|
| Precedente :: Successivo |
| Autore |
Messaggio |
Teseus
Mortale adepto
Registrato: 02/07/07 21:01
Messaggi: 30
|
 Inviato: 23 Mag 2008 17:47 Oggetto: Avast: Allarme Virus, Messaggio sospetto! |
 |
|
Salve a tutti, avast mi apre insistentemente messaggi di allarme virus dicendo :" Troppe email identiche nell'intervallo di tempo selezionato " e mi da nomi di mittenti,destinatari e oggetti da me sconosciuti. Questo che segue è la scansione con Hijackthis:
Ho provato inutilmente a Fixare la voce O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe perchè poi mi riappare di nuovo.
Sapete risolvermi il problema?....vi ringrazio anticipatamente. |
|
| Top |
|
 |
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 23 Mag 2008 23:33 Oggetto: |
|
|
Ciao Teseus 
Come vedi ho rimosso il log perchè devi usare la versione aggiornata di Hijackthis;
inizia a fare le scansioni con questi:
CCleaner;
Combofix;
Virit;
Hijackthis;
Eseguili nell'ordine... |
|
| Top |
|
|
Teseus
Mortale adepto
Registrato: 02/07/07 21:01
Messaggi: 30
|
| Inviato: 28 Giu 2008 16:59 Oggetto: |
|
|
| Sante62 ha scritto: | Ciao Teseus
Come vedi ho rimosso il log perchè devi usare la versione aggiornata di Hijackthis;
inizia a fare le scansioni con questi:
CCleaner;
Combofix;
Virit;
Hijackthis;
Eseguili nell'ordine... |
Ciao...grazie per l'aiuto....rispondo dopo tanto tempo però perchè è sorto un problema. Ovvero quando ho disattivato avast,per far partire Combofix mi sono entrati nuovi virus e adesso mi sono ritrovato con dei postumi di quei virus...pare che nn se ne volgiono andare...tra l'altro hijackthis non mi cancella due voci sospette! hoi fatto la scansione con avast e mi ha tolto qualcosa,però sulla schermata del desktop c'è il seguente messaggio: Warning ! Spyreware dedected on your computer! Install an antivirus or spyreware remover to clean your computer!... inoltre mi è apparso più di una volta una schermata blu in inglese dove mi diceva che ci potrebbe essere un virus e quindi ci sono file infetti e programmi danneggiati....non sopro come comportarmi a questo punto!...I Virus che ho probabilmente mi rallentano internet e non mi fanno cambiare l'immagine del desktop....per il momento non ho visto queli potrebbero essere altri danni! e cmq fino a ieri sembrava che c'erano dei Cavalli di Troia nel computer e cmq dopo la pulizia con avast sembrano spariti!Mi affido a voi esperti sperando di essermi di aiuto...se può servire vi mando il Log File con Hijackthis"!...grazie anticipate e aspetto con ansia vostre risposte .
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.56.43, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ditommaso\Desktop\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8531F44D-90CF-4CB1-9571-89C5A65C0256} - c:\windows\system32\vnrzvos.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl05b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Documents and Settings\Ditommaso\Desktop\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [POSTRBT] C:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'Default user')
O4 - Startup: Collegamento a ashDisp.lnk = C:\Programmi\Alwil Software\Avast4\ashDisp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O15 - Trusted Zone: http://www.sostanze.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://grecen94unitedstates.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144071530904
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://barbie-grecen.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5049/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0066D0D3-64E2-482B-AF74-52278D792184}: NameServer = 85.37.17.16 85.38.28.68
O20 - Winlogon Notify: bfflbuii - C:\WINDOWS\SYSTEM32\vnrzvos.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
--
End of file - 11319 bytes |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 28 Giu 2008 22:03 Oggetto: |
|
|
Devi fare comunque quelle scansioni consigliate oltre a Hijackthis...
altrimenti non possiamo intervenire come si deve, comunque siano andate le cose... |
|
| Top |
|
|
Teseus
Mortale adepto
Registrato: 02/07/07 21:01
Messaggi: 30
|
| Inviato: 30 Giu 2008 11:05 Oggetto: |
|
|
OK...Ho fatto di nuovo la scansione con Combofix e Virit. Sembra che adesso vadano meglio le cose.Però prima di aprrimi la schermata del desktop appare nuovamente la scritta del Warning che mi dice che il mio computer è infetto da virus.Ultima cosa volevo sapere se i file infetti che Virit mi ha trovato me l'ha riparati o rimossi?..insomma dovevo far qualcosa una volta che mi ha trovato quei file infetti o ci ha pensato tutto lui??...Cmq riporto qui di seguito il Log di HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.55.21, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ditommaso\Desktop\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl05b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Documents and Settings\Ditommaso\Desktop\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [POSTRBT] C:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'Default user')
O4 - Startup: Collegamento a ashDisp.lnk = C:\Programmi\Alwil Software\Avast4\ashDisp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O15 - Trusted Zone: http://www.sostanze.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://grecen94unitedstates.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144071530904
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://barbie-grecen.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5049/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 11097 bytes
Grazie tante per la disponibilità! |
|
| Top |
|
|
Teseus
Mortale adepto
Registrato: 02/07/07 21:01
Messaggi: 30
|
| Inviato: 30 Giu 2008 11:07 Oggetto: |
|
|
Edit Sante62:
Log rimosso perchè doppione;
Cortesemente posta i log di Combofix e Virit... |
|
| Top |
|
|
Teseus
Mortale adepto
Registrato: 02/07/07 21:01
Messaggi: 30
|
| Inviato: 30 Giu 2008 12:34 Oggetto: |
|
|
nn sò come allegare i log...quindi te li metto qui di seguito.
Log di Combofix:
ComboFix 08-06-20.4 - Ditommaso 2008-06-29 16.41.21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.197 [GMT 2:00]Eseguito da: C:\Documents and Settings\Ditommaso\Desktop\COMBO-FIX.EXE
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Dati applicazioni\wsnpoem
C:\Documents and Settings\LocalService\Dati applicazioni\wsnpoem\audio.dll
C:\Documents and Settings\NetworkService\Dati applicazioni\wsnpoem
C:\Documents and Settings\NetworkService\Dati applicazioni\wsnpoem\audio.dll
C:\WINDOWS\system32\ho.ln
C:\WINDOWS\system32\kcopt.dll
C:\WINDOWS\system32\ko.o
C:\WINDOWS\system32\ksvcl.dll
C:\WINDOWS\system32\qmopt.dll
C:\WINDOWS\system32\vnrzvos.dll
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DGHIKVLI
-------\Service_dghikvli
-------\Service_lanmandrv
((((((((((((((((((((((((( Files Creati Da 2008-05-28 al 2008-06-29 )))))))))))))))))))))))))))))))))))
.
2067-05-19 16:06 . 2003-02-05 04:02 79,947 --a--c--- C:\WINDOWS\fw20.vxd
2008-06-28 18:06 . 2008-06-28 18:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-27 22:46 . 2008-06-27 23:46 109,056 --a------ C:\WINDOWS\scan.exe
2008-06-27 22:05 . 2008-06-27 23:46 109,056 --a------ C:\WINDOWS\index.exe
2008-06-27 21:05 . 2008-06-27 21:05 109,056 --a------ C:\WINDOWS\xix.exe
2008-06-27 20:26 . 2008-06-28 11:50 60,928 --a------ C:\WINDOWS\system32\blphcn0bj0ee21.scr
2008-06-27 20:25 . 2008-06-28 11:20 90,838 --a------ C:\WINDOWS\system32\phcn0bj0ee21.bmp
2008-06-27 17:48 . 2008-06-27 17:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-27 17:48 . 2008-06-27 17:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 15:36 . 2008-06-25 15:36 <DIR> d-------- C:\Programmi\File comuni\xing shared
2008-06-25 15:24 . 2008-06-25 15:24 <DIR> d-------- C:\Programmi\File comuni\AVSMedia
2008-06-25 15:24 . 2008-06-25 15:24 <DIR> d-------- C:\Documents and Settings\Ditommaso\Dati applicazioni\AVS4YOU
2008-06-25 15:24 . 2008-06-25 15:24 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-06-25 15:24 . 2006-03-03 10:02 658,432 --a------ C:\WINDOWS\system32\cc3270mt.dll
2008-06-25 15:23 . 2008-06-25 15:24 <DIR> d-------- C:\Programmi\AVS4YOU
2008-06-25 15:23 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-06-23 17:40 . 2008-06-23 17:40 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\MailFrontier
2008-06-23 17:40 . 2008-06-23 17:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-23 17:37 . 2008-06-23 18:17 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-06-23 13:10 . 2008-06-23 13:10 24,400 --a------ C:\Documents and Settings\Ditommaso\afjzojdm.exe
2008-06-23 13:01 . 2008-06-23 13:01 24,400 --a------ C:\Documents and Settings\Ditommaso\bpdpcyih.exe
2008-06-19 21:49 . 2004-08-04 08:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-19 21:49 . 2004-08-04 08:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-19 21:49 . 2008-06-19 21:49 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-19 21:49 . 2008-06-19 21:49 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-19 20:28 . 2008-06-19 20:28 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-06-19 20:28 . 2008-06-19 20:28 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-06-19 20:25 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-06-19 20:24 . 2008-06-19 20:24 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-06-19 20:23 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-19 20:23 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-06-19 20:23 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-06-19 20:23 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-06-19 20:23 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-06-19 20:23 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-13 17:25 . 2008-06-13 17:25 <DIR> d-------- C:\Documents and Settings\NetworkService\Dati applicazioni\phcclkct
2008-06-13 15:33 . 2008-06-13 15:33 <DIR> d-------- C:\Documents and Settings\Ditommaso\Dati applicazioni\phcclkct
2008-06-13 10:13 . 2008-06-13 15:33 <DIR> d-------- C:\Programmi\File comuni\Mozilla Shared
2008-06-12 10:02 . 2008-06-12 10:02 <DIR> d-------- C:\WINDOWS\system32\AppCert
2008-06-12 10:01 . 2002-11-05 17:59 128,000 --a------ C:\WINDOWS\system32\Dbcgdi32f.dll
2008-06-05 14:08 . 2008-06-09 21:47 <DIR> d-------- C:\Programmi\Sophos
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 13:56 --------- d-----w C:\Programmi\eMule
2008-06-25 13:36 --------- d-----w C:\Programmi\File comuni\Real
2008-06-24 21:55 --------- d-----w C:\Documents and Settings\Ditommaso\Dati applicazioni\Skype
2008-06-19 19:50 --------- d-----w C:\Documents and Settings\Ditommaso\Dati applicazioni\PC Suite
2008-06-19 19:50 --------- d-----w C:\Documents and Settings\Ditommaso\Dati applicazioni\Nokia
2008-06-19 18:27 --------- d-----w C:\Programmi\Nokia
2008-06-19 18:20 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-25 18:11 30,544 ----a-w C:\Documents and Settings\Ditommaso\dfreavcy.exe
2008-05-25 18:10 30,544 ----a-w C:\Documents and Settings\Ditommaso\quinnrgv.exe
2008-05-25 18:10 30,544 ----a-w C:\Documents and Settings\Ditommaso\ieeuxgls.exe
2008-05-25 16:48 --------- d-----w C:\Programmi\Enigma Software Group
2008-05-25 12:33 --------- d-----w C:\Documents and Settings\Ditommaso\Dati applicazioni\AXPFixer
2008-05-24 01:03 --------- d-----w C:\Programmi\Trend Micro
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-06 21:06 --------- d-----w C:\Programmi\LGGSM
2008-05-06 21:05 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-06 11:32 --------- d-----w C:\Documents and Settings\Ditommaso\Dati applicazioni\LimeWire
2008-05-02 12:06 --------- d-----w C:\Programmi\LimeWire
2007-12-14 17:21 0 ----a-w C:\Documents and Settings\Ditommaso\wn1001.exe
2007-09-09 21:22 774,144 ----a-w C:\Programmi\RngInterstitial.dll
.
C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below)
578,048 2005-03-02 18:20:03 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
579,072 2007-03-08 15:48:41 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
561,152 2003-09-25 17:08:05 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
561,152 2003-04-08 12:00:00 C:\WINDOWS\$NtUninstallKB824141$\user32.dll
578,048 2004-08-19 22:39:29 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
578,048 2005-03-02 18:10:24 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
578,048 2004-08-19 22:39:29 C:\WINDOWS\ServicePackFiles\i386\user32.dll
561,152 2004-06-17 17:55:43 C:\WINDOWS\SoftwareDistribution\Download\35c9202e0b6958f9f0063a1b6124f10e\sp1qfe\user32.dll
578,560 2008-05-25 12:32:03 C:\WINDOWS\system32\user32.DLL
578,560 2008-05-25 12:32:03 C:\WINDOWS\system32\dllcache\user32.dll
------- Sigcheck -------
2005-03-02 20:20 578048 488019bfe2b0f9f8cd8394276d5b664a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:48 579072 bab4f995e526484a235a276e269aaf7f C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2003-09-25 19:08 561152 a4478206df84006d711f91d0cb7abb0e C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2003-04-08 14:00 561152 bb4a220b198767e1848fcd64d3f1b96c C:\WINDOWS\$NtUninstallKB824141$\user32.dll
2004-08-20 00:39 578048 08447bdfce5d1b1956f962602381f5c1 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:10 578048 14b5d6b20467dba209853d65d1f6a124 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-20 00:39 578048 08447bdfce5d1b1956f962602381f5c1 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2004-06-17 19:55 561152 7c8719722df5aee059b5d4c79ac61a78 C:\WINDOWS\SoftwareDistribution\Download\35c9202e0b6958f9f0063a1b6124f10e\sp1qfe\user32.dll
2008-05-25 14:32 578560 ef47afbc7c4f644865a8c6892ea863e1 C:\WINDOWS\system32\user32.DLL
2008-05-25 14:32 578560 ef47afbc7c4f644865a8c6892ea863e1 C:\WINDOWS\system32\dllcache\user32.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-24_ 1.21.31.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:50 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:48:10 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:48:15 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:48:08 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:49:24 390,880 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2004-08-19 22:39:16 294,400 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\msctf.dll
+ 2007-03-06 01:48:15 215,776 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe
+ 2007-03-06 01:49:24 390,880 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\updspapi.dll
- 2008-05-23 23:10:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 14:51:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 17:59:10 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 12:58:24 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 12:58:25 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 12:58:25 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 12:58:25 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 12:58:25 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:57:16 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 12:58:25 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 12:58:26 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 12:58:26 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 12:58:26 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 12:58:28 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 12:58:28 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 12:58:28 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:57:30 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 12:58:29 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 12:58:30 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 12:58:30 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 16:28:32 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 12:58:32 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 12:58:32 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 12:58:32 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 12:58:32 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 12:58:32 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:48:14 215,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:49:24 390,880 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 12:58:32 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 12:58:32 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 12:58:33 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 12:58:33 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2008-06-19 18:23:36 3,262 ----a-r C:\WINDOWS\Installer\{4F1DCA42-2030-437C-A94E-736692A499C1}\ARPPRODUCTICON.exe
+ 2008-06-20 17:37:57 15,086 ----a-r C:\WINDOWS\Installer\{9C05FA75-0337-4523-AA57-9D3511018887}\ARPPRODUCTICON.exe
+ 2008-06-19 18:25:12 10,134 ----a-r C:\WINDOWS\Installer\{AC599724-5755-48C1-ABE7-ABB857652930}\ARPPRODUCTICON.exe
- 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-03-01 12:58:24 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:29 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-10-20 12:16:18 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-02 20:53:10 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2004-10-20 12:16:18 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-06-02 20:53:10 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2004-10-20 12:16:18 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-02 20:53:10 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-01 12:58:24 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:29 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-08-19 22:25:34 274,944 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-06-14 17:59:10 272,768 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
- 2008-03-01 12:58:25 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:29 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 12:58:25 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:29 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 12:58:25 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:29 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 12:58:25 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:29 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:57:16 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:42:21 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 12:58:25 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:29 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 12:58:26 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:29 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 12:58:26 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 12:58:26 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:29 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 12:58:28 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:30 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 12:58:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:30 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 12:58:28 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:30 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:57:30 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:42:39 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 12:58:29 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:30 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-26 11:59:50 294,912 -c----w C:\WINDOWS\system32\dllcache\msctf.dll
- 2008-03-01 12:58:30 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:30 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 12:58:30 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:30 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 16:28:32 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 20:16:32 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 12:58:32 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:31 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 12:58:32 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:31 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 12:58:32 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:31 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 12:58:32 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:31 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 12:58:32 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:31 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:42:50 1,292,800 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:14:42 1,292,800 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 12:58:32 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:31 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 12:58:32 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:31 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 12:58:33 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:31 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 12:58:33 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2003-04-08 12:00:00 23,424 ----a-w C:\WINDOWS\system32\drivers\jrcpdbyu.sys
- 2007-06-08 07:30:14 528,384 ----a-w C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2008-03-06 09:19:36 534,016 ----a-w C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2008-03-17 17:23:30 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
+ 2006-11-02 05:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys
+ 2006-11-02 05:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys
+ 2007-11-29 08:39:42 16,896 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\ccdcmb.sys
+ 2007-11-29 08:32:38 48,128 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\nmwcdcls.dll
+ 2007-11-29 08:39:44 95,744 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\nmwcdcocls.dll
+ 2007-11-29 08:33:04 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\wdfcoinstaller01005.dll
+ 2007-11-29 08:39:52 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbcj_B642931F7B28F01BE617200298CCA42B44AAC343\usbser_lowerfltj.sys
+ 2007-11-29 08:39:42 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbm_B642931F7B28F01BE617200298CCA42B44AAC343\usbser_lowerflt.sys
+ 2007-11-29 08:39:40 19,328 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbo_B642931F7B28F01BE617200298CCA42B44AAC343\ccdcmbo.sys
+ 2007-09-17 13:53:26 21,632 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys
+ 2008-03-06 09:19:36 534,016 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_CAEB6BB34654D5A4CAB32D7967078BA417F01F05\PCCSWpdDriver.dll
+ 2008-03-06 09:14:58 831,048 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_CAEB6BB34654D5A4CAB32D7967078BA417F01F05\WudfUpdate_01005.dll
- 2008-03-01 12:58:25 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:29 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 12:58:25 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:29 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 12:58:25 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:29 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2003-04-08 12:00:00 209,664 ----a-w C:\WINDOWS\system32\hjyullbr.dat
- 2008-03-01 12:58:25 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:29 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:57:16 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:42:21 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 12:58:25 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 12:58:26 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 12:58:26 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 12:58:26 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 12:58:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:30 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 12:58:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:30 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 12:58:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 12:58:29 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2003-04-08 12:00:00 6,490,880 ----a-w C:\WINDOWS\system32\jxyfslpw.dat
+ 2003-04-08 12:00:00 84,992 ----a-w C:\WINDOWS\system32\kdpswlf.dll
+ 2003-04-08 12:00:00 633,600 ----a-w C:\WINDOWS\system32\lemghkvx.dat
+ 2003-04-08 12:00:00 1,015,808 ----a-w C:\WINDOWS\system32\libeay32.dll
+ 2003-04-08 12:00:00 196,608 ----a-w C:\WINDOWS\system32\libssl32.dll
+ 2008-06-27 18:25:48 109,056 ----a-w C:\WINDOWS\system32\lphcn0bj0ee21.exe
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-19 22:39:16 294,400 ----a-w C:\WINDOWS\system32\msctf.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2008-03-01 12:58:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 12:58:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 16:28:32 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 20:16:32 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 12:58:32 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:31 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 12:58:32 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:31 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 12:58:32 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:31 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-02-22 09:15:12 90,624 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
+ 2007-11-29 08:32:38 48,128 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
- 2008-03-01 12:58:32 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:31 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-09-09 21:06:22 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-06-25 13:35:49 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2007-09-09 21:06:27 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-06-25 13:36:02 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2007-09-09 21:06:27 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-06-25 13:36:02 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2008-03-01 12:58:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:31 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-29 22:42:50 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:14:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
- 2007-09-09 21:06:34 185,688 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-06-25 13:36:34 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
- 2006-10-16 15:10:58 14,640 -c----w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:29 18,808 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-10-16 15:10:58 23,856 -c--a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-08 19:51:14 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2003-04-08 12:00:00 46,848 ----a-w C:\WINDOWS\system32\tscftxyr.dat
+ 2003-04-08 12:00:00 35,584 ----a-w C:\WINDOWS\system32\uqmwnakf.dat
- 2008-03-01 12:58:32 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:31 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 12:58:32 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:31 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2003-04-08 12:00:00 36,608 ----a-w C:\WINDOWS\system32\vbemaezm.dat
- 2008-03-01 12:58:33 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:31 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-01 12:58:33 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-06-08 06:11:12 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
+ 2008-03-06 09:14:58 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
+ 2008-06-29 14:51:15 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_494.dat
+ 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]
"ccleaner"="C:\Programmi\CCleaner\ccleaner.exe" [2008-06-25 15:58 1209584]
"PC Suite Tray"="C:\Documents and Settings\Ditommaso\Desktop\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-04-02 09:40 4616192]
"nwiz"="nwiz.exe" [2003-04-02 09:40 323584 C:\WINDOWS\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [2003-01-22 13:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 12:50 155648]
"RoxioEngineUtility"="C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe" [2003-02-27 06:31 69632]
"RoxioDragToDisc"="C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-02-27 05:36 757760]
"RoxioAudioCentral"="C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-02-26 17:50 253952]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-11 01:01 57393]
"IndexSearch"="C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-11 01:28 40960]
"SetDefPrt"="C:\Programmi\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Programmi\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 21:36 933888]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-06-25 15:35 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"POSTRBT"="C:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exe" [ ]
C:\Documents and Settings\Ditommaso\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a ashDisp.lnk - C:\Programmi\Alwil Software\Avast4\ashDisp.exe [2007-05-15 14:16:53 79224]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56 65588]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= (valor no establecido)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winei26.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45241:TCP"= 45241:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"22958:TCP"= 22958:TCP:@xpsp2res.dll,-22009
"9138:TCP"= 9138:TCP:@xpsp2res.dll,-22009
"59047:TCP"= 59047:TCP:@xpsp2res.dll,-22009
"46747:TCP"= 46747:TCP:@xpsp2res.dll,-22009
"42357:TCP"= 42357:TCP:@xpsp2res.dll,-22009
"23189:TCP"= 23189:TCP:@xpsp2res.dll,-22009
"63119:TCP"= 63119:TCP:@xpsp2res.dll,-22009
"3498:TCP"= 3498:TCP:@xpsp2res.dll,-22009
"13709:TCP"= 13709:TCP:@xpsp2res.dll,-22009
"16783:TCP"= 16783:TCP:@xpsp2res.dll,-22009
"18095:TCP"= 18095:TCP:@xpsp2res.dll,-22009
"15682:TCP"= 15682:TCP:@xpsp2res.dll,-22009
"47419:TCP"= 47419:TCP:@xpsp2res.dll,-22009
"16533:TCP"= 16533:TCP:@xpsp2res.dll,-22009
"34713:TCP"= 34713:TCP:@xpsp2res.dll,-22009
"31578:TCP"= 31578:TCP:@xpsp2res.dll,-22009
"9389:TCP"= 9389:TCP:@xpsp2res.dll,-22009
"51088:TCP"= 51088:TCP:@xpsp2res.dll,-22009
"4226:TCP"= 4226:TCP:@xpsp2res.dll,-22009
"28850:TCP"= 28850:TCP:@xpsp2res.dll,-22009
"21247:TCP"= 21247:TCP:@xpsp2res.dll,-22009
"38533:TCP"= 38533:TCP:@xpsp2res.dll,-22009
"38722:TCP"= 38722:TCP:@xpsp2res.dll,-22009
"54950:TCP"= 54950:TCP:@xpsp2res.dll,-22009
"34971:TCP"= 34971:TCP:@xpsp2res.dll,-22009
"10395:TCP"= 10395:TCP:@xpsp2res.dll,-22009
"49849:TCP"= 49849:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:45]
R3 brfilt;Driver filtro Brother MFC;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 21:12]
R3 brparimg;Driver Brother Multi Function Parallel Image;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 21:12]
R3 BrParWdm;Driver parallelo Brother WDM;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-30 20:18]
R3 BrSerWdm;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 17:39]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2002-09-25 08:37]
S0 Winei26;Winei26;C:\WINDOWS\system32\Drivers\Winei26.sys []
S2 FILESpy;FILESpy;C:\Programmi\BullGuard\filespy.sys []
S2 qandr;qandr;C:\WINDOWS\system32\drivers\qandr.sys []
S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 22:23]
S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\DITOMM~1\IMPOST~1\Temp\iMSPCLOj.sys []
S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2004-07-28 19:36]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\2.tmp []
S3 TaurusUsb;ADSL Modem USB Service 1.09a;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-01-09 16:21]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{200824f5-3263-11dd-bad3-000c6e91777d}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ed71e5f-b7dd-11dc-b9f8-000c6e91777d}]
\Shell\auto\command - F:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - F:\Knight.exe open
\Shell\find\command - F:\Knight.exe open
\Shell\install\command - F:\Knight.exe open
\Shell\open\command - F:\Knight.exe open
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ed71e60-b7dd-11dc-b9f8-000c6e91777d}]
\Shell\AutoRun\command - F:\AutoTransfer.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-29 14:54:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 16:52:33
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\2.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\BRSVC01A.EXE
C:\WINDOWS\system32\BRSS01A.EXE
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\BrmfRsmg.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-29 17:05:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 15:04:42
ComboFix2.txt 2008-05-23 23:22:47
28 Directory 57,037,860,864 byte disponibili
31 Directory 57,086,119,936 byte disponibili
525 --- E O F --- 2008-06-26 07:08:10
Log di Virit :
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
29/06/2008 - 17:29:03
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Documents and Settings\Ditommaso\dfreavcy.exe Infetto da Trojan.Win32.Dialer.Gen
C:\Documents and Settings\Ditommaso\ieeuxgls.exe Infetto da Trojan.Win32.Dialer.Gen
C:\Documents and Settings\Ditommaso\quinnrgv.exe Infetto da Trojan.Win32.Dialer.Gen
C:\Programmi\Trend Micro\HijackThis\backups\backup-20080612-184447-756.dll Infetto da BHO.Agent.IN
C:\QooBox\Quarantine\C\WINDOWS\system32\aspimgr.exe.vir Infetto da Backdoor.Agent.AU
C:\QooBox\Quarantine\C\WINDOWS\system32\ho.ln.vir Infetto da Trojan.Win32.Agent.Gen
C:\QooBox\Quarantine\C\WINDOWS\system32\ko.o.vir Infetto da Trojan.Win32.Agent.Gen
C:\WINDOWS\system32\blphcn0bj0ee21.scr Infetto da Trojan.Win32.Agent.Gen
Chiavi Registro infette: 0.
Files Infetti: 8.
Files Sospetti: 0.
Files Analizzati: 75938.
Files Totali: 75938.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK |
|
| Top |
|
|
Teseus
Mortale adepto
Registrato: 02/07/07 21:01
Messaggi: 30
|
| Inviato: 30 Giu 2008 12:35 Oggetto: |
|
|
Edit Sante62:
Hai fatto di nuovo doppioni; premi una sola volta su "Rispondi"
Hai un'infezione mediante penna USB;
disattiva il riconoscimento automatico delle periferiche USB utilizzando TweakUI scaricabile da questa pagina e installalo.
Una volta installato, eseguilo e procedi con questi passaggi:
| Citazione: | Espandi la sezione My Computer
Espandi la sottosezione Autoplay
Spostati in Types
Togli il segno di spunta a Enable Autoplay for removable drives
Clicca su Apply
Chiudi TweakUI
PS: Con Espandi intendo: clicca sul simbolo [+] di fianco alle voci che ti ho indicato
Da questo momento tutti gli apparati USB smetteranno di avviarsi automaticamente.
Inserisci le tue chiavette e fai un check delle stesse con il tuo antivirus.
Quando sei sicuro che tutto è a posto, puoi riabilitare l'avvio automatico, rifacendo lo stesso percorso che ti ho indicato. |
Crea un file di testo con le seguenti istruzioni:
| Citazione: | Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{200824f5-3263-11dd-bad3-000c6e91777d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ed71e5f-b7dd-11dc-b9f8-000c6e91777d}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ed71e60-b7dd-11dc-b9f8-000c6e91777d}]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
File::
C:\Documents and Settings\Ditommaso\dfreavcy.exe
C:\Documents and Settings\Ditommaso\ieeuxgls.exe
C:\Documents and Settings\Ditommaso\quinnrgv.exe
C:\WINDOWS\system32\blphcn0bj0ee21.scr
|
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. 
Posta i logs aggiornati di combofix e di hijackthis;
Ovviamente ancora c'è dell'altro;
esegui la scansione anche con MBAM e posta il log generato |
|
| Top |
|
|
Teseus
Mortale adepto
Registrato: 02/07/07 21:01
Messaggi: 30
|
| Inviato: 30 Giu 2008 16:13 Oggetto: |
|
|
Combofix :
ComboFix 08-06-20.4 - Ditommaso 2008-06-30 15.37.16.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.215 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Ditommaso\Desktop\COMBO-FIX.EXE
Command switches used :: C:\Documents and Settings\Ditommaso\Desktop\CFScript.txt .txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Documents and Settings\Ditommaso\dfreavcy.exe
C:\Documents and Settings\Ditommaso\ieeuxgls.exe
C:\Documents and Settings\Ditommaso\quinnrgv.exe
C:\WINDOWS\system32\blphcn0bj0ee21.scr
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Ditommaso\dfreavcy.exe
C:\Documents and Settings\Ditommaso\ieeuxgls.exe
C:\Documents and Settings\Ditommaso\quinnrgv.exe
C:\WINDOWS\system32\blphcn0bj0ee21.scr
.
((((((((((((((((((((((((( Files Creati Da 2008-05-28 al 2008-06-30 )))))))))))))))))))))))))))))))))))
.
2067-05-19 16:06 . 2003-02-05 04:02 79,947 --a--c--- C:\WINDOWS\fw20.vxd
2008-06-30 15:30 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-06-30 15:30 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-06-28 18:06 . 2008-06-28 18:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-27 22:46 . 2008-06-27 23:46 109,056 --a------ C:\WINDOWS\scan.exe
2008-06-27 22:05 . 2008-06-27 23:46 109,056 --a------ C:\WINDOWS\index.exe
2008-06-27 21:05 . 2008-06-27 21:05 109,056 --a------ C:\WINDOWS\xix.exe
2008-06-27 20:25 . 2008-06-28 11:20 90,838 --a------ C:\WINDOWS\system32\phcn0bj0ee21.bmp
2008-06-27 17:48 . 2008-06-27 17:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-27 17:48 . 2008-06-27 17:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 15:36 . 2008-06-25 15:36 <DIR> d-------- C:\Programmi\File comuni\xing shared
2008-06-25 15:24 . 2008-06-25 15:24 <DIR> d-------- C:\Programmi\File comuni\AVSMedia
2008-06-25 15:24 . 2008-06-25 15:24 <DIR> d-------- C:\Documents and Settings\Ditommaso\Dati applicazioni\AVS4YOU
2008-06-25 15:24 . 2008-06-25 15:24 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-06-25 15:24 . 2006-03-03 10:02 658,432 --a------ C:\WINDOWS\system32\cc3270mt.dll
2008-06-25 15:23 . 2008-06-25 15:24 <DIR> d-------- C:\Programmi\AVS4YOU
2008-06-25 15:23 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-06-23 17:40 . 2008-06-23 17:40 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\MailFrontier
2008-06-23 17:40 . 2008-06-23 17:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-23 17:37 . 2008-06-23 18:17 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-06-23 13:10 . 2008-06-23 13:10 24,400 --a------ C:\Documents and Settings\Ditommaso\afjzojdm.exe
2008-06-23 13:01 . 2008-06-23 13:01 24,400 --a------ C:\Documents and Settings\Ditommaso\bpdpcyih.exe
2008-06-19 21:49 . 2004-08-04 08:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-19 21:49 . 2004-08-04 08:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-19 21:49 . 2008-06-19 21:49 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-19 21:49 . 2008-06-19 21:49 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-19 20:28 . 2008-06-19 20:28 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-06-19 20:28 . 2008-06-19 20:28 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-06-19 20:25 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-06-19 20:24 . 2008-06-19 20:24 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-06-19 20:23 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-19 20:23 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-06-19 20:23 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-06-19 20:23 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-06-19 20:23 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-06-19 20:23 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-13 17:25 . 2008-06-13 17:25 <DIR> d-------- C:\Documents and Settings\NetworkService\Dati applicazioni\phcclkct
2008-06-13 15:33 . 2008-06-13 15:33 <DIR> d-------- C:\Documents and Settings\Ditommaso\Dati applicazioni\phcclkct
2008-06-13 10:13 . 2008-06-13 15:33 <DIR> d-------- C:\Programmi\File comuni\Mozilla Shared
2008-06-12 10:02 . 2008-06-12 10:02 <DIR> d-------- C:\WINDOWS\system32\AppCert
2008-06-12 10:01 . 2002-11-05 17:59 128,000 --a------ C:\WINDOWS\system32\Dbcgdi32f.dll
2008-06-05 14:08 . 2008-06-09 21:47 <DIR> d-------- C:\Programmi\Sophos
2008-05-26 12:10 . 2008-06-27 20:25 109,056 --a------ C:\WINDOWS\system32\lphcn0bj0ee21.exe
2008-05-25 18:48 . 2008-05-25 18:48 <DIR> d-------- C:\Programmi\Enigma Software Group
2008-05-25 14:33 . 2008-05-25 14:33 <DIR> d-------- C:\Documents and Settings\Ditommaso\Dati applicazioni\AXPFixer
2008-05-24 12:00 . 2008-06-29 17:25 <DIR> d----c--- C:\VEXPLITE
2008-05-24 12:00 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-24 03:03 . 2008-05-24 03:03 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-06 23:06 . 2008-05-06 23:06 <DIR> d-------- C:\Programmi\LGGSM
2008-05-06 23:06 . 2005-09-05 11:33 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 13:56 --------- d-----w C:\Programmi\eMule
2008-06-25 13:36 --------- d-----w C:\Programmi\File comuni\Real
2008-06-24 21:55 --------- d-----w C:\Documents and Settings\Ditommaso\Dati applicazioni\Skype
2008-06-19 19:50 --------- d-----w C:\Documents and Settings\Ditommaso\Dati applicazioni\PC Suite
2008-06-19 19:50 --------- d-----w C:\Documents and Settings\Ditommaso\Dati applicazioni\Nokia
2008-06-19 18:27 --------- d-----w C:\Programmi\Nokia
2008-06-19 18:20 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-25 12:32 578,560 ----a-w C:\WINDOWS\system32\user32.DLL
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 21:05 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-06 11:32 --------- d-----w C:\Documents and Settings\Ditommaso\Dati applicazioni\LimeWire
2008-05-02 12:06 --------- d-----w C:\Programmi\LimeWire
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-06 09:14 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-12-14 17:21 0 ----a-w C:\Documents and Settings\Ditommaso\wn1001.exe
2007-09-09 21:22 774,144 ----a-w C:\Programmi\RngInterstitial.dll
.
C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below)
578,048 2005-03-02 18:20:03 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
579,072 2007-03-08 15:48:41 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
561,152 2003-09-25 17:08:05 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
561,152 2003-04-08 12:00:00 C:\WINDOWS\$NtUninstallKB824141$\user32.dll
578,048 2004-08-19 22:39:29 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
578,048 2005-03-02 18:10:24 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
578,048 2004-08-19 22:39:29 C:\WINDOWS\ServicePackFiles\i386\user32.dll
561,152 2004-06-17 17:55:43 C:\WINDOWS\SoftwareDistribution\Download\35c9202e0b6958f9f0063a1b6124f10e\sp1qfe\user32.dll
578,560 2008-05-25 12:32:03 C:\WINDOWS\system32\user32.DLL
578,560 2008-05-25 12:32:03 C:\WINDOWS\system32\dllcache\user32.dll
------- Sigcheck -------
2005-03-02 20:20 578048 488019bfe2b0f9f8cd8394276d5b664a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:48 579072 bab4f995e526484a235a276e269aaf7f C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2003-09-25 19:08 561152 a4478206df84006d711f91d0cb7abb0e C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2003-04-08 14:00 561152 bb4a220b198767e1848fcd64d3f1b96c C:\WINDOWS\$NtUninstallKB824141$\user32.dll
2004-08-20 00:39 578048 08447bdfce5d1b1956f962602381f5c1 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:10 578048 14b5d6b20467dba209853d65d1f6a124 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-20 00:39 578048 08447bdfce5d1b1956f962602381f5c1 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2004-06-17 19:55 561152 7c8719722df5aee059b5d4c79ac61a78 C:\WINDOWS\SoftwareDistribution\Download\35c9202e0b6958f9f0063a1b6124f10e\sp1qfe\user32.dll
2008-05-25 14:32 578560 ef47afbc7c4f644865a8c6892ea863e1 C:\WINDOWS\system32\user32.DLL
2008-05-25 14:32 578560 ef47afbc7c4f644865a8c6892ea863e1 C:\WINDOWS\system32\dllcache\user32.dll
.
((((((((((((((((((((((((((((( snapshot_2008-06-29_17.04.19.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 14:51:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 08:49:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 08:49:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_554.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]
"ccleaner"="C:\Programmi\CCleaner\ccleaner.exe" [2008-06-25 15:58 1209584]
"PC Suite Tray"="C:\Documents and Settings\Ditommaso\Desktop\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-04-02 09:40 4616192]
"nwiz"="nwiz.exe" [2003-04-02 09:40 323584 C:\WINDOWS\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [2003-01-22 13:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 12:50 155648]
"RoxioEngineUtility"="C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe" [2003-02-27 06:31 69632]
"RoxioDragToDisc"="C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-02-27 05:36 757760]
"RoxioAudioCentral"="C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-02-26 17:50 253952]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-11 01:01 57393]
"IndexSearch"="C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-11 01:28 40960]
"SetDefPrt"="C:\Programmi\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Programmi\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 21:36 933888]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-06-25 15:35 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"POSTRBT"="C:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exe" [ ]
C:\Documents and Settings\Ditommaso\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a ashDisp.lnk - C:\Programmi\Alwil Software\Avast4\ashDisp.exe [2007-05-15 14:16:53 79224]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56 65588]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= (valor no establecido)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winei26.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45241:TCP"= 45241:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"22958:TCP"= 22958:TCP:@xpsp2res.dll,-22009
"9138:TCP"= 9138:TCP:@xpsp2res.dll,-22009
"59047:TCP"= 59047:TCP:@xpsp2res.dll,-22009
"46747:TCP"= 46747:TCP:@xpsp2res.dll,-22009
"42357:TCP"= 42357:TCP:@xpsp2res.dll,-22009
"23189:TCP"= 23189:TCP:@xpsp2res.dll,-22009
"63119:TCP"= 63119:TCP:@xpsp2res.dll,-22009
"3498:TCP"= 3498:TCP:@xpsp2res.dll,-22009
"13709:TCP"= 13709:TCP:@xpsp2res.dll,-22009
"16783:TCP"= 16783:TCP:@xpsp2res.dll,-22009
"18095:TCP"= 18095:TCP:@xpsp2res.dll,-22009
"15682:TCP"= 15682:TCP:@xpsp2res.dll,-22009
"47419:TCP"= 47419:TCP:@xpsp2res.dll,-22009
"16533:TCP"= 16533:TCP:@xpsp2res.dll,-22009
"34713:TCP"= 34713:TCP:@xpsp2res.dll,-22009
"31578:TCP"= 31578:TCP:@xpsp2res.dll,-22009
"9389:TCP"= 9389:TCP:@xpsp2res.dll,-22009
"51088:TCP"= 51088:TCP:@xpsp2res.dll,-22009
"4226:TCP"= 4226:TCP:@xpsp2res.dll,-22009
"28850:TCP"= 28850:TCP:@xpsp2res.dll,-22009
"21247:TCP"= 21247:TCP:@xpsp2res.dll,-22009
"38533:TCP"= 38533:TCP:@xpsp2res.dll,-22009
"38722:TCP"= 38722:TCP:@xpsp2res.dll,-22009
"54950:TCP"= 54950:TCP:@xpsp2res.dll,-22009
"34971:TCP"= 34971:TCP:@xpsp2res.dll,-22009
"10395:TCP"= 10395:TCP:@xpsp2res.dll,-22009
"49849:TCP"= 49849:TCP:@xpsp2res.dll,-22009
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:45]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-06-29 17:22]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2002-09-25 08:37]
S0 Winei26;Winei26;C:\WINDOWS\system32\Drivers\Winei26.sys []
S2 FILESpy;FILESpy;C:\Programmi\BullGuard\filespy.sys []
S2 qandr;qandr;C:\WINDOWS\system32\drivers\qandr.sys []
S3 brfilt;Driver filtro Brother MFC;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 21:12]
S3 brparimg;Driver Brother Multi Function Parallel Image;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 21:12]
S3 BrParWdm;Driver parallelo Brother WDM;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-30 20:18]
S3 BrSerWdm;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 17:39]
S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 22:23]
S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\DITOMM~1\IMPOST~1\Temp\iMSPCLOj.sys []
S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2004-07-28 19:36]
S3 TaurusUsb;ADSL Modem USB Service 1.09a;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-01-09 16:21]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ed71e60-b7dd-11dc-b9f8-000c6e91777d}]
\Shell\AutoRun\command - F:\AutoTransfer.exe
*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-30 11:02:57 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 15:42:32
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\2.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\2.tmp"
.
Ora fine scansione: 2008-06-30 15.47.32
ComboFix-quarantined-files.txt 2008-06-30 13:46:29
ComboFix2.txt 2008-06-29 15:05:32
ComboFix3.txt 2008-05-23 23:22:47
28 Directory 57,016,201,216 byte disponibili
31 Directory 57,013,235,712 byte disponibili
260 --- E O F --- 2008-06-26 07:08:10
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.08.49, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl05b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Documents and Settings\Ditommaso\Desktop\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [POSTRBT] C:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'Default user')
O4 - Startup: Collegamento a ashDisp.lnk = C:\Programmi\Alwil Software\Avast4\ashDisp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O15 - Trusted Zone: http://www.sostanze.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://grecen94unitedstates.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144071530904
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://barbie-grecen.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5049/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0066D0D3-64E2-482B-AF74-52278D792184}: NameServer = 85.37.17.16 85.38.28.68
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 10900 bytes
Mbam :
Malwarebytes' Anti-Malware 1.19
Versione del database: 907
Windows 5.1.2600 Service Pack 2
16.07.02 30/06/2008
mbam-log-6-30-2008 (16-07-02).txt
Tipo di scansione: Scansione rapida
Elementi scansionati: 43011
Tempo trascorso: 5 minute(s), 19 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 13
File infetti: 2
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qandr (Rootkit.Agent) -> Quarantined and deleted successfully.
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
C:\WINDOWS\system32\AppCert (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ditommaso\Dati applicazioni\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ditommaso\Dati applicazioni\AXPFixer\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ditommaso\Dati applicazioni\AXPFixer\AXPFixer\Quarantine (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ditommaso\Dati applicazioni\AXPFixer\AXPFixer\Quarantine\Autorun (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ditommaso\Dati applicazioni\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ditommaso\Dati applicazioni\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ditommaso\Dati applicazioni\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ditommaso\Dati applicazioni\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ditommaso\Dati applicazioni\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ditommaso\Dati applicazioni\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ditommaso\Dati applicazioni\AXPFixer\AXPFixer\Quarantine\BrowserObjects (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ditommaso\Dati applicazioni\AXPFixer\AXPFixer\Quarantine\Packages (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
File infetti:
C:\WINDOWS\system32\lphcn0bj0ee21.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcn0bj0ee21.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. |
|
| Top |
|
|
Teseus
Mortale adepto
Registrato: 02/07/07 21:01
Messaggi: 30
|
| Inviato: 01 Lug 2008 17:53 Oggetto: |
|
|
| Ciao...ma devo far qualcos'altro? ho cancellato tutti i virus oppure ho ancora problemi? |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 01 Lug 2008 19:36 Oggetto: |
|
|
Credo che Sante sia impegnato altrove, nel frattempo fai queste operazioni:
- Disabilita il tuo antivirus
- Collegati a BitDefender (con IE) e fai la scansione completa.
- Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato TXT), carica il file su WikiSend e posta qui il Forum Link che ti viene assegnato.
|
|
| Top |
|
|
Teseus
Mortale adepto
Registrato: 02/07/07 21:01
Messaggi: 30
|
| Inviato: 02 Lug 2008 02:27 Oggetto: |
|
|
| bdoriano ha scritto: | Credo che Sante sia impegnato altrove, nel frattempo fai queste operazioni:
- Disabilita il tuo antivirus
- Collegati a BitDefender (con IE) e fai la scansione completa.
- Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato TXT), carica il file su WikiSend e posta qui il Forum Link che ti viene assegnato.
|
Ho fatto tutto quello che mi hai detto e questo qui è il Forum link assegnatomi: kapersky scan.txt
che devo andare in Download? |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 02 Lug 2008 13:35 Oggetto: |
|
|
Crea un file di testo con le seguenti istruzioni:
| Citazione: | File::
C:\Documents and Settings\Ditommaso\afjzojdm.exe
C:\Documents and Settings\Ditommaso\bpdpcyih.exe
C:\WINDOWS\index.exe
C:\WINDOWS\scan.exe
C:\WINDOWS\test.hta
C:\WINDOWS\xix.exe |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
Posta i logs aggiornati di combofix e di hijackthis;
Dopo fai la scansione con Systemscan e posta il log generato come
indicato quì |
|
| Top |
|
|
Teseus
Mortale adepto
Registrato: 02/07/07 21:01
Messaggi: 30
|
| Inviato: 02 Lug 2008 15:35 Oggetto: |
|
|
Combofix :
ComboFix 08-07-01.3 - Ditommaso 2008-07-02 15.09.32.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.228 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Ditommaso\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ditommaso\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Documents and Settings\Ditommaso\afjzojdm.exe
C:\Documents and Settings\Ditommaso\bpdpcyih.exe
C:\WINDOWS\index.exe
C:\WINDOWS\scan.exe
C:\WINDOWS\test.hta
C:\WINDOWS\xix.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Ditommaso\afjzojdm.exe
C:\Documents and Settings\Ditommaso\bpdpcyih.exe
C:\WINDOWS\index.exe
C:\WINDOWS\scan.exe
C:\WINDOWS\system32\BrWebIns.dll
C:\WINDOWS\test.hta
C:\WINDOWS\xix.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-06-02 al 2008-07-02 )))))))))))))))))))))))))))))))))))
.
2067-05-19 16:06 . 2003-02-05 04:02 79,947 --a--c--- C:\WINDOWS\fw20.vxd
2008-07-02 15:04 . 2008-07-02 15:04 <DIR> d----c--- C:\COMBO-FIX
2008-06-30 16:00 . 2008-06-30 16:00 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-06-30 16:00 . 2008-06-30 16:00 <DIR> d-------- C:\Documents and Settings\Ditommaso\Dati applicazioni\Malwarebytes
2008-06-30 16:00 . 2008-06-30 16:00 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-06-30 16:00 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-30 16:00 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-30 15:30 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-06-30 15:30 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-06-28 18:06 . 2008-06-28 18:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-27 17:48 . 2008-06-27 17:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-27 17:48 . 2008-06-27 17:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 15:36 . 2008-06-25 15:36 <DIR> d-------- C:\Programmi\File comuni\xing shared
2008-06-25 15:24 . 2008-06-25 15:24 <DIR> d-------- C:\Programmi\File comuni\AVSMedia
2008-06-25 15:24 . 2008-06-25 15:24 <DIR> d-------- C:\Documents and Settings\Ditommaso\Dati applicazioni\AVS4YOU
2008-06-25 15:24 . 2008-06-25 15:24 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-06-25 15:24 . 2006-03-03 10:02 658,432 --a------ C:\WINDOWS\system32\cc3270mt.dll
2008-06-25 15:23 . 2008-06-25 15:24 <DIR> d-------- C:\Programmi\AVS4YOU
2008-06-25 15:23 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-06-23 17:40 . 2008-06-23 17:40 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\MailFrontier
2008-06-23 17:40 . 2008-06-23 17:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-23 17:37 . 2008-06-23 18:17 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-06-19 21:49 . 2004-08-04 08:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-19 21:49 . 2004-08-04 08:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-19 21:49 . 2008-06-19 21:49 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-19 21:49 . 2008-06-19 21:49 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-19 20:28 . 2008-06-19 20:28 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-06-19 20:28 . 2008-06-19 20:28 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-06-19 20:25 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-06-19 20:24 . 2008-06-19 20:24 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-06-19 20:23 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-19 20:23 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-06-19 20:23 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-06-19 20:23 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-06-19 20:23 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-06-19 20:23 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-13 17:25 . 2008-06-13 17:25 <DIR> d-------- C:\Documents and Settings\NetworkService\Dati applicazioni\phcclkct
2008-06-13 15:33 . 2008-06-13 15:33 <DIR> d-------- C:\Documents and Settings\Ditommaso\Dati applicazioni\phcclkct
2008-06-13 10:13 . 2008-06-13 15:33 <DIR> d-------- C:\Programmi\File comuni\Mozilla Shared
2008-06-12 10:01 . 2002-11-05 17:59 128,000 --a------ C:\WINDOWS\system32\Dbcgdi32f.dll
2008-06-05 14:08 . 2008-06-09 21:47 <DIR> d-------- C:\Programmi\Sophos
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 13:56 --------- d-----w C:\Programmi\eMule
2008-06-25 13:36 --------- d-----w C:\Programmi\File comuni\Real
2008-06-24 21:55 --------- d-----w C:\Documents and Settings\Ditommaso\Dati applicazioni\Skype
2008-06-19 19:50 --------- d-----w C:\Documents and Settings\Ditommaso\Dati applicazioni\PC Suite
2008-06-19 19:50 --------- d-----w C:\Documents and Settings\Ditommaso\Dati applicazioni\Nokia
2008-06-19 18:27 --------- d-----w C:\Programmi\Nokia
2008-06-19 18:20 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-25 16:48 --------- d-----w C:\Programmi\Enigma Software Group
2008-05-25 12:32 578,560 ----a-w C:\WINDOWS\system32\user32.DLL
2008-05-24 01:03 --------- d-----w C:\Programmi\Trend Micro
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 21:06 --------- d-----w C:\Programmi\LGGSM
2008-05-06 21:05 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-06 11:32 --------- d-----w C:\Documents and Settings\Ditommaso\Dati applicazioni\LimeWire
2008-05-02 12:06 --------- d-----w C:\Programmi\LimeWire
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-14 17:21 0 ----a-w C:\Documents and Settings\Ditommaso\wn1001.exe
2007-09-09 21:22 774,144 ----a-w C:\Programmi\RngInterstitial.dll
.
C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below)
578,048 2005-03-02 18:20:03 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
579,072 2007-03-08 15:48:41 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
561,152 2003-09-25 17:08:05 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
561,152 2003-04-08 12:00:00 C:\WINDOWS\$NtUninstallKB824141$\user32.dll
578,048 2004-08-19 22:39:29 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
578,048 2005-03-02 18:10:24 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
578,048 2004-08-19 22:39:29 C:\WINDOWS\ServicePackFiles\i386\user32.dll
561,152 2004-06-17 17:55:43 C:\WINDOWS\SoftwareDistribution\Download\35c9202e0b6958f9f0063a1b6124f10e\sp1qfe\user32.dll
578,560 2008-05-25 12:32:03 C:\WINDOWS\system32\user32.DLL
578,560 2008-05-25 12:32:03 C:\WINDOWS\system32\dllcache\user32.dll
------- Sigcheck -------
2005-03-02 20:20 578048 488019bfe2b0f9f8cd8394276d5b664a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:48 579072 bab4f995e526484a235a276e269aaf7f C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2003-09-25 19:08 561152 a4478206df84006d711f91d0cb7abb0e C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2003-04-08 14:00 561152 bb4a220b198767e1848fcd64d3f1b96c C:\WINDOWS\$NtUninstallKB824141$\user32.dll
2004-08-20 00:39 578048 08447bdfce5d1b1956f962602381f5c1 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:10 578048 14b5d6b20467dba209853d65d1f6a124 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-20 00:39 578048 08447bdfce5d1b1956f962602381f5c1 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2004-06-17 19:55 561152 7c8719722df5aee059b5d4c79ac61a78 C:\WINDOWS\SoftwareDistribution\Download\35c9202e0b6958f9f0063a1b6124f10e\sp1qfe\user32.dll
2008-05-25 14:32 578560 ef47afbc7c4f644865a8c6892ea863e1 C:\WINDOWS\system32\user32.DLL
2008-05-25 14:32 578560 ef47afbc7c4f644865a8c6892ea863e1 C:\WINDOWS\system32\dllcache\user32.dll
.
((((((((((((((((((((((((((((( snapshot_2008-06-29_17.04.19.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 14:51:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-02 11:17:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 08:49:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_554.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]
"ccleaner"="C:\Programmi\CCleaner\ccleaner.exe" [2008-06-25 15:58 1209584]
"PC Suite Tray"="C:\Documents and Settings\Ditommaso\Desktop\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-04-02 09:40 4616192]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 12:50 155648]
"RoxioEngineUtility"="C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe" [2003-02-27 06:31 69632]
"RoxioDragToDisc"="C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-02-27 05:36 757760]
"RoxioAudioCentral"="C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-02-26 17:50 253952]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-11 01:01 57393]
"IndexSearch"="C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-11 01:28 40960]
"SetDefPrt"="C:\Programmi\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Programmi\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 21:36 933888]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-06-25 15:35 185896]
"nwiz"="nwiz.exe" [2003-04-02 09:40 323584 C:\WINDOWS\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [2003-01-22 13:01 151552 C:\WINDOWS\system32\stmctrl.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]
C:\Documents and Settings\Ditommaso\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a ashDisp.lnk - C:\Programmi\Alwil Software\Avast4\ashDisp.exe [2007-05-15 14:16:53 79224]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56 65588]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= (valor no establecido)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winei26.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45241:TCP"= 45241:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"22958:TCP"= 22958:TCP:@xpsp2res.dll,-22009
"9138:TCP"= 9138:TCP:@xpsp2res.dll,-22009
"59047:TCP"= 59047:TCP:@xpsp2res.dll,-22009
"46747:TCP"= 46747:TCP:@xpsp2res.dll,-22009
"42357:TCP"= 42357:TCP:@xpsp2res.dll,-22009
"23189:TCP"= 23189:TCP:@xpsp2res.dll,-22009
"63119:TCP"= 63119:TCP:@xpsp2res.dll,-22009
"3498:TCP"= 3498:TCP:@xpsp2res.dll,-22009
"13709:TCP"= 13709:TCP:@xpsp2res.dll,-22009
"16783:TCP"= 16783:TCP:@xpsp2res.dll,-22009
"18095:TCP"= 18095:TCP:@xpsp2res.dll,-22009
"15682:TCP"= 15682:TCP:@xpsp2res.dll,-22009
"47419:TCP"= 47419:TCP:@xpsp2res.dll,-22009
"16533:TCP"= 16533:TCP:@xpsp2res.dll,-22009
"34713:TCP"= 34713:TCP:@xpsp2res.dll,-22009
"31578:TCP"= 31578:TCP:@xpsp2res.dll,-22009
"9389:TCP"= 9389:TCP:@xpsp2res.dll,-22009
"51088:TCP"= 51088:TCP:@xpsp2res.dll,-22009
"4226:TCP"= 4226:TCP:@xpsp2res.dll,-22009
"28850:TCP"= 28850:TCP:@xpsp2res.dll,-22009
"21247:TCP"= 21247:TCP:@xpsp2res.dll,-22009
"38533:TCP"= 38533:TCP:@xpsp2res.dll,-22009
"38722:TCP"= 38722:TCP:@xpsp2res.dll,-22009
"54950:TCP"= 54950:TCP:@xpsp2res.dll,-22009
"34971:TCP"= 34971:TCP:@xpsp2res.dll,-22009
"10395:TCP"= 10395:TCP:@xpsp2res.dll,-22009
"49849:TCP"= 49849:TCP:@xpsp2res.dll,-22009
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:45]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-06-29 17:22]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2002-09-25 08:37]
S0 Winei26;Winei26;C:\WINDOWS\system32\Drivers\Winei26.sys []
S2 FILESpy;FILESpy;C:\Programmi\BullGuard\filespy.sys []
S3 brfilt;Driver filtro Brother MFC;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 21:12]
S3 brparimg;Driver Brother Multi Function Parallel Image;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 21:12]
S3 BrParWdm;Driver parallelo Brother WDM;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-30 20:18]
S3 BrSerWdm;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 17:39]
S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 22:23]
S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\DITOMM~1\IMPOST~1\Temp\iMSPCLOj.sys []
S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2004-07-28 19:36]
S3 TaurusUsb;ADSL Modem USB Service 1.09a;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-01-09 16:21]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ed71e60-b7dd-11dc-b9f8-000c6e91777d}]
\Shell\AutoRun\command - F:\AutoTransfer.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-02 11:21:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-Nokia.PCSync - C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
HKU-Default-RunOnce-POSTRBT - C:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 15:14:20
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
**************************************************************************
.
Ora fine scansione: 2008-07-02 15.18.36
ComboFix-quarantined-files.txt 2008-07-02 13:17:33
ComboFix2.txt 2008-06-30 13:47:33
ComboFix3.txt 2008-06-29 15:05:32
ComboFix4.txt 2008-05-23 23:22:47
29 Directory 56,865,730,560 byte disponibili
32 Directory 56,900,849,664 byte disponibili
250 --- E O F --- 2008-07-02 09:04:17
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.29.41, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl05b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Documents and Settings\Ditommaso\Desktop\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Collegamento a ashDisp.lnk = C:\Programmi\Alwil Software\Avast4\ashDisp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O15 - Trusted Zone: http://www.sostanze.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://grecen94unitedstates.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144071530904
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://barbie-grecen.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5049/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 10651 bytes
ora faccio la scansione di Symantec...e invio il Log |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 02 Lug 2008 16:03 Oggetto: |
|
|
| Teseus ha scritto: |
ora faccio la scansione di Symantec...e invio il Log |
Systemscan...  |
|
| Top |
|
|
Teseus
Mortale adepto
Registrato: 02/07/07 21:01
Messaggi: 30
|
| Inviato: 02 Lug 2008 16:10 Oggetto: |
|
|
si si..ho sbagliato...ti mando il sito dove ho scaricato il report di systemscan :
http://www.freefilehosting.net/download/3j5a0 |
|
| Top |
|
|
Teseus
Mortale adepto
Registrato: 02/07/07 21:01
Messaggi: 30
|
| Inviato: 02 Lug 2008 16:15 Oggetto: |
|
|
| Teseus ha scritto: | si si..ho sbagliato...ti mando il sito dove ho scaricato il report di systemscan :
http://www.freefilehosting.net/download/3j5a0 |
non sò se si vede!...ho provato a fare il download e a me nn lo scarica in maniera corretta....mando tutto il report qui anche se un pò lungo? |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 02 Lug 2008 16:34 Oggetto: |
|
|
No perchè essendo troppo lungo verrebbe tagliato...
Comunque l'hai postato correttamente perchè io l'ho scaricato;
ora gli do un'occhiata... |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 02 Lug 2008 16:55 Oggetto: |
|
|
Apri SystemScan>Clicca su "Removal Script".
Allinterno del box bianco copia ed incolla i valori riportati qui sotto in rosso:
| Citazione: | Files to delete:
C:\WINDOWS\system32\ouklnu.exe
C:\WINDOWS\system32\qzuh.exe
C:\WINDOWS\system32\zkxevo.exe
C:\WINDOWS\system32\mphigh.dll |
ora clicca su "Proceed with removal" e poi su OK.
Il pc dovrebbe riavviarsi da solo, diversamente riavvialo manualmente
Portati in C:\ postami il contenuto del log generato da Avenger (avenger.txt)
Rifai anche il log di Combofix, perchè non so se l'hai notato, ma c'è una Dll di sistema che risulta infetta ed eliminandola si rischia di non far partire più il PC.
Grazie. |
|
| Top |
|
|
Teseus
Mortale adepto
Registrato: 02/07/07 21:01
Messaggi: 30
|
| Inviato: 02 Lug 2008 17:11 Oggetto: |
 |
|
| Scusami ma non ho Avenger . Che mi puoi mandare il link per scaricarlo per favore? |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
