Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
aiuto .skitodayplease
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
fenix969
Comune mortale
Comune mortale


Registrato: 01/02/08 17:09
Messaggi: 4
MessaggioInviato: 01 Feb 2008 17:30    Oggetto: aiuto .skitodayplease Rispondi citando
Ciao a tutti!intanto complimenti per il forum davvero utile!passando al mio preblema,premettendo che non sono un utente esperto, è da un po di tempo che mi si aprono finestre di .skitodayplease.leggendo post vecchi ho letto che devo fare la scansione con HijackThis e awf fatto questo che devo fare?vi riporto il log effettuto con HijackThis e poi quello di awf!
grazie mille in anticipo


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16.13.20, on 01/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ltmsg.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\winmds.exe
C:\WINDOWS\System32\winmds.exe
C:\WINDOWS\System32\winmds.exe
C:\WINDOWS\System32\winmds.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0410/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0410/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gestore Chiave.lnk = C:\ITALWIN\KeyServer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?ea79e6726fa74554ab6423ad5010dfbc
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?ea79e6726fa74554ab6423ad5010dfbc
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0E64B286-F91C-442D-8B6D-0D78433AA93D} (BLZPlayerAxCtrl Class) - http://visualizzamms.net.vodafone.it/mms/EmblazePCPlayerActiveXs.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91204595-144B-4636-87DA-BA12DE959C5C}: NameServer = 85.37.17.13 85.38.28.81
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7375 bytes





Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\CPQS\SCOM\BAK

24/07/2001 22.34 36.864 srmclean.exe
1 File 36.864 byte
2 Directory 3.797.454.848 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\PROGRA~1\DAEMON~1\BAK

03/04/2007 23.29 165.784 daemon.exe
1 File 165.784 byte
2 Directory 3.797.454.848 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\PROGRA~1\MSNMES~1\BAK

0 File 0 byte
2 Directory 3.797.450.752 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\PROGRA~1\WINAMP\BAK

13/02/2007 19.29 35.328 winampa.exe
1 File 35.328 byte
2 Directory 3.797.450.752 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\WINDOWS\SYSTEM32\BAK

08/04/2003 03.00 13.312 ctfmon.exe
11/03/2003 11.11 114.688 hkcmd.exe
11/03/2003 11.24 155.648 igfxtray.exe
3 File 283.648 byte
2 Directory 3.797.450.752 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

15/01/2007 17.28 108.160 ashDisp.exe
1 File 108.160 byte
2 Directory 3.797.450.752 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

28/05/2002 09.37 69.632 DrvLsnr.exe
1 File 69.632 byte
2 Directory 3.797.450.752 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\PROGRA~1\COMPAQ\EASYAC~1\BAK

14/12/2001 13.01 32.768 StartEAK.exe
1 File 32.768 byte
2 Directory 3.797.450.752 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\PROGRA~1\COMPAQ\SETREF~1\BAK

07/08/2002 15.24 485.376 SetRefresh.exe
1 File 485.376 byte
2 Directory 3.797.450.752 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

17/04/2002 10.42 69.632 hpgs2wnd.exe
1 File 69.632 byte
2 Directory 3.797.450.752 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

30/03/2006 15.45 313.472 AdobeUpdateManager.exe
1 File 313.472 byte
2 Directory 3.797.450.752 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\PROGRA~1\FILECO~1\ROXIOS~1\SYSTEM\BAK

01/05/2003 17.44 65.536 EngUtil.exe
1 File 65.536 byte
2 Directory 3.797.446.656 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

07/10/2002 00.23 90.112 hpqcmon.exe
1 File 90.112 byte
2 Directory 3.797.446.656 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK

19/08/2003 16.23 32.873 jusched.exe
1 File 32.873 byte
2 Directory 3.797.446.656 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\PROGRA~1\ROXIO\EASYCD~1\DRAGTO~1\BAK

18/07/2003 16.23 868.352 DrgToDsc.exe
1 File 868.352 byte
2 Directory 3.797.446.656 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 288D-0E5E

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

18/03/2002 13.11 188.416 hpztsb05.exe
1 File 188.416 byte
2 Directory 3.797.446.656 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

36864 24 Jul 2001 "C:\cpqs\scom\bak\srmclean.exe"
165784 3 Apr 2007 "C:\Programmi\DAEMON Tools\bak\daemon.exe"
35328 13 Feb 2007 "C:\Programmi\Winamp\bak\winampa.exe"
13312 8 Apr 2003 "C:\WINDOWS\system32\ctfmon.exe"
13312 8 Apr 2003 "C:\WINDOWS\system32\bak\ctfmon.exe"
114688 11 Mar 2003 "C:\COMPAQ\Video1\hkcmd.exe"
114688 11 Mar 2003 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 11 Mar 2003 "C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\hkcmd.exe"
155648 11 Mar 2003 "C:\COMPAQ\Video1\igfxtray.exe"
155648 11 Mar 2003 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 11 Mar 2003 "C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\igfxtray.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
108160 15 Jan 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
69632 28 May 2002 "C:\COMPAQ\AUDIO\ADI\DrvLsnr.exe"
69632 28 May 2002 "C:\Programmi\Analog Devices\SoundMAX\bak\DrvLsnr.exe"
32768 14 Dec 2001 "C:\Programmi\Compaq\Easy Access Button Support\bak\StartEAK.exe"
485376 7 Aug 2002 "C:\Programmi\Compaq\SetRefresh\bak\SetRefresh.exe"
14348 8 Jan 2008 "C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
69632 17 Apr 2002 "C:\Programmi\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
313472 30 Mar 2006 "C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
65536 1 May 2003 "C:\Programmi\File comuni\Roxio Shared\System\bak\EngUtil.exe"
90112 7 Oct 2002 "C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
32873 19 Aug 2003 "C:\Programmi\Java\j2re1.4.2_01\bin\bak\jusched.exe"
868352 18 Jul 2003 "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\bak\DrgToDsc.exe"
188416 18 Mar 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe"


end of report
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 02 Feb 2008 00:56    Oggetto: Rispondi citando
Ciao fenix969, Ciao

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
Files to delete:
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

Files to move:
C:\Programmi\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe | C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.

Scarica DelDomains e salvalo sul desktop (clic con destro sul link > salva oggetto)
poi clic con destro sul file e scegli Installa.

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

Segui le istruzioni di questo topic per postare il log di combofix.

Scarica e installa il service pack 2 prima possibile, mi raccomando!!! Old

PS: se vuoi, puoi presentarti qui
Top
Profilo Invia messaggio privato
fenix969
Comune mortale
Comune mortale


Registrato: 01/02/08 17:09
Messaggi: 4
MessaggioInviato: 03 Feb 2008 16:10    Oggetto: Rispondi citando
Ciao e grazie mille per la risposta completissima!ti posto il risultato di avenger e di hijackthis. grazie ancora


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\efqviycw

*******************

Script file located at: \??\C:\Program Files\cntfpvoi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe deleted successfully.
File move operation C:\Programmi\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe|C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.




Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.03.47, on 03/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ltmsg.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\winmds.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\knlwrap.exe
C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe
C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe
C:\Programmi\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0410/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0410/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gestore Chiave.lnk = C:\ITALWIN\KeyServer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?ea79e6726fa74554ab6423ad5010dfbc
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?ea79e6726fa74554ab6423ad5010dfbc
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0E64B286-F91C-442D-8B6D-0D78433AA93D} (BLZPlayerAxCtrl Class) - http://visualizzamms.net.vodafone.it/mms/EmblazePCPlayerActiveXs.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91204595-144B-4636-87DA-BA12DE959C5C}: NameServer = 85.37.17.13 85.38.28.81
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7558 bytes
Top
Profilo Invia messaggio privato
fenix969
Comune mortale
Comune mortale


Registrato: 01/02/08 17:09
Messaggi: 4
MessaggioInviato: 05 Feb 2008 13:13    Oggetto: Rispondi
skitodayplease sembra debellato pero facendo varie scansioni ho visto che ho il pc ancora infetto.posto il link di Kaspersky
http://www.freefilehosting.net/download/3bfga

e il log di combofix

ComboFix 08-02.05.3 - Pietro 2008-02-05 11.49.44.1 - NTFSx86
Eseguito da: C:\Documents and Settings\Pietro\Impostazioni locali\Temporary Internet Files\Content.IE5\RS7H4EBG\ComboFix[1].exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\info.txt
C:\WINDOWS\system32\winmds.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RUNTIME
-------\runtime


((((((((((((((((((((((((( Files Creati Da 2008-01-05 al 2008-02-05 )))))))))))))))))))))))))))))))))))
.

2008-02-05 11:15 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-02-05 01:13 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-02-05 01:13 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-02-05 01:13 . 2006-08-21 13:26 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-02-05 01:07 . 2008-02-05 01:07 <DIR> d-------- C:\Documents and Settings\NetworkService\Menu Avvio
2008-02-04 17:31 . 2007-07-09 14:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-02-04 14:28 . 2008-02-05 11:17 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-04 10:00 . 2008-01-28 09:13 28,224 --a------ C:\WINDOWS\system32\pX0c2e60.exe
2008-02-04 09:44 . 2004-08-19 15:39 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-04 09:40 . 2008-02-04 09:40 <DIR> d-------- C:\WINDOWS\provisioning
2008-02-04 09:35 . 2008-02-04 09:35 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-04 09:28 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002104_.tmp
2008-02-04 09:27 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-02-04 09:22 . 2008-02-04 09:22 <DIR> d-------- C:\WINDOWS\EHome
2008-02-04 01:58 . 2008-02-04 01:58 292 --ah----- C:\sqmdata02.sqm
2008-02-04 01:58 . 2008-02-04 01:58 244 --ah----- C:\sqmnoopt02.sqm
2008-02-03 15:15 . 2008-02-03 15:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-03 15:15 . 2008-02-03 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-03 15:02 . 2008-01-31 12:49 1,308,216 --a------ C:\Programmi\HiJackThis_v2.exe
2008-02-03 14:45 . 2006-02-25 23:28 130,048 --a------ C:\avenger.exe
2008-02-03 14:44 . 2008-02-03 14:44 127,378 --a------ C:\Programmi\avenger.zip
2008-02-03 14:42 . 2008-02-03 14:42 244 --ah----- C:\sqmnoopt01.sqm
2008-02-03 14:42 . 2008-02-03 14:42 232 --ah----- C:\sqmdata01.sqm
2008-01-31 14:21 . 2008-01-31 14:21 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-31 14:21 . 2008-01-31 14:21 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-31 14:21 . 2008-01-31 14:21 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-31 14:21 . 2008-01-31 14:21 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-31 14:13 . 2008-01-31 14:15 <DIR> d-------- C:\Documents and Settings\Pietro\.housecall6.6
2008-01-31 12:49 . 2008-01-31 12:49 1,308,216 --a------ C:\HiJackThis_v2.exe
2008-01-28 21:56 . 2008-02-05 01:00 0 --a------ C:\WINDOWS\system32\winmds.ex_
2008-01-28 09:15 . 2008-01-28 09:15 166 --a------ C:\key.shm
2008-01-10 06:40 . 2008-01-31 15:20 <DIR> d-------- C:\WINDOWS\BDOSCAN8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 23:48 --------- d-----w C:\Programmi\MSN Messenger
2008-01-31 13:55 --------- d-----w C:\Programmi\DAEMON Tools
2008-01-20 14:40 --------- d-----w C:\Programmi\eMule
2007-12-05 10:44 --------- d-----w C:\Programmi\WordView
2007-12-05 10:35 --------- d-----w C:\Programmi\SEAC
2007-12-05 10:34 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-11-06 21:13 1,181 ----a-w C:\ciqi.exe
2007-11-06 21:12 1,181 ----a-w C:\whoq.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [ ]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTWinModem1"="ltmsg.exe" [2001-04-03 10:38 38912 C:\WINDOWS\system32\ltmsg.exe]
"CnxTrApp"="C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll" [2004-04-20 16:24 247296]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [ ]
"CamMonitor"="C:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [ ]
"Share-to-Web Namespace Daemon"="C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2005-12-24 21:31:12 212992]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Gestore Chiave.lnk - C:\ITALWIN\KeyServer.exe [2006-05-28 13:51:46 151552]


.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-04 08:59:49 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 08:59:49 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 09:00:02 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 10:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-05 11:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 12:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 13:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 14:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 15:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 16:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 17:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-05 00:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 18:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 19:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 08:59:49 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 21:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 08:59:49 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 08:59:49 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-05 10:08:18 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 08:59:49 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 08:59:49 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 08:59:49 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 08:59:49 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 08:59:49 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 08:59:49 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 08:59:49 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 08:59:49 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 08:59:50 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 13:37:30 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 13:37:30 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-05 11:00:00 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 13:37:30 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 13:37:30 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 08:59:49 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 21:16:09 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 21:16:09 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 21:16:09 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 21:16:09 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 21:16:09 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 19:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 08:59:50 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 21:16:09 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 08:59:50 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\System32\winmds.exe
"2008-02-04 09:01:12 C:\WINDOWS\Tasks\At49.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 08:59:50 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-05 00:00:06 C:\WINDOWS\Tasks\At50.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 09:01:12 C:\WINDOWS\Tasks\At51.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 09:01:12 C:\WINDOWS\Tasks\At52.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 09:01:12 C:\WINDOWS\Tasks\At53.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 09:01:14 C:\WINDOWS\Tasks\At54.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 09:01:14 C:\WINDOWS\Tasks\At55.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 09:01:16 C:\WINDOWS\Tasks\At56.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 09:01:16 C:\WINDOWS\Tasks\At57.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 09:01:16 C:\WINDOWS\Tasks\At58.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 09:01:16 C:\WINDOWS\Tasks\At59.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 08:59:50 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 10:00:10 C:\WINDOWS\Tasks\At60.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-05 11:00:02 C:\WINDOWS\Tasks\At61.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 12:00:10 C:\WINDOWS\Tasks\At62.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 13:00:11 C:\WINDOWS\Tasks\At63.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 14:00:06 C:\WINDOWS\Tasks\At64.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 15:00:04 C:\WINDOWS\Tasks\At65.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 16:00:02 C:\WINDOWS\Tasks\At66.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 17:00:02 C:\WINDOWS\Tasks\At67.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 18:00:02 C:\WINDOWS\Tasks\At68.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 19:00:00 C:\WINDOWS\Tasks\At69.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 08:59:50 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 09:01:17 C:\WINDOWS\Tasks\At70.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 21:00:02 C:\WINDOWS\Tasks\At71.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 09:01:18 C:\WINDOWS\Tasks\At72.job"
- C:\WINDOWS\system32\pX0c2e60.exe
"2008-02-04 08:59:50 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-04 08:59:50 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\System32\kx5K08iG.exe
"2008-02-05 10:59:04 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-11 13:53:20 C:\WINDOWS\Tasks\WebReg 20080111145320.job"
- C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe4/TaskName 20080111145320 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 11:56:47
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-05 12:02:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-05 11:02:42
.
2008-02-05 00:20:39 --- E O F ---
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi