|
| Precedente :: Successivo |
| Autore |
Messaggio |
persekella
Comune mortale
Registrato: 06/06/08 18:10
Messaggi: 4
|
 Inviato: 06 Giu 2008 18:56 Oggetto: Potete controllare questi due log di combofix e Hijackthis? |
 |
|
Qualcuno potrebbe analizzare questi due log per favore? sto avendo da un po' problemi con il pc e...in più facendo la scansione con nod32 mi individua un virus che sta nella cartella system volume infomation (non nell hd dove è installato il SO), ma non lo elimina...aspetto le vostre risposte... 
ComboFix 08-06-05.3 - Simo! 2008-06-06 17.46.21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.347 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Simo!\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-05-06 al 2008-06-06 )))))))))))))))))))))))))))))))))))
.
2008-06-06 13:10 . 2008-06-06 13:13 <DIR> d-------- C:\Programmi\a-squared Free
2008-06-05 20:47 . 2008-06-05 20:47 <DIR> d-------- C:\Programmi\Avira
2008-06-05 20:47 . 2008-06-06 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-06-05 20:17 . 2008-06-05 20:17 <DIR> d-------- C:\Programmi\CCleaner
2008-06-05 20:13 . 2008-06-05 20:13 <DIR> d-------- C:\Documents and Settings\Simo!\Dati applicazioni\UpdateStar
2008-06-05 17:43 . 2008-06-05 17:43 <DIR> d-------- C:\Programmi\Alwil Software
2008-06-05 10:53 . 2008-06-05 19:59 <DIR> d-------- C:\Programmi\Panda Security
2008-06-04 11:02 . 2008-06-04 11:02 203 --a------ C:\WINDOWS\GSdx9.INI
2008-06-01 12:10 . 2008-06-03 22:15 <DIR> d-------- C:\Programmi\Pcsx2_0.9.4
2008-05-25 17:29 . 2008-06-05 20:02 <DIR> d-------- C:\Documents and Settings\Simo!\.VirtualBox
2008-05-25 17:27 . 2008-04-30 22:12 55,424 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-05-25 17:27 . 2008-04-30 22:12 42,048 --a------ C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-05-13 13:08 . 2008-05-13 13:08 <DIR> d-------- C:\Programmi\Vivendi Universal Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 18:02 --------- d-----w C:\Documents and Settings\Simo!\Dati applicazioni\Eltima Software
2008-06-05 17:58 --------- d-----w C:\Programmi\Magic RM to MP3 Converter
2008-06-05 17:56 --------- d-----w C:\Programmi\CaptureMAX 2
2008-06-05 07:48 --------- d-----w C:\Programmi\MSN Messenger
2008-06-05 07:48 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-06-04 10:13 --------- d-----w C:\Programmi\eMule
2008-05-20 17:08 --------- d-----w C:\Programmi\ZipCentral
2008-05-13 11:08 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-28 07:51 --------- d-----w C:\Programmi\Java
2008-04-17 10:08 --------- d-----w C:\Documents and Settings\Simo!\Dati applicazioni\Apple Computer
2008-04-17 10:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-04-17 10:07 --------- d-----w C:\Programmi\QuickTime
2008-04-17 10:06 --------- d-----w C:\Programmi\File comuni\Apple
2008-04-17 09:57 --------- d-----w C:\Programmi\Apple Software Update
2008-04-17 09:57 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-04-07 11:02 --------- d-----w C:\Programmi\UltraISO
2008-04-07 11:02 --------- d-----w C:\Programmi\File comuni\EZB Systems
2008-04-07 10:51 --------- d-----w C:\Programmi\Smart Projects
2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\windows\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\windows\system32\win32k.sys
2008-03-04 12:05 10 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\mmrpplic.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-26 16:09 68856]
"UpdateStar"="C:\Documents and Settings\Simo!\Dati applicazioni\UpdateStar\UpdateStar.exe" [2008-06-04 12:36 3990192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 15:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 01:32 5537792]
"nwiz"="nwiz.exe" [2005-02-24 01:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Sunkist2k"="C:\Programmi\Multimedia Card Reader\shwicon2k.exe" [2005-02-25 16:54 131072]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 01:32 86016]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 12:28 172032]
"HPHUPD06"="C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 06:53 49152]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38 49152]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 06:44 659456]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-02-20 11:33 917504]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-03-02 14:00 160256]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
C:\Documents and Settings\Simo!\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Agenda Calendario per la Mia Edizione Personalizzata di Ulead Photo Express 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Agenda Calendario per la Mia Edizione Personalizzata di Ulead Photo Express 4.0.lnk
backup=C:\windows\pss\Agenda Calendario per la Mia Edizione Personalizzata di Ulead Photo Express 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-05-13 17:11 1397760 C:\Programmi\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-04-26 05:22 589824 C:\Programmi\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule1
"4672:UDP"= 4672:UDP:emule2
"86:TCP"= 86:TCP:BroadCam Web Server
R3 Video3D;ASUS Video3D Service;C:\windows\system32\Drivers\Video3D.sys [2004-07-06 19:56]
S3 CA500AI;GSmart Mini Still Image Capture;C:\windows\system32\Drivers\BULK2NM.sys [2002-07-22 09:48]
S3 CA500AV;GSmart Mini WDM Video Capture;C:\windows\system32\DRIVERS\CA500AV.SYS [2002-07-19 11:05]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0fe9e09-ffd0-11db-a99f-0015f20e1ff6}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open
*Newly Created Service* - A2FREE
*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-26 08:24:12 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-06-06 14:51:01 C:\windows\Tasks\HP Usg Daily FY04.job"
- C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 17:53:14
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\windows\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-06-06 18.03.08
ComboFix-quarantined-files.txt 2008-06-06 16:01:58
12 Directory 59,686,014,976 byte disponibili
16 Directory 59,477,323,776 byte disponibili
141 --- E O F --- 2008-05-29 07:56:14
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.56.25, on 06/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\windows\SOUNDMAN.EXE
C:\windows\System32\svchost.exe
C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe
C:\windows\system32\rundll32.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\windows\system32\wscntfy.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Simo!\Dati applicazioni\UpdateStar\UpdateStar.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\file install\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1040
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [UpdateStar] C:\Documents and Settings\Simo!\Dati applicazioni\UpdateStar\UpdateStar.exe -A
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8A08AB9-68D2-4549-A341-79249DECE249}: NameServer = 85.37.17.11,151.99.125.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8811 bytes |
|
| Top |
|
 |
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 07 Giu 2008 10:08 Oggetto: Re: Potete controllare questi due log di combofix e Hijackth |
|
|
| persekella ha scritto: | e...in più facendo la scansione con nod32 mi individua un virus che sta nella cartella system volume infomation (non nell hd dove è installato il SO), ma non lo elimina...aspetto le vostre risposte...
|
E' la cartella del ripristino di sistema, quindi basta che lo disattivi;
Poi c'è una infezione che si trasferisce mediante le chiavette USB;
| Citazione: | [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0fe9e09-ffd0-11db-a99f-0015f20e1ff6}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open
|
Ora disattiva il riconoscimento automatico delle chiavette USB serve il programma TweakUI scaricabile da questa pagina e installalo.
Una volta installato, eseguilo e procedi con questi passaggi:
| Citazione: | Espandi la sezione My Computer
Espandi la sottosezione Autoplay
Spostati in Types
Togli il segno di spunta a Enable Autoplay for removable drives
Clicca su Apply
Chiudi TweakUI
PS: Con Espandi intendo: clicca sul simbolo [+] di fianco alle voci che ti ho indicato
Da questo momento tutti gli apparati USB smetteranno di avviarsi automaticamente.
Inserisci le tue chiavette e fai un check delle stesse con il tuo antivirus.
Quando sei sicuro che tutto è a posto, puoi riabilitare l'avvio automatico, rifacendo lo stesso percorso che ti ho indicato. |
Adesso fa le scansioni con questi:
CCleaner;
Combofix;
Virit;
Hijackthis; |
|
| Top |
|
|
persekella
Comune mortale
Registrato: 06/06/08 18:10
Messaggi: 4
|
| Inviato: 07 Giu 2008 15:57 Oggetto: |
|
|
Allora...innanzitutto grazie per l'aiuto, ho fatto tutte le scansioni ke hai detto (nod 32 continua a rilevarmi un file infetto nella cartella system volume information).Poi da un po' di tempo mi capita ua cosa strana ossia, certe volte all'mprovviso non posso più spostare (premendo e trascinando) alcun tipo di file o cartella, scompaiono le icone del menu di avvio e se apro una cartella manca la barra delle applicazioni (non so se si kiama così), quella ke sta sulla parte sinistra della finestra, dove c'è scritto operazioni file e cartella,altre risorse,dettagli...cosa è successo??
lascio di seguito i log di combofix e hijackthis....grazie ancora per l'aiuto |
|
| Top |
|
|
persekella
Comune mortale
Registrato: 06/06/08 18:10
Messaggi: 4
|
| Inviato: 07 Giu 2008 16:00 Oggetto: |
|
|
ComboFix 08-06-05.3 - Simo! 2008-06-07 15.36.39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.559 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Simo!\Desktop\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-05-07 al 2008-06-07 )))))))))))))))))))))))))))))))))))
.
2008-06-07 14:35 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-07 14:34 . 2008-06-07 14:40 <DIR> d-------- C:\VEXPLITE
2008-06-07 10:16 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-06-07 10:16 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-06-06 13:10 . 2008-06-06 13:13 <DIR> d-------- C:\Programmi\a-squared Free
2008-06-05 20:47 . 2008-06-07 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-06-05 20:17 . 2008-06-05 20:17 <DIR> d-------- C:\Programmi\CCleaner
2008-06-05 20:13 . 2008-06-05 20:13 <DIR> d-------- C:\Documents and Settings\Simo!\Dati applicazioni\UpdateStar
2008-06-05 17:43 . 2008-06-05 17:43 <DIR> d-------- C:\Programmi\Alwil Software
2008-06-05 10:53 . 2008-06-05 19:59 <DIR> d-------- C:\Programmi\Panda Security
2008-06-04 11:02 . 2008-06-04 11:02 203 --a------ C:\WINDOWS\GSdx9.INI
2008-06-01 12:10 . 2008-06-03 22:15 <DIR> d-------- C:\Programmi\Pcsx2_0.9.4
2008-05-25 17:29 . 2008-06-05 20:02 <DIR> d-------- C:\Documents and Settings\Simo!\.VirtualBox
2008-05-25 17:27 . 2008-04-30 22:12 55,424 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-05-25 17:27 . 2008-04-30 22:12 42,048 --a------ C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-05-13 13:08 . 2008-05-13 13:08 <DIR> d-------- C:\Programmi\Vivendi Universal Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 18:02 --------- d-----w C:\Documents and Settings\Simo!\Dati applicazioni\Eltima Software
2008-06-05 17:58 --------- d-----w C:\Programmi\Magic RM to MP3 Converter
2008-06-05 17:56 --------- d-----w C:\Programmi\CaptureMAX 2
2008-06-05 07:48 --------- d-----w C:\Programmi\MSN Messenger
2008-06-05 07:48 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-06-04 10:13 --------- d-----w C:\Programmi\eMule
2008-05-20 17:08 --------- d-----w C:\Programmi\ZipCentral
2008-05-13 11:08 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-28 07:51 --------- d-----w C:\Programmi\Java
2008-04-17 10:08 --------- d-----w C:\Documents and Settings\Simo!\Dati applicazioni\Apple Computer
2008-04-17 10:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-04-17 10:07 --------- d-----w C:\Programmi\QuickTime
2008-04-17 10:06 --------- d-----w C:\Programmi\File comuni\Apple
2008-04-17 09:57 --------- d-----w C:\Programmi\Apple Software Update
2008-04-17 09:57 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-04-07 11:02 --------- d-----w C:\Programmi\UltraISO
2008-04-07 11:02 --------- d-----w C:\Programmi\File comuni\EZB Systems
2008-04-07 10:51 --------- d-----w C:\Programmi\Smart Projects
2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\windows\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\windows\system32\win32k.sys
2008-03-04 12:05 10 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\mmrpplic.dat
.
((((((((((((((((((((((((((((( snapshot@2008-06-06_18.01.46.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-06 10:56:09 2,048 --s-a-w C:\windows\bootstat.dat
+ 2008-06-07 12:41:02 2,048 --s-a-w C:\windows\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-26 16:09 68856]
"UpdateStar"="C:\Documents and Settings\Simo!\Dati applicazioni\UpdateStar\UpdateStar.exe" [2008-06-04 12:36 3990192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 15:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 01:32 5537792]
"nwiz"="nwiz.exe" [2005-02-24 01:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Sunkist2k"="C:\Programmi\Multimedia Card Reader\shwicon2k.exe" [2005-02-25 16:54 131072]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 01:32 86016]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 12:28 172032]
"HPHUPD06"="C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 06:53 49152]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38 49152]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 06:44 659456]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-02-20 11:33 917504]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-03-02 14:00 160256]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
C:\Documents and Settings\Simo!\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Agenda Calendario per la Mia Edizione Personalizzata di Ulead Photo Express 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Agenda Calendario per la Mia Edizione Personalizzata di Ulead Photo Express 4.0.lnk
backup=C:\windows\pss\Agenda Calendario per la Mia Edizione Personalizzata di Ulead Photo Express 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-05-13 17:11 1397760 C:\Programmi\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-04-26 05:22 589824 C:\Programmi\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule1
"4672:UDP"= 4672:UDP:emule2
"86:TCP"= 86:TCP:BroadCam Web Server
R0 VIRAGTLT;VIRAGTLT;C:\windows\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-06-07 14:36]
R3 Video3D;ASUS Video3D Service;C:\windows\system32\Drivers\Video3D.sys [2004-07-06 19:56]
S3 CA500AI;GSmart Mini Still Image Capture;C:\windows\system32\Drivers\BULK2NM.sys [2002-07-22 09:48]
S3 CA500AV;GSmart Mini WDM Video Capture;C:\windows\system32\DRIVERS\CA500AV.SYS [2002-07-19 11:05]
*Newly Created Service* - VIRAGTLT
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-26 08:24:12 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-06-07 10:51:01 C:\windows\Tasks\HP Usg Daily FY04.job"
- C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 15:39:56
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\windows\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-06-07 15.40.46
ComboFix-quarantined-files.txt 2008-06-07 13:40:40
ComboFix2.txt 2008-06-06 16:03:09
13 Directory 60,306,243,584 byte disponibili
17 Directory 60,301,049,856 byte disponibili
145 --- E O F --- 2008-05-29 07:56:14
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.33.13, on 07/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\windows\system32\nvsvc32.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\VEXPLITE\viritsvc.exe
C:\windows\SOUNDMAN.EXE
C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe
C:\windows\System32\svchost.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\windows\system32\rundll32.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Simo!\Dati applicazioni\UpdateStar\UpdateStar.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system32\wscntfy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\file install\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1040
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [UpdateStar] C:\Documents and Settings\Simo!\Dati applicazioni\UpdateStar\UpdateStar.exe -A
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8A08AB9-68D2-4549-A341-79249DECE249}: NameServer = 85.37.17.11,151.99.125.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 8906 bytes |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 07 Giu 2008 18:43 Oggetto: |
|
|
| Manca il log di VirIT... |
|
| Top |
|
|
persekella
Comune mortale
Registrato: 06/06/08 18:10
Messaggi: 4
|
| Inviato: 07 Giu 2008 18:57 Oggetto: |
|
|
ok scusa me ne ero dimenticata  ...eccolo
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
07/06/2008 - 14:51:29
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 78600.
Files Totali: 78600.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
--------------------------------------------------------
07/06/2008 - 15:23:03
[SCANSIONE DEL REGISTRO]
OK
[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 23825.
Files Totali: 23825.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
--------------------------------------------------------
07/06/2008 - 15:31:24
[SCANSIONE DEL REGISTRO]
OK
[D:\System Volume Information]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 0.
Files Totali: 0.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0. |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 07 Giu 2008 19:19 Oggetto: |
 |
|
VirIT non ha trovato nulla....
Fai la scansione con Systemscan e posta il log generato come
indicato quì |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
