|
| Precedente :: Successivo |
| Autore |
Messaggio |
GX Style
Eroe
Registrato: 11/07/07 11:44
Messaggi: 47
|
 Inviato: 23 Mag 2008 14:59 Oggetto: Avast non va |
 |
|
E' un pò di tempo che all'avvio di Windows non mi carica, come di consueto, Avast! Virus o impostazioni sbagliate? Non lo so, ma il virus non è solo quello, visto che sono ricascato nel trappolone di "Internet Connection".
Ecco il log di HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.59.07, on 23/05/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\QuickTime\QTTask.exe
D:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
D:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\PC-TV\WinManager\WinManager.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\javaw.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Windows Media Player\setup_wm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Documenti\Giuseppe\SICUREZZA\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 212.216.112.112
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TomTomHOME.exe] "d:\Programmi\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinManager.lnk = C:\Programmi\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197804961984
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F673A63-BDBF-4B7B-9693-1ECA9A470115}: NameServer = 85.37.17.8 85.38.28.73
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 8080 bytes
Aiutatemi, please... Grazie in anticipo..^_^ |
|
| Top |
|
 |
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 23 Mag 2008 23:28 Oggetto: |
|
|
Ciao GX Style 
disattiva il ripristino di sistema;
Avvia Hijackthis, seleziona questa riga e clicca su fix Cheched:
| Citazione: | R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 212.216.112.112
|
fai poi le scansioni con questi:
CCleaner;
Combofix;
Virit;
Hijackthis; |
|
| Top |
|
|
GX Style
Eroe
Registrato: 11/07/07 11:44
Messaggi: 47
|
| Inviato: 24 Mag 2008 15:43 Oggetto: |
|
|
Fatta la scansione con CCleaner che ha eliminato 150MB...
LOG DI COMBOFIX
ComboFix 08-05-21.3 - User 2008-05-24 15.31.43.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1898 [GMT 2:00]
Eseguito da: C:\Documents and Settings\User\Documenti\Giuseppe\SICUREZZA\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-04-24 al 2008-05-24 )))))))))))))))))))))))))))))))))))
.
2008-05-19 15:06 . 2008-05-24 12:43 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\skypePM
2008-05-19 15:06 . 2008-05-19 15:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-19 15:03 . 2008-05-24 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-05-18 13:21 . 2002-03-14 17:39 364,544 --a------ C:\WINDOWS\system32\ISIIndexer.dll
2008-05-18 13:21 . 2002-03-06 18:56 196,608 --a------ C:\WINDOWS\system32\ISIXFiles.dll
2008-05-14 17:31 . 2008-05-14 17:43 <DIR> d-------- C:\suspectfile
2008-05-10 19:48 . 2008-05-10 19:48 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\MAGIX
2008-05-10 19:45 . 2008-05-10 19:45 110,304 --a------ C:\WINDOWS\system32\drivers\ACEDRV09.sys
2008-05-10 19:37 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-10 19:37 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-10 19:37 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-05-10 19:19 . 2008-05-10 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MAGIX
2008-05-10 19:18 . 2008-05-10 19:44 <DIR> d-------- C:\Programmi\File comuni\MAGIX Shared
2008-05-10 18:57 . 1998-10-15 16:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2008-05-10 18:57 . 1999-01-28 13:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-05-10 18:56 . 2008-05-10 20:34 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2008-05-10 18:56 . 2007-02-07 10:53 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-05-10 18:56 . 2008-05-10 20:30 6,192 --a------ C:\WINDOWS\mgxoschk.ini
2008-04-27 21:21 . 2008-04-27 21:21 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-04-27 21:21 . 2008-04-27 21:21 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-04-27 21:21 . 2008-04-27 21:21 <DIR> d-------- C:\Programmi\AGEIA Technologies
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 13:33 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\uTorrent
2008-05-24 13:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-21 16:48 --------- d-----w C:\Programmi\Multimedia Card Reader
2008-05-18 11:21 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-21 15:37 --------- d-----w C:\Programmi\iPod
2008-04-21 15:36 --------- d-----w C:\Programmi\QuickTime
2008-04-21 15:27 --------- d-----w C:\Programmi\Safari
2008-04-18 13:22 --------- d-----w C:\Programmi\uTorrent
2008-04-18 12:39 --------- d-----w C:\Programmi\SystemRequirementsLab
2008-04-17 13:53 --------- d-----w C:\Programmi\ATI Technologies
2008-04-13 16:20 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\ArcSoft
2008-04-12 11:59 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Apple Computer
2008-04-11 16:34 --------- d-----w C:\Programmi\Pes2008 MTS v.2
2008-04-10 12:12 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-04-10 12:12 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-04-10 12:12 --------- d-----w C:\Programmi\File comuni\Nokia
2008-04-10 12:10 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-03-27 15:00 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Ubisoft
2008-03-27 14:43 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-27 14:43 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\DAEMON Tools
2008-03-24 16:13 --------- d-----w C:\Programmi\directx
2007-04-05 19:20 87,608 ----a-w C:\Documents and Settings\User\Dati applicazioni\ezpinst.exe
2007-04-05 19:20 47,360 ----a-w C:\Documents and Settings\User\Dati applicazioni\pcouffin.sys
.
| Codice: | <pre>
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\ashDisp .exe
----a-w 139,264 2004-12-10 10:49:08 C:\Programmi\Multimedia Card Reader\shwicon2k .exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon .exe
</pre> |
------- Sigcheck -------
2007-04-04 11:39 504832 fd46b348fca32a1987b9a32b6ba81d2e C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot_2008-05-14_17.27.21.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-14 15:22:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 13:34:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-14 15:24:02 14,348 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe1243542696
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe1357327512
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe1402217584
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe1791195648
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe1887679000
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe1990115248
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe2074783672
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe2163778304
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe2273246936
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe2348242952
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe2567014616
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe2618785080
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe2842978000
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe2960073048
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe296905400
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe3197112160
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe3374600864
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe3495197176
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe3562049152
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe3565823632
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe3665312912
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe3666113616
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe3700837160
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe3749779064
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe3873818320
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe3981335968
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe404177832
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe4069004912
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe4249348760
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe463761544
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe815245792
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe8588640
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe954751904
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe967881216
+ 2004-08-19 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe994466760
- 2008-05-10 17:51:27 391,184 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-16 10:29:52 372,872 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-24 13:34:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5b4.dat
+ 2008-05-24 13:34:36 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7d8.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 79,224 2008-03-29 17:37:13 C:\Programmi\Alwil Software\Avast4\ashDisp.exe
----a-w 5,728,112 2007-10-19 17:02:35 C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe
----a-w 5,724,184 2008-01-02 20:02:05 C:\Programmi\Windows Live\Messenger\msnmsgr.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 267,048 2007-12-11 11:10:26 D:\Programmi\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 08:36:40 D:\Programmi\iTunes\iTunesHelper.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"PC Suite Tray"="D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
"Nokia.PCSync"="D:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="d:\Programmi\TomTom HOME 2\HOMERunner.exe" [2007-10-31 11:19 378784]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 01:00 8523776]
"nwiz"="nwiz.exe" [2007-11-07 01:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-07 01:00 81920]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="D:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]
"Nokia.PCSync"="D:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Gestione servizi.lnk - C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308]
WinManager.lnk - C:\Programmi\PC-TV\WinManager\WinManager.exe [2007-11-18 14:28:55 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Programmi\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-06-28 08:54 16248320 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"D:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"D:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"D:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3638:TCP"= 3638:TCP:messenger
"1578:TCP"= 1578:TCP:messenger
"8266:TCP"= 8266:TCP:messenger
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 22:53]
R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2008-05-10 19:45]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 18:56]
R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe [2003-03-26 09:00]
R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2003-01-31 21:43]
R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2003-01-31 21:43]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 18:23]
S3 UDTT7049;DTV-DVB UDTT7049 - USB 2.0 DVB-T Receiver;C:\WINDOWS\system32\Drivers\UDTT7049.sys [2006-06-29 09:58]
S3 UDTT7049HID;UDTT7049HID - HID Driver;C:\WINDOWS\system32\drivers\UDTT7049HID.sys [2006-06-29 04:04]
S3 UPnPService;UPnPService;C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{285466f7-7e3b-11dc-b819-00138ff990b8}]
\Shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{879b04ba-9db3-11dc-b844-00138ff990b8}]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6dad0be-fc0c-11dc-b90c-00138ff990b8}]
\Shell\AutoRun\command - K:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf82794b-a0da-11dc-b849-00138ff990b8}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 15:34:57
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\SW_D.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Ora fine scansione: 2008-05-24 15:41:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-24 13:40:58
ComboFix2.txt 2008-05-14 15:29:35
ComboFix3.txt 2008-05-08 12:15:22
ComboFix4.txt 2008-04-05 11:18:54
12 Directory 17,718,292,480 byte disponibili
15 Directory 17,726,312,448 byte disponibili
243 |
|
| Top |
|
|
GX Style
Eroe
Registrato: 11/07/07 11:44
Messaggi: 47
|
| Inviato: 24 Mag 2008 16:34 Oggetto: |
|
|
LOG VIRIT
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
24/05/2008 - 15:48:51
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Alwil Software\Avast4\ashDisp.exe143158408 Infetto da Trojan.Win32.Vundo.CJ
Contattare il Supporto Tecnico TG Soft
C:\Programmi\Multimedia Card Reader\shwicon2k.exe2227873608 Infetto da Trojan.Win32.Vundo.CJ
* * * RIMOSSO * * *
C:\Programmi\Multimedia Card Reader\shwicon2k.exe2701485872 Infetto da Trojan.Win32.Vundo.CJ
* * * RIMOSSO * * *
C:\Programmi\Multimedia Card Reader\shwicon2k.exe490468888 Infetto da Trojan.Win32.Vundo.CJ
* * * RIMOSSO * * *
C:\Programmi\Multimedia Card Reader\shwicon2k.exe985244368 Infetto da Trojan.Win32.Vundo.CJ
* * * RIMOSSO * * *
Chiavi Registro infette: 0.
Files Infetti: 5.
Files Sospetti: 0.
Files Analizzati: 133988.
Files Totali: 133988.
Chiavi Registro rimosse: 0.
Virus Rimossi: 4.
--------------------------------------------------------
24/05/2008 - 16:12:58
[SCANSIONE DEL REGISTRO]
OK
[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 64943.
Files Totali: 64943.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0. |
|
| Top |
|
|
GX Style
Eroe
Registrato: 11/07/07 11:44
Messaggi: 47
|
| Inviato: 24 Mag 2008 16:36 Oggetto: |
|
|
LOG DI HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.35.38, on 24/05/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
D:\VEXPLITE\viritsvc.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\QuickTime\QTTask.exe
D:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
D:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmi\PC-TV\WinManager\WinManager.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
D:\VEXPLITE\viritexp.exe
C:\Programmi\Sports Interactive\Football Manager 2008\fm.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Documenti\Giuseppe\SICUREZZA\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 212.216.112.112
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TomTomHOME.exe] "d:\Programmi\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinManager.lnk = C:\Programmi\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197804961984
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F673A63-BDBF-4B7B-9693-1ECA9A470115}: NameServer = 85.37.17.8 85.38.28.73
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - D:\VEXPLITE\viritsvc.exe
--
End of file - 7717 bytes
[/b] |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 24 Mag 2008 20:13 Oggetto: |
|
|
Avvia HJT, seleziona questa riga e clicca si fix Cheched:
| Citazione: | | R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 212.216.112.112 |
Scarica The Avenger (Nuova versione)
Scompattalo in una sua cartella in c:\
Disattiva l'antivirus e tutti i moduli di protezione in tempo reale che possiedi prima di utilizzare.
Avvialo e clicca su OK
all'interno del box bianco
Inserisci queste righe:
| Citazione: | files to delete:
C:\WINDOWS\system32\ctfmon.exe1243542696
C:\WINDOWS\system32\ctfmon.exe1357327512
C:\WINDOWS\system32\ctfmon.exe1402217584
C:\WINDOWS\system32\ctfmon.exe1791195648
C:\WINDOWS\system32\ctfmon.exe1887679000
C:\WINDOWS\system32\ctfmon.exe1990115248
C:\WINDOWS\system32\ctfmon.exe2074783672
C:\WINDOWS\system32\ctfmon.exe2163778304
C:\WINDOWS\system32\ctfmon.exe2273246936
C:\WINDOWS\system32\ctfmon.exe2348242952
C:\WINDOWS\system32\ctfmon.exe2567014616
C:\WINDOWS\system32\ctfmon.exe2618785080
C:\WINDOWS\system32\ctfmon.exe2842978000
C:\WINDOWS\system32\ctfmon.exe2960073048
C:\WINDOWS\system32\ctfmon.exe296905400
C:\WINDOWS\system32\ctfmon.exe3197112160
C:\WINDOWS\system32\ctfmon.exe3374600864
C:\WINDOWS\system32\ctfmon.exe3495197176
C:\WINDOWS\system32\ctfmon.exe3562049152
C:\WINDOWS\system32\ctfmon.exe3565823632
C:\WINDOWS\system32\ctfmon.exe3665312912
C:\WINDOWS\system32\ctfmon.exe3666113616
C:\WINDOWS\system32\ctfmon.exe3700837160
C:\WINDOWS\system32\ctfmon.exe3749779064
C:\WINDOWS\system32\ctfmon.exe3873818320
C:\WINDOWS\system32\ctfmon.exe3981335968
C:\WINDOWS\system32\ctfmon.exe404177832
C:\WINDOWS\system32\ctfmon.exe4069004912
C:\WINDOWS\system32\ctfmon.exe4249348760
C:\WINDOWS\system32\ctfmon.exe463761544
C:\WINDOWS\system32\ctfmon.exe815245792
C:\WINDOWS\system32\ctfmon.exe8588640
C:\WINDOWS\system32\ctfmon.exe954751904
C:\WINDOWS\system32\ctfmon.exe967881216
C:\WINDOWS\system32\ctfmon.exe994466760 |
Clicca su Execute
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Attenzione a non lasciare interlinee inutili ad esempio:
files to delete:
xxxxxxxxxxx
se non dovesse funzionare taglia l'istruzione "files to delete" e poi incollala nuovamente; |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 24 Mag 2008 20:32 Oggetto: |
|
|
Scusate se mi intrometto. 
Crea un file di testo con le seguenti istruzioni:
| Codice: | RenV::
C:\Programmi\Alwil Software\Avast4\ashDisp .exe
C:\Programmi\Multimedia Card Reader\shwicon2k .exe
C:\WINDOWS\system32\ctfmon .exe |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. 
Posta i logs aggiornati di combofix e di hijackthis |
|
| Top |
|
|
GX Style
Eroe
Registrato: 11/07/07 11:44
Messaggi: 47
|
| Inviato: 26 Mag 2008 16:12 Oggetto: |
|
|
LOG DI AVENGER:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\ctfmon.exe1243542696" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe1357327512" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe1402217584" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe1791195648" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe1887679000" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe1990115248" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe2074783672" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe2163778304" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe2273246936" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe2348242952" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe2567014616" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe2618785080" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe2842978000" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe2960073048" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe296905400" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe3197112160" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe3374600864" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe3495197176" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe3562049152" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe3565823632" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe3665312912" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe3666113616" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe3700837160" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe3749779064" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe3873818320" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe3981335968" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe404177832" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe4069004912" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe4249348760" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe463761544" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe815245792" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe8588640" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe954751904" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe967881216" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe994466760" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
[/b] |
|
| Top |
|
|
GX Style
Eroe
Registrato: 11/07/07 11:44
Messaggi: 47
|
| Inviato: 26 Mag 2008 16:26 Oggetto: |
|
|
COMBOFIX
ComboFix 08-05-21.3 - User 2008-05-26 16.14.02.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1999 [GMT 2:00]
Eseguito da: C:\Documents and Settings\User\Documenti\Giuseppe\SICUREZZA\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-04-26 al 2008-05-26 )))))))))))))))))))))))))))))))))))
.
2008-05-26 14:16 . 2008-05-26 14:26 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-24 15:44 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-19 15:06 . 2008-05-24 12:43 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\skypePM
2008-05-19 15:06 . 2008-05-19 15:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-19 15:03 . 2008-05-24 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-05-18 13:21 . 2002-03-14 17:39 364,544 --a------ C:\WINDOWS\system32\ISIIndexer.dll
2008-05-18 13:21 . 2002-03-06 18:56 196,608 --a------ C:\WINDOWS\system32\ISIXFiles.dll
2008-05-10 19:48 . 2008-05-10 19:48 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\MAGIX
2008-05-10 19:45 . 2008-05-10 19:45 110,304 --a------ C:\WINDOWS\system32\drivers\ACEDRV09.sys
2008-05-10 19:37 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-10 19:37 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-10 19:37 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-05-10 19:19 . 2008-05-10 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MAGIX
2008-05-10 19:18 . 2008-05-10 19:44 <DIR> d-------- C:\Programmi\File comuni\MAGIX Shared
2008-05-10 18:57 . 1998-10-15 16:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2008-05-10 18:57 . 1999-01-28 13:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-05-10 18:56 . 2008-05-10 20:34 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2008-05-10 18:56 . 2007-02-07 10:53 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-05-10 18:56 . 2008-05-10 20:30 6,192 --a------ C:\WINDOWS\mgxoschk.ini
2008-04-27 21:21 . 2008-04-27 21:21 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-04-27 21:21 . 2008-04-27 21:21 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-04-27 21:21 . 2008-04-27 21:21 <DIR> d-------- C:\Programmi\AGEIA Technologies
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 14:14 --------- d-----w C:\Programmi\Multimedia Card Reader
2008-05-25 18:31 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\uTorrent
2008-05-25 08:41 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-18 11:21 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-21 15:37 --------- d-----w C:\Programmi\iPod
2008-04-21 15:36 --------- d-----w C:\Programmi\QuickTime
2008-04-21 15:27 --------- d-----w C:\Programmi\Safari
2008-04-18 13:22 --------- d-----w C:\Programmi\uTorrent
2008-04-18 12:39 --------- d-----w C:\Programmi\SystemRequirementsLab
2008-04-17 13:53 --------- d-----w C:\Programmi\ATI Technologies
2008-04-13 16:20 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\ArcSoft
2008-04-12 11:59 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Apple Computer
2008-04-11 16:34 --------- d-----w C:\Programmi\Pes2008 MTS v.2
2008-04-10 12:12 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-04-10 12:12 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-04-10 12:12 --------- d-----w C:\Programmi\File comuni\Nokia
2008-04-10 12:10 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-03-27 15:00 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Ubisoft
2008-03-27 14:43 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-27 14:43 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\DAEMON Tools
2007-04-05 19:20 87,608 ----a-w C:\Documents and Settings\User\Dati applicazioni\ezpinst.exe
2007-04-05 19:20 47,360 ----a-w C:\Documents and Settings\User\Dati applicazioni\pcouffin.sys
.
| Codice: | <pre>
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\ashDisp .exe
</pre> |
------- Sigcheck -------
2007-04-04 11:39 504832 fd46b348fca32a1987b9a32b6ba81d2e C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 79,224 2008-03-29 17:37:13 C:\Programmi\Alwil Software\Avast4\ashDisp.exe
----a-w 5,728,112 2007-10-19 17:02:35 C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe
----a-w 5,724,184 2008-01-02 20:02:05 C:\Programmi\Windows Live\Messenger\msnmsgr.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 267,048 2007-12-11 11:10:26 D:\Programmi\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 08:36:40 D:\Programmi\iTunes\iTunesHelper.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"PC Suite Tray"="D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
"Nokia.PCSync"="D:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="d:\Programmi\TomTom HOME 2\HOMERunner.exe" [2007-10-31 11:19 378784]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 01:00 8523776]
"nwiz"="nwiz.exe" [2007-11-07 01:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-07 01:00 81920]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="D:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]
"Nokia.PCSync"="D:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Gestione servizi.lnk - C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308]
WinManager.lnk - C:\Programmi\PC-TV\WinManager\WinManager.exe [2007-11-18 14:28:55 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Programmi\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-06-28 08:54 16248320 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"D:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"D:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"D:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3638:TCP"= 3638:TCP:messenger
"1578:TCP"= 1578:TCP:messenger
"8266:TCP"= 8266:TCP:messenger
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 22:53]
R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2008-05-10 19:45]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 18:56]
R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe [2003-03-26 09:00]
R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2003-01-31 21:43]
R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2003-01-31 21:43]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 18:23]
S3 UDTT7049;DTV-DVB UDTT7049 - USB 2.0 DVB-T Receiver;C:\WINDOWS\system32\Drivers\UDTT7049.sys [2006-06-29 09:58]
S3 UDTT7049HID;UDTT7049HID - HID Driver;C:\WINDOWS\system32\drivers\UDTT7049HID.sys [2006-06-29 04:04]
S3 UPnPService;UPnPService;C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{285466f7-7e3b-11dc-b819-00138ff990b8}]
\Shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{879b04ba-9db3-11dc-b844-00138ff990b8}]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6dad0be-fc0c-11dc-b90c-00138ff990b8}]
\Shell\AutoRun\command - K:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf82794b-a0da-11dc-b849-00138ff990b8}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 16:18:35
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\SW_D.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Ora fine scansione: 2008-05-26 16:24:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-26 14:24:23
10 Directory 17,455,841,280 byte disponibili
12 Directory 17,535,086,592 byte disponibili
190
[/b] |
|
| Top |
|
|
GX Style
Eroe
Registrato: 11/07/07 11:44
Messaggi: 47
|
| Inviato: 26 Mag 2008 16:29 Oggetto: |
|
|
LOG HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.27.00, on 26/05/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\QuickTime\QTTask.exe
D:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
D:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmi\PC-TV\WinManager\WinManager.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Documenti\Giuseppe\SICUREZZA\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TomTomHOME.exe] "d:\Programmi\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinManager.lnk = C:\Programmi\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197804961984
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F673A63-BDBF-4B7B-9693-1ECA9A470115}: NameServer = 85.37.17.8 85.38.28.73
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 7359 bytes
AVAST continua comunque a non azionarsi....  E' da quel che ho capito dal log di VirIT il problema è il trojan "Vundo", giusto?  [/b] |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 26 Mag 2008 17:32 Oggetto: |
|
|
Esegui queste operazioni:
Scarica Vundofix sul desktop
- Esegui VundoFix.exe
- Clicca Scan for Vundo.
- al termine della scansione, clicca su Fix Vundo.
- ti chiede se vuoi eliminare i files infetti, clicca YES
- il tuo video diventerà nero durante la rimozione di Vundo.
- al termine ti chiederà di riavviare il pc, clicca OK.
- Copia qui il contenuto del log C:\vundofix.txt.
Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.
Salva questo file sul desktop;
Avvia il pc in modalità provvisoria.
Esegui il programma appena scaricato.
Al termine, riavvia il pc in modalità normale e posta qui il log generato.
Alla fine posta anche un log di Combofix aggiornato. |
|
| Top |
|
|
GX Style
Eroe
Registrato: 11/07/07 11:44
Messaggi: 47
|
| Inviato: 26 Mag 2008 18:19 Oggetto: |
|
|
| VundoFix non ha trovato nulla...dopo provo con l'altro... |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 26 Mag 2008 20:17 Oggetto: |
|
|
| Posta ugualmente i log... |
|
| Top |
|
|
GX Style
Eroe
Registrato: 11/07/07 11:44
Messaggi: 47
|
| Inviato: 27 Mag 2008 14:11 Oggetto: |
|
|
LOG VUNDOFIX
VundoFix V7.0.5
Scan started at 18.01.08 26/05/08
Listing files found while scanning....
No infected files were found. |
|
| Top |
|
|
GX Style
Eroe
Registrato: 11/07/07 11:44
Messaggi: 47
|
| Inviato: 27 Mag 2008 14:29 Oggetto: |
|
|
LOG VirtumundoBeGone
[05/27/2008, 14:26:15] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\User\Desktop\VirtumundoBeGone.exe" )
[05/27/2008, 14:26:23] - Detected System Information:
[05/27/2008, 14:26:23] - Windows Version: 5.1.2600, Service Pack 2
[05/27/2008, 14:26:23] - Current Username: User (Admin)
[05/27/2008, 14:26:23] - Windows is in SAFE mode with Networking.
[05/27/2008, 14:26:23] - Searching for Browser Helper Objects:
[05/27/2008, 14:26:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[05/27/2008, 14:26:23] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/27/2008, 14:26:23] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[05/27/2008, 14:26:23] - Finished Searching Browser Helper Objects
[05/27/2008, 14:26:23] - Finishing up...
[05/27/2008, 14:26:23] - Nothing found! Exiting... |
|
| Top |
|
|
GX Style
Eroe
Registrato: 11/07/07 11:44
Messaggi: 47
|
| Inviato: 27 Mag 2008 14:42 Oggetto: |
|
|
LOG COMBOFIX
ComboFix 08-05-21.3 - User 2008-05-27 14.30.55.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.2085 [GMT 2:00]
Eseguito da: C:\Documents and Settings\User\Documenti\Giuseppe\SICUREZZA\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-04-27 al 2008-05-27 )))))))))))))))))))))))))))))))))))
.
2008-05-26 18:01 . 2008-05-26 18:01 <DIR> d-------- C:\VundoFix Backups
2008-05-26 14:16 . 2008-05-26 14:26 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-24 15:44 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-19 15:06 . 2008-05-24 12:43 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\skypePM
2008-05-19 15:06 . 2008-05-19 15:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-19 15:03 . 2008-05-24 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-05-18 13:21 . 2002-03-14 17:39 364,544 --a------ C:\WINDOWS\system32\ISIIndexer.dll
2008-05-18 13:21 . 2002-03-06 18:56 196,608 --a------ C:\WINDOWS\system32\ISIXFiles.dll
2008-05-10 19:48 . 2008-05-10 19:48 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\MAGIX
2008-05-10 19:45 . 2008-05-10 19:45 110,304 --a------ C:\WINDOWS\system32\drivers\ACEDRV09.sys
2008-05-10 19:37 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-10 19:37 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-10 19:37 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-05-10 19:19 . 2008-05-10 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MAGIX
2008-05-10 19:18 . 2008-05-10 19:44 <DIR> d-------- C:\Programmi\File comuni\MAGIX Shared
2008-05-10 18:57 . 1998-10-15 16:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2008-05-10 18:57 . 1999-01-28 13:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-05-10 18:56 . 2008-05-10 20:34 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2008-05-10 18:56 . 2007-02-07 10:53 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-05-10 18:56 . 2008-05-10 20:30 6,192 --a------ C:\WINDOWS\mgxoschk.ini
2008-04-27 21:21 . 2008-04-27 21:21 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-04-27 21:21 . 2008-04-27 21:21 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-04-27 21:21 . 2008-04-27 21:21 <DIR> d-------- C:\Programmi\AGEIA Technologies
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 12:16 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\uTorrent
2008-05-26 14:14 --------- d-----w C:\Programmi\Multimedia Card Reader
2008-05-25 08:41 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-18 11:21 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-21 15:37 --------- d-----w C:\Programmi\iPod
2008-04-21 15:36 --------- d-----w C:\Programmi\QuickTime
2008-04-21 15:27 --------- d-----w C:\Programmi\Safari
2008-04-18 13:22 --------- d-----w C:\Programmi\uTorrent
2008-04-18 12:39 --------- d-----w C:\Programmi\SystemRequirementsLab
2008-04-17 13:53 --------- d-----w C:\Programmi\ATI Technologies
2008-04-13 16:20 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\ArcSoft
2008-04-12 11:59 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Apple Computer
2008-04-11 16:34 --------- d-----w C:\Programmi\Pes2008 MTS v.2
2008-04-10 12:12 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-04-10 12:12 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-04-10 12:12 --------- d-----w C:\Programmi\File comuni\Nokia
2008-04-10 12:10 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-03-27 15:00 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Ubisoft
2008-03-27 14:43 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-27 14:43 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\DAEMON Tools
2007-04-05 19:20 87,608 ----a-w C:\Documents and Settings\User\Dati applicazioni\ezpinst.exe
2007-04-05 19:20 47,360 ----a-w C:\Documents and Settings\User\Dati applicazioni\pcouffin.sys
.
| Codice: | <pre>
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\ashDisp .exe
</pre> |
------- Sigcheck -------
2007-04-04 11:39 504832 fd46b348fca32a1987b9a32b6ba81d2e C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-26_16.22.24.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-26 14:18:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-27 12:35:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
- 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-27 12:35:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_130.dat
+ 2008-05-27 12:35:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_590.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 79,224 2008-05-15 23:19:31 C:\Programmi\Alwil Software\Avast4\ashDisp.exe
----a-w 5,728,112 2007-10-19 17:02:35 C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe
----a-w 5,724,184 2008-01-02 20:02:05 C:\Programmi\Windows Live\Messenger\msnmsgr.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 267,048 2007-12-11 11:10:26 D:\Programmi\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 08:36:40 D:\Programmi\iTunes\iTunesHelper.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"PC Suite Tray"="D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
"Nokia.PCSync"="D:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="d:\Programmi\TomTom HOME 2\HOMERunner.exe" [2007-10-31 11:19 378784]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 01:00 8523776]
"nwiz"="nwiz.exe" [2007-11-07 01:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-07 01:00 81920]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="D:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]
"Nokia.PCSync"="D:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Gestione servizi.lnk - C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308]
WinManager.lnk - C:\Programmi\PC-TV\WinManager\WinManager.exe [2007-11-18 14:28:55 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Programmi\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-06-28 08:54 16248320 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"D:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"D:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"D:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3638:TCP"= 3638:TCP:messenger
"1578:TCP"= 1578:TCP:messenger
"8266:TCP"= 8266:TCP:messenger
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 22:53]
R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2008-05-10 19:45]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 18:56]
R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe [2003-03-26 09:00]
R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2003-01-31 21:43]
R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2003-01-31 21:43]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 18:23]
S3 UDTT7049;DTV-DVB UDTT7049 - USB 2.0 DVB-T Receiver;C:\WINDOWS\system32\Drivers\UDTT7049.sys [2006-06-29 09:58]
S3 UDTT7049HID;UDTT7049HID - HID Driver;C:\WINDOWS\system32\drivers\UDTT7049HID.sys [2006-06-29 04:04]
S3 UPnPService;UPnPService;C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{285466f7-7e3b-11dc-b819-00138ff990b8}]
\Shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{879b04ba-9db3-11dc-b844-00138ff990b8}]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6dad0be-fc0c-11dc-b90c-00138ff990b8}]
\Shell\AutoRun\command - K:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf82794b-a0da-11dc-b849-00138ff990b8}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 14:35:34
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\SW_D.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Ora fine scansione: 2008-05-27 14:41:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-27 12:41:09
ComboFix2.txt 2008-05-26 14:24:27
10 Directory 17,521,565,696 byte disponibili
13 Directory 17,540,804,608 byte disponibili
213 |
|
| Top |
|
|
GX Style
Eroe
Registrato: 11/07/07 11:44
Messaggi: 47
|
| Inviato: 27 Mag 2008 14:43 Oggetto: |
|
|
LOG HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.42.51, on 27/05/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\QuickTime\QTTask.exe
D:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
D:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmi\PC-TV\WinManager\WinManager.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Documenti\Giuseppe\SICUREZZA\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TomTomHOME.exe] "d:\Programmi\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinManager.lnk = C:\Programmi\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197804961984
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F673A63-BDBF-4B7B-9693-1ECA9A470115}: NameServer = 85.37.17.8 85.38.28.73
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 7392 bytes
Se mi date il via libera, ovvero che il PC ora è privo di virus e simili, disinstallo e reinstallo avast.... |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 27 Mag 2008 19:20 Oggetto: |
|
|
Aspetta un attimo; prova un'altra volta questa operazione:
Crea un file di testo con le seguenti istruzioni:
| Codice: | RenV::
C:\Programmi\Alwil Software\Avast4\ashDisp .exe
|
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
Posta i logs aggiornati di combofix e di hijackthis |
|
| Top |
|
|
GX Style
Eroe
Registrato: 11/07/07 11:44
Messaggi: 47
|
| Inviato: 28 Mag 2008 14:56 Oggetto: |
|
|
LOG COMBOFIX
ComboFix 08-05-21.3 - User 2008-05-28 14.43.54.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1996 [GMT 2:00]
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-04-28 al 2008-05-28 )))))))))))))))))))))))))))))))))))
.
2008-05-26 18:01 . 2008-05-26 18:01 <DIR> d-------- C:\VundoFix Backups
2008-05-26 14:16 . 2008-05-26 14:26 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-24 15:44 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-19 15:06 . 2008-05-27 18:12 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\skypePM
2008-05-19 15:06 . 2008-05-19 15:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-19 15:03 . 2008-05-27 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-05-18 13:21 . 2002-03-14 17:39 364,544 --a------ C:\WINDOWS\system32\ISIIndexer.dll
2008-05-18 13:21 . 2002-03-06 18:56 196,608 --a------ C:\WINDOWS\system32\ISIXFiles.dll
2008-05-10 19:48 . 2008-05-10 19:48 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\MAGIX
2008-05-10 19:45 . 2008-05-10 19:45 110,304 --a------ C:\WINDOWS\system32\drivers\ACEDRV09.sys
2008-05-10 19:37 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-10 19:37 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-10 19:37 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-05-10 19:19 . 2008-05-10 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MAGIX
2008-05-10 19:18 . 2008-05-10 19:44 <DIR> d-------- C:\Programmi\File comuni\MAGIX Shared
2008-05-10 18:57 . 1998-10-15 16:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2008-05-10 18:57 . 1999-01-28 13:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-05-10 18:56 . 2008-05-10 20:34 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2008-05-10 18:56 . 2007-02-07 10:53 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-05-10 18:56 . 2008-05-10 20:30 6,192 --a------ C:\WINDOWS\mgxoschk.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 15:49 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\uTorrent
2008-05-26 14:14 --------- d-----w C:\Programmi\Multimedia Card Reader
2008-05-25 08:41 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-18 11:21 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-27 19:21 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-04-27 19:21 --------- d-----w C:\Programmi\AGEIA Technologies
2008-04-21 15:37 --------- d-----w C:\Programmi\iPod
2008-04-21 15:36 --------- d-----w C:\Programmi\QuickTime
2008-04-21 15:27 --------- d-----w C:\Programmi\Safari
2008-04-18 13:22 --------- d-----w C:\Programmi\uTorrent
2008-04-18 12:39 --------- d-----w C:\Programmi\SystemRequirementsLab
2008-04-17 13:53 --------- d-----w C:\Programmi\ATI Technologies
2008-04-13 16:20 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\ArcSoft
2008-04-12 11:59 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Apple Computer
2008-04-11 16:34 --------- d-----w C:\Programmi\Pes2008 MTS v.2
2008-04-10 12:12 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-04-10 12:12 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-04-10 12:12 --------- d-----w C:\Programmi\File comuni\Nokia
2008-04-10 12:10 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2007-04-05 19:20 87,608 ----a-w C:\Documents and Settings\User\Dati applicazioni\ezpinst.exe
2007-04-05 19:20 47,360 ----a-w C:\Documents and Settings\User\Dati applicazioni\pcouffin.sys
.
| Codice: | <pre>
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\ashDisp .exe
</pre> |
------- Sigcheck -------
2007-04-04 11:39 504832 fd46b348fca32a1987b9a32b6ba81d2e C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-26_16.22.24.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-26 14:18:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-28 12:47:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
- 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-28 12:47:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_200.dat
+ 2008-05-28 12:47:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_594.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 79,224 2008-05-15 23:19:31 C:\Programmi\Alwil Software\Avast4\ashDisp.exe
----a-w 5,728,112 2007-10-19 17:02:35 C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe
----a-w 5,724,184 2008-01-02 20:02:05 C:\Programmi\Windows Live\Messenger\msnmsgr.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 267,048 2007-12-11 11:10:26 D:\Programmi\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 08:36:40 D:\Programmi\iTunes\iTunesHelper.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"PC Suite Tray"="D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
"Nokia.PCSync"="D:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="d:\Programmi\TomTom HOME 2\HOMERunner.exe" [2007-10-31 11:19 378784]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 01:00 8523776]
"nwiz"="nwiz.exe" [2007-11-07 01:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-07 01:00 81920]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="D:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]
"Nokia.PCSync"="D:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Gestione servizi.lnk - C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308]
WinManager.lnk - C:\Programmi\PC-TV\WinManager\WinManager.exe [2007-11-18 14:28:55 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Programmi\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-06-28 08:54 16248320 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"D:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"D:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"D:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3638:TCP"= 3638:TCP:messenger
"1578:TCP"= 1578:TCP:messenger
"8266:TCP"= 8266:TCP:messenger
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 22:53]
R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2008-05-10 19:45]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 18:56]
R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe [2003-03-26 09:00]
R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2003-01-31 21:43]
R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2003-01-31 21:43]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 18:23]
S3 UDTT7049;DTV-DVB UDTT7049 - USB 2.0 DVB-T Receiver;C:\WINDOWS\system32\Drivers\UDTT7049.sys [2006-06-29 09:58]
S3 UDTT7049HID;UDTT7049HID - HID Driver;C:\WINDOWS\system32\drivers\UDTT7049HID.sys [2006-06-29 04:04]
S3 UPnPService;UPnPService;C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{285466f7-7e3b-11dc-b819-00138ff990b8}]
\Shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{879b04ba-9db3-11dc-b844-00138ff990b8}]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6dad0be-fc0c-11dc-b90c-00138ff990b8}]
\Shell\AutoRun\command - K:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf82794b-a0da-11dc-b849-00138ff990b8}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 14:47:43
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\SW_D.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Ora fine scansione: 2008-05-28 14:53:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 12:53:22
ComboFix2.txt 2008-05-26 14:24:27
10 Directory 17,409,101,824 byte disponibili
13 Directory 17,405,210,624 byte disponibili
211 |
|
| Top |
|
|
GX Style
Eroe
Registrato: 11/07/07 11:44
Messaggi: 47
|
| Inviato: 28 Mag 2008 14:57 Oggetto: |
 |
|
LOG HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.57.25, on 28/05/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\QuickTime\QTTask.exe
D:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
D:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmi\PC-TV\WinManager\WinManager.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\User\Documenti\Giuseppe\SICUREZZA\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 212.216.112.112
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TomTomHOME.exe] "d:\Programmi\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinManager.lnk = C:\Programmi\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197804961984
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F673A63-BDBF-4B7B-9693-1ECA9A470115}: NameServer = 85.37.17.8 85.38.28.73
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 7510 bytes |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
