Olimpo Informatico :: Leggi argomento

Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto

FAQ

Cerca

Lista utenti

Gruppi

Registrati

Profilo

Messaggi privati

securenet.dll

Indice del forum -> Pronto Soccorso Virus

Precedente :: Successivo

Autore

Messaggio

Law
Comune mortale

Registrato: 30/12/07 20:11
Messaggi: 4

Inviato: 30 Dic 2007 20:14 Oggetto: securenet.dll

Ciao,

ho trovato questo file c:\windows\system32\securenet.dll sospetto. Ho eliminato la DLL con file unlocker.

Hijack log prima :

Codice:

Logfile of HijackThis v1.99.1
Scan saved at 19.38.20, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\HIDEMY~1\SECURE~1.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Lorenzo\IMPOST~1\Temp\Rar$EX00.500\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O4 - HKLM\..\Run: [HP Software Update] c:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {D034E9D4-60E0-412C-A7DF-47A0936FDA52} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194603176124
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194612215828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A91B7D3B-CF5A-4B18-8AD5-9A8E573FC5D3}: NameServer = 213.205.32.70,213.205.36.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Programmi\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Programmi\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Hijack log dopo :

Codice:

Logfile of HijackThis v1.99.1
Scan saved at 20.13.36, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Lorenzo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O4 - HKLM\..\Run: [HP Software Update] c:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {D034E9D4-60E0-412C-A7DF-47A0936FDA52} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194603176124
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194612215828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Programmi\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Programmi\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Credete che abbia risolto ???

Top

Sante62
Dio maturo

Registrato: 27/06/07 16:55
Messaggi: 3477
Residenza: Floridia

Inviato: 31 Dic 2007 09:43 Oggetto:

Ciao Law Ancora dobbiamo fare qualche controllo. Scarica Spybot Search & Destroy, lo trovi anche su www.filehippo.com aggiornalo mediante Cerca aggiornamenti, una volta scaricati assicurati che siano selezionati e poi clicca su Scarica Aggiornamenti Fagli fare la scansione del PC. Troverà dei problemi. Clicca su Correggi problemi. Guarda poi questa discussione relativa a Combofix e fai la scansione anche con questo, postando il risultato come indicato, insieme ad un nuovo log di HJT, scaricandoti però la versione aggiornata

Top

Law
Comune mortale

Registrato: 30/12/07 20:11
Messaggi: 4

Inviato: 31 Dic 2007 10:22 Oggetto:

Effettuata scansione con SpyBot, EligablA, RogueRemover e infine ComboFix e Hijack. Ho NOD32 originale, ma credo di passare quanto prima a Internet Security 7 di Kaspersky. Ho win XP SP2 originale sempre aggiornato. Uso solo il FW di WinXP.

Log ComboFix :

Codice:

ComboFix 07-12-31.4 - Lorenzo 2007-12-31 10.17.58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1602 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Lorenzo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2007-11-28 al 2007-12-31 )))))))))))))))))))))))))))))))))))
.

2007-12-31 10:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 10:11 . 2007-12-31 10:11 <DIR> d-------- C:\Programmi\RogueRemover FREE
2007-12-31 10:01 . 2007-12-31 10:01 <DIR> d-------- C:\Programmi\Samurize
2007-12-31 09:59 . 2007-12-31 10:11 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2007-12-31 00:25 . 2007-12-31 00:25 <DIR> d-------- C:\Programmi\RocketDock
2007-12-31 00:21 . 2007-12-31 00:21 <DIR> d-------- C:\Programmi\DeskSpace
2007-12-31 00:21 . 2007-12-31 00:21 <DIR> d-------- C:\Documents and Settings\Lorenzo\Dati applicazioni\OtakuSoftware
2007-12-30 23:51 . 2007-12-30 23:51 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-30 23:51 . 2007-12-30 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2007-12-30 20:29 . 2007-12-30 18:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-30 20:18 . 2007-12-31 09:42 <DIR> d-------- C:\Documents and Settings\Lorenzo\.rainlendar2
2007-12-30 20:07 . 2007-12-30 20:07 <DIR> d-------- C:\Programmi\XP TCPIP Repair
2007-12-30 20:07 . 2005-04-15 18:58 1,351,392 --a------ C:\WINDOWS\system32\COMCTL32.OCX
2007-12-30 19:53 . 2007-12-30 19:54 <DIR> d-------- C:\Documents and Settings\Lorenzo\Dati applicazioni\PrevxCSI
2007-12-30 19:53 . 2007-12-30 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Prevx
2007-12-30 19:33 . 2007-12-30 19:33 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-12-30 19:33 . 2007-12-30 19:33 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-12-30 19:33 . 2007-12-30 19:33 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-12-30 19:09 . 2007-12-30 19:33 250 --a------ C:\WINDOWS\gmer.ini
2007-12-30 18:59 . 2007-12-30 18:59 <DIR> d-------- C:\temp\eset
2007-12-30 18:56 . 2007-12-30 19:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-30 18:56 . 2007-12-30 18:56 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-30 18:56 . 2007-12-30 18:56 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-30 18:56 . 2007-12-30 18:56 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 18:55 . 2007-12-30 18:55 <DIR> d-------- C:\Programmi\Marvell
2007-12-30 18:47 . 2007-12-30 20:54 <DIR> d-------- C:\Documents and Settings\Lorenzo\.housecall6.6
2007-12-30 18:03 . 2007-12-30 20:23 <DIR> d-------- C:\Programmi\C-Organizer Pro
2007-12-30 18:03 . 2002-02-01 19:00 293,888 --a------ C:\WINDOWS\system32\midas.dll
2007-12-30 18:01 . 2007-12-30 20:52 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2007-12-30 17:42 . 2007-12-30 17:44 <DIR> d-------- C:\Programmi\RGS-CardMaster
2007-12-30 17:42 . 1998-06-25 23:00 525,352 --a------ C:\WINDOWS\system32\DBgrid32.OCX
2007-12-30 17:42 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\THreed32.OCX
2007-12-30 12:50 . 2007-12-30 12:51 <DIR> d-------- C:\Programmi\Hide My IP 2007
2007-12-30 12:47 . 2007-12-30 12:47 <DIR> d-------- C:\Programmi\Red Chair Software
2007-12-30 12:14 . 2007-12-30 12:14 <DIR> d-------- C:\Programmi\Kalicanthus
2007-12-27 23:50 . 2007-12-30 13:00 <DIR> d-------- C:\Programmi\Dofus
2007-12-27 17:58 . 2007-12-27 17:58 <DIR> d-------- C:\Programmi\NeoDownloader Lite
2007-12-27 17:58 . 2007-12-27 17:59 <DIR> d-------- C:\Documents and Settings\Lorenzo\Dati applicazioni\NeoDownloader
2007-12-19 16:02 . 2007-12-19 16:02 34 --a------ C:\ProgDVB.ini
2007-12-19 15:56 . 2007-12-19 17:37 <DIR> d-------- C:\Programmi\ProgDVB
2007-12-19 15:32 . 2007-12-19 15:33 <DIR> d-------- C:\Documents and Settings\Lorenzo\Dati applicazioni\ArcSoft
2007-12-19 15:32 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2007-12-19 15:31 . 2007-12-22 09:58 <DIR> d-------- C:\Programmi\DTV USB AFA
2007-12-19 15:30 . 2006-09-18 11:28 28,672 --a------ C:\WINDOWS\system32\AF15BDAEX.dll
2007-12-19 15:30 . 2006-11-30 02:27 126 -ra------ C:\WINDOWS\system32\AF15IRTBL.bin
2007-12-18 21:07 . 2007-12-30 12:14 <DIR> d-------- C:\Program Files
2007-12-18 21:06 . 2007-12-18 21:06 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2007-12-18 21:06 . 2007-12-18 21:06 <DIR> d-------- C:\Programmi\AGEIA Technologies
2007-12-18 21:05 . 2007-12-18 21:05 <DIR> d-------- C:\Programmi\Sony
2007-12-18 21:05 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-18 20:45 . 2007-12-18 20:45 <DIR> d-------- C:\temp\Pirates
2007-12-17 10:42 . 2007-12-17 15:48 <DIR> d-------- C:\Programmi\POP Peeper
2007-12-15 16:45 . 2007-12-16 13:48 <DIR> d-------- C:\temp\IcyPhoenix
2007-12-13 11:05 . 2007-12-20 10:14 <DIR> d-------- C:\Documents and Settings\Lorenzo\Dati applicazioni\skypePM
2007-12-13 11:05 . 2007-12-13 11:05 32 --a------ C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-12-13 11:03 . 2007-12-13 11:03 <DIR> d-------- C:\Programmi\File comuni\Skype
2007-12-13 11:03 . 2007-12-20 14:03 <DIR> d-------- C:\Documents and Settings\Lorenzo\Dati applicazioni\Skype
2007-12-13 11:02 . 2007-12-13 11:02 <DIR> d-------- C:\Programmi\Google
2007-12-11 01:28 . 2007-12-11 01:28 <DIR> d-------- C:\temp\backup
2007-12-09 17:20 . 2003-07-21 04:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2007-12-09 17:20 . 2005-01-04 19:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-12-09 17:06 . 2007-12-09 17:06 <DIR> d-------- C:\Programmi\Games-Masters.com
2007-12-09 15:20 . 2007-12-09 15:20 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-07 20:09 . 2007-12-07 20:09 32 --a------ C:\WINDOWS\pwcd.INI
2007-12-06 23:11 . 2007-12-06 23:11 195,237 --a------ C:\temp\com_ugm_1.0.6.zip
2007-12-06 23:05 . 2007-12-06 23:05 300,996 --a------ C:\temp\bot_EXG.1.5.0.3.4.US.zip
2007-12-06 15:28 . 2007-12-06 15:28 <DIR> d-------- C:\Programmi\FDRLab
2007-12-06 15:28 . 2007-12-06 15:28 <DIR> d-------- C:\Documents and Settings\Lorenzo\Dati applicazioni\FDRLab
2007-12-06 13:12 . 2007-12-06 13:21 <DIR> d-------- C:\temp\Rapid CSS 2007
2007-12-06 13:04 . 2007-12-30 18:15 <DIR> d-------- C:\Programmi\eMule
2007-12-05 18:38 . 2007-05-01 22:51 30,768 -ra------ C:\WINDOWS\system32\drivers\vmusb.sys
2007-12-02 19:56 . 2004-08-19 15:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-02 19:56 . 2004-08-19 15:39 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-29 16:11 . 2007-11-29 16:12 <DIR> d-------- C:\Programmi\Yawcam
2007-11-29 13:56 . 2007-11-29 23:19 <DIR> d-------- C:\temp\BK
2007-11-29 10:18 . 2007-11-29 10:18 51,355 --a------ C:\WINDOWS\system32\muzika.xm
2007-11-27 22:32 . 2007-11-27 22:32 <DIR> d-------- C:\Programmi\ProcessXP
2007-11-27 22:30 . 2007-12-30 20:37 <DIR> d-------- C:\Programmi\CodeStuff
2007-11-26 10:01 . 2007-11-26 10:01 433,734 --a------ C:\difference_rdbms_[1].pdf
2007-11-26 07:56 . 2007-12-30 20:18 <DIR> d-------- C:\Programmi\Rainlendar2
2007-11-25 10:40 . 2007-11-25 10:40 <DIR> d-------- C:\Programmi\Broadcom
2007-11-24 23:42 . 2007-11-24 23:42 <DIR> d-------- C:\WINDOWS\Sun
2007-11-23 21:55 . 2007-11-23 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-11-22 21:11 . 2007-11-22 21:11 <DIR> d-------- C:\Programmi\Real
2007-11-22 21:11 . 2007-11-22 21:11 <DIR> d-------- C:\Programmi\File comuni\xing shared
2007-11-22 21:11 . 2007-11-22 21:11 <DIR> d-------- C:\Programmi\File comuni\Real
2007-11-21 21:09 . 2007-12-09 19:18 <DIR> d-------- C:\temp\phpBB
2007-11-21 21:08 . 2007-12-17 14:59 <DIR> d-------- C:\Documents and Settings\Lorenzo\Dati applicazioni\FileZilla
2007-11-21 21:05 . 2007-11-21 21:06 <DIR> d-------- C:\Programmi\FileZilla Client
2007-11-20 10:32 . 2007-11-20 10:32 <DIR> d-------- C:\Programmi\NetSetMan
2007-11-19 23:38 . 2007-11-07 10:30 5,611,520 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-11-19 23:38 . 2007-11-07 10:30 3,715,072 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-11-19 23:38 . 2007-11-07 10:30 3,330,048 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-11-19 23:38 . 2007-11-07 10:30 2,519,040 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-11-19 23:38 . 2007-11-07 10:30 458,752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-11-16 23:35 . 2007-11-16 23:35 <DIR> d-------- C:\Programmi\Java
2007-11-16 23:35 . 2007-11-16 23:35 <DIR> d-------- C:\Programmi\File comuni\Java
2007-11-16 23:35 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-16 23:32 . 2007-11-16 23:36 <DIR> d-------- C:\Programmi\Hattrick
2007-11-14 09:43 . 2007-11-14 09:43 <DIR> d-------- C:\Programmi\Apoint2K

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 14:31 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 23:35 --------- d-----w C:\Programmi\Hewlett-Packard
2007-11-09 13:33 --------- d-----w C:\Programmi\File comuni\InstallShield
2007-11-09 13:06 --------- d-----w C:\Programmi\HPQ
2007-11-09 10:33 0 -c-ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-09 10:33 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2007-11-09 10:33 --------- d-----w C:\Programmi\Innovative Solutions
2007-11-09 10:30 --------- d-----w C:\Programmi\File comuni\LightScribe
2007-11-09 10:29 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2007-11-09 10:29 --------- d-----w C:\Programmi\File comuni\ODBC
2007-11-09 10:02 --------- d-----w C:\Programmi\Lavalys
2007-11-09 09:36 --------- d-----w C:\Programmi\microsoft frontpage
2007-11-09 09:35 --------- d-----w C:\Programmi\Servizi in linea
2007-11-09 09:35 --------- d-----w C:\Programmi\File comuni\MSSoap
2007-11-07 09:30 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-11-07 09:30 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-11-07 09:30 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-11-07 09:30 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-11-07 09:30 7,429,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-07 09:30 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-11-07 09:30 6,541,312 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-11-07 09:30 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-11-07 09:30 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-11-07 09:30 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-11-07 09:30 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-11-07 09:30 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-11-07 09:30 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-11-07 09:30 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-11-07 09:30 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-11-07 09:30 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-11-07 09:30 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-11-07 09:30 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-11-07 09:30 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-11-07 09:30 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-11-07 09:30 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-11-07 09:30 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-11-07 09:30 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-11-07 09:30 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-11-07 09:30 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-11-07 09:30 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-11-07 09:30 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-11-07 09:30 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-11-07 09:30 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-11-07 09:30 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-11-07 09:30 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-11-07 09:30 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-11-07 09:30 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-11-07 09:30 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-11-07 09:30 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-11-07 09:30 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-11-07 09:30 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-11-07 09:30 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-11-07 09:30 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-11-07 09:30 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-11-07 09:30 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-11-07 09:30 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-07 09:30 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-11-07 09:30 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-11-07 09:30 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-11-07 09:30 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-11-07 09:30 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-11-07 09:30 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-11-07 09:30 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-11-07 09:30 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-11-07 09:30 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-11-07 09:30 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-11-07 09:30 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-11-07 09:30 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-11-07 09:30 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-11-07 09:30 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-11-07 09:30 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-11-07 09:30 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-11-07 09:30 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-11-07 09:30 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-11-07 09:30 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-11-07 09:30 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-11-07 09:30 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-11-07 09:30 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-11-07 09:30 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-11-07 09:30 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-11-07 09:30 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-11-07 09:30 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-11-07 09:30 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-11-07 09:30 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-11-07 09:30 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-11-07 09:30 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-11-07 09:30 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-11-07 09:30 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-11-07 09:30 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-11-07 09:30 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-11-07 09:30 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-11-07 09:30 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-11-07 09:30 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-11-07 09:30 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-11-07 09:30 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-11-07 09:30 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-11-07 09:30 1,212,416 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-11-07 09:30 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-11-07 09:30 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:39 15360]
"Rainlendar2"="C:\Programmi\Rainlendar2\Rainlendar2.exe" [2007-12-30 11:23 1365504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\Programmi\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 15:39 110592 C:\WINDOWS\system32\bthprops.cpl]
"CognizanceTS"="C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 06:12 17920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 10:30 8523776]
"nwiz"="nwiz.exe" [2007-11-07 10:30 1626112 C:\WINDOWS\system32\nwiz.exe]
"QlbCtrl"="C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 13:46 202032]
"Apoint"="C:\Programmi\Apoint2K\Apoint.exe" [2005-02-08 16:38 159744]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 15:36 57344 C:\WINDOWS\system32\ICO.EXE]
"IAAnotif"="C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-07 10:30 81920]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 17:23 86016 C:\WINDOWS\StartupMonitor.exe]
"RegistryMechanic"="" []
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-12-30 19:33 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R2 ASChannel;Canale di comunicazione locale;C:\WINDOWS\System32\svchost.exe [2004-08-19 13:39]
R2 NMSAccessU;NMSAccessU;C:\Programmi\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;C:\Programmi\VMware\VMware Workstation\vstor2-ws60.sys [2007-04-09 13:55]
R2 XAudio;XAudio;C:\WINDOWS\system32\DRIVERS\xaudio.sys [2006-11-28 17:44]
R3 vmkbd2;VMware kbd2;C:\WINDOWS\system32\drivers\VMkbd.sys [2007-05-01 22:52]
S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys []
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2005-11-23 10:57]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2006-04-04 15:20]
S3 ufad-ws60;VMware Agent Service;"C:\Programmi\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Programmi\VMware\VMware Workstation\\" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e918863-9848-11dc-9c63-005056c00008}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Programmi\File comuni\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 10:18:32
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2007-12-31 10.18.55
.
2007-12-17 09:28:06 --- E O F ---

log Hijack v2

Codice:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10.20.47, on 31/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Rainlendar2\Rainlendar2.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Lorenzo\Documenti\Utilita\Hijack\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O4 - HKLM\..\Run: [HP Software Update] c:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Programmi\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {D034E9D4-60E0-412C-A7DF-47A0936FDA52} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194603176124
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194612215828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 8552 bytes

Top

Sante62
Dio maturo

Registrato: 27/06/07 16:55
Messaggi: 3477
Residenza: Floridia

Inviato: 31 Dic 2007 11:36 Oggetto:

OK, immagino che spybot abbia corretto dei problemi...
Avvia Hijackthis e seleziona a sonistra questa riga:

Citazione:

O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)

Clicca fix Checked e rispondi si. Nulla di pericoloso comunque, per il resto sembra pulito.
Adesso, se vuoi, giusto per maggiore sicurezza, collegati a Kaspersky online scanner
Quando sta scaricando i file necessari, disattiva momentaneamente l'antivirus ed eventualmente anche il firewall. Non appena inizia la scansione del PC disconnettiti da internet.
Alla fine carica il risultato su www.freefilehosting.net, riportando quì il link che ti viene assegnato. Per il firewall, quello di Windows è un colabrodo. Puoi sceglerne uno tramite questa discussione

Top

Mostra prima i messaggi di:

	Indice del forum -> Pronto Soccorso Virus	Tutti i fusi orari sono GMT + 1 ora
Pagina 1 di 1

Vai a:

Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi