|
| Precedente :: Successivo |
| Autore |
Messaggio |
figaro82
Comune mortale
Registrato: 29/05/08 17:00
Messaggi: 3
Residenza: Terracina (LT)
|
 Inviato: 29 Mag 2008 17:08 Oggetto: AIUTO virus CID!!! |
 |
|
Aiuto!!!ho beccato da un po di tempo il virus CID che in nessun modo riesco ad eliminare...ho eseguito la scansione con HijackThis e questo è quanto è il responso:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.56.33, on 29/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\eMule\emule.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\CLAUDIA\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?sourceid=navclient&hl=it&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [4 Ooze] "C:\ProgramData\style dash dash.cbs0e"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: Aggiungi sito di supporto RSS a VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: www.698698698.info
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: *.archiviosex.net
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: *.otherchance.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.sgnappo.com
O15 - Trusted Zone: www.whatsnew.name
O15 - Trusted Zone: *.whatsnew.name
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://thejoker1983.spaces.live.com/PhotoUpload/VistaMsnPUpldit-it.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: TpServerAltimetrico Service - ITP Elettronica s.r.l. - C:\Itp32\Server\TpServerAltimetrico_svc.exe
O23 - Service: TpServerSfondi Service - ITP Elettronica s.r.l. - C:\Itp32\Server\TpServerSfondi_svc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11543 bytes
Come elimino il virus? |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 29 Mag 2008 17:43 Oggetto: |
|
|
Ciao figaro82, 
- Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
- Fai una scansione con Norman Malware Cleaner.
- Riavvia il computer in modalità normale
- Segui le istruzioni di questo topic per eseguire combofix.
- Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di Norman Malware Cleaner su WikiSend e posta il Forum Link che ti viene assegnato
- Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio
PS: se vuoi, puoi presentarti qui |
|
| Top |
|
|
figaro82
Comune mortale
Registrato: 29/05/08 17:00
Messaggi: 3
Residenza: Terracina (LT)
|
| Inviato: 30 Mag 2008 09:53 Oggetto: |
|
|
Innanzitutto grazie per l'imminente aiuto! ho eseguito alla lettera le tue istruzioni senza riscontrare problemi, pertanto ti comunico i responsi delle scansioni.
- il log di Norman Malware Cleaner è al link:
NFix_2008-05-29_18-39-46.log
- il log di Combofix è:
ComboFix 08-05-29.1 - CLAUDIA 2008-05-30 9.30.49.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1040.18.375 [GMT 2:00]
Eseguito da: C:\Users\CLAUDIA\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\CLAUDIA\AppData\Roaming\inst.exe
C:\Windows\system32\x64
.
((((((((((((((((((((((((( Files Creati Da 2008-04-28 al 2008-05-30 )))))))))))))))))))))))))))))))))))
.
Nessun nuovo file creato in questo arco di tempo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 20:14 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-05-29 16:56 --------- d-----w C:\ProgramData\globalbuildremote
2008-05-29 16:00 --------- d-----w C:\Program Files\Yahoo!
2008-05-29 15:12 --------- d-----w C:\Program Files\Eset
2008-05-29 14:54 401,720 ----a-w C:\Users\CLAUDIA\HiJackThis.exe
2008-05-29 13:30 --------- d-----w C:\ProgramData\Sony Corporation
2008-05-29 13:13 --------- d-----w C:\Program Files\Sony
2008-05-29 13:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 13:06 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-29 13:06 --------- d-----w C:\Program Files\Realtek
2008-05-29 12:35 --------- d-----w C:\Program Files\Google
2008-05-28 17:16 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-28 17:16 --------- d-----w C:\Program Files\Windows Live
2008-05-28 17:10 --------- d-----w C:\Program Files\MSN Messenger
2008-05-28 17:04 --------- d-----w C:\ProgramData\WLInstaller
2008-05-28 16:27 --------- d-----w C:\Program Files\PDF Password Remover v2.5
2008-05-28 07:16 --------- d-----w C:\ProgramData\Symantec
2008-05-28 07:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-27 13:41 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-05-26 17:42 --------- d-----w C:\Users\CLAUDIA\AppData\Roaming\Skype
2008-05-23 11:26 --------- d-----w C:\Program Files\Circle Developement
2008-05-23 10:48 --------- d---a-w C:\ProgramData\TEMP
2008-05-23 10:46 --------- d-----w C:\ProgramData\Avira
2008-05-23 10:46 --------- d-----w C:\Program Files\Avira
2008-05-23 10:08 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-23 09:40 37,888 ----a-w C:\Windows\System32\rar.exe
2008-05-22 13:33 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-05-15 17:15 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-12 14:21 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-10 08:45 --------- d-----w C:\Program Files\Corel
2008-05-01 09:38 917,596 ----a-w C:\Windows\System32\Uninstall_Terrapack32.exe
2008-05-01 09:37 237,568 ----a-w C:\Windows\glut32.dll
2008-04-28 11:03 --------- d-----w C:\ProgramData\grey ante kind mess
2008-04-24 14:20 --------- d-----w C:\Program Files\Real
2008-04-24 14:20 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-24 14:20 --------- d-----w C:\Program Files\Common Files\Real
2008-04-23 15:17 693,792 ----a-w C:\Windows\System32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\Windows\System32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\Windows\System32\OGAAddin.dll
2008-04-22 13:00 --------- d-----w C:\ProgramData\Downloaded Installations
2008-04-22 13:00 --------- d-----w C:\Program Files\Nokia
2008-04-22 13:00 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 10:01 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 09:53 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 09:53 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 09:53 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2007-10-28 09:21 94,208 ----a-w C:\Users\CLAUDIA\AppData\Roaming\ezplay.sys
2007-10-28 09:21 47,360 ----a-w C:\Users\CLAUDIA\AppData\Roaming\pcouffin.sys
2007-10-17 17:37 174 --sha-w C:\Program Files\desktop.ini
2007-12-06 20:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-06 20:52 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-06 20:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 15:55 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"4 Ooze"="C:\ProgramData\style dash dash.cbs0e" [2008-05-23 10:52 393232]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 11:11 4317184 C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2006-09-11 09:23 118784]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 16:35 43128]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-12-13 17:17 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-12-13 17:19 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-12-13 17:17 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-24 16:19 185896]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-29 14:35 223232]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 12:43:54 11000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-11-10 18:26 73728 C:\Windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FF7003AD-8747-4C0F-A1C5-C3060E8D334B}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{CFB2DE38-19C7-4443-B574-46E620BBA958}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{07A063E5-3B58-4CC4-9F8D-BEAE5534290F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FF71FD10-F24D-40CE-A49A-88E5AA94FBA9}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2D987B3D-5BC8-49AA-A7CE-2FC80455AB4C}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E0B42410-CDF0-4539-B34C-916DCA34DD42}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CC270198-E85C-4CD1-ADCC-34FF2ABFD0CC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A2B2DDC8-CB73-4F79-9258-F1B59899733E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EFABE9D6-EB9E-449B-B3DE-25A7FB6E3044}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{9DE2D84B-6A74-43C1-8402-A584746FBB41}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{47976BF4-8326-47A6-B046-23DDBD1D3C2A}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"{C68C8551-8E5F-4F04-A2B8-32FF68A5E20A}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{E39B2903-F470-493C-9DFA-4A0068171D87}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{35426857-1501-49DD-B42D-8EAE63E0F978}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{B7728279-719F-40AD-8742-DFDAADEFC40D}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{4D9CC3E3-4B1D-4A57-A049-2966A2784426}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{95B40041-C0DF-47EA-A490-C6C5E8C57F7A}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{60058A5D-C5DC-46A8-A456-0DF758135307}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{44B671BE-2D3E-48DE-A0D2-CEE752DB8921}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"TCP Query User{BBAEF351-E10D-4E0C-BA8B-3C2FAC0CC6A5}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{0D0C90F2-C304-4FBF-9E61-7442DC81B9C0}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{5C865F0C-DDDB-4280-B189-CA23BF4B451F}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{FF8D9F67-CEC2-48FE-9B43-C36ABC980937}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{D74F2957-9698-4237-8F94-D9F3A0A66AE1}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{5368AED0-1C69-4A8A-9619-03950A556D2E}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"TCP Query User{07DCFF6E-22ED-4F07-A992-87C116F4A31E}C:\\itp32\\server\\tpserversfondi.exe"= UDP:C:\itp32\server\tpserversfondi.exe:Terrapack 32M Server cartografico
"UDP Query User{6E48202C-0E7A-4CC9-9321-B194988A397E}C:\\itp32\\server\\tpserversfondi.exe"= TCP:C:\itp32\server\tpserversfondi.exe:Terrapack 32M Server cartografico
"TCP Query User{4CE8F01A-51F3-474A-99A8-6526AF2D3D7E}C:\\itp32\\server\\tpserveraltimetrico.exe"= UDP:C:\itp32\server\tpserveraltimetrico.exe:Terrapack 32M Server cartografico
"UDP Query User{F341F2A4-2548-46D6-8BE0-AC0E2245DABB}C:\\itp32\\server\\tpserveraltimetrico.exe"= TCP:C:\itp32\server\tpserveraltimetrico.exe:Terrapack 32M Server cartografico
"TCP Query User{AAF276E9-035B-4F8D-9B16-EFBF2C61B33A}C:\\itp32\\exe\\terrapack32.exe"= UDP:C:\itp32\exe\terrapack32.exe:Terrapack 32M
"UDP Query User{97798D4B-46A2-4AE9-8705-36182ABF4FAC}C:\\itp32\\exe\\terrapack32.exe"= TCP:C:\itp32\exe\terrapack32.exe:Terrapack 32M
"TCP Query User{1A7F0827-619E-4CD5-8B11-8511DDB51692}C:\\itp32\\server\\tpserveraltimetrico.exe"= UDP:C:\itp32\server\tpserveraltimetrico.exe:Terrapack 32M Server cartografico
"UDP Query User{B32C21EC-C116-4258-A295-5B1A5AF75C5C}C:\\itp32\\server\\tpserveraltimetrico.exe"= TCP:C:\itp32\server\tpserveraltimetrico.exe:Terrapack 32M Server cartografico
"TCP Query User{A413DDE2-FF56-43B1-A42D-6FED63BCD776}C:\\itp32\\server\\tpserversfondi.exe"= UDP:C:\itp32\server\tpserversfondi.exe:Terrapack 32M Server cartografico
"UDP Query User{7F215E07-5A3C-4C87-A2BB-D9CF6901B995}C:\\itp32\\server\\tpserversfondi.exe"= TCP:C:\itp32\server\tpserversfondi.exe:Terrapack 32M Server cartografico
"TCP Query User{44FF5DC8-D489-48FE-8766-9F10AD069160}C:\\itp32\\exe\\terrapack32.exe"= UDP:C:\itp32\exe\terrapack32.exe:Terrapack 32M
"UDP Query User{8A2BF8DB-AEB5-4F83-9E82-52345DB1601C}C:\\itp32\\exe\\terrapack32.exe"= TCP:C:\itp32\exe\terrapack32.exe:Terrapack 32M
"TCP Query User{F20B70EE-1519-4F89-9CD0-1B0FC68423F7}C:\\users\\claudia\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\claudia\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{26D75F4B-2CE9-4B93-A87E-7E533C7BD27B}C:\\users\\claudia\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\claudia\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"{4C3B04FF-CE03-4948-878E-8A19BF477DAD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E51D0DC7-CE60-436E-B6BC-F734B1D8DE24}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{F043690A-63A6-429E-9A2C-CA1D366A510E}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB []
R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-11-22 09:52]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 10:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-13 18:32]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2006-11-06 15:56]
R3 yukonwlh;Driver Miniport NDIS6.0 per controller Marvell Yukon Ethernet;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
S3 Navcar;Navman In-car Navigator USB Driver Service;C:\Windows\system32\DRIVERS\Navcar.sys [2006-12-13 23:25]
S3 TpServerAltimetrico Service;TpServerAltimetrico Service;C:\Itp32\Server\TpServerAltimetrico_svc.exe [2008-05-01 11:38]
S3 TpServerSfondi Service;TpServerSfondi Service;C:\Itp32\Server\TpServerSfondi_svc.exe [2008-05-01 11:38]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 16:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 14:05]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\Autorun.exe
*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-29 18:29:20 C:\Windows\Tasks\User_Feed_Synchronization-{8B697BD5-F6FE-480B-A115-97141773D4E0}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 09:35:17
Windows 6.0.6000 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-05-30 9.36.23
ComboFix-quarantined-files.txt 2008-05-30 07:36:17
Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
204 --- E O F --- 2008-05-29 13:41:58 |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 30 Mag 2008 18:53 Oggetto: |
|
|
Crea un file di testo con le seguenti istruzioni:
| Codice: | File::
C:\ProgramData\style dash dash.cbs0e
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4 Ooze"=- |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. 
Posta i logs aggiornati di combofix e di hijackthis |
|
| Top |
|
|
figaro82
Comune mortale
Registrato: 29/05/08 17:00
Messaggi: 3
Residenza: Terracina (LT)
|
| Inviato: 30 Mag 2008 19:44 Oggetto: |
|
|
Combofix:
ComboFix 08-05-29.1 - CLAUDIA 2008-05-30 19.31.40.2 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1040.18.412 [GMT 2:00]
Eseguito da: C:\Users\CLAUDIA\Desktop\ComboFix.exe
Command switches used :: C:\Users\CLAUDIA\Desktop\CFScript.txt
FILE ::
C:\ProgramData\style dash dash.cbs0e
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\style dash dash.cbs0e
.
((((((((((((((((((((((((( Files Creati Da 2008-04-28 al 2008-05-30 )))))))))))))))))))))))))))))))))))
.
Nessun nuovo file creato in questo arco di tempo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 16:28 --------- d-----w C:\ProgramData\Google Updater
2008-05-30 15:29 --------- d-----w C:\Program Files\Google
2008-05-30 10:31 --------- d-----w C:\Program Files\PDF Password Remover v3.0
2008-05-30 08:43 --------- d-----w C:\Users\CLAUDIA\AppData\Roaming\Nero
2008-05-30 08:41 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-30 08:38 --------- d-----w C:\ProgramData\Nero
2008-05-30 08:38 --------- d-----w C:\Program Files\Nero
2008-05-29 20:14 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-05-29 16:56 --------- d-----w C:\ProgramData\globalbuildremote
2008-05-29 16:00 --------- d-----w C:\Program Files\Yahoo!
2008-05-29 15:12 --------- d-----w C:\Program Files\Eset
2008-05-29 14:54 401,720 ----a-w C:\Users\CLAUDIA\HiJackThis.exe
2008-05-29 13:30 --------- d-----w C:\ProgramData\Sony Corporation
2008-05-29 13:13 --------- d-----w C:\Program Files\Sony
2008-05-29 13:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 13:06 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-29 13:06 --------- d-----w C:\Program Files\Realtek
2008-05-28 17:16 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-28 17:16 --------- d-----w C:\Program Files\Windows Live
2008-05-28 17:10 --------- d-----w C:\Program Files\MSN Messenger
2008-05-28 17:04 --------- d-----w C:\ProgramData\WLInstaller
2008-05-28 07:16 --------- d-----w C:\ProgramData\Symantec
2008-05-28 07:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-27 13:41 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-05-26 17:42 --------- d-----w C:\Users\CLAUDIA\AppData\Roaming\Skype
2008-05-23 11:26 --------- d-----w C:\Program Files\Circle Developement
2008-05-23 10:48 --------- d---a-w C:\ProgramData\TEMP
2008-05-23 10:46 --------- d-----w C:\ProgramData\Avira
2008-05-23 10:46 --------- d-----w C:\Program Files\Avira
2008-05-23 10:08 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-23 09:40 37,888 ----a-w C:\Windows\System32\rar.exe
2008-05-22 13:33 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-05-15 17:15 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-12 14:21 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-10 08:45 --------- d-----w C:\Program Files\Corel
2008-05-01 09:38 917,596 ----a-w C:\Windows\System32\Uninstall_Terrapack32.exe
2008-05-01 09:37 237,568 ----a-w C:\Windows\glut32.dll
2008-04-28 11:03 --------- d-----w C:\ProgramData\grey ante kind mess
2008-04-24 14:20 --------- d-----w C:\Program Files\Real
2008-04-24 14:20 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-24 14:20 --------- d-----w C:\Program Files\Common Files\Real
2008-04-23 15:17 693,792 ----a-w C:\Windows\System32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\Windows\System32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\Windows\System32\OGAAddin.dll
2008-04-22 13:00 --------- d-----w C:\ProgramData\Downloaded Installations
2008-04-22 13:00 --------- d-----w C:\Program Files\Nokia
2008-04-22 13:00 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 10:01 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 09:53 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 09:53 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 09:53 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2007-10-28 09:21 94,208 ----a-w C:\Users\CLAUDIA\AppData\Roaming\ezplay.sys
2007-10-28 09:21 47,360 ----a-w C:\Users\CLAUDIA\AppData\Roaming\pcouffin.sys
2007-10-17 17:37 174 --sha-w C:\Program Files\desktop.ini
2007-12-06 20:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-06 20:52 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-06 20:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-05-30_ 9.36.08,84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-30 08:41:19 34,088 ----a-w C:\Windows\assembly\GAC_MSIL\DiscWriter\2.2.3.0__477a69ee60b50063\DiscWriter.dll
+ 2008-05-30 08:41:19 5,632 ----a-w C:\Windows\assembly\GAC_MSIL\Interop.NeroBurnAdvrCntrl2Lib\1.0.0.0__477a69ee60b50063\Interop.NeroBurnAdvrCntrl2Lib.dll
+ 2008-05-30 08:41:19 172,032 ----a-w C:\Windows\assembly\GAC_MSIL\Interop.NEROLib\1.4.0.0__477a69ee60b50063\Interop.NEROLib.dll
+ 2008-05-30 08:41:19 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\Interop.NeroMCEWrapper\1.0.0.0__477a69ee60b50063\Interop.NeroMCEWrapper.dll
+ 2008-05-30 08:41:19 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\Interop.NeroVisionAPI\1.3.0.0__477a69ee60b50063\Interop.NeroVisionAPI.dll
+ 2008-05-30 08:41:19 714,024 ----a-w C:\Windows\assembly\GAC_MSIL\NeroBurnSettingsMCML\2.2.3.0__477a69ee60b50063\NeroBurnSettingsMCML.dll
- 2008-05-30 07:24:39 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-30 15:18:40 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-30 07:24:40 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-30 15:18:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-30 07:24:40 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-30 15:18:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-30 07:26:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-30 15:21:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-05-30 07:26:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-30 15:20:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-30 15:20:55 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-05-30 11:46:17 1,506 ----a-w C:\Windows\SoftwareDistribution\EventCache\{2FAB504F-3D9D-4AF1-A1C7-63B150372C78}.bin
+ 2008-05-30 10:31:15 10,752 ----a-w C:\Windows\System32\BASSMOD.dll
- 2008-05-29 19:55:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-30 16:28:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-29 19:55:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-30 16:28:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-29 19:55:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-30 16:28:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-03-17 09:45:52 1,757,184 ----a-w C:\Windows\System32\imagX7.dll
+ 2006-03-17 09:45:54 497,296 ----a-w C:\Windows\System32\imagXpr7.dll
+ 2006-03-17 09:45:54 258,048 ----a-w C:\Windows\System32\imagXR7.dll
+ 2006-03-17 09:45:54 802,816 ----a-w C:\Windows\System32\imagXRA7.dll
+ 2007-12-03 16:04:12 95,600 ----a-w C:\Windows\System32\NeroCo.dll
+ 2006-03-17 12:49:46 368,640 ----a-w C:\Windows\System32\TwnLib4.dll
- 2008-05-30 07:27:05 15,540 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-633851322-1982032177-3568131356-1003_UserData.bin
+ 2008-05-30 15:21:07 15,540 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-633851322-1982032177-3568131356-1003_UserData.bin
- 2008-05-30 07:27:05 65,184 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-30 15:21:06 65,286 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-30 07:27:02 58,040 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-30 15:21:03 59,102 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-03-20 18:22:04 972,336 ----a-w C:\Windows\UNNeroBackItUp.exe
+ 2007-12-13 17:09:06 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
+ 2007-02-28 13:41:02 972,336 ----a-w C:\Windows\UNNeroShowTime.exe
+ 2007-03-21 18:02:12 972,336 ----a-w C:\Windows\UNNeroVision.exe
+ 2007-12-04 07:59:22 972,072 ----a-w C:\Windows\UNRecode.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 15:55 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-30 17:28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 11:11 4317184 C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2006-09-11 09:23 118784]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 16:35 43128]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-12-13 17:17 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-12-13 17:19 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-12-13 17:17 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-24 16:19 185896]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-29 14:35 223232]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 12:43:54 11000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-11-10 18:26 73728 C:\Windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FF7003AD-8747-4C0F-A1C5-C3060E8D334B}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{CFB2DE38-19C7-4443-B574-46E620BBA958}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{07A063E5-3B58-4CC4-9F8D-BEAE5534290F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FF71FD10-F24D-40CE-A49A-88E5AA94FBA9}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2D987B3D-5BC8-49AA-A7CE-2FC80455AB4C}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E0B42410-CDF0-4539-B34C-916DCA34DD42}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CC270198-E85C-4CD1-ADCC-34FF2ABFD0CC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A2B2DDC8-CB73-4F79-9258-F1B59899733E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EFABE9D6-EB9E-449B-B3DE-25A7FB6E3044}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{9DE2D84B-6A74-43C1-8402-A584746FBB41}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{47976BF4-8326-47A6-B046-23DDBD1D3C2A}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"{C68C8551-8E5F-4F04-A2B8-32FF68A5E20A}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{E39B2903-F470-493C-9DFA-4A0068171D87}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{35426857-1501-49DD-B42D-8EAE63E0F978}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{B7728279-719F-40AD-8742-DFDAADEFC40D}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{4D9CC3E3-4B1D-4A57-A049-2966A2784426}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{95B40041-C0DF-47EA-A490-C6C5E8C57F7A}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{60058A5D-C5DC-46A8-A456-0DF758135307}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{44B671BE-2D3E-48DE-A0D2-CEE752DB8921}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"TCP Query User{BBAEF351-E10D-4E0C-BA8B-3C2FAC0CC6A5}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{0D0C90F2-C304-4FBF-9E61-7442DC81B9C0}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{5C865F0C-DDDB-4280-B189-CA23BF4B451F}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{FF8D9F67-CEC2-48FE-9B43-C36ABC980937}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{D74F2957-9698-4237-8F94-D9F3A0A66AE1}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{5368AED0-1C69-4A8A-9619-03950A556D2E}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"TCP Query User{07DCFF6E-22ED-4F07-A992-87C116F4A31E}C:\\itp32\\server\\tpserversfondi.exe"= UDP:C:\itp32\server\tpserversfondi.exe:Terrapack 32M Server cartografico
"UDP Query User{6E48202C-0E7A-4CC9-9321-B194988A397E}C:\\itp32\\server\\tpserversfondi.exe"= TCP:C:\itp32\server\tpserversfondi.exe:Terrapack 32M Server cartografico
"TCP Query User{4CE8F01A-51F3-474A-99A8-6526AF2D3D7E}C:\\itp32\\server\\tpserveraltimetrico.exe"= UDP:C:\itp32\server\tpserveraltimetrico.exe:Terrapack 32M Server cartografico
"UDP Query User{F341F2A4-2548-46D6-8BE0-AC0E2245DABB}C:\\itp32\\server\\tpserveraltimetrico.exe"= TCP:C:\itp32\server\tpserveraltimetrico.exe:Terrapack 32M Server cartografico
"TCP Query User{AAF276E9-035B-4F8D-9B16-EFBF2C61B33A}C:\\itp32\\exe\\terrapack32.exe"= UDP:C:\itp32\exe\terrapack32.exe:Terrapack 32M
"UDP Query User{97798D4B-46A2-4AE9-8705-36182ABF4FAC}C:\\itp32\\exe\\terrapack32.exe"= TCP:C:\itp32\exe\terrapack32.exe:Terrapack 32M
"TCP Query User{1A7F0827-619E-4CD5-8B11-8511DDB51692}C:\\itp32\\server\\tpserveraltimetrico.exe"= UDP:C:\itp32\server\tpserveraltimetrico.exe:Terrapack 32M Server cartografico
"UDP Query User{B32C21EC-C116-4258-A295-5B1A5AF75C5C}C:\\itp32\\server\\tpserveraltimetrico.exe"= TCP:C:\itp32\server\tpserveraltimetrico.exe:Terrapack 32M Server cartografico
"TCP Query User{A413DDE2-FF56-43B1-A42D-6FED63BCD776}C:\\itp32\\server\\tpserversfondi.exe"= UDP:C:\itp32\server\tpserversfondi.exe:Terrapack 32M Server cartografico
"UDP Query User{7F215E07-5A3C-4C87-A2BB-D9CF6901B995}C:\\itp32\\server\\tpserversfondi.exe"= TCP:C:\itp32\server\tpserversfondi.exe:Terrapack 32M Server cartografico
"TCP Query User{44FF5DC8-D489-48FE-8766-9F10AD069160}C:\\itp32\\exe\\terrapack32.exe"= UDP:C:\itp32\exe\terrapack32.exe:Terrapack 32M
"UDP Query User{8A2BF8DB-AEB5-4F83-9E82-52345DB1601C}C:\\itp32\\exe\\terrapack32.exe"= TCP:C:\itp32\exe\terrapack32.exe:Terrapack 32M
"TCP Query User{F20B70EE-1519-4F89-9CD0-1B0FC68423F7}C:\\users\\claudia\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\claudia\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{26D75F4B-2CE9-4B93-A87E-7E533C7BD27B}C:\\users\\claudia\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\claudia\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"{4C3B04FF-CE03-4948-878E-8A19BF477DAD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E51D0DC7-CE60-436E-B6BC-F734B1D8DE24}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{F043690A-63A6-429E-9A2C-CA1D366A510E}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB []
R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-11-22 09:52]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 10:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-13 18:32]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2006-11-06 15:56]
R3 yukonwlh;Driver Miniport NDIS6.0 per controller Marvell Yukon Ethernet;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
S3 Navcar;Navman In-car Navigator USB Driver Service;C:\Windows\system32\DRIVERS\Navcar.sys [2006-12-13 23:25]
S3 TpServerAltimetrico Service;TpServerAltimetrico Service;C:\Itp32\Server\TpServerAltimetrico_svc.exe [2008-05-01 11:38]
S3 TpServerSfondi Service;TpServerSfondi Service;C:\Itp32\Server\TpServerSfondi_svc.exe [2008-05-01 11:38]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 16:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 14:05]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\Autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-30 17:26:27 C:\Windows\Tasks\User_Feed_Synchronization-{8B697BD5-F6FE-480B-A115-97141773D4E0}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 19:36:14
Windows 6.0.6000 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-05-30 19.37.30
ComboFix-quarantined-files.txt 2008-05-30 17:37:24
ComboFix2.txt 2008-05-30 07:36:24
Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
260 --- E O F --- 2008-05-30 11:55:47
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.41.59, on 30/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\eMule\emule.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\WgaTray.exe
C:\Windows\Explorer.exe
C:\Users\CLAUDIA\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?sourceid=navclient&hl=it&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: Aggiungi sito di supporto RSS a VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: www.698698698.info
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: *.archiviosex.net
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: *.otherchance.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.sgnappo.com
O15 - Trusted Zone: www.whatsnew.name
O15 - Trusted Zone: *.whatsnew.name
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://thejoker1983.spaces.live.com/PhotoUpload/VistaMsnPUpldit-it.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: TpServerAltimetrico Service - ITP Elettronica s.r.l. - C:\Itp32\Server\TpServerAltimetrico_svc.exe
O23 - Service: TpServerSfondi Service - ITP Elettronica s.r.l. - C:\Itp32\Server\TpServerSfondi_svc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11685 bytes |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 31 Mag 2008 09:56 Oggetto: |
 |
|
- Avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:
| Citazione: | O15 - Trusted Zone: www.698698698.info
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: *.archiviosex.net
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: *.otherchance.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.sgnappo.com
O15 - Trusted Zone: www.whatsnew.name
O15 - Trusted Zone: *.whatsnew.name |
clicca fix checked
Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo
Scarica DelDomains e salvalo sul desktop (clic con destro sul link > salva oggetto)
poi clic con destro sull'icona del file appena salvato e scegli Installa.
Disabilita il tuo antivirus
Collegati a BitDefender (con IE) e fai la scansione completa.
Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato TXT), carica il file su WikiSend e posta qui il Forum Link che ti viene assegnato. |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
