|
| Precedente :: Successivo |
| Autore |
Messaggio |
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
 Inviato: 22 Mar 2008 16:41 Oggetto: Trojan.Vundo |
 |
|
Ciao a tutti,
sono Giorgia..di pc non ne so molto  e proprio per questo ho bisogno di una mano perché non riesco proprio a liberarmi di un Trojan.Vundo che non rallenta di molto il pc ma mi riempie di pubblicità e di fastidiose finestre del tipo senzadoppioni.com,di casinò ecc.
Sul mio pc é installato Norton360 il quale rileva di tanto in tanto la presenza.
Ho già utilizzato Vundofix,VirtumundoBeGone e Trojan Vundo Removal Tool di Symantec ma il problema persiste.
Non so proprio cosa fare.
Grazie in anticipo a chi mi aiuterà. |
|
| Top |
|
 |
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 22 Mar 2008 16:58 Oggetto: |
|
|
Un'altra cosa che spesso mi succede da quando é stato trovato il Trojan.Vundo é che compare una finestra di Internet Explorer con la seguente scritta:
"AVVISO:il sistema in uso non é ottimizzato e le prestazioni del computer non rendono al meglio. Ottimizzare per completo il computer comporta miglorare considerevolmente le prestazioni e prevenire perdite di dati.
Installare gratuitamente ProtezioneSoft per ottimizzare le prestazioni del computer?(scelta consigliata)" |
|
| Top |
|
|
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 22 Mar 2008 17:01 Oggetto: |
|
|
Vi posto il log di hijack..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.00.20, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSCC.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
C:\Programmi\Modem SAT\bin\SkyServer.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll (file missing)
O3 - Toolbar: Mostra barra degli strumenti di Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SymNRT] "C:\DOCUME~1\Roberto\IMPOST~1\Temp\WZSE0.TMP\SymNRT.exe" /unrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [283ae24b] rundll32.exe "C:\WINDOWS\system32\ptcafbpg.dll",b
O4 - HKLM\..\Run: [BM2b09d1d7] Rundll32.exe "C:\WINDOWS\system32\otkixwtk.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: SkyServer.lnk = C:\Programmi\Modem SAT\bin\SkyServer.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Sitecom\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute 2008\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute 2008\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Sitecom\Software Bluetooth\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Sitecom\Software Bluetooth\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.computercityhw.it
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programmi\Sitecom\Software Bluetooth\bin\btwdins.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RVS CommCenter (RvsCC) - Living Byte Software GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSCC.EXE
O23 - Service: RvscomSv - Living Byte Software GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer (RVSINST) - Living Byte Software GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10542 bytes |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 22 Mar 2008 17:25 Oggetto: |
|
|
Ciao Gio1983 
Non rispondere assolutamente a questo avviso!...
| Gio1983 ha scritto: |
"AVVISO:il sistema in uso non é ottimizzato e le prestazioni del computer non rendono al meglio. Ottimizzare per completo il computer comporta miglorare considerevolmente le prestazioni e prevenire perdite di dati.
Installare gratuitamente ProtezioneSoft per ottimizzare le prestazioni del computer?(scelta consigliata)" |
E' rimasto comunque qualche residuo di Vundo e qualcos'altro;
intanto disattiva il ripristino di sistema e avvia il PC in modalità provvisoria
Avvia Hijackthis, seleziona queste righe e clicca poi fix Checked:
| Citazione: | O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll (file missing)
O4 - HKLM\..\Run: [SymNRT] "C:\DOCUME~1\Roberto\IMPOST~1\Temp\WZSE0.TMP\SymNRT.exe" /unrun
O4 - HKLM\..\Run: [283ae24b] rundll32.exe "C:\WINDOWS\system32\ptcafbpg.dll",b
O4 - HKLM\..\Run: [BM2b09d1d7] Rundll32.exe "C:\WINDOWS\system32\otkixwtk.dll",s
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Sitecom\Software Bluetooth\btsendto_ie.htm (file missing) |
Riavvia il PC alla modalità normale e rifai il log di Hijackthis;
utilizza nuovamente Vundofix e VirtumundoBeGone di cui hai parlato;
Mettiti urgentemente un firewall scegliendone uno mediante questa discussione. |
|
| Top |
|
|
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 22 Mar 2008 17:55 Oggetto: |
|
|
Nuovo log Hijack..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.54.41, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSCC.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
C:\Programmi\Modem SAT\bin\SkyServer.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Mostra barra degli strumenti di Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: SkyServer.lnk = C:\Programmi\Modem SAT\bin\SkyServer.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Sitecom\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute 2008\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute 2008\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.computercityhw.it
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programmi\Sitecom\Software Bluetooth\bin\btwdins.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RVS CommCenter (RvsCC) - Living Byte Software GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSCC.EXE
O23 - Service: RvscomSv - Living Byte Software GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer (RVSINST) - Living Byte Software GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9955 bytes |
|
| Top |
|
|
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 22 Mar 2008 18:07 Oggetto: |
|
|
Vundofix non ha trovato nulla,ora riprovo con Virtumundobegone..
Grazie mile per l'aiuto !!  |
|
| Top |
|
|
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 22 Mar 2008 18:13 Oggetto: |
|
|
Questo da Virtumundobegone...
[03/22/2008, 17:11:58] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Roberto\Documenti\Programmi free\VirtumundoBeGone.exe" )
[03/22/2008, 17:12:00] - Detected System Information:
[03/22/2008, 17:12:00] - Windows Version: 5.1.2600, Service Pack 2
[03/22/2008, 17:12:00] - Current Username: Roberto (Admin)
[03/22/2008, 17:12:00] - Windows is in NORMAL mode.
[03/22/2008, 17:12:00] - Searching for Browser Helper Objects:
[03/22/2008, 17:12:00] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[03/22/2008, 17:12:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[03/22/2008, 17:12:00] - BHO 3: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[03/22/2008, 17:12:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/22/2008, 17:12:00] - Checking for HKLM\...\Winlogon\Notify\NppBho
[03/22/2008, 17:12:00] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[03/22/2008, 17:12:00] - BHO 4: {20BABE64-1AB6-4E47-940A-827F57850B3E} ()
[03/22/2008, 17:12:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/22/2008, 17:12:00] - Checking for HKLM\...\Winlogon\Notify\pmnlk
[03/22/2008, 17:12:00] - Key not found: HKLM\...\Winlogon\Notify\pmnlk, continuing.
[03/22/2008, 17:12:00] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/22/2008, 17:12:00] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/22/2008, 17:12:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/22/2008, 17:12:00] - No filename found. Continuing.
[03/22/2008, 17:12:00] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[03/22/2008, 17:12:00] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/22/2008, 17:12:00] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/22/2008, 17:12:00] - BHO 10: {c7189f69-0298-4ac1-be62-7cb641e7abbb} ()
[03/22/2008, 17:12:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/22/2008, 17:12:00] - Checking for HKLM\...\Winlogon\Notify\wavcgicc
[03/22/2008, 17:12:00] - Key not found: HKLM\...\Winlogon\Notify\wavcgicc, continuing.
[03/22/2008, 17:12:00] - BHO 11: {CB2622E4-7BCA-46DA-9ABD-B0CD029A78E2} ()
[03/22/2008, 17:12:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/22/2008, 17:12:00] - Checking for HKLM\...\Winlogon\Notify\jkhfg
[03/22/2008, 17:12:00] - Key not found: HKLM\...\Winlogon\Notify\jkhfg, continuing.
[03/22/2008, 17:12:00] - BHO 12: {CE7C3CF0-4B15-11D1-ABED-709549C10111} (IEHlprObj Class)
[03/22/2008, 17:12:00] - Finished Searching Browser Helper Objects
[03/22/2008, 17:12:00] - Finishing up...
[03/22/2008, 17:12:00] - Nothing found! Exiting... |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 24 Mar 2008 10:03 Oggetto: |
|
|
Ciao Gio1983,
Intanto che aspetti il rientro di Sante62, fai questi passaggi:
|
|
| Top |
|
|
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 25 Mar 2008 13:50 Oggetto: |
|
|
Ciao bdoriano ,
grazie anche a te per l'aiuto..  Dunque al momento sono fuori casa, quindi passerò le informazioni a mio papà e farà lui i nuovi passaggi..
Se non dovesse riuscire io rientro venerdì quindi prima di quella data non riesco a darvi notizie.
Grazie ancora.
|
|
| Top |
|
|
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 25 Mar 2008 19:44 Oggetto: |
|
|
www.freefilehosting.net/files/3e63i
ecco il link con il *.txt della scansione con Norman Malware Cleaner |
|
| Top |
|
|
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 25 Mar 2008 22:43 Oggetto: |
|
|
Il log di Combofix..
ComboFix 08-03-25.1 - Roberto 2008-03-25 19.21.21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.449 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Roberto\Documenti\Programmi free\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Programmi\WinBudget
C:\WINDOWS\BM2b09d1d7.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cvjoxonq.dll
C:\WINDOWS\system32\eohngqlo.dll
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini2
C:\WINDOWS\system32\gpbfactp.ini
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfvrgqkd.dll
C:\WINDOWS\system32\otkixwtk.dll
C:\WINDOWS\system32\ptcafbpg.dll
C:\WINDOWS\system32\rtutv.ini
C:\WINDOWS\system32\rtutv.ini2
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\wavcgicc.dll
.
((((((((((((((((((((((((( Files Creati Da 2008-02-25 al 2008-03-25 )))))))))))))))))))))))))))))))))))
.
2008-03-24 19:23 . 2008-03-25 18:29 1,126 ---hs---- C:\WINDOWS\system32\liwkqirq.ini
2008-03-23 12:07 . 2008-03-24 19:17 414 ---hs---- C:\WINDOWS\system32\ccxaywsq.ini
2008-03-22 15:52 . 2008-03-22 15:52 <DIR> d-------- C:\Programmi\Trend Micro
2008-03-22 14:46 . 2008-03-22 14:46 <DIR> d-------- C:\Programmi\CCleaner
2008-03-22 14:06 . 2008-03-22 14:21 <DIR> d-------- C:\Programmi\Enigma Software Group
2008-03-22 10:47 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-22 10:47 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-22 10:47 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-22 00:20 . 2008-03-22 10:47 414 ---hs---- C:\WINDOWS\system32\pkcgpggj.ini
2008-03-21 21:41 . 2008-03-21 21:45 <DIR> d-------- C:\Programmi\PPLive
2008-03-21 21:41 . 2008-03-21 21:41 <DIR> d-------- C:\Documents and Settings\Roberto\Dati applicazioni\PPLive
2008-03-21 20:46 . 2008-03-21 21:46 <DIR> d-------- C:\VundoFix Backups
2008-03-21 11:03 . 2008-03-21 11:03 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-03-21 11:02 . 2008-03-21 11:04 <DIR> d-------- C:\Programmi\Windows Live
2008-03-21 11:02 . 2008-03-21 11:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-03-21 00:16 . 2008-03-21 19:32 1,134 ---hs---- C:\WINDOWS\system32\mmkrywjf.ini
2008-03-20 19:13 . 2008-03-20 23:14 534 ---hs---- C:\WINDOWS\system32\hgmnqjaj.ini
2008-03-20 17:32 . 2008-03-20 18:05 354 ---hs---- C:\WINDOWS\system32\jfahlgel.ini
2008-03-19 21:11 . 2008-03-20 16:42 706 ---hs---- C:\WINDOWS\system32\usbywnhy.ini
2008-03-18 21:08 . 2008-03-19 21:08 354 ---hs---- C:\WINDOWS\system32\mpkcrukj.ini
2008-03-16 18:23 . 2008-03-16 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-03-15 18:59 . 2008-03-18 21:13 <DIR> d-------- C:\Programmi\VisualRoute 2008
2008-03-14 20:43 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-14 20:43 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-14 20:43 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-14 19:06 . 2008-03-14 19:06 <DIR> d-------- C:\Documents and Settings\Roberto\Dati applicazioni\Symantec
2008-03-14 17:09 . 2008-03-14 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2008-03-14 16:43 . 2008-03-14 16:43 16 --a------ C:\WINDOWS\system32\coh.cache
2008-03-14 16:25 . 2008-03-14 16:52 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-14 16:25 . 2008-03-14 16:52 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-14 16:24 . 2008-03-14 16:52 <DIR> d-------- C:\Programmi\Symantec
2008-03-14 16:23 . 2008-03-25 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-03-12 17:41 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-12 17:40 . 2008-03-12 17:40 <DIR> d-------- C:\Programmi\File comuni\Java
2008-03-12 17:01 . 2008-03-12 17:01 <DIR> d-------- C:\Documents and Settings\Roberto\Dati applicazioni\Motive
2008-03-12 16:33 . 2008-03-12 16:33 <DIR> d-------- C:\WINDOWS\Motive
2008-03-12 16:33 . 2008-03-12 16:33 <DIR> d-------- C:\Programmi\Pirelli
2008-03-12 16:33 . 2008-03-12 16:34 126 --a------ C:\WINDOWS\PRLTP_USBdrv.ini
2008-03-12 16:31 . 2008-03-12 16:31 <DIR> d-------- C:\Programmi\File comuni\Motive
2008-03-12 16:31 . 2008-03-12 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Motive
2008-03-12 16:29 . 2008-03-12 17:29 <DIR> d-------- C:\Programmi\Common Files
2008-03-12 16:27 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-03-12 16:27 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-03-12 16:27 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-03-12 16:27 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-03-12 16:27 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-03-12 15:50 . 2008-03-12 16:28 <DIR> d-------- C:\Programmi\Motive
2008-03-12 15:50 . 2008-03-16 23:26 <DIR> d-------- C:\Programmi\Alice ti aiuta
2008-03-12 15:49 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-03-12 14:54 . 2008-03-12 16:25 <DIR> d-------- C:\Programmi\Telecom Italia
2008-02-29 18:24 . 2001-08-17 21:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-02-29 18:24 . 2001-08-17 21:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 13:06 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-03-21 20:11 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-03-21 18:21 --------- d-----w C:\Programmi\Norton 360
2008-03-21 14:00 --------- d-----w C:\Programmi\Norton Security Scan
2008-03-21 10:05 --------- d-----w C:\Programmi\MSN Messenger
2008-03-16 17:24 --------- d-----w C:\Programmi\Apple Software Update
2008-03-14 15:52 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-14 15:52 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-14 14:10 --------- d-----w C:\Programmi\iTunes
2008-03-12 16:41 --------- d-----w C:\Programmi\Java
2008-03-12 14:56 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-11 15:11 --------- d-----w C:\Programmi\Yahoo!
2008-02-15 16:52 --------- d-----w C:\Programmi\OFFICE11
2008-02-05 15:51 --------- d-----w C:\Programmi\File comuni\Adobe
2008-02-05 15:40 24,024,440 ----a-w C:\Programmi\AdbeRdr810_it_IT.exe
2008-02-04 23:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-28 07:28 --------- d-----w C:\Programmi\REGSHAVE
2008-01-28 07:28 --------- d-----w C:\Programmi\QuickTime
2008-01-27 15:41 --------- d-----w C:\Programmi\Google
2008-01-27 14:22 --------- d-----w C:\Programmi\Norton SystemWorks
2007-11-19 09:52 1,286,760 ----a-w C:\Programmi\ytb_7.0.9.0_pub_it_setup_.exe
2007-11-19 09:49 181,752 ----a-w C:\Programmi\yahoo_toolbar_install_helper.exe
2007-04-17 09:53 3,437,692 ----a-w C:\Programmi\_di_ewe.zip
2007-04-08 16:20 4,757 ----a-w C:\Programmi\lady_oscar.zip
2007-04-08 16:10 2,628,754 ----a-w C:\Programmi\SetupTrueDownloader.exe
2007-02-16 18:30 5,355,320 ----a-w C:\Programmi\picasaweb-current-setup.exe
2007-02-13 13:53 14,993,976 ----a-w C:\Programmi\GoogleEarthWin.exe
2007-02-13 13:05 1,136,392 ----a-w C:\Programmi\msc.exe
2007-01-23 15:57 36,808,256 ----a-w C:\Programmi\iTunesSetup.exe
2006-11-24 15:10 4,789,792 ----a-w C:\Programmi\picasa2-current.exe
2006-11-14 15:57 1,106,186 ----a-w C:\Programmi\WRar361it.exe
2006-01-25 17:25 5,027,808 ----a-w C:\Programmi\BitTorrent-4.2.2.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,957,888 2005-06-02 14:03:08 C:\Programmi\Ahead\Nero BackItUp\bak\NBJ.exe
----a-w 344,064 2005-06-28 19:05:00 C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
----a-w 32,768 2004-11-02 18:24:46 C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe
----a-w 1,838,592 2007-08-19 20:46:03 C:\Programmi\Google\Google Desktop Search\bak\GoogleDesktop.exe
----a-w 256,576 2006-10-30 08:36:36 C:\Programmi\iTunes\bak\iTunesHelper.exe
----a-w 256,576 2006-10-30 08:36:36 C:\Programmi\iTunes\iTunesHelper.exe
----a-w 132,496 2007-09-25 00:11:35 C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe
----a-w 282,624 2006-10-25 17:58:18 C:\Programmi\QuickTime\bak\qttask.exe
----a-w 53,248 2002-02-04 21:32:10 C:\Programmi\REGSHAVE\bak\REGSHAVE.EXE
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 155,648 2001-07-09 09:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
----a-w 74,752 2002-07-01 03:05:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S10IC2.EXE
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20BABE64-1AB6-4E47-940A-827F57850B3E}]
C:\WINDOWS\system32\pmnlk.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-23 20:27 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-24 19:06 2559488 C:\WINDOWS\ALCWZRD.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"AliceRE_McciTrayApp"="C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe" [2006-11-21 15:26 936960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-03-12 16:28:33 217088]
BlueSoleil.lnk - C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 10:28:16 1200128]
Image Transfer.lnk - C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe [2005-10-25 14:03:12 73728]
SkyServer.lnk - C:\Programmi\Modem SAT\bin\SkyServer.exe [2006-01-17 10:44:37 385024]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2005-10-25 15:47:57 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Microsoft\\Network\\Connections\\Cm\\AliceSAT\\nstuner.exe"=
"C:\\Programmi\\Modem SAT\\bin\\SkyServer.exe"=
"C:\\Programmi\\File comuni\\Synacast\\SynaLive\\PE.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Google\\Google Earth\\googleearth.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\PPLive\\PPLive.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5191:TCP"= 5191:TCP:ppLive
"7100:UDP"= 7100:UDP:ppLive
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
R2 rvsport;RVS Virtual COM Port;C:\WINDOWS\system32\drivers\rvsport.sys [2002-07-22 00:00]
R3 isdn_p;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\isdn_p.sys [2000-05-10 17:37]
R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2000-02-22 18:06]
S3 RvscomSv;RvscomSv;C:\Programmi\RVS\WCOM\SYSTEM\RVSCOMSV.EXE [2002-07-22 00:00]
S3 SKYNETU;B2C2 Broadband Receiver USB Adapter;C:\WINDOWS\system32\DRIVERS\SkyNETU.SYS [2002-06-04 18:11]
S3 Slnt7554;USB Soft Modem Driver;C:\WINDOWS\system32\DRIVERS\slnt7554.sys [2004-08-03 22:41]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c2c4f8d-ae48-11dc-b7e3-0011675c44f1}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c2c4f8f-ae48-11dc-b7e3-0011675c44f1}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{655df3c6-ae19-11dc-b7df-00d0d7307949}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{655df3c7-ae19-11dc-b7df-00d0d7307949}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-20 19:57:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-03-21 14:46:08 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmi\Norton Security Scan\Nss.exe)/scan-full /scheduleignorenav /scheduled
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 19:31:37
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSCC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
.
**************************************************************************
.
Ora fine scansione: 2008-03-25 19:34:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-25 18:34:21
.
2008-03-22 12:56:20 --- E O F --- |
|
| Top |
|
|
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 25 Mar 2008 22:44 Oggetto: |
|
|
Se qlc può dargli un'occhiata..  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 25 Mar 2008 23:24 Oggetto: |
|
|
Crea un file di testo con le seguenti istruzioni:
| Codice: | File::
C:\WINDOWS\system32\liwkqirq.ini
C:\WINDOWS\system32\ccxaywsq.ini
C:\WINDOWS\system32\pkcgpggj.ini
C:\WINDOWS\system32\mmkrywjf.ini
C:\WINDOWS\system32\hgmnqjaj.ini
C:\WINDOWS\system32\jfahlgel.ini
C:\WINDOWS\system32\usbywnhy.ini
C:\WINDOWS\system32\mpkcrukj.ini
C:\WINDOWS\system32\pmnlk.dll |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
Posta i logs aggiornati di combofix e di hijackthis |
|
| Top |
|
|
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 25 Mar 2008 23:29 Oggetto: |
|
|
Prima di domani sera non riesco ad aggiornarvi..
Grazie ancora |
|
| Top |
|
|
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 27 Mar 2008 20:59 Oggetto: |
|
|
Ecco il nuovo log di Combofix..
ComboFix 08-03-25.1 - Roberto 2008-03-26 18.58.47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.529 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Roberto\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Roberto\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\ccxaywsq.ini
C:\WINDOWS\system32\hgmnqjaj.ini
C:\WINDOWS\system32\jfahlgel.ini
C:\WINDOWS\system32\liwkqirq.ini
C:\WINDOWS\system32\mmkrywjf.ini
C:\WINDOWS\system32\mpkcrukj.ini
C:\WINDOWS\system32\pkcgpggj.ini
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\usbywnhy.ini
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ccxaywsq.ini
C:\WINDOWS\system32\hgmnqjaj.ini
C:\WINDOWS\system32\jfahlgel.ini
C:\WINDOWS\system32\liwkqirq.ini
C:\WINDOWS\system32\mmkrywjf.ini
C:\WINDOWS\system32\mpkcrukj.ini
C:\WINDOWS\system32\pkcgpggj.ini
C:\WINDOWS\system32\usbywnhy.ini
.
((((((((((((((((((((((((( Files Creati Da 2008-02-26 al 2008-03-26 )))))))))))))))))))))))))))))))))))
.
2008-03-25 20:46 . 2008-03-25 20:46 <DIR> d-------- C:\N360_BACKUP
2008-03-22 15:52 . 2008-03-22 15:52 <DIR> d-------- C:\Programmi\Trend Micro
2008-03-22 14:46 . 2008-03-22 14:46 <DIR> d-------- C:\Programmi\CCleaner
2008-03-22 14:06 . 2008-03-22 14:21 <DIR> d-------- C:\Programmi\Enigma Software Group
2008-03-22 10:47 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-22 10:47 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-22 10:47 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-21 21:41 . 2008-03-21 21:45 <DIR> d-------- C:\Programmi\PPLive
2008-03-21 21:41 . 2008-03-21 21:41 <DIR> d-------- C:\Documents and Settings\Roberto\Dati applicazioni\PPLive
2008-03-21 20:46 . 2008-03-21 21:46 <DIR> d-------- C:\VundoFix Backups
2008-03-21 11:03 . 2008-03-21 11:03 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-03-21 11:02 . 2008-03-21 11:04 <DIR> d-------- C:\Programmi\Windows Live
2008-03-21 11:02 . 2008-03-21 11:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-03-16 18:23 . 2008-03-16 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-03-15 18:59 . 2008-03-18 21:13 <DIR> d-------- C:\Programmi\VisualRoute 2008
2008-03-14 20:43 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-14 20:43 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-14 20:43 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-14 19:06 . 2008-03-14 19:06 <DIR> d-------- C:\Documents and Settings\Roberto\Dati applicazioni\Symantec
2008-03-14 17:09 . 2008-03-14 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2008-03-14 16:43 . 2008-03-14 16:43 16 --a------ C:\WINDOWS\system32\coh.cache
2008-03-14 16:25 . 2008-03-14 16:52 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-14 16:25 . 2008-03-14 16:52 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-14 16:24 . 2008-03-14 16:52 <DIR> d-------- C:\Programmi\Symantec
2008-03-14 16:23 . 2008-03-25 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-03-12 17:41 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-12 17:40 . 2008-03-12 17:40 <DIR> d-------- C:\Programmi\File comuni\Java
2008-03-12 17:01 . 2008-03-12 17:01 <DIR> d-------- C:\Documents and Settings\Roberto\Dati applicazioni\Motive
2008-03-12 16:33 . 2008-03-12 16:33 <DIR> d-------- C:\WINDOWS\Motive
2008-03-12 16:33 . 2008-03-12 16:33 <DIR> d-------- C:\Programmi\Pirelli
2008-03-12 16:33 . 2008-03-12 16:34 126 --a------ C:\WINDOWS\PRLTP_USBdrv.ini
2008-03-12 16:31 . 2008-03-12 16:31 <DIR> d-------- C:\Programmi\File comuni\Motive
2008-03-12 16:31 . 2008-03-12 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Motive
2008-03-12 16:29 . 2008-03-12 17:29 <DIR> d-------- C:\Programmi\Common Files
2008-03-12 16:27 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-03-12 16:27 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-03-12 16:27 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-03-12 16:27 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-03-12 16:27 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-03-12 15:50 . 2008-03-12 16:28 <DIR> d-------- C:\Programmi\Motive
2008-03-12 15:50 . 2008-03-16 23:26 <DIR> d-------- C:\Programmi\Alice ti aiuta
2008-03-12 15:49 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-03-12 14:54 . 2008-03-12 16:25 <DIR> d-------- C:\Programmi\Telecom Italia
2008-02-29 18:24 . 2001-08-17 21:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-02-29 18:24 . 2001-08-17 21:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 17:22 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-03-21 20:11 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-03-21 18:21 --------- d-----w C:\Programmi\Norton 360
2008-03-21 14:00 --------- d-----w C:\Programmi\Norton Security Scan
2008-03-21 10:05 --------- d-----w C:\Programmi\MSN Messenger
2008-03-16 17:24 --------- d-----w C:\Programmi\Apple Software Update
2008-03-14 15:52 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-14 15:52 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-14 14:10 --------- d-----w C:\Programmi\iTunes
2008-03-12 16:41 --------- d-----w C:\Programmi\Java
2008-03-12 15:27 155,995 ----a-w C:\WINDOWS\java\Packages\AP7H3P79.ZIP
2008-03-12 14:56 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-12 14:49 155,995 ----a-w C:\WINDOWS\java\Packages\Q4FNXZXR.ZIP
2008-03-11 15:11 --------- d-----w C:\Programmi\Yahoo!
2008-02-15 16:52 --------- d-----w C:\Programmi\OFFICE11
2008-02-05 15:51 --------- d-----w C:\Programmi\File comuni\Adobe
2008-02-05 15:40 24,024,440 ----a-w C:\Programmi\AdbeRdr810_it_IT.exe
2008-02-04 23:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-28 07:28 --------- d-----w C:\Programmi\REGSHAVE
2008-01-28 07:28 --------- d-----w C:\Programmi\QuickTime
2008-01-27 15:41 --------- d-----w C:\Programmi\Google
2008-01-27 14:22 --------- d-----w C:\Programmi\Norton SystemWorks
2007-11-19 09:52 1,286,760 ----a-w C:\Programmi\ytb_7.0.9.0_pub_it_setup_.exe
2007-11-19 09:49 181,752 ----a-w C:\Programmi\yahoo_toolbar_install_helper.exe
2007-04-17 09:53 3,437,692 ----a-w C:\Programmi\_di_ewe.zip
2007-04-08 16:20 4,757 ----a-w C:\Programmi\lady_oscar.zip
2007-04-08 16:10 2,628,754 ----a-w C:\Programmi\SetupTrueDownloader.exe
2007-02-16 18:30 5,355,320 ----a-w C:\Programmi\picasaweb-current-setup.exe
2007-02-13 13:53 14,993,976 ----a-w C:\Programmi\GoogleEarthWin.exe
2007-02-13 13:05 1,136,392 ----a-w C:\Programmi\msc.exe
2007-01-23 15:57 36,808,256 ----a-w C:\Programmi\iTunesSetup.exe
2006-11-24 15:10 4,789,792 ----a-w C:\Programmi\picasa2-current.exe
2006-11-14 15:57 1,106,186 ----a-w C:\Programmi\WRar361it.exe
2006-01-25 17:25 5,027,808 ----a-w C:\Programmi\BitTorrent-4.2.2.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,957,888 2005-06-02 14:03:08 C:\Programmi\Ahead\Nero BackItUp\bak\NBJ.exe
----a-w 344,064 2005-06-28 19:05:00 C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
----a-w 32,768 2004-11-02 18:24:46 C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe
----a-w 1,838,592 2007-08-19 20:46:03 C:\Programmi\Google\Google Desktop Search\bak\GoogleDesktop.exe
----a-w 256,576 2006-10-30 08:36:36 C:\Programmi\iTunes\bak\iTunesHelper.exe
----a-w 256,576 2006-10-30 08:36:36 C:\Programmi\iTunes\iTunesHelper.exe
----a-w 132,496 2007-09-25 00:11:35 C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe
----a-w 282,624 2006-10-25 17:58:18 C:\Programmi\QuickTime\bak\qttask.exe
----a-w 53,248 2002-02-04 21:32:10 C:\Programmi\REGSHAVE\bak\REGSHAVE.EXE
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 155,648 2001-07-09 09:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
----a-w 74,752 2002-07-01 03:05:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S10IC2.EXE
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20BABE64-1AB6-4E47-940A-827F57850B3E}]
C:\WINDOWS\system32\pmnlk.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-23 20:27 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-24 19:06 2559488 C:\WINDOWS\ALCWZRD.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"AliceRE_McciTrayApp"="C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe" [2006-11-21 15:26 936960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-03-12 16:28:33 217088]
BlueSoleil.lnk - C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 10:28:16 1200128]
Image Transfer.lnk - C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe [2005-10-25 14:03:12 73728]
SkyServer.lnk - C:\Programmi\Modem SAT\bin\SkyServer.exe [2006-01-17 10:44:37 385024]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2005-10-25 15:47:57 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Microsoft\\Network\\Connections\\Cm\\AliceSAT\\nstuner.exe"=
"C:\\Programmi\\Modem SAT\\bin\\SkyServer.exe"=
"C:\\Programmi\\File comuni\\Synacast\\SynaLive\\PE.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Google\\Google Earth\\googleearth.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\PPLive\\PPLive.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5191:TCP"= 5191:TCP:*:Disabled:ppLive
"7100:UDP"= 7100:UDP:*:Disabled:ppLive
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
R2 rvsport;RVS Virtual COM Port;C:\WINDOWS\system32\drivers\rvsport.sys [2002-07-22 00:00]
R3 isdn_p;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\isdn_p.sys [2000-05-10 17:37]
R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2000-02-22 18:06]
S3 RvscomSv;RvscomSv;C:\Programmi\RVS\WCOM\SYSTEM\RVSCOMSV.EXE [2002-07-22 00:00]
S3 SKYNETU;B2C2 Broadband Receiver USB Adapter;C:\WINDOWS\system32\DRIVERS\SkyNETU.SYS [2002-06-04 18:11]
S3 Slnt7554;USB Soft Modem Driver;C:\WINDOWS\system32\DRIVERS\slnt7554.sys [2004-08-03 22:41]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c2c4f8d-ae48-11dc-b7e3-0011675c44f1}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c2c4f8f-ae48-11dc-b7e3-0011675c44f1}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{655df3c6-ae19-11dc-b7df-00d0d7307949}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{655df3c7-ae19-11dc-b7df-00d0d7307949}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-20 19:57:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-03-21 14:46:08 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmi\Norton Security Scan\Nss.exe)/scan-full /scheduleignorenav /scheduled
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 19:00:46
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-03-26 19.01.20
ComboFix-quarantined-files.txt 2008-03-26 18:01:18
ComboFix2.txt 2008-03-25 18:34:24
.
2008-03-22 12:56:20 --- E O F --- |
|
| Top |
|
|
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 27 Mar 2008 21:07 Oggetto: |
|
|
Ed ecco il nuovo log di Hijack..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.04.52, on 26/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSCC.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
C:\Programmi\Modem SAT\bin\SkyServer.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {20BABE64-1AB6-4E47-940A-827F57850B3E} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10111} - C:\Programmi\TrueDownloader\truedownloaderie.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: SkyServer.lnk = C:\Programmi\Modem SAT\bin\SkyServer.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Sitecom\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute 2008\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute 2008\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.computercityhw.it
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programmi\Sitecom\Software Bluetooth\bin\btwdins.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RVS CommCenter (RvsCC) - Living Byte Software GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSCC.EXE
O23 - Service: RvscomSv - Living Byte Software GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer (RVSINST) - Living Byte Software GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10626 bytes
Mio papà mi ha detto che dall'ultima operazione(effettuata ieri sera) non ha più avuto problemi(non si sono più aperte le solite fastidiose finestre di pubblicità) però non si sa mai.. Confido nei tecnici.. |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 27 Mar 2008 21:33 Oggetto: |
|
|
Dovremmo quasi esserci.
Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a questa voce:
| Citazione: | | O2 - BHO: (no name) - {20BABE64-1AB6-4E47-940A-827F57850B3E} - C:\WINDOWS\system32\pmnlk.dll (file missing) |
clicca fix checked
Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo
Infine, facciamo un paio di controlli online:
- Disabilita il tuo antivirus
- Collegati a BitDefender (con IE) e fai la scansione completa.
- Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
|
|
| Top |
|
|
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 27 Mar 2008 21:42 Oggetto: |
|
|
Oh che bella notizia  
Dunque domani torno a casa, quindi se non riesce a fare i nuovi passaggi mio papà..li farò io domani!!
Grazie per l'assistenza  |
|
| Top |
|
|
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 28 Mar 2008 17:08 Oggetto: |
|
|
Nuovo log di Hijack...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.06.53, on 28/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSCC.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
C:\Programmi\Modem SAT\bin\SkyServer.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/indexbb.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10111} - C:\Programmi\TrueDownloader\truedownloaderie.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: SkyServer.lnk = C:\Programmi\Modem SAT\bin\SkyServer.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Sitecom\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute 2008\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute 2008\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.computercityhw.it
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programmi\Sitecom\Software Bluetooth\bin\btwdins.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RVS CommCenter (RvsCC) - Living Byte Software GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSCC.EXE
O23 - Service: RvscomSv - Living Byte Software GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer (RVSINST) - Living Byte Software GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10748 bytes |
|
| Top |
|
|
Gio1983
Eroe in grazia degli dei
Registrato: 22/03/08 16:27
Messaggi: 136
|
| Inviato: 28 Mar 2008 19:27 Oggetto: |
 |
|
Ecco il risultato della scansione con Kaspersky..
http://www.freefilehosting.net/download/3ea07
Immagino ci sarà ancora qualcosa da fare visto che ha trovato ancora un virus e 5 file infettati..  
Ti riporto anche il risultato della scansione con BitDefender.
Scanned File
Status
C:\QooBox\Quarantine\C\WINDOWS\system32\cvjoxonq.dll.vir
Infected with: Trojan.Vundo.EEU
C:\QooBox\Quarantine\C\WINDOWS\system32\cvjoxonq.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\mfvrgqkd.dll.vir
Infected with: Trojan.Vundo.EEQ
C:\QooBox\Quarantine\C\WINDOWS\system32\mfvrgqkd.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\otkixwtk.dll.vir
Infected with: Trojan.Vundo.EER
C:\QooBox\Quarantine\C\WINDOWS\system32\otkixwtk.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\vtutr.dll.vir
Infected with: Trojan.Vundo.EDS
C:\QooBox\Quarantine\C\WINDOWS\system32\vtutr.dll.vir
Deleted
C:\VundoFix Backups\vtutt.dll.bad
Infected with: Trojan.Vundo.EDC
C:\VundoFix Backups\vtutt.dll.bad
Deleted
Come sempre aspetto notizie e grazie per la disponibilità |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
