tasks\Norton AntiVirus - Esegui scansione completa del sistema - LORENZO.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exei/TASK:
"2007-06-16 07:00:41 C:\WINDOWS\Tasks\WebReg 20070616090041.job"
- C:\Programmi\HP\Digital Imaging\bin\hpqwrg.exe`/TaskName 20070616090041 /N
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 23:18:38
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-04-15 23.19.50
ComboFix-quarantined-files.txt 2008-04-15 21:19:34
ComboFix2.txt 2008-04-05 14:44:27
ComboFix3.txt 2008-04-04 19:28:24
ComboFix4.txt 2008-04-02 20:34:21
ComboFix5.txt 2008-04-01 19:01:04
11 Directory 126,054,465,536 byte disponibili
15 Directory 126,044,438,528 byte disponibili
.
2008-04-09 21:31:28 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.04.30, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Casio\Photo Loader\Plauto.exe
C:\Programmi\Sony\VAIO Action Setup\VAServ.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\File comuni\Symantec Shared\NMain.exe
C:\Programmi\HiJackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Liquid Surf for VAIO TV Entertainment - {EC5BB10A-FDA1-41d6-8CE4-C00C1E5DC464} - C:\Programmi\Portrait Displays\Liquid Surf for VAIO TV Entertainment\sybil.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Programmi\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Programmi\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [AppMon Utility] "C:\Programmi\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Jing] C:\Programmi\TechSmith\Jing\Jing.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Audio Filter.lnk = C:\Programmi\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader residente.lnk = C:\Programmi\Casio\Photo Loader\Plauto.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Programmi\Sony\VAIO Action Setup\VAServ.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DD502B9-9830-4376-A978-A22BDB96953B}: NameServer = 193.70.192.25 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DD502B9-9830-4376-A978-A22BDB96953B}: NameServer = 193.70.192.25 193.70.152.25
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programmi\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programmi\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 13269 bytes |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 17 Apr 2008 09:12 Oggetto: |
|
|
Crea un file di testo con le seguenti istruzioni:
| Codice: | File::
C:\Documents and Settings\LORENZO\rundll32.exe bthprops .exe
C:\Documents and Settings\LORENZO\Desktop\rundll32.exe bthprops .exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched .exe
RenV::
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
C:\Programmi\Sony\SonicStage\SsAAD .exe
C:\Programmi\TechSmith\Jing\Jing .exe
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\system32\ctfmon .exe |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix |
|
| Top |
|
|
Irnerio
Eroe
Registrato: 23/01/08 21:49
Messaggi: 44
|
| Inviato: 18 Apr 2008 23:14 Oggetto: Internet Connection...Di Nuovo... |
|
|
Ciao, ecco il log aggiornato di combofix:
ComboFix 08-04-14.2 - LORENZO 2008-04-17 21.37.30.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.504 [GMT 2:00]
Eseguito da: C:\Documents and Settings\LORENZO\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\LORENZO\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Documents and Settings\LORENZO\Desktop\rundll32.exe bthprops .exe
C:\Documents and Settings\LORENZO\rundll32.exe bthprops .exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched .exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LORENZO\Desktop\rundll32.exe bthprops .exe
C:\Documents and Settings\LORENZO\rundll32.exe bthprops .exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched .exe
.
((((((((((((((((((((((((( Files Creati Da 2008-03-17 al 2008-04-17 )))))))))))))))))))))))))))))))))))
.
2008-04-06 16:33 . 2008-04-06 20:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-04 23:19 . 2008-04-04 23:19 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-03-30 00:14 . 2008-04-14 22:05 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-29 21:55 . 2008-03-29 21:55 <DIR> d-------- C:\Programmi\TechSmith
2008-03-29 21:50 . 2008-03-29 21:50 <DIR> d-------- C:\WINDOWS\system32\it-IT
2008-03-29 21:49 . 2008-03-29 21:49 <DIR> d-------- C:\Programmi\MSBuild
2008-03-29 21:46 . 2008-03-29 21:50 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-29 21:45 . 2008-03-29 21:45 <DIR> d-------- C:\Programmi\Reference Assemblies
2008-03-29 21:45 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-29 21:42 . 2008-04-09 23:31 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-29 18:06 . 2008-03-29 18:07 2,945,816 --a------ C:\Programmi\Net Framework 3.0 dotnetfx3setup.exe
2008-03-29 16:08 . 2008-03-29 16:08 5,549,888 --a------ C:\Programmi\jing_setup.exe
2008-03-20 22:06 . 2008-03-20 22:06 16,648,248 --a------ C:\Programmi\Norman_Malware_Cleaner.exe
2008-03-19 22:24 . 2008-03-19 22:24 <DIR> d-------- C:\Programmi\CCleaner
2008-03-19 22:10 . 2008-03-19 22:10 671,968 --a------ C:\Programmi\ccsetup205_slim.exe
2008-03-19 22:05 . 2008-03-19 22:05 50,688 --a------ C:\Programmi\ATF-Cleaner.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 19:28 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-04-16 19:04 13,271 ----a-w C:\Programmi\hijackthis.log
2008-04-14 18:42 35,248 ----a-w C:\Documents and Settings\LORENZO\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-03-29 15:47 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-03-21 11:40 --------- d-----w C:\Programmi\Norton Internet Security
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 14:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-03-15 14:12 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-03-15 14:12 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-03-15 14:12 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-08 22:18 53,248 ----a-w C:\Programmi\Process.exe
2008-01-25 17:19 127,378 ----a-w C:\Programmi\avenger.zip
2008-01-24 21:17 189,718 ----a-w C:\Programmi\FindAWF.exe
2008-01-15 14:09 401,720 ----a-w C:\Programmi\HiJackThis.exe
2008-01-13 11:45 17,990,864 ----a-w C:\Programmi\AAW2007.EXE
.
((((((((((((((((((((((((((((( snapshot_2008-04-15_23.19.19,15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 18:44:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-17 19:28:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-17 19:28:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_848.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,019,392 2004-09-23 09:33:44 C:\Programmi\File comuni\PCSuite\DataLayer\bak\DATALA~1.EXE
----a-w 49,152 2004-02-12 12:38:56 C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 241,664 2004-05-12 14:18:56 C:\Programmi\HP\hpcoretech\bak\hpcmpmgr.exe
----a-w 148,992 2004-09-15 14:36:06 C:\Programmi\Nokia\Nokia PC Suite 6\bak\TRAYAP~1.EXE
----a-w 29,696 2006-06-22 14:11:18 C:\Programmi\Sony\AppMonUtil\bak\AppMonUtility.exe
----a-w 69,632 2005-12-27 11:58:10 C:\Programmi\Sony\VAIO Camera Utility\bak\VCUServe.exe
----a-w 151,552 2005-10-11 19:36:38 C:\Programmi\Sony\VAIO Update 2\bak\VAIOUpdt.exe
----a-w 64,512 2005-08-17 20:40:06 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 59,392 2004-08-10 03:04:42 C:\WINDOWS\ehome\ehtray.exe
----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 14:00 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2008-02-09 00:12 81920]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-27 17:49 171448]
"Jing"="C:\Programmi\TechSmith\Jing\Jing.exe" [2008-01-28 13:48 709888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-23 01:32 7561216]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04 59392]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2007-02-22 13:11 52840]
"URLLSTCK.exe"="C:\Programmi\Norton Internet Security\UrlLstCk.exe" [2007-02-01 18:21 23168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-07 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"Acrobat Assistant 7.0"="C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [ ]
"VAIOCameraUtility"="C:\Programmi\Sony\VAIO Camera Utility\VCUServe.exe" [ ]
"VAIO Update 2"="C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [ ]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [ ]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [ ]
"Norton Ghost 10.0"="C:\Programmi\Norton Ghost\Agent\GhostTray.exe" [ ]
"AppMon Utility"="C:\Programmi\Sony\AppMonUtil\AppMonUtility.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 14:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Audio Filter.lnk - C:\Programmi\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2006-08-19 09:16:02 5649408]
Avvio rapido di HP Image Zone.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Photo Loader residente.lnk - C:\Programmi\Casio\Photo Loader\Plauto.exe [2006-12-29 19:03:56 229376]
VAIO Action Setup (Server).lnk - C:\Programmi\Sony\VAIO Action Setup\VAServ.exe [2006-07-17 15:21:26 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:56]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 18:45]
R3 AVerM115S;AVerM115S service;C:\WINDOWS\system32\DRIVERS\AVerM115S.sys [2006-06-14 10:22]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 11:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 11:32]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Programmi\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 19:10]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-21 21:55:13 C:\WINDOWS\Tasks\Norton AntiVirus - Esegui scansione completa del sistema - LORENZO.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exei/TASK:
"2007-06-16 07:00:41 C:\WINDOWS\Tasks\WebReg 20070616090041.job"
- C:\Programmi\HP\Digital Imaging\bin\hpqwrg.exe`/TaskName 20070616090041 /N
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 21:39:43
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-04-17 21.41.06
ComboFix-quarantined-files.txt 2008-04-17 19:40:40
ComboFix2.txt 2008-04-15 21:19:51
ComboFix3.txt 2008-04-05 14:44:27
ComboFix4.txt 2008-04-04 19:28:24
ComboFix5.txt 2008-04-02 20:34:21
11 Directory 126,088,650,752 byte disponibili
15 Directory 126,077,120,512 byte disponibili
.
2008-04-09 21:31:28 --- E O F ---
Che ne dici?  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 19 Apr 2008 13:54 Oggetto: |
|
|
Direi che sembra ok. 
- Disabilita il tuo antivirus
- Collegati a BitDefender (con IE) e fai la scansione completa.
- Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
|
|
| Top |
|
|
Irnerio
Eroe
Registrato: 23/01/08 21:49
Messaggi: 44
|
| Inviato: 20 Apr 2008 17:04 Oggetto: Internet Connection...Di Nuovo... |
|
|
Eccomi qua ,
ho disabilitato Norton ed ho fatto la scansione con BitDefender prima, e con Kaspersky poi.
Il link di Freefilehosting è:
Analisi_20_aprile_2008.html
Sono pieno di virus, giusto?   |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 20 Apr 2008 20:28 Oggetto: |
|
|
Diciamo che ne hai una bella collezione.
Per cancellare i files infetti presenti nella System Volume Information, Disabilita il ripristino di sistema.
Crea un file di testo con le seguenti istruzioni:
| Codice: | File::
C:\Documents and Settings\LORENZO\Desktop\rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe3427950180
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe483058549
C:\Programmi\Sony\SonicStage\SsAAD.exe3006766571
C:\Programmi\Sony\SonicStage\SsAAD.exe393331901
C:\Programmi\TechSmith\Jing\Jing.exe130066323
C:\Programmi\TechSmith\Jing\Jing.exe554781497 |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix. |
|
| Top |
|
|
Irnerio
Eroe
Registrato: 23/01/08 21:49
Messaggi: 44
|
| Inviato: 21 Apr 2008 21:12 Oggetto: Internet Connection...Di Nuovo... |
|
|
Fatto! 8)
In effetti, a differenza dell'altra volta, ora le due icone "bthprops" sono scomparse dal desktop.
Aspetto però il tuo responso per sapere se è andata bene..
Ti posto il log di combofix:
ComboFix 08-04-14.2 - LORENZO 2008-04-21 20.49.40.12 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.467 [GMT 2:00]
Eseguito da: C:\Documents and Settings\LORENZO\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\LORENZO\Desktop\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Documents and Settings\LORENZO\Desktop\rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe3427950180
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe483058549
C:\Programmi\Sony\SonicStage\SsAAD.exe3006766571
C:\Programmi\Sony\SonicStage\SsAAD.exe393331901
C:\Programmi\TechSmith\Jing\Jing.exe130066323
C:\Programmi\TechSmith\Jing\Jing.exe554781497
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LORENZO\Desktop\rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe3427950180
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe483058549
C:\Programmi\Sony\SonicStage\SsAAD.exe3006766571
C:\Programmi\Sony\SonicStage\SsAAD.exe393331901
C:\Programmi\TechSmith\Jing\Jing.exe130066323
C:\Programmi\TechSmith\Jing\Jing.exe554781497
.
((((((((((((((((((((((((( Files Creati Da 2008-03-21 al 2008-04-21 )))))))))))))))))))))))))))))))))))
.
2008-04-06 16:33 . 2008-04-19 17:26 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-04 23:19 . 2008-04-04 23:19 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-03-30 00:14 . 2008-04-14 22:05 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-29 21:55 . 2008-03-29 21:55 <DIR> d-------- C:\Programmi\TechSmith
2008-03-29 21:50 . 2008-03-29 21:50 <DIR> d-------- C:\WINDOWS\system32\it-IT
2008-03-29 21:49 . 2008-03-29 21:49 <DIR> d-------- C:\Programmi\MSBuild
2008-03-29 21:46 . 2008-03-29 21:50 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-29 21:45 . 2008-03-29 21:45 <DIR> d-------- C:\Programmi\Reference Assemblies
2008-03-29 21:45 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-29 21:42 . 2008-04-09 23:31 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-29 18:06 . 2008-03-29 18:07 2,945,816 --a------ C:\Programmi\Net Framework 3.0 dotnetfx3setup.exe
2008-03-29 16:08 . 2008-03-29 16:08 5,549,888 --a------ C:\Programmi\jing_setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 18:34 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-04-16 19:04 13,271 ----a-w C:\Programmi\hijackthis.log
2008-04-14 18:42 35,248 ----a-w C:\Documents and Settings\LORENZO\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-03-29 15:47 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-03-21 11:40 --------- d-----w C:\Programmi\Norton Internet Security
2008-03-20 20:06 16,648,248 ----a-w C:\Programmi\Norman_Malware_Cleaner.exe
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 20:24 --------- d-----w C:\Programmi\CCleaner
2008-03-19 20:10 671,968 ----a-w C:\Programmi\ccsetup205_slim.exe
2008-03-19 20:05 50,688 ----a-w C:\Programmi\ATF-Cleaner.exe
2008-03-15 14:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-03-15 14:12 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-03-15 14:12 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-03-15 14:12 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-08 22:18 53,248 ----a-w C:\Programmi\Process.exe
2008-01-25 17:19 127,378 ----a-w C:\Programmi\avenger.zip
2008-01-24 21:17 189,718 ----a-w C:\Programmi\FindAWF.exe
2008-01-15 14:09 401,720 ----a-w C:\Programmi\HiJackThis.exe
2008-01-13 11:45 17,990,864 ----a-w C:\Programmi\AAW2007.EXE
.
((((((((((((((((((((((((((((( snapshot_2008-04-15_23.19.19,15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 18:44:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-21 18:34:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-21 18:35:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_894.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,019,392 2004-09-23 09:33:44 C:\Programmi\File comuni\PCSuite\DataLayer\bak\DATALA~1.EXE
----a-w 49,152 2004-02-12 12:38:56 C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 241,664 2004-05-12 14:18:56 C:\Programmi\HP\hpcoretech\bak\hpcmpmgr.exe
----a-w 148,992 2004-09-15 14:36:06 C:\Programmi\Nokia\Nokia PC Suite 6\bak\TRAYAP~1.EXE
----a-w 29,696 2006-06-22 14:11:18 C:\Programmi\Sony\AppMonUtil\bak\AppMonUtility.exe
----a-w 69,632 2005-12-27 11:58:10 C:\Programmi\Sony\VAIO Camera Utility\bak\VCUServe.exe
----a-w 151,552 2005-10-11 19:36:38 C:\Programmi\Sony\VAIO Update 2\bak\VAIOUpdt.exe
----a-w 64,512 2005-08-17 20:40:06 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 59,392 2004-08-10 03:04:42 C:\WINDOWS\ehome\ehtray.exe
----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 14:00 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2008-02-09 00:12 81920]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-27 17:49 171448]
"Jing"="C:\Programmi\TechSmith\Jing\Jing.exe" [2008-01-28 13:48 709888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-23 01:32 7561216]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04 59392]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2007-02-22 13:11 52840]
"URLLSTCK.exe"="C:\Programmi\Norton Internet Security\UrlLstCk.exe" [2007-02-01 18:21 23168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-07 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"Acrobat Assistant 7.0"="C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [ ]
"VAIOCameraUtility"="C:\Programmi\Sony\VAIO Camera Utility\VCUServe.exe" [ ]
"VAIO Update 2"="C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [ ]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [ ]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [ ]
"Norton Ghost 10.0"="C:\Programmi\Norton Ghost\Agent\GhostTray.exe" [ ]
"AppMon Utility"="C:\Programmi\Sony\AppMonUtil\AppMonUtility.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 14:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Audio Filter.lnk - C:\Programmi\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2006-08-19 09:16:02 5649408]
Avvio rapido di HP Image Zone.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Photo Loader residente.lnk - C:\Programmi\Casio\Photo Loader\Plauto.exe [2006-12-29 19:03:56 229376]
VAIO Action Setup (Server).lnk - C:\Programmi\Sony\VAIO Action Setup\VAServ.exe [2006-07-17 15:21:26 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:56]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 18:45]
R3 AVerM115S;AVerM115S service;C:\WINDOWS\system32\DRIVERS\AVerM115S.sys [2006-06-14 10:22]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 11:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 11:32]
R3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Programmi\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 19:10]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-21 21:55:13 C:\WINDOWS\Tasks\Norton AntiVirus - Esegui scansione completa del sistema - LORENZO.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exei/TASK:
"2007-06-16 07:00:41 C:\WINDOWS\Tasks\WebReg 20070616090041.job"
- C:\Programmi\HP\Digital Imaging\bin\hpqwrg.exe`/TaskName 20070616090041 /N
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 20:51:53
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-04-21 20.53.23
ComboFix-quarantined-files.txt 2008-04-21 18:53:01
ComboFix2.txt 2008-04-17 19:41:07
ComboFix3.txt 2008-04-15 21:19:51
ComboFix4.txt 2008-04-05 14:44:27
ComboFix5.txt 2008-04-04 19:28:24
11 Directory 126,803,382,272 byte disponibili
15 Directory 126,792,355,840 byte disponibili
.
2008-04-09 21:31:28 --- E O F --- |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 21 Apr 2008 21:22 Oggetto: |
|
|
Ora sembrerebbe tutto a posto.
Che versione di Norton utilizzi? |
|
| Top |
|
|
Irnerio
Eroe
Registrato: 23/01/08 21:49
Messaggi: 44
|
| Inviato: 21 Apr 2008 22:36 Oggetto: Internet Connection...Di Nuovo... |
|
|
Bene! Speriamo di avercela fatta! 
Tra le connessioni di rete, c'è ancora internet connection; cosa faccio, la elimino col tasto destro del mouse?
Io ho Norton Internet Security 2006, ma l'abbonamento è scaduto da qualche giorno...Kaspersky sembra buono, che ne dici? |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 21 Apr 2008 22:51 Oggetto: |
|
|
Elimina pure quella connessione.
Per quanto riguarda Kaspersky, direi che puoi scaricare la versione trial 30gg per verificare se è adatto alle tue esigenze.
PS: se non riscontri più problemi, la discussione verrà spostata tra i casi risolti tra una settimana circa. |
|
| Top |
|
|
Irnerio
Eroe
Registrato: 23/01/08 21:49
Messaggi: 44
|
| Inviato: 22 Apr 2008 20:48 Oggetto: Internet Connection...Di Nuovo... |
 |
|
Ottimo, cancello subito  la malefica internet connection dalle connessioni di rete !!
Seguirò anche il tuo consiglio per quanto riguarda kaspersky
Non mi resta altro da fare che ringraziarti  per il tuo aiuto!
A presto, magari su questo forum e, possibilmente, senza virus...ciao |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
