Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
file sul desktop RunDll32 cmicnfg.cpl,CMICtrlWnd
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
Maui
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 08/06/06 15:48
Messaggi: 77
MessaggioInviato: 06 Apr 2008 18:59    Oggetto: file sul desktop RunDll32 cmicnfg.cpl,CMICtrlWnd Rispondi citando
Ciao Ragazzi da 2 giorni circa ho un problema col mio pc: mi si è creato un file sul desktop che si chiama : RunDll32 cmicnfg.cpl,CMICtrlWnd e una nuova connessione che si chiama ''internet connection''. In concomitanza con questi 2 eventi ho notato che la connessione mi cade dopo un po d tempo cosa che non mi era mai successa in passato.
Quale può essere il problema?
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 06 Apr 2008 20:13    Oggetto: Rispondi citando
Ciao Maui, Ciao


PS: ho spostato il tuo messaggio nell'area corretta
Top
Profilo Invia messaggio privato
Maui
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 08/06/06 15:48
Messaggi: 77
MessaggioInviato: 07 Apr 2008 10:39    Oggetto: Rispondi citando
Fatto tutto


ComboFix 08-04-06.1 - Administrator 2008-04-07 10.29.38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.53 [GMT 2:00]
Eseguito da: F:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-03-07 al 2008-04-07 )))))))))))))))))))))))))))))))))))
.

2008-04-05 18:01 . 2008-04-05 18:01 129 --a------ F:\Collegamento a Unità CD.lnk
2008-04-03 15:35 . 2008-04-03 15:35 <DIR> d-------- F:\Documents and Settings\MP3\CDDB
2008-04-03 15:35 . 2008-04-03 15:35 <DIR> d-------- F:\Documents and Settings\Documenti\MP3
2008-03-31 17:35 . 2008-03-31 17:35 54,156 --ah----- F:\WINDOWS\QTFont.qfn
2008-03-31 17:35 . 2008-03-31 17:35 1,409 --a------ F:\WINDOWS\QTFont.for
2008-03-30 13:21 . 2008-03-30 13:22 <DIR> d-------- F:\Documents and Settings\All Users\materna Pellaro 28marzo2007
2008-03-24 21:52 . 2008-03-24 21:52 <DIR> d-------- F:\Documents and Settings\Administrator\Dati applicazioni\Nokia Multimedia Player
2008-03-24 21:37 . 2008-03-24 21:37 <DIR> d-------- F:\Programmi\File comuni\PCSuite
2008-03-24 21:37 . 2008-03-24 21:37 <DIR> d-------- F:\Programmi\File comuni\Nokia
2008-03-24 21:17 . 2008-03-24 21:17 <DIR> d-------- F:\Programmi\PC Connectivity Solution
2008-03-24 21:15 . 2007-02-22 11:15 137,216 --a------ F:\WINDOWS\system32\drivers\nmwcd.sys
2008-03-24 21:15 . 2007-02-22 11:15 65,536 --a------ F:\WINDOWS\system32\nmwcdcocls.dll
2008-03-24 21:15 . 2007-02-22 11:15 12,288 --a------ F:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-03-24 21:15 . 2007-02-22 11:15 8,320 --a------ F:\WINDOWS\system32\drivers\nmwcdc.sys
2008-03-24 21:12 . 2008-03-24 21:12 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-03-23 18:33 . 2008-03-23 18:33 <DIR> d-------- F:\Documents and Settings\Peppe\Dati applicazioni\PC Suite
2008-03-20 15:55 . 2008-03-24 21:29 <DIR> d-------- F:\Documents and Settings\Administrator\Phone Browser
2008-03-20 15:55 . 2008-03-20 15:55 <DIR> d-------- F:\Documents and Settings\Administrator\Dati applicazioni\Datalayer
2008-03-20 15:53 . 2008-03-24 21:23 <DIR> d-------- F:\Documents and Settings\Administrator\Dati applicazioni\Nokia
2008-03-20 15:48 . 2008-03-20 15:48 <DIR> d-------- F:\Programmi\DIFX
2008-03-20 15:46 . 2008-03-20 15:48 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-03-20 15:46 . 2008-03-24 21:52 <DIR> d-------- F:\Documents and Settings\Administrator\Dati applicazioni\PC Suite
2008-03-20 15:45 . 2008-03-24 21:15 <DIR> d-------- F:\Programmi\Nokia
2008-03-20 15:45 . 2008-03-24 21:19 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2008-03-20 15:45 . 2007-02-22 11:15 90,624 --a------ F:\WINDOWS\system32\nmwcdcls.dll
2008-03-08 13:38 . 2008-03-08 13:38 <DIR> d-------- F:\Documents and Settings\Administrator\Dati applicazioni\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 18:12 --------- d---a-w F:\Programmi\ovfmirc
2008-04-06 17:51 --------- d-----w F:\Documents and Settings\Administrator\Dati applicazioni\uTorrent
2008-04-05 11:21 --------- d-----w F:\Programmi\eMule
2008-04-03 13:35 --------- d-----w F:\Programmi\CDex_140b9
2008-03-03 13:54 --------- d-----w F:\Programmi\Free Download Manager
2008-02-29 14:46 --------- d-----w F:\Programmi\Alwil Software
2008-02-29 13:00 --------- d-----w F:\Programmi\ESET
2008-02-29 12:31 --------- d-----w F:\Programmi\Spybot - Search & Destroy
2008-02-29 12:01 691,545 ----a-w F:\WINDOWS\unins000.exe
2008-02-24 18:25 --------- d-----w F:\Documents and Settings\Peppe\Dati applicazioni\uTorrent
2008-02-22 08:51 --------- d-----w F:\Programmi\Alice Messenger
2008-02-18 16:11 --------- d-----w F:\Programmi\WMATool
2008-02-18 16:10 --------- d-----w F:\Programmi\MP3Gain
2008-02-17 10:41 --------- d-----w F:\Programmi\Easy Video to Audio Converter
2008-02-14 09:40 --------- d-----w F:\Programmi\Liatro
2008-02-13 21:17 --------- d-----w F:\Programmi\mIRC
2001-11-23 12:08 712,704 ----a-w F:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
Codice:
<pre>
----a-w            79,224 2007-12-04 13:00:23  F:\Programmi\Alwil Software\Avast4\ashDisp .exe
----a-w            59,392 2004-08-10 02:04:42  F:\WINDOWS\ehome\ehtray .exe
----a-w            15,360 2004-09-07 12:00:00  F:\WINDOWS\system32\ctfmon .exe
</pre>



------- Sigcheck -------

2007-09-21 15:43 504832 2e4b40a64c2fafd29480d6516b993b09 F:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-09-07 14:00 15360]
"MsnMsgr"="F:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-10-01 22:39 5674352]
"PC Suite Tray"="F:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="F:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="F:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 14:00 15360]
"Nokia.PCSync"="F:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= F:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= F:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 F:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceMessenger]
F:\Programmi\Alice Messenger\alicemessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
F:\Programmi\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 F:\Programmi\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-03-04 17:46 172032 F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 F:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 F:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 F:\Programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"F:\\Programmi\\MSN Messenger\\livecall.exe"=
"F:\\Programmi\\eMule\\emule.exe"=
"F:\\Programmi\\aMSN\\bin\\wish.exe"=
"F:\\Documents and Settings\\Administrator\\Bcdc++\\DCPlusPlus.exe"=
"F:\\Documents and Settings\\Administrator\\Soulseek\\slsk.exe"=
"F:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"F:\\Programmi\\Messenger\\msmsgs.exe"=
"F:\\Programmi\\mIRC\\mirc.exe"=
"F:\\Programmi\\uTorrent\\uTorrent.exe"=
"F:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"F:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"F:\\Programmi\\SopCast\\SopCast.exe"=
"F:\\Programmi\\SopCast\\sopvod.exe"=
"F:\\Programmi\\ovfmirc\\MIRC.EXE"=
"C:\\Metinnn\\metin2.bin"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9683:TCP"= 9683:TCP:BitComet 9683 TCP
"9683:UDP"= 9683:UDP:BitComet 9683 UDP


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 10:31:16
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-04-07 10.32.08
ComboFix-quarantined-files.txt 2008-04-07 08:32:05
7 Directory 23,293,091,840 byte disponibili
10 Directory 23,264,870,400 byte disponibili


Questo è hjkthis

Logfile of HijackThis v1.99.1
Scan saved at 10.36.31, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
F:\Programmi\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\ehome\ehtray.exe
F:\WINDOWS\system32\RunDll32.exe
F:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmi\MSN Messenger\MsnMsgr.Exe
F:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
F:\WINDOWS\eHome\ehRecvr.exe
F:\WINDOWS\eHome\ehSched.exe
F:\WINDOWS\eHome\ehmsas.exe
F:\Programmi\PC Connectivity Solution\ServiceLayer.exe
F:\WINDOWS\system32\dllhost.exe
F:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
F:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
F:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
F:\Programmi\MSN Messenger\usnsvc.exe
F:\Programmi\Mozilla Firefox\firefox.exe
F:\WINDOWS\explorer.exe
F:\Documents and Settings\Administrator\Desktop\utili\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 220.130.36.113:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] F:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "F:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E676DFAE-CADB-4279-9329-069FD75EB90C}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ServiceLayer - Nokia. - F:\Programmi\PC Connectivity Solution\ServiceLayer.exe
Top
Profilo Invia messaggio privato
Maui
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 08/06/06 15:48
Messaggi: 77
MessaggioInviato: 07 Apr 2008 11:28    Oggetto: Rispondi citando
[/img]F:\Documents and Settings\Administrator\Desktop\immagine[img]
[/img]F:\Documents and Settings\Administrator\Desktop\immagine3[img]
Ragazzi adesso però ho un problema con firefox non riesco più a visualizzare le pagine internet come prima mentre riesco a visualizzarle bene con internet explorer ho cercato di postare le immagini per farvi capire meglio il problema
Top
Profilo Invia messaggio privato
Maui
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 08/06/06 15:48
Messaggi: 77
MessaggioInviato: 07 Apr 2008 11:29    Oggetto: Rispondi citando
no non le so postare le immagini Sad
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Apr 2008 23:40    Oggetto: Rispondi
Crea un file di testo con le seguenti istruzioni:
Codice:
RenV::
F:\Programmi\Alwil Software\Avast4\ashDisp .exe
F:\WINDOWS\ehome\ehtray .exe
F:\WINDOWS\system32\ctfmon .exe

Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. Wink
Posta il log aggiornato di combofix.

Per postare le immagini, dai un'occhiata a questa discussione
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi