|
| Precedente :: Successivo |
| Autore |
Messaggio |
gurnbeld
Mortale devoto
Registrato: 27/01/08 18:29
Messaggi: 7
|
 Inviato: 27 Gen 2008 18:43 Oggetto: CID!! |
 |
|
Ciao a Tutti....
Ho un problema con pagine delle pagine Internet ke si aprono da sole e cercando un pò sul web ho letto vari topic in qsto forum...
Ho seguito la guida e ho scaricato HiJackthis salvandolo in C:, vi prego aiutatemi a togliere qsto virus fastidiosissimo!!! 
D seguito riporto il LOG:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17.42.40, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Proc pure bold multi] C:\Documents and Settings\All Users\Dati applicazioni\aim mix proc pure\PHONE 01.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Date Show] C:\DOCUME~1\Matte\DATIAP~1\BASEOK~1\skipcomp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
--
End of file - 3367 bytes |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 28 Gen 2008 09:29 Oggetto: |
|
|
Ciao gurnbeld, 
Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:
| Citazione: | O4 - HKLM\..\Run: [Proc pure bold multi] C:\Documents and Settings\All Users\Dati applicazioni\aim mix proc pure\PHONE 01.exe
O4 - HKCU\..\Run: [Date Show] C:\DOCUME~1\Matte\DATIAP~1\BASEOK~1\skipcomp.exe |
clicca fix checked
Cerca ed elimina i seguenti files:
C:\Documents and Settings\All Users\Dati applicazioni\aim mix proc pure\PHONE 01.exe
C:\Documents and Settings\Matte\Dati applicazioni\BASEOK(qualcosa)\skipcomp.exe
Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo
Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
PS: se vuoi, puoi presentarti qui |
|
| Top |
|
|
gurnbeld
Mortale devoto
Registrato: 27/01/08 18:29
Messaggi: 7
|
| Inviato: 28 Gen 2008 14:53 Oggetto: |
|
|
Ciaoo 
Prima di tutto grazie dell aiuto!
Ho fatto ttt ciò ke mi hai scritto nel precedente post e di seguito riporto il log ke mi ha fornito HiJackThis...
Ps: finito con qsto virus provvederò a presentarmi 
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13.49.23, on 28/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HiJackThis_v2.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
--
End of file - 3875 bytes |
|
| Top |
|
|
gurnbeld
Mortale devoto
Registrato: 27/01/08 18:29
Messaggi: 7
|
| Inviato: 28 Gen 2008 16:07 Oggetto: |
|
|
Eccomi di nuovo!
dopo aver fatto la scansione con kaspersky ho salvato il risultato e caricato su filehosting... Ecco il link:
http://www.freefilehosting.net/download/3b5ea |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 29 Gen 2008 11:45 Oggetto: |
|
|
Disabilita il ripristino di sistema, altrimenti te lo ribecchi.
Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop
Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
| Citazione: | Files to delete:
C:\Documents and Settings\Matte\Dati applicazioni\Base okay tons\gbypafnt.exe
C:\Documents and Settings\Matte\Dati applicazioni\Base okay tons\more live film surf.exe |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
Segui le istruzioni di questo topic per postare il log di combofix. |
|
| Top |
|
|
gurnbeld
Mortale devoto
Registrato: 27/01/08 18:29
Messaggi: 7
|
| Inviato: 29 Gen 2008 13:02 Oggetto: |
|
|
Ciao....
Allora:
faccendo la procedura di avenger mi da errore, precisamente mi dice ke gli script inseriti nn sono corretti. Ho provato più volte anke col coppia e incolla e niente....
X qnto riguarda combofix ho fatto la scansione e di seguito riporto il Log, anke se è un po lunghetto ma penso sia normale... 
3
2008-01-26 13:48 . 2000-10-27 08:47 86,016 -ra------ C:\WINDOWS\system32\sbres32.dll
2008-01-26 13:48 . 2001-10-04 11:22 32,768 -ra------ C:\WINDOWS\system32\starter.exe
2008-01-26 13:48 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-01-26 13:48 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\dllcache\gameenum.sys
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Programmi\Circle Developement
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Programmi\Base okay tons
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d---s---- C:\Documents and Settings\Matte\UserData
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Documents and Settings\Matte\Dati applicazioni\Base okay tons
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\aim mix proc pure
2008-01-26 13:33 . 2008-01-26 13:33 <DIR> d-------- C:\Documents and Settings\Matte\Contacts
2008-01-26 13:32 . 2008-01-26 13:32 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-01-26 13:27 . 2008-01-26 13:27 <DIR> d-------- C:\Programmi\Windows Live
2008-01-26 13:27 . 2008-01-26 13:27 <DIR> d--hs---- C:\Programmi\File comuni\WindowsLiveInstaller
2008-01-26 13:27 . 2008-01-26 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-01-26 03:47 . 2008-01-26 03:47 <DIR> d-------- C:\Programmi\AMDAGP
2008-01-26 03:46 . 2008-01-26 03:46 <DIR> d-------- C:\Program Files
2008-01-26 03:46 . 2008-01-26 03:46 <DIR> d-------- C:\Documents and Settings\Matte\WINDOWS
2008-01-26 03:46 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-26 03:38 . 2008-01-26 03:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-26 03:19 . 2008-01-26 03:19 <DIR> d--hs---- C:\Recycled
2008-01-26 03:13 . 2008-01-28 01:19 1,769 --a------ C:\WINDOWS\mozver.dat
2008-01-26 03:10 . 2008-01-26 03:10 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-26 03:07 . 2008-01-26 03:07 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-26 03:07 . 2008-01-26 03:07 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 13:25 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-01-26 13:25 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-01-26 02:00 --------- d--h--w C:\Programmi\Uninstall Information
2008-01-26 01:48 --------- d-----w C:\Programmi\microsoft frontpage
2008-01-26 01:45 --------- d-----w C:\Programmi\Servizi in linea
2008-01-26 01:44 --------- d-----w C:\Programmi\File comuni\MSSoap
2008-01-26 01:34 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2008-01-26 01:34 --------- d-----w C:\Programmi\File comuni\ODBC
2007-12-07 17:28 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:39 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-27 14:26 579072]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-01-27 16:36 185896]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:39 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-27 14:26 219136]
C:\Documents and Settings\Matte\Menu Avvio\Programmi\Esecuzione automatica\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^IDETool.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\IDETool.lnk
backup=C:\WINDOWS\pss\IDETool.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-03 14:54 486856 C:\Programmi\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Programmi\Windows Live\Messenger\MsnMsgr.exe
S0 amdagpxp;AMD NB AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\amdagpxp.sys []
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-29 10:00:02 C:\WINDOWS\Tasks\AFAD58B3918ECA07.job"
- c:\docume~1\matte\datiap~1\baseok~1\Corn grim chin.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 11:55:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
Ora fine scansione: 2008-01-29 11.55.54
.
2008-01-27 03:07:38 --- E O F --- |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 29 Gen 2008 13:14 Oggetto: |
|
|
| Manca la parte iniziale del log (che è abbastanza importante). |
|
| Top |
|
|
gurnbeld
Mortale devoto
Registrato: 27/01/08 18:29
Messaggi: 7
|
| Inviato: 29 Gen 2008 14:56 Oggetto: |
|
|
in effetti hai ragione! nn me n ero accorto....
eccolo qui:
ComboFix 08-01-29.3 - Matte 2008-01-29 13.53.39.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.185 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Matte\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2007-12-28 al 2008-01-29 )))))))))))))))))))))))))))))))))))
.
2008-01-28 13:59 . 2008-01-28 13:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-28 13:59 . 2008-01-28 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-28 02:49 . 2008-01-28 02:49 68,096 --a------ C:\WINDOWS\ScUnin.exe
2008-01-28 02:49 . 2008-01-28 02:49 12,282 --a------ C:\WINDOWS\scunin.dat
2008-01-28 02:49 . 2008-01-28 02:49 967 --a------ C:\WINDOWS\ScUnin.pif
2008-01-28 02:47 . 2008-01-28 02:47 <DIR> d-------- C:\Programmi\DAEMON Tools Lite
2008-01-28 02:47 . 2008-01-28 02:47 <DIR> d-------- C:\Documents and Settings\Matte\Dati applicazioni\DAEMON Tools
2008-01-28 02:43 . 2008-01-28 02:43 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-28 01:19 . 2008-01-28 01:19 <DIR> d-------- C:\WINDOWS\Sun
2008-01-28 01:18 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-28 01:17 . 2008-01-28 01:17 <DIR> d-------- C:\Programmi\Java
2008-01-28 01:17 . 2008-01-28 01:17 <DIR> d-------- C:\Programmi\File comuni\Java
2008-01-28 00:19 . 2008-01-28 00:19 <DIR> d-------- C:\Programmi\uTorrent
2008-01-28 00:19 . 2008-01-28 00:19 <DIR> d-------- C:\Documents and Settings\Matte\Dati applicazioni\uTorrent
2008-01-28 00:04 . 2008-01-28 00:04 <DIR> d-------- C:\Documents and Settings\Matte\Dati applicazioni\GanymedeNet
2008-01-28 00:04 . 2008-01-28 00:04 4 --a------ C:\WINDOWS\system32\proc-1278289914.bin
2008-01-27 16:54 . 2008-01-27 16:54 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-01-27 16:37 . 2008-01-27 16:37 <DIR> d-------- C:\Programmi\File comuni\xing shared
2008-01-27 16:36 . 2008-01-27 16:36 <DIR> d-------- C:\Programmi\Real
2008-01-27 16:36 . 2008-01-27 16:36 <DIR> d-------- C:\Programmi\File comuni\Real
2008-01-27 14:26 . 2008-01-27 14:26 <DIR> d-------- C:\Documents and Settings\Matte\Dati applicazioni\AVG7
2008-01-27 14:26 . 2008-01-27 14:26 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2008-01-27 14:26 . 2008-01-27 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-01-27 14:18 . 2008-01-27 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2008-01-27 04:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-27 04:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-27 04:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-27 04:07 . 2005-02-25 04:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-26 15:00 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-26 14:27 . 2008-01-26 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-01-26 14:24 . 2008-01-26 14:24 2,359,350 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-26 14:24 . 2008-01-26 14:25 64,387 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-26 14:22 . 2008-01-26 14:22 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-01-26 14:22 . 2008-01-26 14:25 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-26 13:55 . 2008-01-26 13:55 <DIR> d-------- C:\Documents and Settings\Matte\Dati applicazioni\Media Player Classic
2008-01-26 13:54 . 2008-01-26 13:54 <DIR> d-------- C:\Programmi\K-Lite Codec Pack
2008-01-26 13:48 . 2008-01-26 13:48 <DIR> d-------- C:\SBPCI
2008-01-26 13:48 . 1999-01-21 17:35 8,292,462 -ra------ C:\WINDOWS\system32\drivers\eapci8m.ecw
2008-01-26 13:48 . 1999-01-21 17:33 4,987,002 -ra------ C:\WINDOWS\system32\drivers\eapci4m.ecw
2008-01-26 13:48 . 1999-01-21 17:31 2,259,070 -ra------ C:\WINDOWS\system32\drivers\eapci2m.ecw
2008-01-26 13:48 . 2000-11-28 15:55 434,176 -ra------ C:\WINDOWS\system32\sbmixres.dll
2008-01-26 13:48 . 2001-12-05 04:17 412,800 -ra------ C:\WINDOWS\system32\drivers\sbpci.sys
2008-01-26 13:48 . 2001-06-19 16:40 388,608 -ra------ C:\WINDOWS\system32\ensmix32.exe
2008-01-26 13:48 . 2000-10-27 08:47 86,016 -ra------ C:\WINDOWS\system32\sbres32.dll
2008-01-26 13:48 . 2001-10-04 11:22 32,768 -ra------ C:\WINDOWS\system32\starter.exe
2008-01-26 13:48 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-01-26 13:48 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\dllcache\gameenum.sys
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Programmi\Circle Developement
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Programmi\Base okay tons
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d---s---- C:\Documents and Settings\Matte\UserData
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Documents and Settings\Matte\Dati applicazioni\Base okay tons
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\aim mix proc pure
2008-01-26 13:33 . 2008-01-26 13:33 <DIR> d-------- C:\Documents and Settings\Matte\Contacts
2008-01-26 13:32 . 2008-01-26 13:32 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-01-26 13:27 . 2008-01-26 13:27 <DIR> d-------- C:\Programmi\Windows Live
2008-01-26 13:27 . 2008-01-26 13:27 <DIR> d--hs---- C:\Programmi\File comuni\WindowsLiveInstaller
2008-01-26 13:27 . 2008-01-26 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-01-26 03:47 . 2008-01-26 03:47 <DIR> d-------- C:\Programmi\AMDAGP
2008-01-26 03:46 . 2008-01-26 03:46 <DIR> d-------- C:\Program Files
2008-01-26 03:46 . 2008-01-26 03:46 <DIR> d-------- C:\Documents and Settings\Matte\WINDOWS
2008-01-26 03:46 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-26 03:38 . 2008-01-26 03:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-26 03:19 . 2008-01-26 03:19 <DIR> d--hs---- C:\Recycled
2008-01-26 03:13 . 2008-01-28 01:19 1,769 --a------ C:\WINDOWS\mozver.dat
2008-01-26 03:10 . 2008-01-26 03:10 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-26 03:07 . 2008-01-26 03:07 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-26 03:07 . 2008-01-26 03:07 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 13:25 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-01-26 13:25 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-01-26 02:00 --------- d--h--w C:\Programmi\Uninstall Information
2008-01-26 01:48 --------- d-----w C:\Programmi\microsoft frontpage
2008-01-26 01:45 --------- d-----w C:\Programmi\Servizi in linea
2008-01-26 01:44 --------- d-----w C:\Programmi\File comuni\MSSoap
2008-01-26 01:34 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2008-01-26 01:34 --------- d-----w C:\Programmi\File comuni\ODBC
2007-12-07 17:28 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:39 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-27 14:26 579072]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-01-27 16:36 185896]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:39 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-27 14:26 219136]
C:\Documents and Settings\Matte\Menu Avvio\Programmi\Esecuzione automatica\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^IDETool.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\IDETool.lnk
backup=C:\WINDOWS\pss\IDETool.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-03 14:54 486856 C:\Programmi\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Programmi\Windows Live\Messenger\MsnMsgr.exe
S0 amdagpxp;AMD NB AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\amdagpxp.sys []
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-29 12:00:02 C:\WINDOWS\Tasks\AFAD58B3918ECA07.job"
- c:\docume~1\matte\datiap~1\baseok~1\Corn grim chin.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 13:55:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
Ora fine scansione: 2008-01-29 13.55.36
ComboFix2.txt 2008-01-29 10:55:56
.
2008-01-27 03:07:38 --- E O F --- |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 29 Gen 2008 15:45 Oggetto: |
|
|
Visto che avenger fa il difficile...
Crea un file di testo con le istruzioni nella forma seguente:
| Citazione: | File::
C:\WINDOWS\Tasks\AFAD58B3918ECA07.job
c:\docume~1\matte\datiap~1\baseok~1\Corn grim chin.exe
C:\Documents and Settings\Matte\Dati applicazioni\Base okay tons\gbypafnt.exe
C:\Documents and Settings\Matte\Dati applicazioni\Base okay tons\more live film surf.exe |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Posta il risultato dell'operazione.
Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato. |
|
| Top |
|
|
gurnbeld
Mortale devoto
Registrato: 27/01/08 18:29
Messaggi: 7
|
| Inviato: 29 Gen 2008 16:51 Oggetto: |
|
|
Grazie x la pazienza e l aiuto!!
di nuovo ecco tutti i risultati...
PS: nn si aprono più le pagine da sole! (almeno x ora)
ComboFix 08-01-29.3 - Matte 2008-01-29 15.04.44.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.311 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Matte\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Matte\Desktop\CFScript.txt.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
c:\docume~1\matte\datiap~1\baseok~1\Corn grim chin.exe
C:\Documents and Settings\Matte\Dati applicazioni\Base okay tons\gbypafnt.exe
C:\Documents and Settings\Matte\Dati applicazioni\Base okay tons\more live film surf.exe
C:\WINDOWS\Tasks\AFAD58B3918ECA07.job
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Matte\Dati applicazioni\Base okay tons\gbypafnt.exe
C:\Documents and Settings\Matte\Dati applicazioni\Base okay tons\more live film surf.exe
C:\WINDOWS\Tasks\AFAD58B3918ECA07.job
.
((((((((((((((((((((((((( Files Creati Da 2007-12-28 al 2008-01-29 )))))))))))))))))))))))))))))))))))
.
2008-01-28 13:59 . 2008-01-28 13:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-28 13:59 . 2008-01-28 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-28 02:49 . 2008-01-28 02:49 68,096 --a------ C:\WINDOWS\ScUnin.exe
2008-01-28 02:49 . 2008-01-28 02:49 12,282 --a------ C:\WINDOWS\scunin.dat
2008-01-28 02:49 . 2008-01-28 02:49 967 --a------ C:\WINDOWS\ScUnin.pif
2008-01-28 02:47 . 2008-01-28 02:47 <DIR> d-------- C:\Programmi\DAEMON Tools Lite
2008-01-28 02:47 . 2008-01-28 02:47 <DIR> d-------- C:\Documents and Settings\Matte\Dati applicazioni\DAEMON Tools
2008-01-28 02:43 . 2008-01-28 02:43 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-28 01:19 . 2008-01-28 01:19 <DIR> d-------- C:\WINDOWS\Sun
2008-01-28 01:18 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-28 01:17 . 2008-01-28 01:17 <DIR> d-------- C:\Programmi\Java
2008-01-28 01:17 . 2008-01-28 01:17 <DIR> d-------- C:\Programmi\File comuni\Java
2008-01-28 00:19 . 2008-01-28 00:19 <DIR> d-------- C:\Programmi\uTorrent
2008-01-28 00:19 . 2008-01-28 00:19 <DIR> d-------- C:\Documents and Settings\Matte\Dati applicazioni\uTorrent
2008-01-28 00:04 . 2008-01-28 00:04 <DIR> d-------- C:\Documents and Settings\Matte\Dati applicazioni\GanymedeNet
2008-01-28 00:04 . 2008-01-28 00:04 4 --a------ C:\WINDOWS\system32\proc-1278289914.bin
2008-01-27 16:54 . 2008-01-27 16:54 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-01-27 16:37 . 2008-01-27 16:37 <DIR> d-------- C:\Programmi\File comuni\xing shared
2008-01-27 16:36 . 2008-01-27 16:36 <DIR> d-------- C:\Programmi\Real
2008-01-27 16:36 . 2008-01-27 16:36 <DIR> d-------- C:\Programmi\File comuni\Real
2008-01-27 14:26 . 2008-01-27 14:26 <DIR> d-------- C:\Documents and Settings\Matte\Dati applicazioni\AVG7
2008-01-27 14:26 . 2008-01-27 14:26 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2008-01-27 14:26 . 2008-01-27 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-01-27 14:18 . 2008-01-27 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2008-01-27 04:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-27 04:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-27 04:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-27 04:07 . 2005-02-25 04:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-26 15:00 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-26 14:27 . 2008-01-26 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-01-26 14:24 . 2008-01-26 14:24 2,359,350 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-26 14:24 . 2008-01-26 14:25 64,387 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-26 14:22 . 2008-01-26 14:22 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-01-26 14:22 . 2008-01-26 14:25 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-26 13:55 . 2008-01-26 13:55 <DIR> d-------- C:\Documents and Settings\Matte\Dati applicazioni\Media Player Classic
2008-01-26 13:54 . 2008-01-26 13:54 <DIR> d-------- C:\Programmi\K-Lite Codec Pack
2008-01-26 13:48 . 2008-01-26 13:48 <DIR> d-------- C:\SBPCI
2008-01-26 13:48 . 1999-01-21 17:35 8,292,462 -ra------ C:\WINDOWS\system32\drivers\eapci8m.ecw
2008-01-26 13:48 . 1999-01-21 17:33 4,987,002 -ra------ C:\WINDOWS\system32\drivers\eapci4m.ecw
2008-01-26 13:48 . 1999-01-21 17:31 2,259,070 -ra------ C:\WINDOWS\system32\drivers\eapci2m.ecw
2008-01-26 13:48 . 2000-11-28 15:55 434,176 -ra------ C:\WINDOWS\system32\sbmixres.dll
2008-01-26 13:48 . 2001-12-05 04:17 412,800 -ra------ C:\WINDOWS\system32\drivers\sbpci.sys
2008-01-26 13:48 . 2001-06-19 16:40 388,608 -ra------ C:\WINDOWS\system32\ensmix32.exe
2008-01-26 13:48 . 2000-10-27 08:47 86,016 -ra------ C:\WINDOWS\system32\sbres32.dll
2008-01-26 13:48 . 2001-10-04 11:22 32,768 -ra------ C:\WINDOWS\system32\starter.exe
2008-01-26 13:48 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-01-26 13:48 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\dllcache\gameenum.sys
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Programmi\Circle Developement
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Programmi\Base okay tons
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d---s---- C:\Documents and Settings\Matte\UserData
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Documents and Settings\Matte\Dati applicazioni\Base okay tons
2008-01-26 13:39 . 2008-01-26 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\aim mix proc pure
2008-01-26 13:33 . 2008-01-26 13:33 <DIR> d-------- C:\Documents and Settings\Matte\Contacts
2008-01-26 13:32 . 2008-01-26 13:32 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-01-26 13:27 . 2008-01-26 13:27 <DIR> d-------- C:\Programmi\Windows Live
2008-01-26 13:27 . 2008-01-26 13:27 <DIR> d--hs---- C:\Programmi\File comuni\WindowsLiveInstaller
2008-01-26 13:27 . 2008-01-26 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-01-26 03:47 . 2008-01-26 03:47 <DIR> d-------- C:\Programmi\AMDAGP
2008-01-26 03:46 . 2008-01-26 03:46 <DIR> d-------- C:\Program Files
2008-01-26 03:46 . 2008-01-26 03:46 <DIR> d-------- C:\Documents and Settings\Matte\WINDOWS
2008-01-26 03:46 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-26 03:38 . 2008-01-26 03:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-26 03:19 . 2008-01-26 03:19 <DIR> d--hs---- C:\Recycled
2008-01-26 03:13 . 2008-01-28 01:19 1,769 --a------ C:\WINDOWS\mozver.dat
2008-01-26 03:10 . 2008-01-26 03:10 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-26 03:07 . 2008-01-26 03:07 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-26 03:07 . 2008-01-26 03:07 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 13:25 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-01-26 13:25 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-01-26 02:00 --------- d--h--w C:\Programmi\Uninstall Information
2008-01-26 01:48 --------- d-----w C:\Programmi\microsoft frontpage
2008-01-26 01:45 --------- d-----w C:\Programmi\Servizi in linea
2008-01-26 01:44 --------- d-----w C:\Programmi\File comuni\MSSoap
2008-01-26 01:34 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2008-01-26 01:34 --------- d-----w C:\Programmi\File comuni\ODBC
2007-12-07 17:28 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:39 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-27 14:26 579072]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-01-27 16:36 185896]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:39 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-27 14:26 219136]
C:\Documents and Settings\Matte\Menu Avvio\Programmi\Esecuzione automatica\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^IDETool.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\IDETool.lnk
backup=C:\WINDOWS\pss\IDETool.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-03 14:54 486856 C:\Programmi\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Programmi\Windows Live\Messenger\MsnMsgr.exe
S0 amdagpxp;AMD NB AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\amdagpxp.sys []
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 15:05:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-01-29 15.05.58
ComboFix3.txt 2008-01-29 10:55:56
ComboFix2.txt 2008-01-29 12:55:38
ComboFix-quarantined-files.txt 2008-01-29 14:05:58
.
2008-01-27 03:07:38 --- E O F --- |
|
| Top |
|
|
gurnbeld
Mortale devoto
Registrato: 27/01/08 18:29
Messaggi: 7
|
| Inviato: 29 Gen 2008 16:53 Oggetto: |
|
|
e il link di freefilehosting
http://www.freefilehosting.net/download/3b6i7 |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
