Olimpo Informatico

[svitxyz]

ciao,ho praticamente lo stesso problema:mi esce all'avvio che non trova Kesenjangansosial.exe.Ho letto attentamente quello che avete scritto ma ci sono alcune cose che non ho capito per esempio che significa "fissare"?Inoltre non ho capito niente del file log fatto con hijackttis...ho scaricato questo programma ho fatto la scansione ma non sono riuscito a interpretare il risultato del file log...per me è arabo!Scusate la mia ignoranza ma sono un neofita...c'è qualcuno che mi puo autare?grazie


split da qui - n.d.chemicalbit

[chemicalbit]

Segui queste istruzioni,
che tra l'altro dicono di aprire una nuova discussione, non accodarti a discussioni simili (problemi apprentemente simili possono essere diversi) -ora ho separato io le due discussioni-.

Descrivi con più dettagli che puoi la situazione
(Ad es. hai già fatto scansioni antivirus? Con che programma? Cosa hanno trovato?)

Quanto al log prodotto da hijackThis, postalo in un messaggio qui in questa discussione.

[svitxyz]

Scusami se mi sono accodato alla discussione,ma non sapevo come iniziarne un altra!Grazie per i consigli,studierò dalla guida che mi hai indicato l'uso del hijackThis e proverò a fare tutto da solo.Se non ci riesco stamperò il log in questa discussione e chiederò il vostro aiuto.
Comunque il mio sistema operativo è XP PROFESSIONAL e come antivirus uso AVAST,che utimamente mi ha eliminato diversi trojan e per eliminare uno in particolare mi ha chiesto la scansione all'avvio.
Ciao

[chemicalbit]

[svitxyz]

Nel link che mi hai indicato c'era nella pagina un altro link messo da "bdoriano"che mi mandava alla spigazione dettagliata di HijackThis,comunque quando provai a scansionare con HijackThis non ci capii niente e quindi disinstallai il programma e buttai il file installante.Appena vado da mio cugino che ha l'adsl mi riscarico il programma e vi mando il log.Per quanto riguarda il file di log di Avast...come faccio a trovarlo?Se mi dici come faccio lo invio subito!Non ti scandalizzare per la mia ignoranza...mi hanno comprato il computer a Natale...ma ho tanta voglia di imparare!
Grazie per l'iteressamento,ciao

[chemicalbit]

Il file ZIP contenente Hijackthis è grande solo 311 KB, probabilmente puoi scaricarlo anche senza ADSL.

Per dove trovare il log di Avast, purtroppo non conoscotale programma.

[svitxyz]

ciao,infatti l'ho scaricato senza ADSL,il file di log è:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20.47.31, on 08/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\EPSON\ESM2\eEBSVC.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Web Accelerator\slipcore.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\My Lockbox\flockbox.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Web Accelerator\slipgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Documenti\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Programmi\Web Accelerator\PBHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programmi\Web Accelerator\components\NOWImaging.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Programmi\Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [flockbox] C:\Programmi\My Lockbox\flockbox.exe /a
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\bak\bak\NBJ.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus-3444] "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\br7911on.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Controllo dello stato.lnk = C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Controllo in background EPSON.lnk = C:\Programmi\EPSON\ESM2\Stms.exe
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Programmi\Web Accelerator\slipgui.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.hastalavista.it
O15 - Trusted Zone: www.pornoaccesso.com
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\EPSON\ESM2\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6431 bytes

[chemicalbit]

Hai almeno un "ospite" indesiderato.

[svitxyz]

allora non è un impostazione del registro che brontok o un altro trojan mi ha modificato...è proprio un virus che ho tutt'ora sul pc!inizio subito le operazioni che mi hai indicato e ti faccio sapere.Ciao

[svitxyz]

ciao,scusa se non mi sono fatto più sentire ma sono stato fuori città!mi sto procurando i programmi che mi hai indicato....appena finisco tutto invio i log.ciao

[svitxyz]

ciao chemicalbit,volevo dirti che grazie a te ho risolto il problema!prima ho fatto pulizia con CCleaner,poi ho usato Norman Malawer e gia quando l'ho riacceso non mi dava più il messaggio:impossibile trovare kesejangansosial.exe.poi ho comunque usato combofix....ti mando i log che tali programmi mi hanno dato....adesso dovrei essere pulito!
Ciao e GRAZIE MILLE

[svitxyz]

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/05/12 19:08:33

Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/05/12 19:08:33, Variants: 1631317

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: SERVER\Administrator

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"" -> "Explorer.exe"
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\WINDOWS\system32\userinit.exe,userinit.exe" -> "C:\WINDOWS\System32\userinit.exe,"
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoFolderOptions = 0x00000001

Scan started: 03/06/2008 11:41:08


Scanning running processes and process memory...

Number of processes/threads found: 494
Number of processes/threads scanned: 494
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 14s


Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\Administrator\Documenti\Alcuni programmini\Adobe Acrobat 7.0 Reader Professional\Adobe Acrobat Professional v7.0 Multilanguage Keygen Only-Paradox(1).zip/acme.nfo (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Administrator\Documenti\Alcuni programmini\Adobe Acrobat 7.0 Reader Professional\Adobe Acrobat Professional v7.0 Multilanguage Keygen Only-Paradox.zip/acme.nfo (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Administrator\Documenti\eBook personali\Contenuti vari\Quisquiglie\MARK KNOPFLER & EMMYLOU HARRIS - All the roadrunning 2006.rar/CMT (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Administrator\Documenti\eBook personali\Contenuti vari\Quisquiglie\MARK KNOPFLER & EMMYLOU HARRIS - All the roadrunning 2006.rar/RR (Error whilst scanning file: I/O Error)

C:\Programmi\Ahead\Nero BackItUp\NBJ.exe (Infected with W32/Zonebac.gen2)
Deleted file

Scanning: c:\System Volume Information\*.*


Running post-scan cleanup routine:

Number of files found: 57994
Number of archives unpacked: 543
Number of files scanned: 57969
Number of files not scanned: 25
Number of files skipped due to exclude list: 0
Number of infected files found: 1
Number of infected files repaired/deleted: 1
Number of infections removed: 1
Total scanning time: 41m 14s

[svitxyz]

ComboFix 08-05-29.1 - Administrator 2008-06-03 12.52.39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.705 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-05-03 al 2008-06-03 )))))))))))))))))))))))))))))))))))
.

2008-06-03 11:13 . 2008-06-03 11:13 <DIR> d-------- C:\Programmi\CCleaner
2008-05-08 20:39 . 2008-05-08 20:39 <DIR> d-------- C:\Programmi\My Lockbox
2008-05-08 20:39 . 2007-12-13 20:13 17,264 --a------ C:\WINDOWS\system32\drivers\mprifl.sys
2008-05-06 22:02 . 2008-05-06 22:02 114,688 --a------ C:\WINDOWS\system32\cd2.dll
2008-05-06 20:49 . 2008-05-06 20:49 <DIR> d-------- C:\Programmi\FileRescue Pro
2008-05-06 20:34 . 2008-05-27 21:10 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-06 20:34 . 2008-05-06 20:34 <DIR> d-------- C:\Programmi\Zone Labs
2008-05-06 20:34 . 2008-06-03 12:49 31,767 --ah----- C:\WINDOWS\system32\vsconfig.xml
2008-05-05 21:47 . 2008-05-05 21:47 <DIR> d-------- C:\Programmi\Symantec
2008-05-05 21:47 . 2008-05-05 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-05-05 21:47 . 2008-05-05 21:47 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Symantec
2008-05-05 21:21 . 2008-05-05 21:45 <DIR> d-------- C:\Programmi\Spy Cleaner Free Version
2008-05-05 21:21 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-05-05 21:19 . 2008-05-05 21:44 <DIR> d-------- C:\Programmi\Trojan Remover
2008-05-05 21:05 . 2008-05-05 21:05 <DIR> d-------- C:\Programmi\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 20:17 --------- d-----w C:\Programmi\eMule
2008-05-27 21:46 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\SlipStream
2008-05-07 22:28 40,960 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-05 20:04 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-05-05 19:03 --------- d-----w C:\Programmi\iTunes
2008-05-05 14:04 --------- d-----w C:\Programmi\QuickTime
2008-05-03 08:49 --------- d-----w C:\Programmi\Web Accelerator
2008-05-01 17:35 105,168 ----a-w C:\WINDOWS\MozillaUninstall.exe
2008-05-01 17:35 105,168 ----a-w C:\WINDOWS\GREUninstall.exe
2008-05-01 17:35 --------- d-----w C:\Programmi\mozilla.org
2008-05-01 17:35 --------- d-----w C:\Programmi\File comuni\mozilla.org
2008-05-01 17:35 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Talkback
2008-04-30 19:07 --------- d-----w C:\Programmi\WinRAR(by U'Fredd)
2008-04-30 17:11 --------- d-----w C:\Programmi\Alwil Software
2008-04-06 15:01 63,488 ----a-w C:\WINDOWS\system32\realbap1.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2005-05-09 18:10 56 --sh--r C:\WINDOWS\system32\4697936EC1.sys
2004-08-19 13:39 1,392,671 --sh--r C:\WINDOWS\system32\msvbvm60.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,945,600 2004-11-30 10:36:56 C:\Programmi\Ahead\Nero BackItUp\bak\bak\NBJ.exe

----a-w 1,945,600 2004-11-30 10:36:56 C:\Programmi\Ahead\Nero BackItUp\bak\bak\NBJ.exe

----a-w 339,968 2004-08-03 19:10:00 C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

----a-w 49,152 2005-01-26 16:02:22 C:\Programmi\Brother\Brmfl05a\bak\BrStDvPt.exe

----a-w 933,888 2005-05-17 15:42:32 C:\Programmi\Brother\ControlCenter2\bak\brctrcen.exe

----a-w 49,152 2004-09-29 07:46:00 C:\Programmi\BVRP Software\PowerTranslator Pro\bak\BVRPOlr.exe

----a-w 32,768 2004-11-02 18:24:46 C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe

----a-w 180,269 2006-03-27 15:24:12 C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe

----a-r 155,648 2003-10-14 08:22:30 C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe

----a-w 58,984 2007-02-21 14:46:50 C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe

----a-w 68,856 2007-09-17 19:34:38 C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 278,528 2005-05-13 22:20:50 C:\Programmi\iTunes\bak\iTunesHelper.exe
----a-w 278,528 2005-05-13 22:20:50 C:\Programmi\iTunes\iTunesHelper.exe

----a-w 286,720 2007-06-29 04:24:52 C:\Programmi\QuickTime\bak\QTTask.exe

----a-w 40,960 2005-03-10 23:28:24 C:\Programmi\ScanSoft\PaperPort\bak\IndexSearch.exe

----a-w 57,393 2005-03-10 23:01:42 C:\Programmi\ScanSoft\PaperPort\bak\pptd40nt.exe

----a-w 155,648 2001-07-09 08:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-w 99,840 2004-01-13 18:00:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S4I0T1.EXE

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"NBJ"="C:\Programmi\Ahead\Nero BackItUp\bak\bak\NBJ.exe" [2004-11-30 12:36 1945600]
"Tok-Cirrhatus-3444"="C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\br7911on.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SlipStream"="C:\Programmi\Web Accelerator\slipcore.exe" [2006-04-07 04:51 253952]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2005-05-14 00:20 278528]
"Zone Labs Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2005-07-17 23:21 980752]
"flockbox"="C:\Programmi\My Lockbox\flockbox.exe" [2007-12-14 16:59 1071472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-29 22:02:05 113664]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]
Controllo dello stato.lnk - C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe [2007-04-28 20:49:34 802816]
Controllo in background EPSON.lnk - C:\Programmi\EPSON\ESM2\Stms.exe [1999-12-03 20:11:56 235008]
SlipStream Web Accelerator.lnk - C:\Programmi\Web Accelerator\slipgui.exe [2008-05-02 21:54:05 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 Cubase32;Cubase32;C:\WINDOWS\system32\drivers\Cubase32.sys [1996-08-14 14:07]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3af657d6-e056-11db-a079-000b6a9c8b9b}]
\Shell\Auto\command - E:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f82bf50a-53e2-11db-9f4f-000b6a9c8b9b}]
\Shell\Auto\command - E:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-06 13:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 12:54:01
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Ora fine scansione: 2008-06-03 12.55.00
ComboFix-quarantined-files.txt 2008-06-03 10:54:54

11 Directory 151,201,316,864 byte disponibili
15 Directory 151,193,587,712 byte disponibili

153 --- E O F --- 2008-05-31 18:04:24

[svitxyz]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.58.06, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmi\EPSON\ESM2\eEBSVC.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Web Accelerator\slipcore.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\My Lockbox\flockbox.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Web Accelerator\slipgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Documenti\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programmi\Web Accelerator\components\NOWImaging.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SlipStream] "C:\Programmi\Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [flockbox] C:\Programmi\My Lockbox\flockbox.exe /a
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\bak\bak\NBJ.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus-3444] "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\br7911on.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Controllo dello stato.lnk = C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Controllo in background EPSON.lnk = C:\Programmi\EPSON\ESM2\Stms.exe
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Programmi\Web Accelerator\slipgui.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.hastalavista.it
O15 - Trusted Zone: www.pornoaccesso.com
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\EPSON\ESM2\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5984 bytes