Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Bagle, Vundo e altro
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
comdan
Mortale pio
Mortale pio


Registrato: 01/12/07 19:29
Messaggi: 27
MessaggioInviato: 01 Dic 2007 19:34    Oggetto: Bagle, Vundo e altro Rispondi citando
Per Piacere potreste controllare il mio hijackthis per capire che cosa succede al mio portatile?



Logfile of HijackThis v1.98.2
Scan saved at 18.14.29, on 01/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Programmi\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\Programmi\Internet Explorer\MsnMgr8.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINNT\system32\perfs.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Programmi\Windows NT\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Compaq\EAB\EabServr.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\PRPCUI.exe
C:\Programmi\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Widcomm\Bluetooth Software\BTTray.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programmi\Widcomm\Bluetooth Software\BTStackServer.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\WINNT\system32\taskmgr.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis1982.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/italian
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - C:\WINNT\system32\rqrpmmn.dll
O2 - BHO: {2d4a58a6-bc41-2ec8-b5b4-b5919a98bb04} - {40bb89a9-195b-4b5b-8ce2-14cb6a85a4d2} - C:\WINNT\system32\mpjbpfwd.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDBB078E-8889-44FF-81DB-3C2C8AD17DF5} - C:\WINNT\system32\tuvvv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [hkss] C:\Programmi\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [drvsyskit] C:\WINNT\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = C:\Programmi\Widcomm\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Apri immagine in &Microsoft PhotoDraw - res://c:\PROGRA~1\MICROS~2\office\1040\phdintl.dll/phdContext.htm
O15 - Trusted Zone: *.rossoalice.it
O15 - Trusted Zone: *.rossoalice.virgilio.it
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188372586214
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5l.incredimail.com/contents/setup/2007090401/downloader_nu/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06DA4B8A-4836-4A3D-B953-798644F8C9A0}: NameServer = 212.17.192.56,212.17.192.216
O17 - HKLM\System\CS1\Services\Tcpip\..\{06DA4B8A-4836-4A3D-B953-798644F8C9A0}: NameServer = 212.17.192.56,212.17.192.216
O17 - HKLM\System\CS2\Services\Tcpip\..\{06DA4B8A-4836-4A3D-B953-798644F8C9A0}: NameServer = 212.17.192.56,212.17.192.216
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 01 Dic 2007 20:55    Oggetto: Rispondi citando
Ciao comdan Smile
Vedo tracce di Bagle?...e forse qualcos'altro.
Intanto guarda questa discussione scarica e fai la scansione con Elibagla.
Posta quì il risultato e un nuovo log di HJT.
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 01 Dic 2007 22:16    Oggetto: Rispondi citando
Le infezioni sono sicuramente diverse.
Fai i passaggi indicati da Sante62 e scarica la nuova versione di hijackthis per postare il prossimo log
Top
Profilo Invia messaggio privato
comdan
Mortale pio
Mortale pio


Registrato: 01/12/07 19:29
Messaggi: 27
MessaggioInviato: 04 Dic 2007 20:26    Oggetto: Rispondi citando
Ho fatto come mi avete detto:
l'unica cosa che non sono riuscito a scaricare l'ultima versione di HJT mi si risponde che ha provocato un errore di sistema quindi vi posto il log con il vecchio hjt e il file INFOSAT.txt.

Logfile of HijackThis v1.98.2
Scan saved at 19.20.11, on 04/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Programmi\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\Programmi\Internet Explorer\MsnMgr8.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINNT\system32\perfs.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Programmi\Windows NT\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Compaq\EAB\EabServr.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\PRPCUI.exe
C:\Programmi\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Widcomm\Bluetooth Software\BTTray.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Widcomm\Bluetooth Software\BTStackServer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\WINNT\system32\ndt2.sys
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis1982.exe
C:\WINNT\system32\Indt2.sys

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/italian
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {21ba176d-c7eb-0279-0384-5923e02fd8a0} - {0a8df20e-3295-4830-9720-be7cd671ab12} - C:\WINNT\system32\pybqjelw.dll
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - C:\WINNT\system32\rqrpmmn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C9F64FDF-3F3C-4D49-9909-79BCABF748C3} - C:\WINNT\system32\tuvvv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [hkss] C:\Programmi\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = C:\Programmi\Widcomm\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Apri immagine in &Microsoft PhotoDraw - res://c:\PROGRA~1\MICROS~2\office\1040\phdintl.dll/phdContext.htm
O15 - Trusted Zone: *.rossoalice.it
O15 - Trusted Zone: *.rossoalice.virgilio.it
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188372586214
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5l.incredimail.com/contents/setup/2007090401/downloader_nu/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06DA4B8A-4836-4A3D-B953-798644F8C9A0}: NameServer = 212.17.192.56,212.17.192.216
O17 - HKLM\System\CS1\Services\Tcpip\..\{06DA4B8A-4836-4A3D-B953-798644F8C9A0}: NameServer = 212.17.192.56,212.17.192.216
O17 - HKLM\System\CS2\Services\Tcpip\..\{06DA4B8A-4836-4A3D-B953-798644F8C9A0}: NameServer = 212.17.192.56,212.17.192.216




Tue Dec 04 18:49:01 2007
EliBagle v10.76 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Tue Dec 04 18:49:06 2007
EliBagle v10.76 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\backup290807\WINNT\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)

Nº Total de Directorios: 4481
Nº Total de Ficheros: 73456
Nº de Ficheros Analizados: 11632
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Top
Profilo Invia messaggio privato
comdan
Mortale pio
Mortale pio


Registrato: 01/12/07 19:29
Messaggi: 27
MessaggioInviato: 04 Dic 2007 20:52    Oggetto: Rispondi citando
mi sono accorrto che compare anche una schermata nera con scritto c:\luxe4568.exe ....
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 04 Dic 2007 21:53    Oggetto: Rispondi citando
Usa anche ComboFix come indicato qui.
Top
Profilo Invia messaggio privato
comdan
Mortale pio
Mortale pio


Registrato: 01/12/07 19:29
Messaggi: 27
MessaggioInviato: 05 Dic 2007 09:30    Oggetto: Rispondi citando
ComboFix 07-12-02.7 - Administrator 05/12/2007 8.13.34.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1040.18.302 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.bat
C:\WINNT\system32\hggeefc.dll
C:\WINNT\system32\mpjbpfwd.dll
C:\WINNT\system32\pybqjelw.dll
C:\WINNT\system32\rqrpmmn.dll
C:\WINNT\system32\tuvvv.dll
C:\WINNT\SYSTEM32\vvvut.ini
C:\WINNT\SYSTEM32\vvvut.ini2

.
((((((((((((((((((((((((( Files Creati Da 2007-11-05 al 2007-12-05 )))))))))))))))))))))))))))))))))))
.

2007-12-04 19:18 . 07-12-04 19:18 <DIR> d-------- C:\Programmi\Trend Micro
2007-12-01 14:29 . 07-12-01 14:29 38,400 --a------ C:\WINNT\SYSTEM32\gebcyvu.Vdll
2007-12-01 13:44 . 07-12-01 13:44 <DIR> d-------- C:\Programmi\Lavasoft
2007-12-01 13:44 . 07-12-01 13:44 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2007-12-01 13:24 . 07-12-04 19:45 384 --a------ C:\luxe4568.exe
2007-11-29 12:42 . 07-11-29 22:07 61,440 --------- C:\luxe3.exe
2007-11-26 12:07 . 07-11-26 20:55 61,440 --------- C:\luxe.exe
2007-11-25 21:47 . 07-11-25 22:03 97,792 --a------ C:\ingen.exe
2007-11-24 12:06 . 07-11-24 12:06 <DIR> d-------- C:\Programmi\QuickTime
2007-11-23 13:07 . 01-05-07 17:00 12,560 --a------ C:\WINNT\SYSTEM32\DLLCACHE\chsbrkr.dll
2007-11-23 13:07 . 01-05-07 17:00 12,560 --a------ C:\WINNT\SYSTEM32\chsbrkr.dll
2007-11-23 13:07 . 01-05-07 17:00 1,696 --a------ C:\WINNT\SYSTEM32\noise.chs
2007-11-19 18:15 . 07-11-19 18:15 45,056 --a------ C:\WINNT\SYSTEM32\Indt2.sys
2007-11-19 18:14 . 07-11-19 18:15 256,512 --a------ C:\WINNT\SYSTEM32\ndt2.sys
2007-11-16 15:04 . 07-12-01 13:18 <DIR> d-------- C:\Programmi\File comuni\Symantec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 20:16 --------- d-----w C:\Programmi\Norton Security Scan
2007-10-23 19:31 37 ----a-w C:\bat.bat
2007-10-22 19:27 --------- d-----w C:\Programmi\jZip
2007-10-11 09:14 --------- d-----w C:\Programmi\hp deskjet 845c series
2007-10-11 09:13 --------- d-----w C:\Programmi\Hewlett-Packard
2007-10-08 13:24 484,864 ----a-w C:\WINNT\SYSTEM32\who.exe
2007-10-07 06:37 --------- d-----w C:\Programmi\EPSON
2001-06-11 15:12 271 ----a-w C:\Programmi\DESKTOP.INI
2001-06-11 15:12 22,075 ----a-w C:\Programmi\FOLDER.HTT
2001-05-07 16:00 32,528 ----a-w C:\WINNT\INF\WBFIRDMA.SYS
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [07-09-04 22:40 ]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07-09-01 11:22 ]
"IncrediMail"="C:\Programmi\IncrediMail\bin\IncMail.exe" [07-01-23 07:06 ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 11:05 C:\WINNT\SYSTEM32\mobsync.exe]
"ATIModeChange"="Ati2mdxx.exe" [02-05-23 03:14 C:\WINNT\SYSTEM32\Ati2mdxx.exe]
"eabconfg.cpl"="C:\Programmi\Compaq\EAB\EabServr.exe" [02-04-09 10:49 ]
"Cpqset"="c:\compaq\cpqsetup\cpqset.exe" [02-05-09 13:13 ]
"LTWinModem1"="ltmsg.exe" [02-02-28 08:00 C:\WINNT\SYSTEM32\ltmsg.exe]
"PRPCMonitor"="PRPCUI.exe" [02-03-25 13:30 C:\WINNT\SYSTEM32\prpcui.exe]
"hkss"="C:\Programmi\Compaq\Hotkey Software\hkss.exe" [02-03-19 10:11 ]
"ChkAdmin"="C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE" [02-01-24 17:03 ]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [07-08-29 13:14 ]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe" [01-11-01 18:56 ]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [07-11-24 12:06 ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"CPQDFWAG"="C:\WINNT\Cpqdiag\CpqDfwAg.exe" [02-05-31 16:40 ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [01-05-07 17:00 C:\WINNT\SYSTEM32\INTERNAT.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 20:05 ]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-08-29 10:40:51]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
BTTray.lnk - C:\Programmi\Widcomm\Bluetooth Software\BTTray.exe [2002-03-04 10:40:46]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56]

R1 ClntMgmt;Compaq Client Management Driver;C:\WINNT\system32\Drivers\ClntMgmt.sys
R1 oreans32;oreans32;\??\C:\WINNT\system32\drivers\oreans32.sys
R2 cpqWebDmi;Compaq DMI Web Agent;C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
R2 Msn Messenger v8;Msn Messenger v8;"C:\Programmi\Internet Explorer\MsnMgr8.exe"
R2 perfmons;perfmons Service;C:\WINNT\system32\perfs.exe
R2 PPPoEService;PPPoE Service;C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
R2 PRPC;PRPC;C:\WINNT\system32\drivers\PRPC.sys
R2 Windows Accountis Mainagzes;Windows Accountis Mainagzers;C:\Programmi\Windows NT\svchost.exe
R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;C:\WINNT\system32\DRIVERS\ntspppoe.sys
R3 openhci;Driver controller host USB Open Microsoft ;C:\WINNT\system32\DRIVERS\openhci.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S2 Serv-U;Serv-U FTP Server;C:\WINNT\system32\MSupdate.exe
S3 ce3;Driver scheda Xircom CreditCard Ethernet 10/100 ;C:\WINNT\system32\DRIVERS\ce3n5.sys
S3 cirrus;cirrus;C:\WINNT\system32\DRIVERS\cirrus.sys
S3 FBIKB_NT;FBIKB_NT;\??\C:\WINNT\System32\Drivers\FBIKB_NT.Sys
S3 N100;Driver NT scheda Compaq Ethernet or Fast Ethernet;C:\WINNT\system32\DRIVERS\n100nt5.sys
S3 NTSTPL1;NTSTPL1;\??\C:\PROGRA~1\Alice\ALICEE~1\app\NTSTPL1.SYS
S3 NTSTPL2;NTSTPL2;\??\C:\PROGRA~1\Alice\ALICEE~1\app\NTSTPL2.SYS
S3 RAWESR;RAWESR;\??\C:\PROGRA~1\Alice\ALICEE~1\app\RAWESR.SYS
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINNT\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG Mobile Modem Filter;C:\WINNT\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG Mobile Modem Drivers;C:\WINNT\system32\DRIVERS\sscdmdm.sys
S3 TAPBIND;TAPBIND;\??\C:\PROGRA~1\Alice\ALICEE~1\app\TAPBIND1.SYS

.
Contenuto della cartella 'Scheduled Tasks'
"2007-11-23 17:27:46 C:\WINNT\Tasks\Norton Security Scan.job"
- C:\Programmi\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 08:23:06
Windows 5.0.2195 Service Pack 4 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2007-12-05 8:24:18 - machine was rebooted
.
--- E O F ---








ECCO ANCHE IL NUOVO LOG:
Logfile of HijackThis v1.98.2
Scan saved at 8.27.53, on 05/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Programmi\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\Programmi\Internet Explorer\MsnMgr8.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINNT\system32\perfs.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Programmi\Windows NT\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Compaq\EAB\EabServr.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\PRPCUI.exe
C:\Programmi\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Widcomm\Bluetooth Software\BTTray.exe
C:\Programmi\Widcomm\Bluetooth Software\BTStackServer.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis1982.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/italian
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [hkss] C:\Programmi\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = C:\Programmi\Widcomm\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Apri immagine in &Microsoft PhotoDraw - res://c:\PROGRA~1\MICROS~2\office\1040\phdintl.dll/phdContext.htm
O15 - Trusted Zone: *.rossoalice.it
O15 - Trusted Zone: *.rossoalice.virgilio.it
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188372586214
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5l.incredimail.com/contents/setup/2007090401/downloader_nu/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06DA4B8A-4836-4A3D-B953-798644F8C9A0}: NameServer = 212.17.192.56,212.17.192.216
O17 - HKLM\System\CS1\Services\Tcpip\..\{06DA4B8A-4836-4A3D-B953-798644F8C9A0}: NameServer = 212.17.192.56,212.17.192.216
O17 - HKLM\System\CS2\Services\Tcpip\..\{06DA4B8A-4836-4A3D-B953-798644F8C9A0}: NameServer = 212.17.192.56,212.17.192.216
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 05 Dic 2007 09:35    Oggetto: Rispondi citando
Anche combofix ha eliminato qualcosa. Razz
Prima di procedere oltre, fai queste scansioni con GMER e posta i logs su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
comdan
Mortale pio
Mortale pio


Registrato: 01/12/07 19:29
Messaggi: 27
MessaggioInviato: 05 Dic 2007 14:20    Oggetto: Rispondi citando
Con il primo passaggio ho ottenuto i seguenti 3 links:

GMER5.txt


PENSO VI SERVA IL 3°!!


Con il 2° passaggio


ger2.txt


Grazie attendo vs ulteriori dritte!
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 05 Dic 2007 17:53    Oggetto: Rispondi citando
Non riesco a identificare le minacce rimaste. Rolling Eyes

Fai questa scansione con SystemScan e posta il log su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
comdan
Mortale pio
Mortale pio


Registrato: 01/12/07 19:29
Messaggi: 27
MessaggioInviato: 05 Dic 2007 21:26    Oggetto: Rispondi citando
Purtroppo arrivato a ALTERNATE DATA SISTEM il programma di scansione si blocca...
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 05 Dic 2007 21:48    Oggetto: Rispondi citando
Togli il segno di spunta a ALTERNATE DATA STREAM e rifai il log.
Top
Profilo Invia messaggio privato
comdan
Mortale pio
Mortale pio


Registrato: 01/12/07 19:29
Messaggi: 27
MessaggioInviato: 06 Dic 2007 13:43    Oggetto: Rispondi citando
ecco qui:

report75.txt
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 06 Dic 2007 14:00    Oggetto: Rispondi citando
scarica VirIt, installalo, aggiornalo (importante) e fai lo scan completo.
Top
Profilo Invia messaggio privato
comdan
Mortale pio
Mortale pio


Registrato: 01/12/07 19:29
Messaggi: 27
MessaggioInviato: 06 Dic 2007 22:39    Oggetto: Rispondi citando
bdoriano ha scritto:
scarica VirIt, installalo, aggiornalo (importante) e fai lo scan completo.


ho avuo problemi nell'istallazione e non sono sicuro che sia andata a buon fine anche perchè no nsi concludeva....poi pero' ho visto che si era creato una cartella VEXPLITE e all'interno ho cliccato su VIRITEXT.exe HO AGGIORNATO e poi ho fatto lo scan ho trovato :

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
06/12/2007 - 20:59:12

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\Administrator\Desktop\SetupPoker.exe Infetto da Adware.Casino.A
* * * RIMOSSO * * *
C:\Poker\Titan Poker\_SetupPoker.exe Infetto da Adware.Casino.A
* * * RIMOSSO * * *
C:\qoobox\Quarantine\C\WINNT\SYSTEM32\mpjbpfwd.dll.vir Infetto da Trojan.Win32.Vundo.BT
* * * RIMOSSO * * *
C:\WINNT\SYSTEM32\perfs.exe Infetto da Trojan.Win32.Agent.BEI
Il file sarà spostato nella cartella di quarantena.
C:\WINNT\SYSTEM32\perfs.exe.old803437 Infetto da Trojan.Win32.Agent.BEI
Contattare il Supporto Tecnico TG Soft

Chiavi Registro infette: 0.
Files Infetti: 5.
Files Sospetti: 0.
Files Analizzati: 65917.
Files Totali: 65917.
Chiavi Registro rimosse: 0.
Virus Rimossi: 3.

Adesso puoi RIAVVIARE il computer per spostare il file nella cartella di quarantena.

spero sia sufficiente... o esiste qualche medicina ulteriore per il mio portatile? Grazie
Top
Profilo Invia messaggio privato
comdan
Mortale pio
Mortale pio


Registrato: 01/12/07 19:29
Messaggi: 27
MessaggioInviato: 07 Dic 2007 09:30    Oggetto: Rispondi citando
Secondo voi ho curato a sufficinza il mio portatatile?

p.S. dopo l'istallazione di Virt (soppra avevo scritto che non mi sembrava fosse stata fatta fino in fondo) all'accensione del computer mi esce:
File v***.data mancante (gl iasterischi stanno per lettere che non mi ricordo.


prociodo alla disinstallazione di virt

Grazie per tuttee le vs importantissime ed efficaci dritte
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Dic 2007 09:41    Oggetto: Rispondi citando
Aspetta, non è finita. Laughing
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Dic 2007 10:52    Oggetto: Rispondi citando
Sinceramente, speravo che VirIt lavorasse di più... Rolling Eyes

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
files to delete:
C:\bat.bat
C:\explorer
C:\gz
C:\ingen.exe
C:\luxe.exe
C:\luxe3.exe
C:\luxe4568.exe
C:\WINNT\run2.vbs
C:\WINNT\DELME.BAT
C:\WINNT\run.vbs
C:\WINNT\home.vbs
C:\WINNT\system32\ndt2.sys
C:\WINNT\system32\Indt2.sys
C:\WINNT\system32\gebcyvu.Vdll
C:\WINNT\system32\imon1.dat
C:\WINNT\system32\ndt2.txt
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\rjexvirjVON610C.dll
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\nsf8F.tmp\kkripfeoc.exe
C:\Programmi\Windows NT\svchost.exe
C:\WINNT\system32\MSupdate.exe
C:\WINNT\system32\perfs.exe
C:\Programmi\Internet Explorer\MsnMgr8.exe

registry keys to delete:
HKLM\system\currentcontrolset\services\Msn Messenger v8
HKLM\system\currentcontrolset\services\perfmons
HKLM\system\currentcontrolset\services\Windows Accountis Mainagzes

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato con un log aggiornato di hijackthis.

Dopo collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
comdan
Mortale pio
Mortale pio


Registrato: 01/12/07 19:29
Messaggi: 27
MessaggioInviato: 08 Dic 2007 10:54    Oggetto: Rispondi citando
ECCO IL FILE DI AVENGER


*******************

Script file located at: \??\C:\WINNT\anilksen.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\bat.bat deleted successfully.
File C:\explorer deleted successfully.
File C:\gz deleted successfully.
File C:\ingen.exe deleted successfully.
File C:\luxe.exe deleted successfully.
File C:\luxe3.exe deleted successfully.
File C:\luxe4568.exe deleted successfully.
File C:\WINNT\run2.vbs deleted successfully.
File C:\WINNT\DELME.BAT deleted successfully.
File C:\WINNT\run.vbs deleted successfully.
File C:\WINNT\home.vbs deleted successfully.
File C:\WINNT\system32\ndt2.sys deleted successfully.
File C:\WINNT\system32\Indt2.sys deleted successfully.


File C:\WINNT\system32\gebcyvu.Vdll not found!
Deletion of file C:\WINNT\system32\gebcyvu.Vdll failed!

Could not process line:
C:\WINNT\system32\gebcyvu.Vdll
Status: 0xc0000034

File C:\WINNT\system32\imon1.dat deleted successfully.
File C:\WINNT\system32\ndt2.txt deleted successfully.


File C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\rjexvirjVON610C.dll not found!
Deletion of file C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\rjexvirjVON610C.dll failed!

Could not process line:
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\rjexvirjVON610C.dll
Status: 0xc0000034



File C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\nsf8F.tmp\kkripfeoc.exe not found!
Deletion of file C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\nsf8F.tmp\kkripfeoc.exe failed!

Could not process line:
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\nsf8F.tmp\kkripfeoc.exe
Status: 0xc0000034

File C:\Programmi\Windows NT\svchost.exe deleted successfully.


File C:\WINNT\system32\MSupdate.exe not found!
Deletion of file C:\WINNT\system32\MSupdate.exe failed!

Could not process line:
C:\WINNT\system32\MSupdate.exe
Status: 0xc0000034



File C:\WINNT\system32\perfs.exe not found!
Deletion of file C:\WINNT\system32\perfs.exe failed!

Could not process line:
C:\WINNT\system32\perfs.exe
Status: 0xc0000034

File C:\Programmi\Internet Explorer\MsnMgr8.exe deleted successfully.
Registry key HKLM\system\currentcontrolset\services\Msn Messenger v8 deleted successfully.


Registry key HKLM\system\currentcontrolset\services\perfmons not found!
Deletion of registry key HKLM\system\currentcontrolset\services\perfmons failed!

Could not process line:
HKLM\system\currentcontrolset\services\perfmons
Status: 0xc0000034

Registry key HKLM\system\currentcontrolset\services\Windows Accountis Mainagzes deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


ECCO IL FILE LOG AGGIORNATO:
Logfile of HijackThis v1.98.2
Scan saved at 9.35.49, on 08/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Programmi\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\Programmi\Eset\nod32krn.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Compaq\EAB\EabServr.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\PRPCUI.exe
C:\Programmi\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Widcomm\Bluetooth Software\BTTray.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Widcomm\Bluetooth Software\BTStackServer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis1982.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/italian
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [hkss] C:\Programmi\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = C:\Programmi\Widcomm\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Apri immagine in &Microsoft PhotoDraw - res://c:\PROGRA~1\MICROS~2\office\1040\phdintl.dll/phdContext.htm
O15 - Trusted Zone: *.rossoalice.it
O15 - Trusted Zone: *.rossoalice.virgilio.it
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188372586214
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5l.incredimail.com/contents/setup/2007090401/downloader_nu/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06DA4B8A-4836-4A3D-B953-798644F8C9A0}: NameServer = 212.17.192.56,212.17.192.216
O17 - HKLM\System\CS1\Services\Tcpip\..\{06DA4B8A-4836-4A3D-B953-798644F8C9A0}: NameServer = 212.17.192.56,212.17.192.216
O17 - HKLM\System\CS2\Services\Tcpip\..\{06DA4B8A-4836-4A3D-B953-798644F8C9A0}: NameServer = 212.17.192.56,212.17.192.216

A BREVE POSTERO' I LFILE PROTOTTO DA KASPERSKY
Top
Profilo Invia messaggio privato
comdan
Mortale pio
Mortale pio


Registrato: 01/12/07 19:29
Messaggi: 27
MessaggioInviato: 08 Dic 2007 13:17    Oggetto: Rispondi
Ecco il file:

KASPERSKYreport.html
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Vai a 1, 2, 3  Successivo
Pagina 1 di 3

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi