|
| Precedente :: Successivo |
| Autore |
Messaggio |
Sergiok
Mortale devoto
Registrato: 28/04/08 18:43
Messaggi: 5
|
 Inviato: 28 Apr 2008 19:15 Oggetto: pubblicità explorer |
 |
|
Salve a tutti!
sono nuovo nel forum
ieri ho formattato il pc ( windows XP)
e oggi quando mi connetto ad internet ogni tanto mi si aprono delle pagine di explorer con della pubblicità...
come antivirus ho AVG e spybot search and destroy, però non sono riuscito a risolvere il problema.
ho letto nel forum ke consigliate di fare una scansione con HijackThis e di postarne i risultati x avere un aiutino.
eccoli:
spero che qualcuno mi possa dare una mano. grazie
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.14.20, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iTunes\iTunes.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\distnoted.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Pure Team Open Exit] C:\Documents and Settings\All Users\Dati applicazioni\Option Camp Pure Team\dash more.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Programmi\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [blue amok] C:\DOCUME~1\ADMINI~1\DATIAP~1\POLLLO~1\support open.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209382204890
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B605B21-A60A-4560-B756-C214AB1E13E1}: NameServer = 85.37.17.51 85.38.28.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B605B21-A60A-4560-B756-C214AB1E13E1}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6905 bytes |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 28 Apr 2008 19:28 Oggetto: |
|
|
Ciao Sergiok, 
vedo che hai una nostra vecchia conoscenza: CID. 
Giusto per non sbagliare, pulizie generiche:
PS: se vuoi, puoi presentarti qui |
|
| Top |
|
|
Sergiok
Mortale devoto
Registrato: 28/04/08 18:43
Messaggi: 5
|
| Inviato: 28 Apr 2008 19:41 Oggetto: |
|
|
ok
dopo cena faccio come mi hai detto
si deve essere un cid perchè mi esce sempre scritto CiD: www.blabla ecc.. |
|
| Top |
|
|
Sergiok
Mortale devoto
Registrato: 28/04/08 18:43
Messaggi: 5
|
| Inviato: 28 Apr 2008 22:15 Oggetto: |
|
|
ecco i risultati richiesti:
[URL="http://www.freefilehosting.net/files/3g9ee"]NFix_2008-04-28_21-35-432.log[/URL]
ComboFix 08-04-27.3 - Administrator 2008-04-28 22:09:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.606 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Administrator\Documenti\Programmi\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Dati applicazioni\macromedia\Flash Player\#SharedObjects\DSHK3V2V\iforex.com
C:\Documents and Settings\Administrator\Dati applicazioni\macromedia\Flash Player\#SharedObjects\DSHK3V2V\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Administrator\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Administrator\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\install.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-03-28 al 2008-04-28 )))))))))))))))))))))))))))))))))))
.
2008-04-28 19:00 . 2008-04-28 19:00 <DIR> d-------- C:\Programmi\File comuni\snp2std
2008-04-28 19:00 . 2006-01-19 11:34 10,221,440 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2008-04-28 18:32 . 2008-04-28 18:32 <DIR> d-------- C:\Programmi\Trend Micro
2008-04-28 15:47 . 2008-04-28 15:47 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-28 15:47 . 2008-04-28 15:47 <DIR> d-------- C:\Programmi\AVG
2008-04-28 15:47 . 2008-04-28 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-04-28 15:47 . 2008-04-28 15:47 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-28 15:47 . 2008-04-28 15:47 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-28 15:47 . 2008-04-28 15:47 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-28 14:51 . 2004-11-19 16:31 110,592 -ra------ C:\WINDOWS\system32\drivers\ianswxp.sys
2008-04-28 14:50 . 2008-04-28 14:50 <DIR> d-------- C:\Programmi\Intel
2008-04-28 14:50 . 2004-11-22 12:38 176,128 -ra------ C:\WINDOWS\system32\drivers\e1000325.sys
2008-04-28 14:50 . 2004-11-16 10:17 163,840 -ra------ C:\WINDOWS\system32\e1000msg.dll
2008-04-28 14:50 . 2004-11-16 18:52 126,976 -ra------ C:\WINDOWS\system32\Prounstl.exe
2008-04-28 14:50 . 2004-11-16 18:35 55,808 -ra------ C:\WINDOWS\system32\EtCoInst.dll
2008-04-28 14:50 . 2004-10-29 18:01 19,456 -ra------ C:\WINDOWS\system32\IntelNic.dll
2008-04-28 14:50 . 2004-09-21 16:06 2,743 -ra------ C:\WINDOWS\system32\e1000325.din
2008-04-28 14:50 . 2003-11-03 20:15 1,902 --------- C:\WINDOWS\system32\SetupBD.din
2008-04-28 14:46 . 2004-09-14 07:55 88,960 --a------ C:\WINDOWS\system32\drivers\MidiSyn.sys
2008-04-28 14:45 . 2008-04-28 14:45 <DIR> d-------- C:\Programmi\Analog Devices
2008-04-28 14:44 . 2004-04-27 09:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-04-28 14:31 . 2008-04-28 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-04-28 14:19 . 2008-04-28 14:19 <DIR> d-------- C:\Programmi\ASUSTeK
2008-04-28 14:17 . 2004-12-14 17:55 9,472 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2008-04-28 14:08 . 2008-04-28 14:08 <DIR> d-------- C:\Programmi\DIFX
2008-04-28 14:08 . 2008-04-28 14:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-28 14:07 . 2008-04-28 14:08 <DIR> d-------- C:\Programmi\Nokia
2008-04-28 14:07 . 2008-04-28 14:07 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-04-28 14:07 . 2008-04-28 14:07 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-04-28 14:07 . 2008-04-28 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-04-28 14:07 . 2008-04-28 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2008-04-28 14:07 . 2008-04-28 14:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\PC Suite
2008-04-28 14:07 . 2006-05-29 08:26 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-04-28 14:07 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-28 14:07 . 2006-05-29 08:26 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-28 14:07 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-04-28 14:07 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-04-28 14:07 . 2006-05-29 08:26 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-04-28 14:07 . 2006-05-29 08:26 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2008-04-28 14:03 . 2008-04-28 14:03 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-04-28 14:03 . 2008-04-28 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-28 14:03 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-28 14:02 . 2008-04-28 14:02 <DIR> d--h----- C:\BJPrinter
2008-04-28 14:02 . 2004-04-23 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM64.DLL
2008-04-28 14:02 . 2004-03-11 18:06 86,016 -ra------ C:\WINDOWS\system32\CNMCP64.exe
2008-04-28 14:02 . 2004-04-23 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS64.DLL
2008-04-28 14:01 . 2008-04-28 14:04 <DIR> d-------- C:\Programmi\Canon
2008-04-28 13:51 . 2008-04-28 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-04-28 13:47 . 2008-04-28 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Option Camp Pure Team
2008-04-28 13:47 . 2008-04-28 13:47 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-04-28 13:46 . 2008-04-28 13:46 <DIR> d-------- C:\Programmi\poll long eggs
2008-04-28 13:46 . 2008-04-28 13:46 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2008-04-28 13:46 . 2008-04-28 13:46 <DIR> d-------- C:\Programmi\Circle Developement
2008-04-28 13:46 . 2008-04-28 13:47 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\poll long eggs
2008-04-28 13:46 . 2008-04-28 13:46 268 --ah----- C:\sqmdata00.sqm
2008-04-28 13:46 . 2008-04-28 13:46 244 --ah----- C:\sqmnoopt00.sqm
2008-04-28 13:38 . 2008-04-28 13:44 <DIR> d-------- C:\Programmi\Windows Live
2008-04-28 13:38 . 2008-04-28 13:44 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-04-28 13:37 . 2008-04-28 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-04-28 13:35 . 2008-04-28 13:35 <DIR> d-------- C:\Programmi\iTunes
2008-04-28 13:35 . 2008-04-28 13:35 <DIR> d-------- C:\Programmi\iPod
2008-04-28 13:35 . 2008-04-28 13:35 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Apple Computer
2008-04-28 13:35 . 2008-04-28 21:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-28 13:35 . 2008-04-28 13:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-28 13:34 . 2008-04-28 13:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-28 13:34 . 2008-04-28 13:35 <DIR> d-------- C:\Programmi\QuickTime
2008-04-28 13:34 . 2008-04-28 13:34 <DIR> d-------- C:\Programmi\Apple Software Update
2008-04-28 13:34 . 2008-04-28 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-04-28 13:33 . 2008-04-28 13:33 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-04-28 13:33 . 2008-04-28 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-04-28 13:31 . 2008-04-28 13:31 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-28 13:30 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-28 13:30 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-28 13:30 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-28 13:30 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-28 13:30 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-28 13:29 . 2008-04-28 13:29 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-28 13:22 . 2008-04-28 13:22 <DIR> d-------- C:\Programmi\Pirelli
2008-04-28 13:22 . 2008-04-28 13:22 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Avvio
2008-04-28 13:22 . 2004-10-05 18:41 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2008-04-28 13:22 . 2004-10-05 18:41 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-04-28 13:21 . 2008-04-28 13:21 <DIR> d-------- C:\WINDOWS\Motive
2008-04-28 13:21 . 2008-04-28 13:21 <DIR> d-------- C:\Programmi\Motive
2008-04-28 13:21 . 2008-04-28 13:21 <DIR> d-------- C:\Programmi\Common Files
2008-04-28 13:21 . 2008-04-28 14:57 <DIR> d-------- C:\Programmi\Alice ti aiuta
2008-04-28 13:21 . 2002-10-17 19:07 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-04-28 13:21 . 2002-10-17 20:44 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-04-28 13:21 . 2002-10-17 20:44 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-04-28 13:21 . 2002-10-17 20:44 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-04-28 13:21 . 2002-10-17 19:28 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-04-28 13:21 . 2002-10-17 19:08 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-04-28 13:17 . 2008-04-28 13:17 <DIR> d-------- C:\Programmi\Telecom Italia
2008-04-28 13:17 . 2008-04-28 19:00 <DIR> d--h----- C:\Programmi\InstallShield Installation Information
2008-04-28 13:16 . 2008-04-28 14:17 <DIR> d-------- C:\Programmi\File comuni\InstallShield
2008-04-27 23:01 . 2004-08-04 01:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-27 23:00 . 2004-08-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-04-27 23:00 . 2004-08-19 15:39 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-04-27 23:00 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-04-27 23:00 . 2004-08-04 01:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-27 23:00 . 2004-08-19 17:24 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-27 23:00 . 2004-08-19 15:39 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 11:21 155,995 ----a-w C:\WINDOWS\java\Packages\FHJJLBX3.ZIP
2008-04-27 19:26 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Ahead
2008-04-27 19:25 --------- d-----w C:\Programmi\Nero
2008-04-27 19:25 --------- d-----w C:\Programmi\File comuni\Ahead
2008-04-27 19:20 --------- d-----w C:\Programmi\UltraISO
2008-04-27 19:20 --------- d-----w C:\Programmi\File comuni\EZB Systems
2008-04-27 19:20 --------- d-----w C:\Programmi\File comuni\Adobe
2008-04-27 19:19 --------- d-----w C:\Programmi\HighMAT CD Writing Wizard
2008-04-27 19:19 --------- d-----w C:\Programmi\File comuni\ACD Systems
2008-04-27 19:19 --------- d-----w C:\Programmi\ACD Systems
2008-04-27 19:19 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems
2008-04-27 19:15 --------- d-----w C:\Programmi\microsoft frontpage
2008-04-27 19:05 --------- d-----w C:\Programmi\Servizi in linea
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:39 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"blue amok"="C:\DOCUME~1\ADMINI~1\DATIAP~1\POLLLO~1\support open.exe" [2008-04-28 13:46 428544]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Pure Team Open Exit"="C:\Documents and Settings\All Users\Dati applicazioni\Option Camp Pure Team\dash more.exe" [2008-04-28 22:00 1898496]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-15 06:01 5513216]
"nwiz"="nwiz.exe" [2004-12-15 06:01 1490944 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-12-15 06:01 86016]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41 860160]
"PRONoMgrWired"="C:\Programmi\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-11-18 10:16 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-28 15:47 1177368]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 13:08 20480]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-16 14:06 114688]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 13:57 344064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:39 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-28 15:47]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-28 15:47]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-28 15:47]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-28 15:47]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-19 11:34]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-28 20:00:04 C:\WINDOWS\Tasks\AB5F8B4B91883FF7.job"
- c:\docume~1\admini~1\datiap~1\polllo~1\Cashroadweb.exe
"2008-04-28 11:34:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 22:10:23
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 23
**************************************************************************
.
Ora fine scansione: 2008-04-28 22:11:04
ComboFix-quarantined-files.txt 2008-04-28 20:11:01
6 Directory 23,692,468,224 byte disponibili
9 Directory 24,287,502,336 byte disponibili
204 |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 29 Apr 2008 07:45 Oggetto: |
|
|
Crea un file di testo con le seguenti istruzioni:
| Codice: | File::
C:\WINDOWS\Tasks\AB5F8B4B91883FF7.job
c:\docume~1\admini~1\datiap~1\polllo~1\Cashroadweb.exe
C:\Documents and Settings\All Users\Dati applicazioni\Option Camp Pure Team\dash more.exe
C:\DOCUME~1\ADMINI~1\DATIAP~1\POLLLO~1\support open.exe
Folder::
C:\Programmi\poll long eggs
C:\DOCUME~1\ADMINI~1\DATIAP~1\POLLLO~1
C:\Documents and Settings\All Users\Dati applicazioni\Option Camp Pure Team
registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pure Team Open Exit"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"blue amok"=- |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. 
Posta i logs aggiornati di combofix e di hijackthis |
|
| Top |
|
|
Sergiok
Mortale devoto
Registrato: 28/04/08 18:43
Messaggi: 5
|
| Inviato: 29 Apr 2008 17:01 Oggetto: |
 |
|
eccoli:
ComboFix 08-04-27.3 - Administrator 2008-04-29 16.53.46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.613 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\docume~1\admini~1\datiap~1\polllo~1\Cashroadweb.exe
C:\DOCUME~1\ADMINI~1\DATIAP~1\POLLLO~1\support open.exe
C:\Documents and Settings\All Users\Dati applicazioni\Option Camp Pure Team\dash more.exe
C:\WINDOWS\Tasks\AB5F8B4B91883FF7.job
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ADMINI~1\DATIAP~1\POLLLO~1
C:\DOCUME~1\ADMINI~1\DATIAP~1\POLLLO~1\0
c:\docume~1\admini~1\datiap~1\polllo~1\Cashroadweb.exe
C:\DOCUME~1\ADMINI~1\DATIAP~1\POLLLO~1\eolzhnzq.exe
C:\DOCUME~1\ADMINI~1\DATIAP~1\POLLLO~1\multi bib clock intra.exe
C:\DOCUME~1\ADMINI~1\DATIAP~1\POLLLO~1\support open.exe
C:\Documents and Settings\All Users\Dati applicazioni\Option Camp Pure Team
C:\Documents and Settings\All Users\Dati applicazioni\Option Camp Pure Team\dash more.exe
C:\Programmi\poll long eggs
C:\WINDOWS\Tasks\AB5F8B4B91883FF7.job
.
((((((((((((((((((((((((( Files Creati Da 2008-03-28 al 2008-04-29 )))))))))))))))))))))))))))))))))))
.
2008-04-28 23:03 . 2008-04-28 23:03 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Nokia
2008-04-28 19:00 . 2008-04-28 19:00 <DIR> d-------- C:\Programmi\File comuni\snp2std
2008-04-28 19:00 . 2006-01-19 11:34 10,221,440 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2008-04-28 18:32 . 2008-04-28 18:32 <DIR> d-------- C:\Programmi\Trend Micro
2008-04-28 15:47 . 2008-04-29 13:52 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-28 15:47 . 2008-04-28 15:47 <DIR> d-------- C:\Programmi\AVG
2008-04-28 15:47 . 2008-04-28 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-04-28 15:47 . 2008-04-28 15:47 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-28 15:47 . 2008-04-28 15:47 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-28 15:47 . 2008-04-28 15:47 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-28 14:51 . 2004-11-19 16:31 110,592 -ra------ C:\WINDOWS\system32\drivers\ianswxp.sys
2008-04-28 14:50 . 2008-04-28 14:50 <DIR> d-------- C:\Programmi\Intel
2008-04-28 14:50 . 2004-11-22 12:38 176,128 -ra------ C:\WINDOWS\system32\drivers\e1000325.sys
2008-04-28 14:50 . 2004-11-16 10:17 163,840 -ra------ C:\WINDOWS\system32\e1000msg.dll
2008-04-28 14:50 . 2004-11-16 18:52 126,976 -ra------ C:\WINDOWS\system32\Prounstl.exe
2008-04-28 14:50 . 2004-11-16 18:35 55,808 -ra------ C:\WINDOWS\system32\EtCoInst.dll
2008-04-28 14:50 . 2004-10-29 18:01 19,456 -ra------ C:\WINDOWS\system32\IntelNic.dll
2008-04-28 14:50 . 2004-09-21 16:06 2,743 -ra------ C:\WINDOWS\system32\e1000325.din
2008-04-28 14:50 . 2003-11-03 20:15 1,902 --------- C:\WINDOWS\system32\SetupBD.din
2008-04-28 14:46 . 2004-09-14 07:55 88,960 --a------ C:\WINDOWS\system32\drivers\MidiSyn.sys
2008-04-28 14:45 . 2008-04-28 14:45 <DIR> d-------- C:\Programmi\Analog Devices
2008-04-28 14:44 . 2004-04-27 09:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-04-28 14:31 . 2008-04-28 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-04-28 14:19 . 2008-04-28 14:19 <DIR> d-------- C:\Programmi\ASUSTeK
2008-04-28 14:17 . 2004-12-14 17:55 9,472 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2008-04-28 14:08 . 2008-04-28 14:08 <DIR> d-------- C:\Programmi\DIFX
2008-04-28 14:08 . 2008-04-28 14:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-28 14:07 . 2008-04-28 14:08 <DIR> d-------- C:\Programmi\Nokia
2008-04-28 14:07 . 2008-04-28 14:07 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-04-28 14:07 . 2008-04-28 14:07 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-04-28 14:07 . 2008-04-28 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-04-28 14:07 . 2008-04-28 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2008-04-28 14:07 . 2008-04-28 14:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\PC Suite
2008-04-28 14:07 . 2006-05-29 08:26 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-04-28 14:07 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-28 14:07 . 2006-05-29 08:26 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-28 14:07 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-04-28 14:07 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-04-28 14:07 . 2006-05-29 08:26 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-04-28 14:07 . 2006-05-29 08:26 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2008-04-28 14:03 . 2008-04-28 14:03 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-04-28 14:03 . 2008-04-28 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-28 14:03 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-28 14:02 . 2008-04-28 14:02 <DIR> d--h----- C:\BJPrinter
2008-04-28 14:02 . 2004-04-23 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM64.DLL
2008-04-28 14:02 . 2004-03-11 18:06 86,016 -ra------ C:\WINDOWS\system32\CNMCP64.exe
2008-04-28 14:02 . 2004-04-23 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS64.DLL
2008-04-28 14:01 . 2008-04-28 14:04 <DIR> d-------- C:\Programmi\Canon
2008-04-28 13:51 . 2008-04-28 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-04-28 13:47 . 2008-04-28 13:47 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-04-28 13:46 . 2008-04-28 13:46 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2008-04-28 13:46 . 2008-04-28 13:46 <DIR> d-------- C:\Programmi\Circle Developement
2008-04-28 13:46 . 2008-04-28 13:46 268 --ah----- C:\sqmdata00.sqm
2008-04-28 13:46 . 2008-04-28 13:46 244 --ah----- C:\sqmnoopt00.sqm
2008-04-28 13:38 . 2008-04-28 13:44 <DIR> d-------- C:\Programmi\Windows Live
2008-04-28 13:38 . 2008-04-28 13:44 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-04-28 13:37 . 2008-04-28 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-04-28 13:35 . 2008-04-28 13:35 <DIR> d-------- C:\Programmi\iTunes
2008-04-28 13:35 . 2008-04-28 13:35 <DIR> d-------- C:\Programmi\iPod
2008-04-28 13:35 . 2008-04-28 13:35 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Apple Computer
2008-04-28 13:35 . 2008-04-29 13:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-28 13:35 . 2008-04-28 13:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-28 13:34 . 2008-04-28 13:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-28 13:34 . 2008-04-28 13:35 <DIR> d-------- C:\Programmi\QuickTime
2008-04-28 13:34 . 2008-04-28 13:34 <DIR> d-------- C:\Programmi\Apple Software Update
2008-04-28 13:34 . 2008-04-28 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-04-28 13:33 . 2008-04-28 13:33 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-04-28 13:33 . 2008-04-28 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-04-28 13:31 . 2008-04-28 13:31 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-28 13:30 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-28 13:30 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-28 13:30 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-28 13:30 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-28 13:30 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-28 13:29 . 2008-04-28 13:29 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-28 13:22 . 2008-04-28 13:22 <DIR> d-------- C:\Programmi\Pirelli
2008-04-28 13:22 . 2008-04-28 13:22 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Avvio
2008-04-28 13:22 . 2004-10-05 18:41 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2008-04-28 13:22 . 2004-10-05 18:41 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-04-28 13:21 . 2008-04-28 13:21 <DIR> d-------- C:\WINDOWS\Motive
2008-04-28 13:21 . 2008-04-28 13:21 <DIR> d-------- C:\Programmi\Motive
2008-04-28 13:21 . 2008-04-28 13:21 <DIR> d-------- C:\Programmi\Common Files
2008-04-28 13:21 . 2008-04-28 14:57 <DIR> d-------- C:\Programmi\Alice ti aiuta
2008-04-28 13:21 . 2002-10-17 19:07 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-04-28 13:21 . 2002-10-17 20:44 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-04-28 13:21 . 2002-10-17 20:44 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-04-28 13:21 . 2002-10-17 20:44 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-04-28 13:21 . 2002-10-17 19:28 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-04-28 13:21 . 2002-10-17 19:08 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-04-28 13:17 . 2008-04-28 13:17 <DIR> d-------- C:\Programmi\Telecom Italia
2008-04-28 13:17 . 2008-04-28 19:00 <DIR> d--h----- C:\Programmi\InstallShield Installation Information
2008-04-28 13:16 . 2008-04-28 14:17 <DIR> d-------- C:\Programmi\File comuni\InstallShield
2008-04-27 23:01 . 2004-08-04 01:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-27 23:00 . 2004-08-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-04-27 23:00 . 2004-08-19 15:39 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-04-27 23:00 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-04-27 23:00 . 2004-08-04 01:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-27 23:00 . 2004-08-19 17:24 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-27 23:00 . 2004-08-19 15:39 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 11:21 155,995 ----a-w C:\WINDOWS\java\Packages\FHJJLBX3.ZIP
2008-04-27 19:26 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Ahead
2008-04-27 19:25 --------- d-----w C:\Programmi\Nero
2008-04-27 19:25 --------- d-----w C:\Programmi\File comuni\Ahead
2008-04-27 19:20 --------- d-----w C:\Programmi\UltraISO
2008-04-27 19:20 --------- d-----w C:\Programmi\File comuni\EZB Systems
2008-04-27 19:20 --------- d-----w C:\Programmi\File comuni\Adobe
2008-04-27 19:19 --------- d-----w C:\Programmi\HighMAT CD Writing Wizard
2008-04-27 19:19 --------- d-----w C:\Programmi\File comuni\ACD Systems
2008-04-27 19:19 --------- d-----w C:\Programmi\ACD Systems
2008-04-27 19:19 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems
2008-04-27 19:15 --------- d-----w C:\Programmi\microsoft frontpage
2008-04-27 19:05 --------- d-----w C:\Programmi\Servizi in linea
.
((((((((((((((((((((((((((((( snapshot@2008-04-28_22.10.54.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-28 19:58:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-29 11:49:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-08-02 09:31:32 360,320 ----a-w C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
+ 2007-08-02 09:31:32 67,456 ----a-w C:\WINDOWS\Downloaded Program Files\PURen-us.dll
+ 2007-08-06 10:10:28 68,480 ----a-w C:\WINDOWS\Downloaded Program Files\PURit-it.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:39 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-15 06:01 5513216]
"nwiz"="nwiz.exe" [2004-12-15 06:01 1490944 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-12-15 06:01 86016]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41 860160]
"PRONoMgrWired"="C:\Programmi\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-11-18 10:16 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-28 15:47 1177368]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 13:08 20480]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-16 14:06 114688]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 13:57 344064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:39 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-28 15:47]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-28 15:47]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-28 15:47]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-28 15:47]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-19 11:34]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - RSVP
.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-28 11:34:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 16:55:00
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 24
**************************************************************************
.
Ora fine scansione: 2008-04-29 16.55.41
ComboFix-quarantined-files.txt 2008-04-29 14:55:37
ComboFix2.txt 2008-04-28 20:11:04
6 Directory 24,144,793,600 byte disponibili
9 Directory 24,192,581,632 byte disponibili
218
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.59.50, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Programmi\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209382204890
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sergiok89.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6350 bytes |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
