|
| Precedente :: Successivo |
| Autore |
Messaggio |
lorenzo474
Mortale devoto
Registrato: 08/02/08 15:20
Messaggi: 9
|
 Inviato: 21 Apr 2008 22:47 Oggetto: mi date un occhiata al log...ho frequenti disconnessioni |
 |
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.43.27, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Java\jre1.5.0_06\bin\jucheck.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\DOTT~1.SSA\IMPOST~1\Temp\Rar$EX00.844\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/en/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programmi\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PrepareYourVAIO] C:\Programmi\Sony\Prepare your VAIO\PYVAlert.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Aggiungi sito di supporto RSS a VAIO Information FLOW - C:\Programmi\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D7902B9-D35C-438A-B961-0E45CEEF4D56}: NameServer = 193.70.192.15,193.70.152.25
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programmi\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 11096 bytes |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 21 Apr 2008 22:55 Oggetto: |
|
|
Ciao lorenzo474, 
Hijackthis va salvato in una sua cartella non temporanea e non sul desktop. 
Fai le pulizie generiche:
|
|
| Top |
|
|
lorenzo474
Mortale devoto
Registrato: 08/02/08 15:20
Messaggi: 9
|
|
| Top |
|
|
lorenzo474
Mortale devoto
Registrato: 08/02/08 15:20
Messaggi: 9
|
| Inviato: 22 Apr 2008 21:13 Oggetto: |
|
|
ComboFix 08-04-20.5 - dott.ssa_Ema 2008-04-22 20.41.01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.488 [GMT 2:00]
Eseguito da: C:\Documents and Settings\dott.ssa_Ema\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\copy.exe
H:\host.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-03-22 al 2008-04-22 )))))))))))))))))))))))))))))))))))
.
2008-04-19 18:25 . 2008-04-19 19:30 <DIR> d-------- C:\Documents and Settings\dott.ssa_Ema\Dati applicazioni\Skype
2008-04-19 18:25 . 2008-04-19 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-04-07 21:10 . 2008-04-07 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-04-05 14:26 . 2008-04-22 18:21 47,616 --a------ C:\WINDOWS\system32\fsmgmt.dll
2008-04-05 14:26 . 2008-04-08 19:16 46,080 --a------ C:\WINDOWS\system32\fsmgmt.dll.tmp
2008-04-04 13:10 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-04 13:10 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-03-28 18:17 . 2008-03-28 18:17 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-03-28 18:17 . 2008-03-28 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-03-26 20:34 . 2003-07-31 03:05 642,944 --a------ C:\WINDOWS\system32\drivers\CnxEtU.sys
2008-03-26 20:34 . 2003-07-31 20:01 159,744 --a------ C:\WINDOWS\system32\CnxHwIo.dll
2008-03-26 20:34 . 2002-08-05 23:59 118,784 --a------ C:\WINDOWS\system32\CnxMfdCo.dll
2008-03-26 20:34 . 2001-10-02 23:08 118,784 --a------ C:\WINDOWS\system32\CnxClsCo.dll
2008-03-26 20:34 . 2003-11-02 16:54 108,675 --a------ C:\WINDOWS\system32\drivers\CnxTgN.sys
2008-03-26 20:34 . 2003-07-31 03:05 60,288 --a------ C:\WINDOWS\system32\drivers\CnxEtP.sys
2008-03-26 19:50 . 2008-03-26 19:50 <DIR> d-------- C:\Documents and Settings\dott.ssa_Ema\Dati applicazioni\Motive
2008-03-26 19:25 . 2008-03-26 19:25 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Avvio
2008-03-22 15:27 . 2008-03-26 19:55 <DIR> d-------- C:\WINDOWS\Motive
2008-03-22 15:27 . 2008-03-26 19:55 <DIR> d-------- C:\Programmi\Motive
2008-03-22 15:27 . 2008-03-22 15:27 <DIR> d-------- C:\Programmi\Common Files
2008-03-22 15:27 . 2002-10-17 20:07 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-03-22 15:27 . 2002-10-17 21:44 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-03-22 15:27 . 2002-10-17 21:44 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-03-22 15:27 . 2002-10-17 21:44 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-03-22 15:27 . 2002-10-17 20:28 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-03-22 15:27 . 2002-10-17 20:08 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-03-22 15:26 . 2008-03-22 15:26 <DIR> d-------- C:\Programmi\Telecom Italia
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 16:19 17,920 ----a-w C:\WINDOWS\system32\secpol.exe
2008-03-26 18:32 --------- d-----w C:\Programmi\ZyXEL
2008-03-22 13:27 155,995 ----a-w C:\WINDOWS\java\Packages\XN7ZZ539.ZIP
2008-03-22 13:26 --------- d--h--w C:\Programmi\InstallShield Installation Information
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 14:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 17:06 68856]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Programmi\Apoint\Apoint.exe" [2004-11-17 13:47 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 22:40 64512]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-04-05 04:21 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-04-05 04:21 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-04-05 04:21 118784]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 07:21 53248]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"SonyPowerCfg"="C:\Programmi\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 15:17 217088]
"ISBMgr.exe"="C:\Programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"Switcher.exe"="C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 12:11 176128]
"VAIO Update 2"="C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 21:36 151552]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"PrepareYourVAIO"="C:\Programmi\Sony\Prepare your VAIO\PYVAlert.exe" [2005-01-21 15:36 118784]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-11-06 23:12 185632]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-12-09 16:22 778240]
"CnxDslTaskBar"="C:\Programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 20:06 458752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 14:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsmgmt]
fsmgmt.dll 2008-04-22 18:21 47616 C:\WINDOWS\system32\fsmgmt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-06-20 16:11 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\FILECO~1\SONYSH~1\VideoLib\sonydv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\JavaSoft\\JRE\\1.3.1_13\\bin\\javaw.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 18:56]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 11:32]
S3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 17:43]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-07-31 03:05]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-07-31 03:05]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-11-02 16:54]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Programmi\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 20:10]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 18:23]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43f00f34-030b-11dd-8eee-0016cf70d8dc}]
\Shell\Auto\command - H:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b01fadd4-04cf-11dd-8ef6-0016cf70d8dc}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 20:42:34
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\imon.dll
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-04-22 20.43.34
ComboFix-quarantined-files.txt 2008-04-22 18:43:25
9 Directory 23,138,111,488 byte disponibili
13 Directory 23,390,195,712 byte disponibili
146 --- E O F --- 2008-03-13 17:58:11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.11.07, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Java\jre1.5.0_06\bin\jucheck.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\DOTT~1.SSA\IMPOST~1\Temp\Rar$EX00.656\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programmi\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PrepareYourVAIO] C:\Programmi\Sony\Prepare your VAIO\PYVAlert.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Aggiungi sito di supporto RSS a VAIO Information FLOW - C:\Programmi\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D7902B9-D35C-438A-B961-0E45CEEF4D56}: NameServer = 193.70.192.15,193.70.152.25
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programmi\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 11208 bytes |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 23 Apr 2008 16:12 Oggetto: |
|
|
Ok, norman ha ripristinato una chiave di registro e combofix ha eliminato qualcosina.
- Disabilita il tuo antivirus
- Collegati a BitDefender (con IE) e fai la scansione completa.
- Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
|
|
| Top |
|
|
lorenzo474
Mortale devoto
Registrato: 08/02/08 15:20
Messaggi: 9
|
| Inviato: 25 Apr 2008 02:48 Oggetto: |
|
|
| bdoriano ha scritto: | Ok, norman ha ripristinato una chiave di registro e combofix ha eliminato qualcosina.
- Disabilita il tuo antivirus
- Collegati a BitDefender (con IE) e fai la scansione completa.
- Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
|
sono riuscitoa fare solo il secondo di antivirus....qualcosa c'è...
log6.html |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 25 Apr 2008 14:28 Oggetto: |
|
|
Crea un file di testo con le seguenti istruzioni:
| Codice: | File::
C:\WINDOWS\system32\fsmgmt.dll.tmp
C:\WINDOWS\system32\secpol.exe
C:\WINDOWS\system32\fsmgmt.dll |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. 
Posta i logs aggiornati di combofix e di hijackthis |
|
| Top |
|
|
lorenzo474
Mortale devoto
Registrato: 08/02/08 15:20
Messaggi: 9
|
| Inviato: 25 Apr 2008 15:12 Oggetto: |
|
|
ComboFix 08-04-20.5 - dott.ssa_Ema 2008-04-25 14.59.29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.513 [GMT 2:00]
Eseguito da: C:\Documents and Settings\dott.ssa_Ema\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\dott.ssa_Ema\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\fsmgmt.dll
C:\WINDOWS\system32\fsmgmt.dll.tmp
C:\WINDOWS\system32\secpol.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\fsmgmt.dll
C:\WINDOWS\system32\fsmgmt.dll.tmp
C:\WINDOWS\system32\secpol.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-03-25 al 2008-04-25 )))))))))))))))))))))))))))))))))))
.
2008-04-25 01:40 . 2008-04-25 01:40 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-25 01:40 . 2008-04-25 01:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-04-24 00:36 . 2008-04-24 00:36 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-19 18:25 . 2008-04-19 19:30 <DIR> d-------- C:\Documents and Settings\dott.ssa_Ema\Dati applicazioni\Skype
2008-04-19 18:25 . 2008-04-19 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-04-07 21:10 . 2008-04-07 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-04-04 13:10 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-04 13:10 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-03-28 18:17 . 2008-03-28 18:17 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-03-28 18:17 . 2008-03-28 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-03-26 20:34 . 2003-07-31 03:05 642,944 --a------ C:\WINDOWS\system32\drivers\CnxEtU.sys
2008-03-26 20:34 . 2003-07-31 20:01 159,744 --a------ C:\WINDOWS\system32\CnxHwIo.dll
2008-03-26 20:34 . 2002-08-05 23:59 118,784 --a------ C:\WINDOWS\system32\CnxMfdCo.dll
2008-03-26 20:34 . 2001-10-02 23:08 118,784 --a------ C:\WINDOWS\system32\CnxClsCo.dll
2008-03-26 20:34 . 2003-11-02 16:54 108,675 --a------ C:\WINDOWS\system32\drivers\CnxTgN.sys
2008-03-26 20:34 . 2003-07-31 03:05 60,288 --a------ C:\WINDOWS\system32\drivers\CnxEtP.sys
2008-03-26 19:50 . 2008-03-26 19:50 <DIR> d-------- C:\Documents and Settings\dott.ssa_Ema\Dati applicazioni\Motive
2008-03-26 19:25 . 2008-03-26 19:25 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Avvio
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 18:32 --------- d-----w C:\Programmi\ZyXEL
2008-03-26 17:55 --------- d-----w C:\Programmi\Motive
2008-03-22 13:27 --------- d-----w C:\Programmi\Common Files
2008-03-22 13:26 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-22 13:26 --------- d-----w C:\Programmi\Telecom Italia
.
((((((((((((((((((((((((((((( snapshot@2008-04-22_20.43.18,81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-04-22 18:27:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-25 13:02:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2008-04-22 18:27:24 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-25 11:40:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-22 18:27:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-04-25 11:40:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2008-04-22 18:27:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-25 11:40:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 14:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 17:06 68856]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Programmi\Apoint\Apoint.exe" [2004-11-17 13:47 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 22:40 64512]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-04-05 04:21 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-04-05 04:21 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-04-05 04:21 118784]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 07:21 53248]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"SonyPowerCfg"="C:\Programmi\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 15:17 217088]
"ISBMgr.exe"="C:\Programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"Switcher.exe"="C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 12:11 176128]
"VAIO Update 2"="C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 21:36 151552]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"PrepareYourVAIO"="C:\Programmi\Sony\Prepare your VAIO\PYVAlert.exe" [2005-01-21 15:36 118784]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-11-06 23:12 185632]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-12-09 16:22 778240]
"CnxDslTaskBar"="C:\Programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 20:06 458752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 14:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsmgmt]
fsmgmt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-06-20 16:11 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\FILECO~1\SONYSH~1\VideoLib\sonydv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\JavaSoft\\JRE\\1.3.1_13\\bin\\javaw.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 18:56]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 11:32]
S3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 17:43]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-07-31 03:05]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-07-31 03:05]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-11-02 16:54]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Programmi\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 20:10]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 18:23]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43f00f34-030b-11dd-8eee-0016cf70d8dc}]
\Shell\Auto\command - H:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b01fadd4-04cf-11dd-8ef6-0016cf70d8dc}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 15:02:26
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 10
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\imon.dll
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Apoint\ApntEx.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
.
**************************************************************************
.
Ora fine scansione: 2008-04-25 15:05:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 13:05:13
ComboFix2.txt 2008-04-22 18:43:35
9 Directory 23,206,088,704 byte disponibili
13 Directory 23,307,173,888 byte disponibili
189 --- E O F --- 2008-03-13 17:58:11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.11.42, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Apoint\Apntex.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\DOTT~1.SSA\IMPOST~1\Temp\Rar$EX00.562\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programmi\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PrepareYourVAIO] C:\Programmi\Sony\Prepare your VAIO\PYVAlert.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Aggiungi sito di supporto RSS a VAIO Information FLOW - C:\Programmi\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D7902B9-D35C-438A-B961-0E45CEEF4D56}: NameServer = 193.70.192.15,193.70.152.25
O20 - Winlogon Notify: fsmgmt - fsmgmt.dll (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programmi\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 11374 bytes |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 25 Apr 2008 16:12 Oggetto: |
 |
|
I logs sembrano puliti.
Per sicurezza, usa KASPERSKY VIRUS REMOVAL TOOL: clicca qui per il download
Compatibilita: Windows XP
scarica la versione del tool più aggiornata rispetto alla data e ora di pubblicazione
Installa KASPERSKY VIRUS REMOVAL TOOL:
verrà creata una apposta cartella sul Desktop
all?interno della cartella è presente la classica icona (una K) di Kaspersky
clicca sull?icona per lanciare il tool
imposta le aree che intendi scansionare (Startup Objects e Disk boot sector sono impostate di default)
al termine della scansione sarà possibile rimuovere e/o mettere in quarantena i file infetti rilevati
salva il log che verrà rilasciato
Nota 1: Il tool è incompatibile se si hanno già prodotti Kaspersky installati
Nota 2: non possiede una funzione di aggiornamento automatico delle firme
Al termine, carica il log generato su FreeFileHosting come indicato qui. |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
