Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Trojan P2P - Vundo
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
Miyazaki
Mortale adepto
Mortale adepto


Registrato: 16/02/08 21:34
Messaggi: 34

MessaggioInviato: 08 Ott 2008 01:33    Oggetto: Trojan P2P - Vundo Rispondi citando

Ciao a tutti
Eseguendo una patch per Real Player scaricata dal mulo ho contratto un trojan, precisamente il Win32/Adware.Virtumonde applicazione e le sue varianti.
Ho fatto la scansione con Spybot S&D, Ad-Aware e NOD32.. Alcuni file sono stati trovati, ma il virus non sembra essere stato del tutto eliminato.

Di seguito il log di Hijack
_____________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.54.39, on 08/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\awServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\awtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Programmi\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [AdminWorks Tray] "C:\Acer\Empowering Technology\awtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WD Drive Manager] C:\Programmi\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [7c4b06af] rundll32.exe "C:\WINDOWS\system32\lasdqmgc.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WD Anywhere Backup Launcher.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Programmi\Gadwin Systems\WebSnapshot\WebSnapshot.dll (HKCU)
O9 - Extra 'Tools' menuitem: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Programmi\Gadwin Systems\WebSnapshot\WebSnapshot.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172872132218
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: kaokrc.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\Driver\speedcontrol.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Programmi\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 9765 bytes
_____________________________________________________________

Spero possiate aiutarmi,
Grazie
Top
Profilo Invia messaggio privato
chemicalbit
Dio maturo
Dio maturo


Registrato: 01/04/05 17:59
Messaggi: 18597
Residenza: Milano

MessaggioInviato: 08 Ott 2008 11:18    Oggetto: Re: Trojan P2P Rispondi citando

Miyazaki ha scritto:
Ciao a tutti
Eseguendo una patch per Real Player scaricata dal mulo ho contratto un trojan
Ma scaricare le patch dal sito ufficiale non è più semplice e più sicuro?

Miyazaki ha scritto:
Ho fatto la scansione con Spybot S&D, Ad-Aware e NOD32.. Alcuni file sono stati trovati, ma il virus non sembra essere stato del tutto eliminato.
Quali file erano infetti, e soprattutto da cosa?

Un po' di pulizie e controlli generici:
  • Esegui in questo ordine le seguenti operazioni:
  • Metti uno alla volta su wikisend i vari log che hai attenuto dai programmi
    • MBAM
    • HiJackThis
    e segnati i link che wikisend ti darà per ognuno.
  • Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta i link ai log che hai messo su wikisend



p.s. mega off-topic sul tuo nick:
Hanno rimandato l'uscita di Totoro in italiano Crying or Very sad
(ma di questo magari parliamone a "Il salotto delle Muse")
Top
Profilo Invia messaggio privato
Miyazaki
Mortale adepto
Mortale adepto


Registrato: 16/02/08 21:34
Messaggi: 34

MessaggioInviato: 08 Ott 2008 14:47    Oggetto: Rispondi citando

Citazione:
Ma scaricare le patch dal sito ufficiale non è più semplice e più sicuro?

In realtà l'avevo scaricato come keygen che poi s'è rivelato essere una patch..

Citazione:
Quali file erano infetti, e soprattutto da cosa?

Non saprei, ho fatto la scansione ed ho eliminato e/o messo in quarantena tutti i file che risultavano infetti da vrtumonde e le sue varianti..

Più tardi provo a seguire le istruzioni che mi hai dato e ti faccio sapere!
Top
Profilo Invia messaggio privato
Miyazaki
Mortale adepto
Mortale adepto


Registrato: 16/02/08 21:34
Messaggi: 34

MessaggioInviato: 08 Ott 2008 18:18    Oggetto: Rispondi citando

Ecco quì:

MBAM

hijackthis.log

Non ci sono particolari problemi, apparte il fatto che ogni volta che riavvio il pc vengono disattivati gli aggiornamenti automatici..
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 11:05
Messaggi: 14220
Residenza: 3° pianeta del sistema solare... (Barzotti)

MessaggioInviato: 10 Ott 2008 11:04    Oggetto: Rispondi citando

MBAM ha fatto una bella pulizia, ma ci sono ancora dei rimasugli. Think
  1. Segui queste istruzioni per usare VundoFix.
  2. Segui le istruzioni di questo topic per postare il log di combofix.
Top
Profilo Invia messaggio privato
Riverside
Ban a tempo indeterminato
Ban a tempo indeterminato


Registrato: 29/02/08 21:32
Messaggi: 4396
Residenza: Riverside House

MessaggioInviato: 10 Ott 2008 11:48    Oggetto: Re: Trojan P2P - Vundo Rispondi citando

Miyazaki ha scritto:
....... Eseguendo una patch per Real Player scaricata dal mulo ho contratto un trojan, precisamente il Win32/Adware.Virtumonde applicazione e le sue varianti.

Applause
Miyazaki ha scritto:
In realtà l'avevo scaricato come keygen che poi s'è rivelato essere una patch ..

90 su 100 ti saresti infettato lo stesso e, con lo stesso virus.

Fare a meno di Keygen e crack, no, eh Question

Dopo aver eseguito Combofix (ed aver allegato il log), scarica ed installa SuperAntispyware:
clicca qui per il download
devi scaricare la versione free - e la configuri come ho spiegato ad una altra utente in questa discussione
esegui una scansione completa del sistema e, una volta terminata la scansione, allega il log che verrà rilasciato
Top
Profilo Invia messaggio privato
Miyazaki
Mortale adepto
Mortale adepto


Registrato: 16/02/08 21:34
Messaggi: 34

MessaggioInviato: 10 Ott 2008 18:18    Oggetto: Rispondi citando

COMBOFIX
_____________________________________________________________

ComboFix 08-10-09.06 - Jacopo 2008-10-10 17.15.14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.844 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Jacopo\Desktop\COMBO-FIX.EXE
* Creato nuovo punto di ripristino
* Resident AV is active


ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\skinboxer43.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-09-10 al 2008-10-10 )))))))))))))))))))))))))))))))))))
.

2008-10-10 17:01 . 2008-10-10 17:01 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-10-10 16:47 . 2008-10-10 17:02 <DIR> d----c--- C:\VundoFix Backups
2008-10-08 17:52 . 2008-10-08 17:53 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-08 17:52 . 2008-10-08 17:52 <DIR> d-------- C:\Documents and Settings\Jacopo\Dati applicazioni\Malwarebytes
2008-10-08 17:52 . 2008-10-08 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-08 17:52 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-08 17:52 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-08 17:34 . 2008-10-08 17:34 <DIR> d-------- C:\Programmi\CCleaner
2008-10-08 17:18 . 2008-10-08 17:18 22,368 --a------ C:\Documents and Settings\Jacopo\ukuiaxdi.exe
2008-10-08 17:18 . 2008-10-08 17:18 22,368 --a------ C:\Documents and Settings\Jacopo\tfptcqid.exe
2008-10-08 17:16 . 2008-10-08 17:16 22,368 --a------ C:\Documents and Settings\Jacopo\tepnckoe.exe
2008-10-07 23:49 . 2008-10-07 23:49 123,904 --a------ C:\WINDOWS\system32\kaokrc.dll
2008-10-07 23:49 . 2008-10-07 23:49 123,904 --a------ C:\WINDOWS\system32\dqblsupy.dll
2008-10-07 21:42 . 2008-10-07 21:42 123,904 --a------ C:\WINDOWS\system32\ptimnjhf.dll
2008-10-07 21:42 . 2008-10-07 21:42 123,904 --a------ C:\WINDOWS\system32\jsrfgc.dll
2008-10-07 21:33 . 2004-08-30 21:00 365,568 --a------ C:\WINDOWS\system32\doskeys.exe
2008-10-07 21:33 . 2008-10-08 18:46 150 --a------ C:\WINDOWS\system32\Monitored2.dat
2008-10-06 18:06 . 2008-10-06 18:07 <DIR> d-------- C:\Programmi\iTunes
2008-10-06 18:06 . 2008-10-06 18:06 <DIR> d-------- C:\Programmi\iPod
2008-10-06 18:06 . 2008-10-06 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 01:30 . 2008-10-04 01:30 <DIR> d-------- C:\Programmi\SDHelper (Spybot - Search & Destroy)
2008-09-22 01:01 . 2008-09-22 01:01 24,928 --a------ C:\Documents and Settings\Jacopo\fvibsdcq.exe
2008-09-22 01:00 . 2008-09-22 01:00 24,928 --a------ C:\Documents and Settings\Jacopo\scpmlhtk.exe
2008-09-21 23:41 . 2008-09-21 23:41 24,928 --a------ C:\Documents and Settings\Jacopo\rizvxtnr.exe
2008-09-21 16:39 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-21 16:39 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-20 02:52 . 2008-09-20 02:52 <DIR> d-------- C:\Programmi\WD
2008-09-20 02:52 . 2008-09-20 02:52 <DIR> d-------- C:\Programmi\File comuni\eSellerate
2008-09-20 02:52 . 2008-09-20 02:52 <DIR> d-------- C:\Documents and Settings\Jacopo\Dati applicazioni\WD
2008-09-20 02:52 . 2008-09-20 02:52 <DIR> d---s---- C:\Documents and Settings\All Users\Dati applicazioni\WD
2008-09-19 22:56 . 2008-09-19 22:57 364,544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2008-09-19 22:53 . 2008-09-19 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Memeo
2008-09-19 22:39 . 2008-09-19 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MemeoCommon
2008-09-19 22:31 . 2008-09-19 22:31 <DIR> d-------- C:\Programmi\Western Digital
2008-09-10 17:21 . 2008-09-10 17:21 <DIR> d-------- C:\Programmi\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 21:31 --------- d-----w C:\Programmi\AdunanzA
2008-10-08 12:20 --------- d-----w C:\Programmi\Real
2008-10-08 12:18 --------- d-----w C:\Programmi\File comuni\Real
2008-10-07 21:56 --------- d-----w C:\Documents and Settings\Jacopo\Dati applicazioni\ARMY OBJ PEAK
2008-10-03 23:30 --------- d-----w C:\Programmi\TeaTimer (Spybot - Search & Destroy)
2008-10-03 17:06 --------- d-----w C:\Programmi\Blaze Media Pro
2008-10-01 20:25 --------- d-----w C:\Programmi\Nokia
2008-10-01 20:25 --------- d-----w C:\Programmi\File comuni\Nokia
2008-10-01 20:25 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-10-01 20:00 --------- d-----w C:\Documents and Settings\Jacopo\Dati applicazioni\PC Suite
2008-09-30 15:35 --------- d-----w C:\Documents and Settings\Jacopo\Dati applicazioni\Skype
2008-09-28 13:09 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-09-21 23:24 356 -c--a-w C:\drmHeader.bin
2008-09-21 14:38 --------- d-----w C:\Programmi\QuickTime
2008-09-21 14:38 --------- d-----w C:\Programmi\File comuni\Apple
2008-09-21 14:37 --------- d-----w C:\Programmi\Apple Software Update
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-25 22:28 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-08-25 22:27 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-08-20 18:56 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-08-17 14:32 --------- d-----w C:\Documents and Settings\Jacopo\Dati applicazioni\Ahead
2008-08-12 00:22 --------- d-----w C:\Programmi\DivX
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:38 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-05-17 14:51 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008051720080518\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ntiMUI"="c:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-19 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-19 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-19 114688]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"AdminWorks Tray"="C:\Acer\Empowering Technology\awtray.exe" [2005-10-24 1306112]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-02-07 949376]
"WD Drive Manager"="C:\Programmi\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 C:\WINDOWS\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lnrijl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\SopCast\\sopvod.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:AdminWorks UDP Port
"2804:TCP"= 2804:TCP:AdminWorks TCP Port

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-03-31 4010]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Programmi\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-07-24 102400]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 4392]
S3 Acer ODDSpeedControl;Acer ODDSpeedControl;C:\Acer\Empowering Technology\eAcoustics\Driver\speedcontrol.exe [2005-02-15 81920]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 152576]
S3 PortRW;PortRW;C:\WINDOWS\system32\Drivers\PortRW.sys [2003-08-15 3456]
.
Contenuto della cartella 'Scheduled Tasks'

2008-09-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-10 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Programmi\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-Power2GoExpress - (no file)
HKU-Default-Run-Nokia.PCSync - C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
HKCU-Explorer_Run-NT Printing Services6 - dllhosts.exe


.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-10 17:17:12
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESSO: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-10-10 17:18:21
ComboFix-quarantined-files.txt 2008-10-10 15:17:57
ComboFix2.txt 2008-02-24 14:05:58
ComboFix3.txt 2008-02-24 12:00:41

Pre-Run: 16.775.663.616 byte disponibili
Post-Run: 16,870,973,440 byte disponibili

207 --- E O F --- 2008-09-26 12:16:56
-------------------------------------------------------------------------------------


VUNDOFIX
_____________________________________________________________

VundoFix V7.0.6

Scan started at 16.47.26 10/10/2008

Listing files found while scanning....

C:\Windows\system32\NCTAudioCDGrabber2.dll
C:\Windows\system32\NCTAudioFile2.dll
C:\Windows\system32\NCTAudioPlayer2.dll
C:\Windows\system32\NCTAudioRecord2.dll
C:\Windows\system32\NCTAVIFile.dll
C:\Windows\system32\NCTQuickTimeFile.dll
C:\Windows\system32\NCTVideoCoreM.dll
C:\Windows\system32\NCTWMAFile2.dll

Beginning removal...

Attempting to delete C:\Windows\system32\NCTAudioCDGrabber2.dll
C:\Windows\system32\NCTAudioCDGrabber2.dll Has been deleted!

Attempting to delete C:\Windows\system32\NCTAudioFile2.dll
C:\Windows\system32\NCTAudioFile2.dll Has been deleted!

Attempting to delete C:\Windows\system32\NCTAudioPlayer2.dll
C:\Windows\system32\NCTAudioPlayer2.dll Has been deleted!

Attempting to delete C:\Windows\system32\NCTAudioRecord2.dll
C:\Windows\system32\NCTAudioRecord2.dll Has been deleted!

Attempting to delete C:\Windows\system32\NCTAVIFile.dll
C:\Windows\system32\NCTAVIFile.dll Has been deleted!

Attempting to delete C:\Windows\system32\NCTQuickTimeFile.dll
C:\Windows\system32\NCTQuickTimeFile.dll Has been deleted!

Attempting to delete C:\Windows\system32\NCTVideoCoreM.dll
C:\Windows\system32\NCTVideoCoreM.dll Has been deleted!

Attempting to delete C:\Windows\system32\NCTWMAFile2.dll
C:\Windows\system32\NCTWMAFile2.dll Has been deleted!

Performing Repairs to the registry.
Done!
-------------------------------------------------------------------------------------

HIJACK
_____________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.03.31, on 10/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\awtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\awServ.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Programmi\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [AdminWorks Tray] "C:\Acer\Empowering Technology\awtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WD Drive Manager] C:\Programmi\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Programmi\Gadwin Systems\WebSnapshot\WebSnapshot.dll (HKCU)
O9 - Extra 'Tools' menuitem: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Programmi\Gadwin Systems\WebSnapshot\WebSnapshot.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172872132218
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: lnrijl.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\Driver\speedcontrol.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Programmi\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 9501 bytes
-------------------------------------------------------------------------------------

Citazione:
esegui una scansione completa del sistema e, una volta terminata la scansione, allega il log che verrà rilasciato

Ho effettuato la scansione completa con SuperaAntiSpywere, che ha trovato ed eliminato 20 minacce ma non ha rilasciato nessun log..
Top
Profilo Invia messaggio privato
Miyazaki
Mortale adepto
Mortale adepto


Registrato: 16/02/08 21:34
Messaggi: 34

MessaggioInviato: 14 Ott 2008 15:43    Oggetto: Rispondi citando

...suggerimenti?
Top
Profilo Invia messaggio privato
Riverside
Ban a tempo indeterminato
Ban a tempo indeterminato


Registrato: 29/02/08 21:32
Messaggi: 4396
Residenza: Riverside House

MessaggioInviato: 14 Ott 2008 16:07    Oggetto: Rispondi citando

Miyazaki ha scritto:
...suggerimenti?

Certo: quelli che trovi un post sopra a quello in cui hai pubblicato il log di Combofix Arrow Read
Top
Profilo Invia messaggio privato
Riverside
Ban a tempo indeterminato
Ban a tempo indeterminato


Registrato: 29/02/08 21:32
Messaggi: 4396
Residenza: Riverside House

MessaggioInviato: 14 Ott 2008 16:12    Oggetto: Rispondi

Off Topic: adoro queste cose 8)

Citazione:
ComboFix 08-10-09.06 - Jacopo 2008-10-10 17.15.14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.844 [GMT 2:00]

Eseguito da: C:\Documents and Settings\Jacopo\Desktop\COMBO-FIX.EXE
* Creato nuovo punto di ripristino
* Resident AV is active

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\skinboxer43.dll


Citazione:
VundoFix V7.0.6
Scan started at 16.47.26 10/10/2008
Listing files found while scanning....

C:\Windows\system32\NCTAudioCDGrabber2.dll
C:\Windows\system32\NCTAudioFile2.dll
C:\Windows\system32\NCTAudioPlayer2.dll
C:\Windows\system32\NCTAudioRecord2.dll
C:\Windows\system32\NCTAVIFile.dll
C:\Windows\system32\NCTQuickTimeFile.dll
C:\Windows\system32\NCTVideoCoreM.dll
C:\Windows\system32\NCTWMAFile2.dll

Beginning removal...

Attempting to delete C:\Windows\system32\NCTAudioCDGrabber2.dll
C:\Windows\system32\NCTAudioCDGrabber2.dll Has been deleted!

Attempting to delete C:\Windows\system32\NCTAudioFile2.dll
C:\Windows\system32\NCTAudioFile2.dll Has been deleted!

Attempting to delete C:\Windows\system32\NCTAudioPlayer2.dll
C:\Windows\system32\NCTAudioPlayer2.dll Has been deleted!

Attempting to delete C:\Windows\system32\NCTAudioRecord2.dll
C:\Windows\system32\NCTAudioRecord2.dll Has been deleted!

Attempting to delete C:\Windows\system32\NCTAVIFile.dll
C:\Windows\system32\NCTAVIFile.dll Has been deleted!

Attempting to delete C:\Windows\system32\NCTQuickTimeFile.dll
C:\Windows\system32\NCTQuickTimeFile.dll Has been deleted!

Attempting to delete C:\Windows\system32\NCTVideoCoreM.dll
C:\Windows\system32\NCTVideoCoreM.dll Has been deleted!

Attempting to delete C:\Windows\system32\NCTWMAFile2.dll
C:\Windows\system32\NCTWMAFile2.dll Has been deleted!

Performing Repairs to the registry.
Done!
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 1 ora
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi