Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
problema riferito al file SVCHOST.EXE
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
eddythebest89
Mortale adepto
Mortale adepto


Registrato: 18/04/08 19:27
Messaggi: 33
MessaggioInviato: 18 Apr 2008 20:43    Oggetto: problema riferito al file SVCHOST.EXE Rispondi citando
ciao a tutti...sono nuovo...ho davvero bisogno d'aiuto secondo me questo che vi spiego è tutta colpa di un virus...allora appena mi si avvia windows dopo poco mi esce una finestra con scritto: IMPOSSIBILE TROVARE IL FILE C:\WINDOWS\svchost.exe...dopo poco anke mi si resetta da solo il pc...
sapete come posso fare a risolvere questo problema??

sotto vi aggiungo la scansione che ho fatto con HijackThis se vi può tornare utile...
grazie...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.42.13, on 18/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://2uid.info
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-2000478354-1960408961-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2000478354-1960408961-839522115-1003\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2000478354-1960408961-839522115-1003\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195988936593
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35379A46-3062-4957-8754-52816568CD67}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{35379A46-3062-4957-8754-52816568CD67}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{35379A46-3062-4957-8754-52816568CD67}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Programmi\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7494 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 19 Apr 2008 12:59    Oggetto: Rispondi citando
Ciao eddythebest89, Ciao

di schifezzuole se ne vedono diverse... Razz

PS: se vuoi, puoi presentarti qui
Top
Profilo Invia messaggio privato
eddythebest89
Mortale adepto
Mortale adepto


Registrato: 18/04/08 19:27
Messaggi: 33
MessaggioInviato: 19 Apr 2008 16:28    Oggetto: Rispondi citando
eccomi...ho fatto ttt come mi hai detto, ma appena ho riavviato mi è uscita ancora qll finestra...uffa!!!

ecco l'indirizzo che ho caricato su FreeFileHosting!
NFix_2008-04-19_15-01-32.log
Top
Profilo Invia messaggio privato
eddythebest89
Mortale adepto
Mortale adepto


Registrato: 18/04/08 19:27
Messaggi: 33
MessaggioInviato: 19 Apr 2008 16:46    Oggetto: Rispondi citando
ho anke fatto con COMBOFIX...ecco il file... sotto c'è anke l'Hijackthis

ComboFix 08-04-18.3 - User 2008-04-19 16.29.49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.721 [GMT 2:00]
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_M_HOOK
-------\Legacy_SROSA


((((((((((((((((((((((((( Files Creati Da 2008-03-19 al 2008-04-19 )))))))))))))))))))))))))))))))))))
.

8507-12-13 21:01 . 2008-02-08 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-04-18 21:45 . 2008-04-18 21:46 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-04-18 21:31 . 2008-04-18 21:31 <DIR> d-------- C:\Documents and Settings\User\DoctorWeb
2008-04-18 21:05 . 2008-04-18 21:20 <DIR> d-------- C:\Programmi\a-squared Free
2008-04-18 19:29 . 2008-04-18 19:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-16 20:13 . 2008-04-16 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-04-16 15:35 . 2008-04-18 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-04-16 14:17 . 2008-04-16 14:17 <DIR> d-------- C:\Programmi\Trend Micro
2008-04-16 14:17 . 2007-02-28 18:02 2,139,648 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-04-16 14:17 . 2007-02-28 18:02 2,139,648 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-04-15 21:10 . 2008-04-16 13:32 <DIR> d-------- C:\Programmi\Free Easy Burner
2008-04-15 21:10 . 2003-08-07 13:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-04-15 21:10 . 2006-11-18 11:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx
2008-04-15 21:10 . 1998-07-13 17:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
2008-04-15 20:55 . 2008-04-15 20:55 41 ---hs---- C:\Documents and Settings\All Users\Dati applicazioni\.zreglib
2008-04-15 20:33 . 2008-04-15 20:33 <DIR> d-------- C:\Programmi\BurnAware Free Edition
2008-04-15 20:31 . 2008-04-15 20:34 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-04-15 13:37 . 2008-04-15 13:37 <DIR> d-------- C:\Programmi\AVG
2008-04-09 13:27 . 2008-04-09 13:27 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-07 13:44 . 2008-04-07 13:44 72 --a------ C:\Documents and Settings\User\scritte msn.txt
2008-04-07 13:34 . 2008-04-08 12:41 <DIR> d-------- C:\Programmi\ClamWin
2008-04-04 14:53 . 2008-04-18 20:58 <DIR> d-------- C:\Documents and Settings\User\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 20:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-18 19:47 --------- d-----w C:\Programmi\Java
2008-04-18 17:08 --------- d-----w C:\Programmi\eMule
2008-04-15 18:58 --------- d-----w C:\Programmi\SlySoft
2008-04-14 12:31 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-04-10 17:15 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-04-08 19:20 --------- d-----w C:\Programmi\Servizi in linea
2008-04-06 19:18 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-04-06 18:47 --------- d-----w C:\Programmi\QuickTime
2008-04-06 18:46 --------- d-----w C:\Programmi\Google
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 10:31 194 ---ha-w C:\aaw7boot.cmd
2008-03-11 20:09 --------- d-----w C:\Programmi\Norton AntiVirus
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 19:40 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-26 19:40 --------- d-----w C:\Programmi\Generic
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-11 19:37 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-26 17:44 406 ----a-w C:\Documents and Settings\User\grhocl.exe
2008-01-26 12:51 406 ----a-w C:\Documents and Settings\User\cvjvnw.exe
2008-01-26 12:45 406 ----a-w C:\Documents and Settings\User\sfkuli.exe
2008-01-26 11:15 406 ----a-w C:\Documents and Settings\User\ygtdqp.exe
2008-01-26 10:29 406 ----a-w C:\Documents and Settings\User\quwvwj.exe
2008-01-25 18:30 406 ----a-w C:\Documents and Settings\User\sqgblo.exe
2008-01-25 14:06 406 ----a-w C:\Documents and Settings\User\fascun.exe
2008-01-25 12:40 406 ----a-w C:\Documents and Settings\User\ctukmt.exe
2008-01-25 11:09 406 ----a-w C:\Documents and Settings\User\oqtgle.exe
2008-01-23 14:55 406 ----a-w C:\Documents and Settings\User\hhdepj.exe
2008-01-23 13:49 406 ----a-w C:\Documents and Settings\User\tzwkie.exe
2008-01-21 20:09 406 ----a-w C:\Documents and Settings\User\sqbfnf.exe
2008-01-21 16:11 406 ----a-w C:\Documents and Settings\User\mlqojs.exe
2008-01-20 17:35 406 ----a-w C:\Documents and Settings\User\zbotmh.exe
2007-03-29 17:02 24,192 ----a-w C:\Documents and Settings\User\usbsermptxp.sys
2007-03-29 17:02 22,768 ----a-w C:\Documents and Settings\User\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 16:04 68856]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 16:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 16:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 16:29 86016]
"PaperPort PTD"="c:\progra~1\scansoft\paperp~1\pptd40nt.exe" [2001-07-10 14:51 26624]
"GSICONEXE"="GSICON.EXE" [2001-10-16 19:35 75776 C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2001-10-02 10:42 16384 C:\WINDOWS\system32\dslagent.exe]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-03-24 18:16:33 135680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Italian\\setup.exe"=

R3 brfilt;Driver filtro Brother MFC;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 22:12]
R3 BrSerWDM;Driver seriale Brother WDM;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 22:12]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 22:12]
R3 BrUsbScn;Driver scanner Brother MFC USB;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 22:12]
S2 gafwload;D-Link DSL-200 USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2001-09-28 13:07]
S3 glausb;D-Link DSL-200 USB ADSL Modem(LAN);C:\WINDOWS\system32\DRIVERS\glausb.sys [2001-09-28 13:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8a8a3bf-0556-11dc-bcfa-0050ba9a79b5}]
\Shell\Auto\command - syetbxcnh.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL syetbxcnh.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2007-06-27 10:40:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 16:33:01
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 133

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\BrmfRsmg.exe
.
**************************************************************************
.
Ora fine scansione: 2008-04-19 16:38:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-19 14:38:11

10 Directory 20,707,024,896 byte disponibili
12 Directory 20,651,012,096 byte disponibili

158 --- E O F --- 2008-04-19 12:40:11







ECCO il file con l'Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.41.15, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\WINDOWS\system32\GSICON.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195988936593
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35379A46-3062-4957-8754-52816568CD67}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{35379A46-3062-4957-8754-52816568CD67}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{35379A46-3062-4957-8754-52816568CD67}: NameServer = 151.99.125.2,151.99.125.3
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Programmi\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7926 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 19 Apr 2008 20:43    Oggetto: Rispondi citando
Sbaglierò, ma mi sembra di vedere tracce di Bagle... Think
  1. Segui queste istruzioni per usare EliBaglA.
  2. Segui le istruzioni di questo topic per postare il log di combofix.
  3. Dopo, fai questa scansione con SystemScan e posta il log su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
eddythebest89
Mortale adepto
Mortale adepto


Registrato: 18/04/08 19:27
Messaggi: 33
MessaggioInviato: 20 Apr 2008 11:57    Oggetto: Rispondi citando
ecco l'InfoSat dell'elibagle...


Wed Apr 16 14:38:47 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\USER\DATI APPLICAZIONI\HIDIRES\HIDR.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\HIDR.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
C:\DOCUMENTS AND SETTINGS\USER\DATI APPLICAZIONI\M\LIST.OCT --> Eliminado Bagle
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Wed Apr 16 14:38:57 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle

Nº Total de Directorios: 4135
Nº Total de Ficheros: 50033
Nº de Ficheros Analizados: 8875
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Wed Apr 16 14:42:35 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4135
Nº Total de Ficheros: 50305
Nº de Ficheros Analizados: 8874
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Apr 17 13:36:18 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%AppData%\Hidires"

Thu Apr 17 13:37:09 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Thu Apr 17 13:37:18 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Apr 17 21:04:56 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Thu Apr 17 21:04:57 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4267
Nº Total de Ficheros: 46923
Nº de Ficheros Analizados: 9240
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 11:21:43 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Apr 20 11:21:46 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 871
Nº Total de Ficheros: 9071
Nº de Ficheros Analizados: 145
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Sun Apr 20 11:22:35 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4058
Nº Total de Ficheros: 45753
Nº de Ficheros Analizados: 8987
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 11:25:18 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4058
Nº Total de Ficheros: 45761
Nº de Ficheros Analizados: 8987
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0



ecco l'Hijackthis aggiornato

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.52.13, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195988936593
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35379A46-3062-4957-8754-52816568CD67}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{35379A46-3062-4957-8754-52816568CD67}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{35379A46-3062-4957-8754-52816568CD67}: NameServer = 151.99.125.2,151.99.125.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Programmi\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8594 bytes
Top
Profilo Invia messaggio privato
eddythebest89
Mortale adepto
Mortale adepto


Registrato: 18/04/08 19:27
Messaggi: 33
MessaggioInviato: 20 Apr 2008 12:10    Oggetto: Rispondi citando
ecco il file txt di COMBOFIX

ComboFix 08-04-18.3 - User 2008-04-20 11.55.30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.683 [GMT 2:00]
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-03-20 al 2008-04-20 )))))))))))))))))))))))))))))))))))
.

8507-12-13 21:01 . 2008-02-08 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-04-18 21:45 . 2008-04-18 21:46 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-04-18 21:31 . 2008-04-18 21:31 <DIR> d-------- C:\Documents and Settings\User\DoctorWeb
2008-04-18 21:05 . 2008-04-19 19:01 <DIR> d-------- C:\Programmi\a-squared Free
2008-04-18 19:29 . 2008-04-18 19:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-16 20:13 . 2008-04-16 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-04-16 15:35 . 2008-04-18 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-04-16 14:17 . 2008-04-16 14:17 <DIR> d-------- C:\Programmi\Trend Micro
2008-04-16 14:17 . 2007-02-28 18:02 2,139,648 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-04-16 14:17 . 2007-02-28 18:02 2,139,648 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-04-15 21:10 . 2008-04-16 13:32 <DIR> d-------- C:\Programmi\Free Easy Burner
2008-04-15 21:10 . 2003-08-07 13:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-04-15 21:10 . 2006-11-18 11:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx
2008-04-15 21:10 . 1998-07-13 17:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
2008-04-15 20:55 . 2008-04-15 20:55 41 ---hs---- C:\Documents and Settings\All Users\Dati applicazioni\.zreglib
2008-04-15 20:33 . 2008-04-15 20:33 <DIR> d-------- C:\Programmi\BurnAware Free Edition
2008-04-15 20:31 . 2008-04-15 20:34 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-04-15 13:37 . 2008-04-15 13:37 <DIR> d-------- C:\Programmi\AVG
2008-04-09 13:27 . 2008-04-09 13:27 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-07 13:44 . 2008-04-07 13:44 72 --a------ C:\Documents and Settings\User\scritte msn.txt
2008-04-07 13:34 . 2008-04-08 12:41 <DIR> d-------- C:\Programmi\ClamWin
2008-04-04 14:53 . 2008-04-18 20:58 <DIR> d-------- C:\Documents and Settings\User\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 20:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-18 19:47 --------- d-----w C:\Programmi\Java
2008-04-18 17:08 --------- d-----w C:\Programmi\eMule
2008-04-15 18:58 --------- d-----w C:\Programmi\SlySoft
2008-04-14 12:31 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-04-10 17:15 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-04-08 19:20 --------- d-----w C:\Programmi\Servizi in linea
2008-04-06 19:18 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-04-06 18:47 --------- d-----w C:\Programmi\QuickTime
2008-04-06 18:46 --------- d-----w C:\Programmi\Google
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 10:31 194 ---ha-w C:\aaw7boot.cmd
2008-03-11 20:09 --------- d-----w C:\Programmi\Norton AntiVirus
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 19:40 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-26 19:40 --------- d-----w C:\Programmi\Generic
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-11 19:37 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-26 17:44 406 ----a-w C:\Documents and Settings\User\grhocl.exe
2008-01-26 12:51 406 ----a-w C:\Documents and Settings\User\cvjvnw.exe
2008-01-26 12:45 406 ----a-w C:\Documents and Settings\User\sfkuli.exe
2008-01-26 11:15 406 ----a-w C:\Documents and Settings\User\ygtdqp.exe
2008-01-26 10:29 406 ----a-w C:\Documents and Settings\User\quwvwj.exe
2008-01-25 18:30 406 ----a-w C:\Documents and Settings\User\sqgblo.exe
2008-01-25 14:06 406 ----a-w C:\Documents and Settings\User\fascun.exe
2008-01-25 12:40 406 ----a-w C:\Documents and Settings\User\ctukmt.exe
2008-01-25 11:09 406 ----a-w C:\Documents and Settings\User\oqtgle.exe
2008-01-23 14:55 406 ----a-w C:\Documents and Settings\User\hhdepj.exe
2008-01-23 13:49 406 ----a-w C:\Documents and Settings\User\tzwkie.exe
2008-01-21 20:09 406 ----a-w C:\Documents and Settings\User\sqbfnf.exe
2008-01-21 16:11 406 ----a-w C:\Documents and Settings\User\mlqojs.exe
2008-01-20 17:35 406 ----a-w C:\Documents and Settings\User\zbotmh.exe
2007-03-29 17:02 24,192 ----a-w C:\Documents and Settings\User\usbsermptxp.sys
2007-03-29 17:02 22,768 ----a-w C:\Documents and Settings\User\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-19_16.38.03.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 14:32:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-20 09:49:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-20 09:53:33 7,348 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{9642A7C8-C64D-44C2-AEDB-9837B4BD405F}.bin
+ 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
+ 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-04-20 09:49:50 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_430.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 16:04 68856]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 16:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 16:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 16:29 86016]
"PaperPort PTD"="c:\progra~1\scansoft\paperp~1\pptd40nt.exe" [2001-07-10 14:51 26624]
"GSICONEXE"="GSICON.EXE" [2001-10-16 19:35 75776 C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2001-10-02 10:42 16384 C:\WINDOWS\system32\dslagent.exe]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-03-24 18:16:33 135680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Italian\\setup.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 brfilt;Driver filtro Brother MFC;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 22:12]
R3 BrSerWDM;Driver seriale Brother WDM;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 22:12]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 22:12]
R3 BrUsbScn;Driver scanner Brother MFC USB;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 22:12]
S2 gafwload;D-Link DSL-200 USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2001-09-28 13:07]
S3 glausb;D-Link DSL-200 USB ADSL Modem(LAN);C:\WINDOWS\system32\DRIVERS\glausb.sys [2001-09-28 13:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8a8a3bf-0556-11dc-bcfa-0050ba9a79b5}]
\Shell\Auto\command - syetbxcnh.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL syetbxcnh.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2007-06-27 10:40:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 11:56:46
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-04-20 11.58.20
ComboFix-quarantined-files.txt 2008-04-20 09:58:13
ComboFix2.txt 2008-04-19 14:38:15

10 Directory 20,577,173,504 byte disponibili
12 Directory 20,572,647,424 byte disponibili

160 --- E O F --- 2008-04-19 16:59:56



ecco l'Hijackthis aggiornato

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.03.47, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195988936593
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35379A46-3062-4957-8754-52816568CD67}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{35379A46-3062-4957-8754-52816568CD67}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{35379A46-3062-4957-8754-52816568CD67}: NameServer = 151.99.125.2,151.99.125.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Programmi\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8448 bytes


IL PUNTO 3 TELO INVIERO' PIU TARDI SE RIESCO OPPURE DOMANI...GRAZIE MILLE COMUNQUE...
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 20 Apr 2008 13:29    Oggetto: Rispondi citando
Bene, EliBaglA ha eliminato l'ospite più pericoloso... Smile

Prima di fare la scansione con Systemscan, crea un file di testo con le seguenti istruzioni:
Codice:
File::
C:\Documents and Settings\User\grhocl.exe
C:\Documents and Settings\User\cvjvnw.exe
C:\Documents and Settings\User\sfkuli.exe
C:\Documents and Settings\User\ygtdqp.exe
C:\Documents and Settings\User\quwvwj.exe
C:\Documents and Settings\User\sqgblo.exe
C:\Documents and Settings\User\fascun.exe
C:\Documents and Settings\User\ctukmt.exe
C:\Documents and Settings\User\oqtgle.exe
C:\Documents and Settings\User\hhdepj.exe
C:\Documents and Settings\User\tzwkie.exe
C:\Documents and Settings\User\sqbfnf.exe
C:\Documents and Settings\User\mlqojs.exe
C:\Documents and Settings\User\zbotmh.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8a8a3bf-0556-11dc-bcfa-0050ba9a79b5}]

Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. Wink
Posta il log aggiornato di combofix e poi procedi con la scansione con SystemScan.
Top
Profilo Invia messaggio privato
eddythebest89
Mortale adepto
Mortale adepto


Registrato: 18/04/08 19:27
Messaggi: 33
MessaggioInviato: 20 Apr 2008 20:47    Oggetto: Rispondi citando
QUESTO E' IL POST AGGIORNATO DI COMBOFIX


ComboFix 08-04-18.3 - User 2008-04-20 20:36:42.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.700 [GMT 2:00]
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\User\ctukmt.exe
C:\Documents and Settings\User\cvjvnw.exe
C:\Documents and Settings\User\fascun.exe
C:\Documents and Settings\User\grhocl.exe
C:\Documents and Settings\User\hhdepj.exe
C:\Documents and Settings\User\mlqojs.exe
C:\Documents and Settings\User\oqtgle.exe
C:\Documents and Settings\User\quwvwj.exe
C:\Documents and Settings\User\sfkuli.exe
C:\Documents and Settings\User\sqbfnf.exe
C:\Documents and Settings\User\sqgblo.exe
C:\Documents and Settings\User\tzwkie.exe
C:\Documents and Settings\User\ygtdqp.exe
C:\Documents and Settings\User\zbotmh.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\User\zbotmh.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-03-20 al 2008-04-20 )))))))))))))))))))))))))))))))))))
.

8507-12-13 21:01 . 2008-02-08 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-04-18 21:45 . 2008-04-18 21:46 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-04-18 21:31 . 2008-04-18 21:31 <DIR> d-------- C:\Documents and Settings\User\DoctorWeb
2008-04-18 21:05 . 2008-04-19 19:01 <DIR> d-------- C:\Programmi\a-squared Free
2008-04-18 19:29 . 2008-04-18 19:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-16 20:13 . 2008-04-16 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-04-16 15:35 . 2008-04-18 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-04-16 14:17 . 2008-04-16 14:17 <DIR> d-------- C:\Programmi\Trend Micro
2008-04-16 14:17 . 2007-02-28 18:02 2,139,648 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-04-16 14:17 . 2007-02-28 18:02 2,139,648 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-04-15 21:10 . 2008-04-16 13:32 <DIR> d-------- C:\Programmi\Free Easy Burner
2008-04-15 21:10 . 2003-08-07 13:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-04-15 21:10 . 2006-11-18 11:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx
2008-04-15 21:10 . 1998-07-13 17:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
2008-04-15 20:55 . 2008-04-15 20:55 41 ---hs---- C:\Documents and Settings\All Users\Dati applicazioni\.zreglib
2008-04-15 20:33 . 2008-04-15 20:33 <DIR> d-------- C:\Programmi\BurnAware Free Edition
2008-04-15 20:31 . 2008-04-15 20:34 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-04-15 13:37 . 2008-04-15 13:37 <DIR> d-------- C:\Programmi\AVG
2008-04-09 13:27 . 2008-04-09 13:27 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-07 13:44 . 2008-04-07 13:44 72 --a------ C:\Documents and Settings\User\scritte msn.txt
2008-04-07 13:34 . 2008-04-08 12:41 <DIR> d-------- C:\Programmi\ClamWin
2008-04-04 14:53 . 2008-04-18 20:58 <DIR> d-------- C:\Documents and Settings\User\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 20:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-18 19:47 --------- d-----w C:\Programmi\Java
2008-04-18 17:08 --------- d-----w C:\Programmi\eMule
2008-04-15 18:58 --------- d-----w C:\Programmi\SlySoft
2008-04-14 12:31 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-04-10 17:15 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-04-08 19:20 --------- d-----w C:\Programmi\Servizi in linea
2008-04-06 19:18 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-04-06 18:47 --------- d-----w C:\Programmi\QuickTime
2008-04-06 18:46 --------- d-----w C:\Programmi\Google
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 10:31 194 ---ha-w C:\aaw7boot.cmd
2008-03-11 20:09 --------- d-----w C:\Programmi\Norton AntiVirus
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 19:40 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-26 19:40 --------- d-----w C:\Programmi\Generic
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-11 19:37 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-03-29 17:02 24,192 ----a-w C:\Documents and Settings\User\usbsermptxp.sys
2007-03-29 17:02 22,768 ----a-w C:\Documents and Settings\User\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-19_16.38.03.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 14:32:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-20 18:35:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-20 18:13:01 3,548 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{9642A7C8-C64D-44C2-AEDB-9837B4BD405F}.bin
+ 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
+ 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-04-20 18:15:44 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_438.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 16:04 68856]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 16:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 16:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 16:29 86016]
"PaperPort PTD"="c:\progra~1\scansoft\paperp~1\pptd40nt.exe" [2001-07-10 14:51 26624]
"GSICONEXE"="GSICON.EXE" [2001-10-16 19:35 75776 C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2001-10-02 10:42 16384 C:\WINDOWS\system32\dslagent.exe]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-03-24 18:16:33 135680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Italian\\setup.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 brfilt;Driver filtro Brother MFC;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 22:12]
R3 BrSerWDM;Driver seriale Brother WDM;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 22:12]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 22:12]
R3 BrUsbScn;Driver scanner Brother MFC USB;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 22:12]
S2 gafwload;D-Link DSL-200 USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2001-09-28 13:07]
S3 glausb;D-Link DSL-200 USB ADSL Modem(LAN);C:\WINDOWS\system32\DRIVERS\glausb.sys [2001-09-28 13:04]

.
Contenuto della cartella 'Scheduled Tasks'
"2007-06-27 10:40:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 20:39:10
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************
.
Ora fine scansione: 2008-04-20 20:41:50
ComboFix-quarantined-files.txt 2008-04-20 18:40:47
ComboFix2.txt 2008-04-20 09:58:21
ComboFix3.txt 2008-04-19 14:38:15

10 Directory 20,383,379,456 byte disponibili
11 Directory 20,448,980,992 byte disponibili

166 --- E O F --- 2008-04-20 18:13:01




ECCO IL REPORT AGGIORNATO DI SYSTEMSCAN...

SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

edit by bdoriano: log eliminato perché incompleto. I logs vanno caricati su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
eddythebest89
Mortale adepto
Mortale adepto


Registrato: 18/04/08 19:27
Messaggi: 33
MessaggioInviato: 22 Apr 2008 18:20    Oggetto: Rispondi citando
risolto tutto?? Question
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 23 Apr 2008 15:56    Oggetto: Rispondi citando
eddythebest89 ha scritto:
edit by bdoriano: log eliminato perché incompleto. I logs vanno caricati su FreeFileHosting come indicato qui.

Repetita iuvant:
Fai questa scansione con SystemScan e posta il log su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
eddythebest89
Mortale adepto
Mortale adepto


Registrato: 18/04/08 19:27
Messaggi: 33
MessaggioInviato: 01 Mag 2008 11:49    Oggetto: Rispondi citando
eccomi, scusa ma in questi giorni ho avuto diversi impegni...ecco il report della scansione systemscan

report systemscan4.txt

inoltre, ti volevo dire un altra cosa: prima mentre mi stavo connettendo ad un sito quello dove c'erano le istruzioni per postare il report, mi si è bloccato completamente il pc e mi è venuta fuori la schermata blu con scritto: DRIVER_IRQL_NOT_LESS_OR_EQUAL e in fondo più o meno alla pagina il file era NDIS.SYS...che significa?

grazie ancora...
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 02 Mag 2008 20:12    Oggetto: Rispondi citando
eddythebest89 ha scritto:
inoltre, ti volevo dire un altra cosa: prima mentre mi stavo connettendo ad un sito quello dove c'erano le istruzioni per postare il report, mi si è bloccato completamente il pc e mi è venuta fuori la schermata blu con scritto: DRIVER_IRQL_NOT_LESS_OR_EQUAL e in fondo più o meno alla pagina il file era NDIS.SYS...che significa?

NDIS.SYS è un driver di rete. Usi un modem USB?
Top
Profilo Invia messaggio privato
eddythebest89
Mortale adepto
Mortale adepto


Registrato: 18/04/08 19:27
Messaggi: 33
MessaggioInviato: 03 Mag 2008 16:06    Oggetto: Rispondi citando
sisi ho un modem collegato attraverso un cavo USB...ma non mi è piu venuta fuori quella schermata!
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 03 Mag 2008 16:27    Oggetto: Rispondi citando
Il log di SystemScan evidenzia MBR Rootkit. Laughing

Procedi così:
  1. Scarica questo programma e salvalo in C:\
  2. Clicca Start
  3. Clicca Esegui...
  4. Digita:
    Codice:
    cmd

  5. Clicca su ok
  6. si apre la finestra DOS, digita:
    Codice:
    CD \

    premi invio
  7. digita:
    Codice:
    mbr -f

    premi invio
  8. digita:
    Codice:
    exit

    premi invio
  9. Riavvia il pc
  10. Posta qui il contenuto del log C:\mbr.log
Top
Profilo Invia messaggio privato
eddythebest89
Mortale adepto
Mortale adepto


Registrato: 18/04/08 19:27
Messaggi: 33
MessaggioInviato: 03 Mag 2008 20:56    Oggetto: Rispondi citando
[*]digita:
Codice:
mbr -f

premi invio

questo mi dice che "MBR -F" NON E' RICONOSCIUTO COME COMANDO INTERNO O ESTERNO, UN PROGRAMMA ESEGUIBILE O UN FILE BATCH

e adesso?
Top
Profilo Invia messaggio privato
chemicalbit
Dio maturo
Dio maturo


Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
MessaggioInviato: 03 Mag 2008 23:42    Oggetto: Rispondi citando
1) Hai posizionato il file mbr.exe in c:\ ?

2) quando digiti quel comando sei in c:\ (guarda il testo prima del prompt) ?

3) Hai per caso scritto delle virgolette attorno a
Codice:
mbr -f
?

Perché se non c'è il file mbr.exe il testo dell'errore dovrebbe essere
Citazione:
"mbr" non è riconosciuto come comando interno o esterno,
un programma eseguibile o un file batch.
senza il -f
Top
Profilo Invia messaggio privato
eddythebest89
Mortale adepto
Mortale adepto


Registrato: 18/04/08 19:27
Messaggi: 33
MessaggioInviato: 14 Mag 2008 18:58    Oggetto: Rispondi citando
chemicalbit ha scritto:

Perché se non c'è il file mbr.exe il testo dell'errore dovrebbe essere
Citazione:
"mbr" non è riconosciuto come comando interno o esterno,
un programma eseguibile o un file batch.
senza il -f


si si scusami mi viene cosi l'errore...ma cosa dovrei fare??
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 14 Mag 2008 19:04    Oggetto: Rispondi citando
Spero che così sia più chiaro:
  1. Scarica questo programma e salvalo in C:\
  2. Clicca Start
  3. Clicca Esegui...
  4. Digita:
    Codice:
    cmd


  5. Clicca su ok
  6. si apre la finestra DOS, digita:
    Codice:
    CD \

    premi invio
  7. digita:
    Codice:
    mbr -f

    premi invio
  8. digita:
    Codice:
    exit

    premi invio

  9. Riavvia il pc
  10. Posta qui il contenuto del log C:\mbr.log
Top
Profilo Invia messaggio privato
eddythebest89
Mortale adepto
Mortale adepto


Registrato: 18/04/08 19:27
Messaggi: 33
MessaggioInviato: 14 Mag 2008 19:05    Oggetto: Rispondi
ecco il file.txt di mbr:

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x4cae34d size 0x194 !
copy of MBR has been found in sector 62 !
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Vai a 1, 2  Successivo
Pagina 1 di 2

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi