|
| Precedente :: Successivo |
| Autore |
Messaggio |
VORTIKO
Eroe
Registrato: 05/01/07 23:07
Messaggi: 44
|
 Inviato: 28 Mag 2008 23:25 Oggetto: pubblicità |
 |
|
Ciao a tutti...
Ho un grosso problema col pc (del lavoro.... sigh)
Un qualche malware mi ha infestato il pc e mi ridireziona ie verso siti tipo suonerie, casinò etc...
Ho provato con tutti gli antispyware che conosco.... niente....
Vi posto il mio log di hijackthis e spero che qualcuno sia in grado di darmi una mano... grazie anticipatamente...
Logfile of HijackThis v1.99.1
Scan saved at 23.15.42, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\nsl.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\IBM\Mobility Client\artdhcp.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\PROGRA~1\COMMON~1\ILSOLE~1\lm\LMwd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Lotus\Notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Safeguard\Sgeasy\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\system32\SgLogPlayer.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Safeguard\Sgeasy\SafeGuard Easy\WksCfgSrv.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Safeguard\Sgeasy\SafeGuard Easy\Ecview.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\dmantegazza\Desktop\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it-pwcportal:8888/KMportal/jsp/KMhome.jsp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dvpn/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = it-proxy:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;10.39.*;127.0.0.1;localhost;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\LANDesk\LDClient\softmon.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Checkrescue] C:\Windows\CheckRescue.exe
O4 - HKLM\..\Run: [myprinter] c:\Program files\myprinter\myprinter.exe
O4 - HKLM\..\Run: [SgeEcView] C:\Safeguard\Sgeasy\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [EdWizard] C:\Safeguard\Sgeasy\SafeGuard Easy\EdWizard.exe as
O4 - HKLM\..\Run: [PasswordManager] "C:\Program Files\PasswordManager\PasswordManager.exe" /startup
O4 - HKLM\..\Run: [Delayexec ScriptLogon] delayexec "c:\pwcutilities\Scriptlogon.exe" 60
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [BM4f7a3136] Rundll32.exe "C:\WINDOWS\system32\geuifxuy.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Program Files\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Umail - {663FB9C7-D05D-4709-9C0B-DFFD24255F07} - http://www.umail.it (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://it-pwcportal:8888/KMportal/jsp/KMhome.jsp
O15 - Trusted Zone: http://*.it-milprt100
O15 - Trusted Zone: http://*.it-pwcportal
O15 - Trusted Zone: http://*.knowledgecurve.com
O15 - Trusted Zone: http://*.pwcinternal.com
O15 - Trusted Zone: http://*.it-milprt100 (HKLM)
O15 - Trusted Zone: http://*.it-pwcportal (HKLM)
O15 - Trusted IP range: http://10.39.221.168
O15 - Trusted IP range: http://10.39.221.168 (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = it.ema.ad.pwcinternal.com
O17 - HKLM\Software\..\Telephony: DomainName = it.ema.ad.pwcinternal.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = it.ema.ad.pwcinternal.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = it.ema.ad.pwcinternal.com,it.ema.pwcinternal.com,pwcinternal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = it.ema.ad.pwcinternal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = it.ema.ad.pwcinternal.com,it.ema.pwcinternal.com,pwcinternal.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = it.ema.ad.pwcinternal.com,it.ema.pwcinternal.com,pwcinternal.com
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: IBM Mobility Client DHCP Control (artdhcp) - Unknown owner - C:\Program Files\IBM\Mobility Client\artdhcp.exe
O23 - Service: Mobility Client (ArtourService) - Unknown owner - C:\Program Files\IBM\Mobility Client\artsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LMwd - Unknown owner - C:\PROGRA~1\COMMON~1\ILSOLE~1\lm\LMwd.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: Colligo Admin (PWSSvc) - Unknown owner - C:\Program Files\Colligo Networks\Colligo TeamSync 4.0\pwssvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Safeguard\Sgeasy\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Safeguard\Sgeasy\SafeGuard Easy\WksCfgSrv.exe |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 29 Mag 2008 13:10 Oggetto: Re: pubblicità |
|
|
| VORTIKO ha scritto: | | Logfile of HijackThis v1.99.1 |
Scarica la versione aggiornata di Hijackthis e salvalo in una sua cartella non temporanea e non sul desktop. 
- Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
- Fai una scansione cone Norman Malware Cleaner.
- Scarica il programma
- Avvia il pc in modalità provvisoria.
- Avvia Norman Malware Cleaner e fagli fare la scansione completa.
- Alla fine della scansione viene generato un log sul desktop chiamato NFix_2008-MM-gg_hh-mm-ss.log.
- Riavvia il computer in modalità normale
- Segui le istruzioni di questo topic per eseguire combofix.
- Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di Norman Malware Cleaner su FreeFileHosting come indicato qui e posta il link che ti viene assegnato
- Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio
|
|
| Top |
|
|
VORTIKO
Eroe
Registrato: 05/01/07 23:07
Messaggi: 44
|
| Inviato: 30 Mag 2008 01:51 Oggetto: FATTO... |
|
|
ri-grazie. ho seguito le tue istruzioni. non ho potuto entrare in modalità provvisoria perchè ho scoperto di non avere l'accesso da amministratore (il pc è del lavoro. l'accesso da amministratore lo recupero e semmai rifaccio il tutto come si deve).
il log di norman è a questo link:
NFix_2008-05-29_23-51-11.log
di seguito di posto il log di combofix:
ComboFix 08-05-29.1 - dmantegazza 2008-05-30 1.17.53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511 [GMT 2:00]
Running from: C:\Documents and Settings\dmantegazza\Desktop\VIRUS\ComboFix.exe.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BM4f7a3136.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ansnktpt.dll
C:\WINDOWS\system32\bieyfclk.dll
C:\WINDOWS\system32\byXnmmMg.dll
C:\WINDOWS\system32\dKSYxGgh.ini
C:\WINDOWS\system32\dKSYxGgh.ini2
C:\WINDOWS\system32\elftpajl.dll
C:\WINDOWS\system32\FfNoonpo.ini
C:\WINDOWS\system32\FfNoonpo.ini2
C:\WINDOWS\system32\geBtQiFV.dll
C:\WINDOWS\system32\geuifxuy.dll
C:\WINDOWS\system32\instsrv.exe
C:\WINDOWS\system32\ksvshmrx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nuyvwxqe.dll
C:\WINDOWS\system32\oxftkqsa.dll
C:\WINDOWS\system32\rfrakylt.ini
C:\WINDOWS\system32\tlykarfr.dll
C:\WINDOWS\system32\ucmoutsv.dll
C:\WINDOWS\system32\VFiQtBeg.ini
C:\WINDOWS\system32\VFiQtBeg.ini2
C:\WINDOWS\system32\vstuomcu.ini
C:\WINDOWS\system32\xlhogrpf.dll
C:\WINDOWS\system32\xrmhsvsk.ini
C:\WINDOWS\system32\xxyAQIBs.dll
C:\WINDOWS\system32\ygcluytm.ini
----- BITS: Possible infected sites -----
hxxp://IT
hxxp://it
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.
2008-05-29 23:16 . 2008-05-29 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-29 23:15 . 2008-05-29 23:15 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-29 23:15 . 2008-05-29 23:15 <DIR> d-------- C:\Program Files\CCleaner
2008-05-29 23:02 . 2008-05-29 23:02 <DIR> d-------- C:\WINDOWS\system32\InsFiles
2008-05-29 23:02 . 2003-01-09 16:21 527,980 -ra------ C:\WINDOWS\system32\drivers\torususb.sys
2008-05-29 23:02 . 2003-04-16 18:39 270,336 -ra------ C:\WINDOWS\system32\stmadsl.cpl
2008-05-29 23:02 . 2003-04-04 17:00 86,016 -ra------ C:\WINDOWS\stmtrace.exe
2008-05-29 23:02 . 2002-09-25 08:37 59,338 -ra------ C:\WINDOWS\system32\drivers\stmatm.sys
2008-05-29 22:58 . 2003-04-16 18:39 167,936 -ra------ C:\WINDOWS\system32\stmcfg32.dll
2008-05-29 22:58 . 2003-04-16 18:39 151,552 -ra------ C:\WINDOWS\system32\stmctrl.dll
2008-05-29 22:57 . 2008-05-29 22:57 <DIR> d-------- C:\Program Files\Fastrate USB 100
2008-05-28 23:32 . 2008-05-28 23:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-28 23:32 . 2008-05-28 23:32 <DIR> d-------- C:\Documents and Settings\dmantegazza\Application Data\Lavasoft
2008-05-28 22:24 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-05-28 22:24 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-05-28 22:23 . 2008-05-28 23:08 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-28 22:23 . 2008-05-28 22:23 <DIR> d-------- C:\Documents and Settings\dmantegazza\Application Data\PC Tools
2008-05-28 21:57 . 2008-05-28 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati Applicazioni
2008-05-28 21:56 . 2008-05-28 21:56 <DIR> d-------- C:\WINDOWS\Motive
2008-05-28 21:56 . 2008-05-28 21:56 <DIR> d-------- C:\Program Files\Pirelli
2008-05-28 21:56 . 2004-10-05 18:41 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2008-05-28 21:56 . 2004-10-05 18:41 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-05-28 21:55 . 2008-05-28 21:55 <DIR> d-------- C:\Program Files\Motive
2008-05-28 21:55 . 2008-05-28 21:55 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-05-28 21:54 . 2008-05-28 21:55 <DIR> d-------- C:\Program Files\Alice ti aiuta
2008-05-28 21:53 . 2008-05-28 21:53 <DIR> d-------- C:\Program Files\Telecom Italia
2008-05-28 10:32 . 2008-05-29 09:07 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-28 10:32 . 2008-05-29 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 18:51 . 2008-05-27 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-26 11:39 . 2008-05-26 11:39 48 --a------ C:\WINDOWS\system32\pdfutil.ini
2008-05-23 19:20 . 2008-05-29 16:13 <DIR> d-------- C:\Gerico2008
2008-05-20 09:18 . 2008-05-20 09:18 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-05-19 09:11 . 2008-05-19 09:11 <DIR> d-------- C:\Program Files\Wiz-Kit
2008-05-15 15:32 . 2008-05-15 15:32 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-14 12:36 . 2008-05-14 12:37 <DIR> d-------- C:\WINDOWS\MyClient1_5
2008-05-14 12:36 . 2001-08-14 03:10 131,072 --a------ C:\WINDOWS\Uninstal.EXE
2008-05-13 11:00 . 2008-05-29 12:40 <DIR> d-------- C:\Quarantine
2008-05-13 09:10 . 2008-05-13 09:10 <DIR> d-------- C:\Program Files\Common Files\Resource
2008-05-13 09:10 . 2008-05-13 09:10 <DIR> d-------- C:\Program Files\Common Files\ADDINS
2008-04-29 09:22 . 2008-04-29 09:22 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-29 09:22 . 2008-01-24 20:50 171,400 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-04-29 09:22 . 2008-01-24 20:50 72,936 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-04-29 09:22 . 2008-01-24 20:50 64,232 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2008-04-29 09:22 . 2008-01-24 20:50 52,104 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2008-04-29 09:22 . 2008-01-24 20:50 33,960 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-04-29 09:21 . 2008-04-29 09:22 <DIR> d-------- C:\Program Files\McAfee
2008-04-29 09:21 . 2008-04-29 09:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-29 09:21 . 2008-02-12 15:42 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2008-04-29 09:21 . 2008-02-12 15:42 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 21:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 19:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-27 16:47 --------- d-----w C:\Program Files\PasswordManager
2008-05-27 14:22 --------- d-----w C:\Program Files\Ipsoware
2008-05-26 12:37 --------- d-----w C:\Documents and Settings\dmantegazza\Application Data\AdobeUM
2008-05-07 15:00 753,664 ----a-w C:\WINDOWS\system32\Ipsmot2.dll
2008-04-29 10:06 --------- d-----w C:\Program Files\Dizionario
2008-04-29 07:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2008-04-29 07:20 --------- d-----w C:\Program Files\McAfeeInstallTool
2008-04-28 10:21 --------- d-----w C:\Program Files\Network Associates
2008-04-28 10:21 --------- d-----w C:\Program Files\Common Files\Network Associates
2008-04-24 08:23 1,675,264 ----a-w C:\WINDOWS\system32\prcoge20.dll
2008-04-21 07:53 94,208 ----a-w C:\WINDOWS\system32\WKFUtility.dll
2008-04-21 07:53 65,536 ----a-w C:\WINDOWS\system32\WKStampa.dll
2008-04-21 07:53 57,344 ----a-w C:\WINDOWS\system32\WKLogon.dll
2008-04-21 07:53 45,056 ----a-w C:\WINDOWS\system32\WKErrore.dll
2008-04-21 07:53 442,368 ----a-w C:\WINDOWS\system32\WKImpTempla.dll
2008-04-21 07:53 225,280 ----a-w C:\WINDOWS\system32\WKFTeseo.dll
2008-04-21 07:53 159,744 ----a-w C:\WINDOWS\system32\WKTraduzione.dll
2008-04-21 07:53 151,552 ----a-w C:\WINDOWS\system32\WKBilFisc2.exe
2008-04-21 07:53 126,976 ----a-w C:\WINDOWS\system32\WKVideo.dll
2008-04-21 07:53 122,880 ----a-w C:\WINDOWS\system32\WKFRtfTx.dll
2008-04-21 07:53 118,784 ----a-w C:\WINDOWS\system32\WKDb32.dll
2008-04-21 07:53 102,400 ----a-w C:\WINDOWS\system32\WKFUI.dll
2008-04-15 07:17 --------- d-----w C:\Program Files\Java
2008-04-08 07:43 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-08 07:43 299,008 ------w C:\WINDOWS\Setup3.EXE
2008-03-31 10:42 78,848 ----a-w C:\WINDOWS\system32\MSBIND.DLL
2008-03-31 10:42 747,520 ----a-w C:\WINDOWS\system32\MSDE.DLL
2008-03-31 10:42 334,848 ----a-w C:\WINDOWS\system32\MSDBRPT.DLL
2008-03-31 10:42 322,560 ----a-w C:\WINDOWS\system32\MSDBRPTR.DLL
2008-03-31 10:42 151,552 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-03-31 10:42 136,192 ----a-w C:\WINDOWS\system32\MSDERUN.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11378748-2035-41d9-833e-4a90a26b5750}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12ddc68e-616a-4a04-8614-a58ab51cbe64}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D803A47-47FC-4971-BA24-C40DFD03F13F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52E7754B-9A9F-46E5-A035-88E28E0CC6A3}]
C:\WINDOWS\system32\opnooNfF.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66DA1B3A-EBB3-4AFB-A913-BF7210419079}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8053AF4F-F35D-4EC6-A411-039EFB515CD8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{889E81B8-6331-434E-8511-07570AE3BC65}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A646E6A-7D26-44D4-A27A-FC360931906C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D3B9FBF-3429-412D-8E6C-B2688B7C6EE8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E182A797-179D-4EF8-91CD-3F555E56C5EA}]
C:\WINDOWS\system32\hgGxYSKd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB696A67-5816-44A6-A2F7-9F234CAC0DDB}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1B3F503-E138-454E-8B29-4FC97501A3A0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl]
@={ba930330-a721-11d3-a7b9-00500464ee16}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl2]
@={2030D939-54A7-4fea-9B06-49EA77EFC87F}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2003-10-21 02:35 20480]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 13:57 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 13:57 512000]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 19:04 864256]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-12-15 14:00 94208]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 02:22 237568]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-12-15 14:19 925696]
"Checkrescue"="C:\Windows\CheckRescue.exe" [2007-10-10 14:56 32768]
"myprinter"="c:\Program files\myprinter\myprinter.exe" [2007-03-27 13:24 204800]
"SgeEcView"="C:\Safeguard\Sgeasy\SafeGuard Easy\Ecview.exe" [2005-06-08 18:48 24576]
"EdWizard"="C:\Safeguard\Sgeasy\SafeGuard Easy\EdWizard.exe" [2005-06-08 18:28 245760]
"PasswordManager"="C:\Program Files\PasswordManager\PasswordManager.exe" [2007-10-01 16:45 1613824]
"Delayexec ScriptLogon"="delayexec c:\pwcutilities\Scriptlogon.exe" [ ]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2008-02-12 15:42 136512]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2008-01-24 20:50 111952]
"AdslTaskBar"="stmctrl.dll" [2003-04-16 18:39 151552 C:\WINDOWS\system32\stmctrl.dll]
"4c4902aa"="C:\WINDOWS\system32\ksvshmrx.dll" [ ]
"BM4f7a3136"="C:\WINDOWS\system32\bieyfclk.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Spyware Doctor"="" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Alice ti aiuta.lnk - C:\Program Files\Alice ti aiuta\bin\matcli.exe [2008-05-28 21:55:35 212992]
BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2005-11-01 15:10:32 581693]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= msimn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2006-01-31 22:13 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXnmmMg]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotLog]
SGLogEx.dll 2002-01-22 15:28 110592 C:\WINDOWS\system32\SGLogEx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SGLogNotification]
SGLogNotification.dll 2005-03-31 11:27 69632 C:\WINDOWS\system32\SGLogNotification.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 AES-256;AES-256;C:\WINDOWS\system32\DRIVERS\AES256.SYS [2005-06-08 18:47]
R0 SgeFlt;SgeFlt;C:\WINDOWS\system32\DRIVERS\SGEFLT.SYS [2005-06-08 18:48]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-11-30 15:58]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 12:18]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2003-10-21 02:35]
R2 artioctl;artioctl;C:\WINDOWS\system32\drivers\artioctl.sys [2005-02-03 08:14]
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2007-04-13 03:50]
R2 LMwd;LMwd;C:\PROGRA~1\COMMON~1\ILSOLE~1\lm\LMwd.exe [2007-12-18 12:41]
R3 ldblank;Screen Blanking driver for Remote Control;C:\WINDOWS\system32\DRIVERS\ldblank.sys [2005-08-01 14:43]
R3 ldmirror;ldmirror;C:\WINDOWS\system32\DRIVERS\ldmirror.sys [2005-08-03 07:21]
R3 mirrorflt;Mirror Filter Driver for Uninstall;C:\WINDOWS\system32\DRIVERS\mirrorflt.sys [2005-08-03 07:21]
R3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2007-04-13 03:50]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2002-09-25 08:37]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-12-08 14:54]
S2 smihlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys []
S3 artour;IBM Mobility Interface for Windows;C:\WINDOWS\system32\DRIVERS\artndint.sys [2005-02-03 08:14]
S3 cgondis;CGO NDIS Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\cgondis.sys [2005-09-28 09:54]
S3 Intel Remote Control Helper;Intel Remote Control Helper;C:\WINDOWS\system32\drivers\rch.sys [2004-10-26 15:52]
S3 PWSSvc;Colligo Admin;C:\Program Files\Colligo Networks\Colligo TeamSync 4.0\pwssvc.exe [2005-09-28 10:42]
S3 TaurusUsb;ADSL Modem USB Service 1.09a;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-01-09 16:21]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 16:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\PdtGuide.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45fbd521-db2b-11d8-8630-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\wmactedp.inf,PerUserStub,,4
.
Contents of the 'Scheduled Tasks' folder
"2007-06-12 07:07:34 C:\WINDOWS\Tasks\ddchuw.job"
e di seguito quello di hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:45, on 2008-05-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\nsl.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\Mobility Client\artdhcp.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\PROGRA~1\COMMON~1\ILSOLE~1\lm\LMwd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Lotus\Notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Safeguard\Sgeasy\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\system32\SgLogPlayer.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Safeguard\Sgeasy\SafeGuard Easy\WksCfgSrv.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Safeguard\Sgeasy\SafeGuard Easy\Ecview.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Documents and Settings\dmantegazza\Desktop\VIRUS\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dvpn/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = it-proxy:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;10.39.*;127.0.0.1;localhost;<local>
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {11378748-2035-41d9-833e-4a90a26b5750} - (no file)
O2 - BHO: (no name) - {12ddc68e-616a-4a04-8614-a58ab51cbe64} - (no file)
O2 - BHO: (no name) - {1D803A47-47FC-4971-BA24-C40DFD03F13F} - (no file)
O2 - BHO: (no name) - {52E7754B-9A9F-46E5-A035-88E28E0CC6A3} - C:\WINDOWS\system32\opnooNfF.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {66DA1B3A-EBB3-4AFB-A913-BF7210419079} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8053AF4F-F35D-4EC6-A411-039EFB515CD8} - (no file)
O2 - BHO: (no name) - {889E81B8-6331-434E-8511-07570AE3BC65} - (no file)
O2 - BHO: (no name) - {8A646E6A-7D26-44D4-A27A-FC360931906C} - (no file)
O2 - BHO: (no name) - {8D3B9FBF-3429-412D-8E6C-B2688B7C6EE8} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {E182A797-179D-4EF8-91CD-3F555E56C5EA} - C:\WINDOWS\system32\hgGxYSKd.dll (file missing)
O2 - BHO: (no name) - {EB696A67-5816-44A6-A2F7-9F234CAC0DDB} - (no file)
O2 - BHO: (no name) - {F1B3F503-E138-454E-8B29-4FC97501A3A0} - (no file)
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Checkrescue] C:\Windows\CheckRescue.exe
O4 - HKLM\..\Run: [myprinter] c:\Program files\myprinter\myprinter.exe
O4 - HKLM\..\Run: [SgeEcView] C:\Safeguard\Sgeasy\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [EdWizard] C:\Safeguard\Sgeasy\SafeGuard Easy\EdWizard.exe as
O4 - HKLM\..\Run: [PasswordManager] "C:\Program Files\PasswordManager\PasswordManager.exe" /startup
O4 - HKLM\..\Run: [Delayexec ScriptLogon] delayexec "c:\pwcutilities\Scriptlogon.exe" 60
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [4c4902aa] rundll32.exe "C:\WINDOWS\system32\ksvshmrx.dll",b
O4 - HKLM\..\Run: [BM4f7a3136] Rundll32.exe "C:\WINDOWS\system32\bieyfclk.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Program Files\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Umail - {663FB9C7-D05D-4709-9C0B-DFFD24255F07} - http://www.umail.it (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://it-pwcportal:8888/KMportal/jsp/KMhome.jsp
O15 - Trusted Zone: http://*.it-milprt100
O15 - Trusted Zone: http://*.it-pwcportal
O15 - Trusted Zone: http://*.knowledgecurve.com
O15 - Trusted Zone: http://*.pwcinternal.com
O15 - Trusted Zone: http://*.it-milprt100 (HKLM)
O15 - Trusted Zone: http://*.it-pwcportal (HKLM)
O15 - Trusted IP range: http://10.39.221.168
O15 - Trusted IP range: http://10.39.221.168 (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = it.ema.ad.pwcinternal.com
O17 - HKLM\Software\..\Telephony: DomainName = it.ema.ad.pwcinternal.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = it.ema.ad.pwcinternal.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = it.ema.ad.pwcinternal.com,it.ema.pwcinternal.com,pwcinternal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = it.ema.ad.pwcinternal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = it.ema.ad.pwcinternal.com,it.ema.pwcinternal.com,pwcinternal.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = it.ema.ad.pwcinternal.com,it.ema.pwcinternal.com,pwcinternal.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: byXnmmMg - C:\WINDOWS\
O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: IBM Mobility Client DHCP Control (artdhcp) - Unknown owner - C:\Program Files\IBM\Mobility Client\artdhcp.exe
O23 - Service: Mobility Client (ArtourService) - Unknown owner - C:\Program Files\IBM\Mobility Client\artsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LMwd - Unknown owner - C:\PROGRA~1\COMMON~1\ILSOLE~1\lm\LMwd.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: Colligo Admin (PWSSvc) - Unknown owner - C:\Program Files\Colligo Networks\Colligo TeamSync 4.0\pwssvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Safeguard\Sgeasy\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Safeguard\Sgeasy\SafeGuard Easy\WksCfgSrv.exe
--
End of file - 13387 bytes
E ri-ri-grazie.  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 30 Mag 2008 18:46 Oggetto: |
|
|
Purtroppo, il log di combofix è incompleto. 
Puoi ri-postarlo? |
|
| Top |
|
|
VORTIKO
Eroe
Registrato: 05/01/07 23:07
Messaggi: 44
|
| Inviato: 31 Mag 2008 01:48 Oggetto: Nuovo log di combofix |
|
|
| bdoriano ha scritto: | Purtroppo, il log di combofix è incompleto.
Puoi ri-postarlo? |
Ciao. Ho rifatto la scansione con Norman (in modalità provvisoria, come da tue precedenti istruzioni) e successivamente quella con Combofix (in modalità normale).
Ho caricato i log aggiornati di Norman e di Hijackthis su FreeFileHosting ai seguenti link:
NFix_2008-05-30_22-28-26.log
hijackthis_1212190544502.log
Di seguito ti ri-posto il log di combofix (e ti ringrazio già da subito. Mi spiace che il precedente log fosse incompleto...). Ciao 
ComboFix 08-05-29.1 - dmantegazza 2008-05-31 1:20:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.564 [GMT 2:00]
Running from: C:\Documents and Settings\dmantegazza\Desktop\VIRUS\ComboFix.exe.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BM4f7a3136.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ansnktpt.dll
C:\WINDOWS\system32\bieyfclk.dll
C:\WINDOWS\system32\byXnmmMg.dll
C:\WINDOWS\system32\dKSYxGgh.ini
C:\WINDOWS\system32\dKSYxGgh.ini2
C:\WINDOWS\system32\elftpajl.dll
C:\WINDOWS\system32\FfNoonpo.ini
C:\WINDOWS\system32\FfNoonpo.ini2
C:\WINDOWS\system32\geBtQiFV.dll
C:\WINDOWS\system32\geuifxuy.dll
C:\WINDOWS\system32\instsrv.exe
C:\WINDOWS\system32\ksvshmrx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nuyvwxqe.dll
C:\WINDOWS\system32\oxftkqsa.dll
C:\WINDOWS\system32\rfrakylt.ini
C:\WINDOWS\system32\tlykarfr.dll
C:\WINDOWS\system32\ucmoutsv.dll
C:\WINDOWS\system32\VFiQtBeg.ini
C:\WINDOWS\system32\VFiQtBeg.ini2
C:\WINDOWS\system32\vstuomcu.ini
C:\WINDOWS\system32\xlhogrpf.dll
C:\WINDOWS\system32\xrmhsvsk.ini
C:\WINDOWS\system32\xxyAQIBs.dll
C:\WINDOWS\system32\ygcluytm.ini
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.
2008-05-30 13:09 . 2008-05-30 13:10 <DIR> d-------- C:\Documents and Settings\Rescue
2008-05-29 23:15 . 2008-05-29 23:15 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-29 23:15 . 2008-05-29 23:15 <DIR> d-------- C:\Program Files\CCleaner
2008-05-29 23:02 . 2008-05-29 23:02 <DIR> d-------- C:\WINDOWS\system32\InsFiles
2008-05-29 23:02 . 2003-01-09 16:21 527,980 -ra------ C:\WINDOWS\system32\drivers\torususb.sys
2008-05-29 23:02 . 2003-04-16 18:39 270,336 -ra------ C:\WINDOWS\system32\stmadsl.cpl
2008-05-29 23:02 . 2003-04-04 17:00 86,016 -ra------ C:\WINDOWS\stmtrace.exe
2008-05-29 23:02 . 2002-09-25 08:37 59,338 -ra------ C:\WINDOWS\system32\drivers\stmatm.sys
2008-05-29 22:58 . 2003-04-16 18:39 167,936 -ra------ C:\WINDOWS\system32\stmcfg32.dll
2008-05-29 22:58 . 2003-04-16 18:39 151,552 -ra------ C:\WINDOWS\system32\stmctrl.dll
2008-05-29 22:57 . 2008-05-29 22:57 <DIR> d-------- C:\Program Files\Fastrate USB 100
2008-05-28 23:32 . 2008-05-28 23:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-28 23:32 . 2008-05-28 23:32 <DIR> d-------- C:\Documents and Settings\dmantegazza\Application Data\Lavasoft
2008-05-28 22:24 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-05-28 22:24 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-05-28 22:23 . 2008-05-28 23:08 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-28 22:23 . 2008-05-28 22:23 <DIR> d-------- C:\Documents and Settings\dmantegazza\Application Data\PC Tools
2008-05-28 21:57 . 2008-05-28 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati Applicazioni
2008-05-28 21:56 . 2008-05-28 21:56 <DIR> d-------- C:\WINDOWS\Motive
2008-05-28 21:56 . 2008-05-28 21:56 <DIR> d-------- C:\Program Files\Pirelli
2008-05-28 21:56 . 2004-10-05 18:41 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2008-05-28 21:56 . 2004-10-05 18:41 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-05-28 21:55 . 2008-05-28 21:55 <DIR> d-------- C:\Program Files\Motive
2008-05-28 21:55 . 2008-05-28 21:55 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-05-28 21:54 . 2008-05-28 21:55 <DIR> d-------- C:\Program Files\Alice ti aiuta
2008-05-28 21:53 . 2008-05-28 21:53 <DIR> d-------- C:\Program Files\Telecom Italia
2008-05-28 10:32 . 2008-05-30 16:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-28 10:32 . 2008-05-30 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 18:51 . 2008-05-27 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-26 11:39 . 2008-05-26 11:39 48 --a------ C:\WINDOWS\system32\pdfutil.ini
2008-05-23 19:20 . 2008-05-29 16:13 <DIR> d-------- C:\Gerico2008
2008-05-20 09:18 . 2008-05-20 09:18 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-05-19 09:11 . 2008-05-19 09:11 <DIR> d-------- C:\Program Files\Wiz-Kit
2008-05-15 15:32 . 2008-05-15 15:32 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-14 12:36 . 2008-05-14 12:37 <DIR> d-------- C:\WINDOWS\MyClient1_5
2008-05-14 12:36 . 2001-08-14 03:10 131,072 --a------ C:\WINDOWS\Uninstal.EXE
2008-05-13 11:00 . 2008-05-29 12:40 <DIR> d-------- C:\Quarantine
2008-05-13 09:10 . 2008-05-13 09:10 <DIR> d-------- C:\Program Files\Common Files\Resource
2008-05-13 09:10 . 2008-05-13 09:10 <DIR> d-------- C:\Program Files\Common Files\ADDINS
2008-04-29 09:22 . 2008-04-29 09:22 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-29 09:22 . 2008-01-24 20:50 171,400 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-04-29 09:22 . 2008-01-24 20:50 72,936 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-04-29 09:22 . 2008-01-24 20:50 64,232 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2008-04-29 09:22 . 2008-01-24 20:50 52,104 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2008-04-29 09:22 . 2008-01-24 20:50 33,960 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-04-29 09:21 . 2008-04-29 09:22 <DIR> d-------- C:\Program Files\McAfee
2008-04-29 09:21 . 2008-04-29 09:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-29 09:21 . 2008-02-12 15:42 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2008-04-29 09:21 . 2008-02-12 15:42 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
2008-04-28 12:21 . 2008-04-29 09:20 <DIR> d-------- C:\Program Files\McAfeeInstallTool
2008-04-08 09:42 . 2008-04-08 09:43 8,210 --a------ C:\WINDOWS\ST6UNST.011
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 21:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 19:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-27 16:47 --------- d-----w C:\Program Files\PasswordManager
2008-05-27 14:22 --------- d-----w C:\Program Files\Ipsoware
2008-05-26 12:37 --------- d-----w C:\Documents and Settings\dmantegazza\Application Data\AdobeUM
2008-05-07 15:00 753,664 ----a-w C:\WINDOWS\system32\Ipsmot2.dll
2008-04-29 10:06 --------- d-----w C:\Program Files\Dizionario
2008-04-29 07:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2008-04-28 10:21 --------- d-----w C:\Program Files\Network Associates
2008-04-28 10:21 --------- d-----w C:\Program Files\Common Files\Network Associates
2008-04-24 08:23 1,675,264 ----a-w C:\WINDOWS\system32\prcoge20.dll
2008-04-21 07:53 94,208 ----a-w C:\WINDOWS\system32\WKFUtility.dll
2008-04-21 07:53 65,536 ----a-w C:\WINDOWS\system32\WKStampa.dll
2008-04-21 07:53 57,344 ----a-w C:\WINDOWS\system32\WKLogon.dll
2008-04-21 07:53 45,056 ----a-w C:\WINDOWS\system32\WKErrore.dll
2008-04-21 07:53 442,368 ----a-w C:\WINDOWS\system32\WKImpTempla.dll
2008-04-21 07:53 225,280 ----a-w C:\WINDOWS\system32\WKFTeseo.dll
2008-04-21 07:53 159,744 ----a-w C:\WINDOWS\system32\WKTraduzione.dll
2008-04-21 07:53 151,552 ----a-w C:\WINDOWS\system32\WKBilFisc2.exe
2008-04-21 07:53 126,976 ----a-w C:\WINDOWS\system32\WKVideo.dll
2008-04-21 07:53 122,880 ----a-w C:\WINDOWS\system32\WKFRtfTx.dll
2008-04-21 07:53 118,784 ----a-w C:\WINDOWS\system32\WKDb32.dll
2008-04-21 07:53 102,400 ----a-w C:\WINDOWS\system32\WKFUI.dll
2008-04-15 07:17 --------- d-----w C:\Program Files\Java
2008-04-08 07:43 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-08 07:43 299,008 ------w C:\WINDOWS\Setup3.EXE
2008-03-31 10:42 78,848 ----a-w C:\WINDOWS\system32\MSBIND.DLL
2008-03-31 10:42 747,520 ----a-w C:\WINDOWS\system32\MSDE.DLL
2008-03-31 10:42 334,848 ----a-w C:\WINDOWS\system32\MSDBRPT.DLL
2008-03-31 10:42 322,560 ----a-w C:\WINDOWS\system32\MSDBRPTR.DLL
2008-03-31 10:42 151,552 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-03-31 10:42 136,192 ----a-w C:\WINDOWS\system32\MSDERUN.DLL
2008-02-28 09:53 53,248 ----a-w C:\WINDOWS\system32\HPZipm12.dll
2008-02-28 09:53 43,520 ----a-w C:\WINDOWS\system32\HPZinw12.dll
2008-02-21 12:18 122,880 ----a-w C:\WINDOWS\system32\winskd32.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-30_ 1.39.48.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 23:34:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-30 23:10:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52E7754B-9A9F-46E5-A035-88E28E0CC6A3}]
C:\WINDOWS\system32\opnooNfF.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E182A797-179D-4EF8-91CD-3F555E56C5EA}]
C:\WINDOWS\system32\hgGxYSKd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl]
@={ba930330-a721-11d3-a7b9-00500464ee16}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl2]
@={2030D939-54A7-4fea-9B06-49EA77EFC87F}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2003-10-21 02:35 20480]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 13:57 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 13:57 512000]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 19:04 864256]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-12-15 14:00 94208]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 02:22 237568]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-12-15 14:19 925696]
"Checkrescue"="C:\Windows\CheckRescue.exe" [2007-10-10 14:56 32768]
"myprinter"="c:\Program files\myprinter\myprinter.exe" [2007-03-27 13:24 204800]
"SgeEcView"="C:\Safeguard\Sgeasy\SafeGuard Easy\Ecview.exe" [2005-06-08 18:48 24576]
"EdWizard"="C:\Safeguard\Sgeasy\SafeGuard Easy\EdWizard.exe" [2005-06-08 18:28 245760]
"PasswordManager"="C:\Program Files\PasswordManager\PasswordManager.exe" [2007-10-01 16:45 1613824]
"Delayexec ScriptLogon"="delayexec c:\pwcutilities\Scriptlogon.exe" [ ]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2008-02-12 15:42 136512]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2008-01-24 20:50 111952]
"AdslTaskBar"="stmctrl.dll" [2003-04-16 18:39 151552 C:\WINDOWS\system32\stmctrl.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Spyware Doctor"="" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Alice ti aiuta.lnk - C:\Program Files\Alice ti aiuta\bin\matcli.exe [2008-05-28 21:55:35 212992]
BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2005-11-01 15:10:32 581693]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= msimn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2006-01-31 22:13 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotLog]
SGLogEx.dll 2002-01-22 15:28 110592 C:\WINDOWS\system32\SGLogEx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SGLogNotification]
SGLogNotification.dll 2005-03-31 11:27 69632 C:\WINDOWS\system32\SGLogNotification.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 AES-256;AES-256;C:\WINDOWS\system32\DRIVERS\AES256.SYS [2005-06-08 18:47]
R0 SgeFlt;SgeFlt;C:\WINDOWS\system32\DRIVERS\SGEFLT.SYS [2005-06-08 18:48]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-11-30 15:58]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 12:18]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2003-10-21 02:35]
R2 artioctl;artioctl;C:\WINDOWS\system32\drivers\artioctl.sys [2005-02-03 08:14]
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2007-04-13 03:50]
R2 LMwd;LMwd;C:\PROGRA~1\COMMON~1\ILSOLE~1\lm\LMwd.exe [2007-12-18 12:41]
R3 ldblank;Screen Blanking driver for Remote Control;C:\WINDOWS\system32\DRIVERS\ldblank.sys [2005-08-01 14:43]
R3 ldmirror;ldmirror;C:\WINDOWS\system32\DRIVERS\ldmirror.sys [2005-08-03 07:21]
R3 mirrorflt;Mirror Filter Driver for Uninstall;C:\WINDOWS\system32\DRIVERS\mirrorflt.sys [2005-08-03 07:21]
R3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2007-04-13 03:50]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2002-09-25 08:37]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-12-08 14:54]
S2 smihlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys []
S3 artour;IBM Mobility Interface for Windows;C:\WINDOWS\system32\DRIVERS\artndint.sys [2005-02-03 08:14]
S3 cgondis;CGO NDIS Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\cgondis.sys [2005-09-28 09:54]
S3 Intel Remote Control Helper;Intel Remote Control Helper;C:\WINDOWS\system32\drivers\rch.sys [2004-10-26 15:52]
S3 PWSSvc;Colligo Admin;C:\Program Files\Colligo Networks\Colligo TeamSync 4.0\pwssvc.exe [2005-09-28 10:42]
S3 TaurusUsb;ADSL Modem USB Service 1.09a;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-01-09 16:21]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 16:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\PdtGuide.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45fbd521-db2b-11d8-8630-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\wmactedp.inf,PerUserStub,,4
.
Contents of the 'Scheduled Tasks' folder
"2007-06-12 07:07:34 C:\WINDOWS\Tasks\ddchuw.job" |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 31 Mag 2008 10:08 Oggetto: |
|
|
Che cosa curiosa... 
Anche quest'ultimo log di combofix risulta troncato.
Vabbè, intanto mi guardo gli altri logs che hai postato.
Se puoi, fai queste operazioni:
- Fai questa scansione con Kaspersky e disinstallalo
- Fai questa scansione con VirIT
- Posta entrambi i logs generati
|
|
| Top |
|
|
VORTIKO
Eroe
Registrato: 05/01/07 23:07
Messaggi: 44
|
| Inviato: 01 Giu 2008 01:37 Oggetto: |
|
|
Ciao. Ho fatto la scansione con Kaspersky (in modalità provvisoria). Ho fatto anche la scansione con VirIt, però tieni presente che:
1. non ho potuto scaricare gli aggiornamenti di VirIT perché non riuscivo a connettermi (per problemi con le impostazioni di connessione dovute al settaggio del pc). 
2. ho fatto la scansione in modalità provvisoria perché ho avuto delle difficoltà: a) a rientrare in modalità normale dopo la scansione con Kaspersky: risolte disistallando Kaspersky in modalità provvisoria; b) ad accedere in modalità normale utilizzando il solito dominio ?aziendale?: risolte selezionando il dominio ?personale? del pc ed entrando con un account del tipo ?rescue? (lo stesso che utilizzo per entrare in modalità provvisoria quando non sono connesso alla rete aziendale).
I logs sono ai seguenti link:
Log_Kaspersky_31.05.08.txt
Log_VirIT_31.05.08.txt
Per quanto riguarda il fatto che il log di Combofix è incompleto, non sono in grado di darti spiegazioni. Non so se la cosa dipenda ? così come gli altri problemi incontrati ? da particolari settaggi del pc (visto che si tratta di un pc aziendale).
?ho fatto del mio meglio. ( ... il pc comunque va meglio rispetto a due giorni fa; purtroppo non ho potuto verificare come va quando è connesso ad internet ...). Ad ogni modo, grazie e buona domenica. |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 01 Giu 2008 14:36 Oggetto: |
|
|
Probabilmente, come utente, ci sono delle limitazioni che impediscono il corretto funzionamento di combofix.
Kaspersky e VirIT non hanno trovato nulla. Puoi disinstallare anche VirIT. 
Se puoi, prova a fare questa scansione con MBAM.
Scarica la versione aggiornata di Hijackthis e salvalo in una sua cartella non temporanea e non sul desktop.
- Chiudi Internet Explorer
- esegui hijackthis
- clicca su do a system scan only
- metti il segno di spunta a queste voci:
| Citazione: | O2 - BHO: (no name) - {52E7754B-9A9F-46E5-A035-88E28E0CC6A3} - C:\WINDOWS\system32\opnooNfF.dll (file missing)
O2 - BHO: (no name) - {E182A797-179D-4EF8-91CD-3F555E56C5EA} - C:\WINDOWS\system32\hgGxYSKd.dll (file missing) |
clicca fix checked
Riavvia il pc, rifai il log di hijackthis e postalo |
|
| Top |
|
|
VORTIKO
Eroe
Registrato: 05/01/07 23:07
Messaggi: 44
|
| Inviato: 01 Giu 2008 16:30 Oggetto: |
|
|
Ciao. Sono riuscito a reimpostare la connessione. Il problema era il file rasapi32.dll (l'ho semplicemente rinominato_soluzione trovata sfrugugliando nell'Olimpo ).
Per essere a posto con la coscienza, ho rifatto la scansione (in modalità normale) con VirIT (aggiornato a dovere), e, successivamente quella con MBAM (che un po' di roba l'ha beccata). I rispettivi log sono ai seguenti link:
log_VirIT_1.06.2008.txt
mbam-log-6-1-2008 (16-03-06).txt
Da ultimo, ho seguito le tue indicazioni (... grazie ...) per le scansioni con hijackthis, e di seguito ti posto il log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.16.38, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\nsl.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\IBM\Mobility Client\artdhcp.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\PROGRA~1\COMMON~1\ILSOLE~1\lm\LMwd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Lotus\Notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Safeguard\Sgeasy\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\system32\SgLogPlayer.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Safeguard\Sgeasy\SafeGuard Easy\WksCfgSrv.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Safeguard\Sgeasy\SafeGuard Easy\Ecview.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\dmantegazza\Desktop\VIRUS\hijack_1.06.2008\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it-pwcportal:8888/KMportal/jsp/KMhome.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.kaspersky.com/trials
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Checkrescue] C:\Windows\CheckRescue.exe
O4 - HKLM\..\Run: [myprinter] c:\Program files\myprinter\myprinter.exe
O4 - HKLM\..\Run: [SgeEcView] C:\Safeguard\Sgeasy\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [EdWizard] C:\Safeguard\Sgeasy\SafeGuard Easy\EdWizard.exe as
O4 - HKLM\..\Run: [PasswordManager] "C:\Program Files\PasswordManager\PasswordManager.exe" /startup
O4 - HKLM\..\Run: [Delayexec ScriptLogon] delayexec "c:\pwcutilities\Scriptlogon.exe" 60
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Umail - {663FB9C7-D05D-4709-9C0B-DFFD24255F07} - http://www.umail.it (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://it-pwcportal:8888/KMportal/jsp/KMhome.jsp
O15 - Trusted Zone: http://*.it-milprt100 (HKLM)
O15 - Trusted Zone: http://*.it-pwcportal (HKLM)
O15 - Trusted IP range: http://10.39.221.168 (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = it.ema.ad.pwcinternal.com
O17 - HKLM\Software\..\Telephony: DomainName = it.ema.ad.pwcinternal.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = it.ema.ad.pwcinternal.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = it.ema.ad.pwcinternal.com,it.ema.pwcinternal.com,pwcinternal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = it.ema.ad.pwcinternal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = it.ema.ad.pwcinternal.com,it.ema.pwcinternal.com,pwcinternal.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = it.ema.ad.pwcinternal.com,it.ema.pwcinternal.com,pwcinternal.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: IBM Mobility Client DHCP Control (artdhcp) - Unknown owner - C:\Program Files\IBM\Mobility Client\artdhcp.exe
O23 - Service: Mobility Client (ArtourService) - Unknown owner - C:\Program Files\IBM\Mobility Client\artsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LMwd - Unknown owner - C:\PROGRA~1\COMMON~1\ILSOLE~1\lm\LMwd.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: Colligo Admin (PWSSvc) - Unknown owner - C:\Program Files\Colligo Networks\Colligo TeamSync 4.0\pwssvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Safeguard\Sgeasy\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Safeguard\Sgeasy\SafeGuard Easy\WksCfgSrv.exe
--
End of file - 11193 bytes |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 02 Giu 2008 23:09 Oggetto: |
|
|
In teoria dovresti essere a posto.
Consiglio, però, di far dare un'occhiata al pc dal responsabile IT della tua ditta. (non vorrei che le varie pulizie avessero intaccato la configurazione del pc).  |
|
| Top |
|
|
VORTIKO
Eroe
Registrato: 05/01/07 23:07
Messaggi: 44
|
| Inviato: 03 Giu 2008 01:03 Oggetto: |
 |
|
Si, mi pare proprio che il pc sia a posto , e un'occhiata ai ragazzi dell'IT gliela farò dare.
A questo punto, TI RINGRAZIO nuovamente per il preziosissimo aiuto. Ciao e viva l'Olimpo! |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
