|
| Precedente :: Successivo |
| Autore |
Messaggio |
mystique82
Mortale devoto
Registrato: 17/05/08 17:26
Messaggi: 10
|
 Inviato: 17 Mag 2008 18:09 Oggetto: Un vairus T_T quello con tutte pubblicità |
 |
|
Salve, ieri ho ricevuto un vairus T_T
Praticamente manda tutte pubblicità
quando cerco di navigare
e a volte non funziona molto bene internet.
Mi da avviso di protezione di windows che mi dice che
non ho aggiornamenti automatici attivi, ma in realta' sono
attivi...ho controllato, li ho disattivati e poi riattivati, ma il
messaggio non va via!
Mi ha anche messo come homepage http:\\controlpage.info\
Sapete come aiutarmi?
Vi mando il log di kaspersky della memoria
| Codice: | Scan Statistics
Total number of scanned objects 2501
Number of viruses found 1
Number of infected objects 0
Number of suspicious objects 33
Duration of the scan process 00:00:31
Infected Object Name Virus Name Last Action
[0] [System Process] => C:\WINDOWS\system32\ws2_32.dll Suspicious: Type_Win32 skipped
[756] winlogon.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[804] services.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[816] lsass.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[1008] svchost.exe => c:\windows\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[1120] svchost.exe => c:\windows\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[1212] svchost.exe => c:\windows\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[1260] Smc.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[1360] svchost.exe => c:\windows\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[1448] svchost.exe => c:\windows\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[1624] spoolsv.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[1672] sched.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[1796] avguard.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[1808] httpd.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[1832] AppleMobileDeviceService.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[1860] mDNSResponder.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[184] mysqld-nt.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[400] VProSvc.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[540] httpd.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[2488] nvsvc32.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[3156] alg.exe => C:\WINDOWS\System32\WS2_32.dll Suspicious: Type_Win32 skipped
[3224] wmiprvse.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[1084] NMIndexingService.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[3392] iTunesHelper.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[3896] msnmsgr.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[3428] NMBgMonitor.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[3340] msmsgs.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[4136] NMIndexStoreSvr.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[4228] DUC20.exe => C:\WINDOWS\system32\ws2_32.dll Suspicious: Type_Win32 skipped
[3548] iexplore.exe => C:\WINDOWS\system32\ws2_32.dll Suspicious: Type_Win32 skipped
[6036] iexplore.exe => C:\WINDOWS\system32\ws2_32.dll Suspicious: Type_Win32 skipped
[4736] explorer.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
[6032] HijackThis.exe => C:\WINDOWS\system32\WS2_32.dll Suspicious: Type_Win32 skipped
Scan process completed.
|
Poi il log di hijackthis
| Codice: |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.09.19, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\USB Storage Device\shwicon.exe
C:\Programmi\Norton Ghost\Agent\VProTray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\No-IP\DUC20.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ShowIcon_The Company_USB Storage Device v1.14e035] "C:\Programmi\USB Storage Device\shwicon.exe" -t"The Company\USB Storage Device v1.14e035"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Programmi\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Programmi\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Programmi\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM630e31bc] Rundll32.exe "C:\WINDOWS\system32\ijfehlmx.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S103.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Programmi\No-IP\DUC20.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programmi\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201741512406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201741606281
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://acidclub.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF1E3EEE-7594-417E-9309-61DBD61C52C4}: NameServer = 192.168.2.1
O23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 10978 bytes
|
Grazie in anticipo |
|
| Top |
|
 |
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 17 Mag 2008 19:04 Oggetto: |
|
|
Ciao mystique82  e benvenuto/a
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria;
Avvia Hijackthis, seleziona questa riga e clicca poi su fix Cheched:
| Citazione: | | O4 - HKLM\..\Run: [BM630e31bc] Rundll32.exe "C:\WINDOWS\system32\ijfehlmx.dll",s |
Riavvia il PC alla modalità normale;
utlilizza CCleaner; Avvialo e clicca su opzioni->Avanzate, e togli la spunta da "elimina file solo se più vecchi di 48 ore"
Utilizza l'opzione Pulizia e poi clicca su Analizza; alla fine clicca su Avvia Pulizia. Fai la stessa cosa con l'opzione Trova problemi; eliminerà una serie di chiavi di registro inutili;
Fai questa scansione con VirIT
e segui le istruzioni di questo topic per postare il log di combofix.
posta anche un nuovo log di Hijackthis...
edit by bdoriano: mi sono permesso di mettere i links diretti all'uso dei programmi indicati.  |
|
| Top |
|
|
mystique82
Mortale devoto
Registrato: 17/05/08 17:26
Messaggi: 10
|
| Inviato: 17 Mag 2008 19:23 Oggetto: |
|
|
Grazie mille Sante62, sei molto gentile e velocissimo,
Intanto posto il log di Kasperky per l'unità C:\
perche' lo stavo finendo, vabb' l'ho interrotto al 96%
quasi alla fine, così faccio le cose che mi hai chiesto
Allego
| Codice: | Scan Statistics
Total number of scanned objects 168939
Number of viruses found 2
Number of infected objects 5
Number of suspicious objects 0
Duration of the scan process 01:16:02
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Dany\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dany\Documenti\Programmi\Install Creator Setup.exe Infected: not-a-virus:AdWare.Win32.EShoper.f skipped
C:\Documents and Settings\Dany\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Cronologia\History.IE5\MSHist012008051720080518\index.dat Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\ikawaa@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\ikawaa@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\ikawaa@hotmail.com\SharingMetadata\Working\database_8E60_3D12_603D_28F\dfsr.db Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\ikawaa@hotmail.com\SharingMetadata\Working\database_8E60_3D12_603D_28F\fsr.log Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\ikawaa@hotmail.com\SharingMetadata\Working\database_8E60_3D12_603D_28F\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\ikawaa@hotmail.com\SharingMetadata\Working\database_8E60_3D12_603D_28F\tmp.edb Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\ikawaa@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\ikawaa@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temp\hsperfdata_Dany\3548 Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temp\Perflib_Perfdata_c28.dat Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temp\~DF63E4.tmp Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temp\~DF64AE.tmp Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temp\~DF9B4B.tmp Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temp\~DF9C45.tmp Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temp\~DFEB26.tmp Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temp\~DFFC90.tmp Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temp\~DFFCA2.tmp Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temporary Internet Files\Content.IE5\7NTMBQH1\pixel[1].gif Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temporary Internet Files\Content.IE5\7NTMBQH1\rihanna300x190_RMP[1].flv Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temporary Internet Files\Content.IE5\FX40SE9E\fla[1].swf Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temporary Internet Files\Content.IE5\OFU5FNHC\statsnew[2].xml Object is locked skipped
C:\Documents and Settings\Dany\Impostazioni locali\Temporary Internet Files\Content.IE5\OFU5FNHC\statsnew[3].xml Object is locked skipped
C:\Documents and Settings\Dany\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dany\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Apache Software Foundation\Apache2.2\logs\access.log Object is locked skipped
C:\Programmi\Apache Software Foundation\Apache2.2\logs\error.log Object is locked skipped
C:\Programmi\MySQL\MySQL Server 5.0\data\daniele.err Object is locked skipped
C:\Programmi\MySQL\MySQL Server 5.0\data\ibdata1 Object is locked skipped
C:\Programmi\MySQL\MySQL Server 5.0\data\ib_logfile0 Object is locked skipped
C:\Programmi\MySQL\MySQL Server 5.0\data\ib_logfile1 Object is locked skipped
C:\Programmi\No-IP\DUC - Dany.log Object is locked skipped
C:\Programmi\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Programmi\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Programmi\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Programmi\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Programmi\Sygate\SPF\debug.log Object is locked skipped
C:\Programmi\Sygate\SPF\rawlog.log Object is locked skipped
C:\Programmi\Sygate\SPF\seclog.log Object is locked skipped
C:\Programmi\Sygate\SPF\syslog.log Object is locked skipped
C:\Programmi\Sygate\SPF\tralog.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5252A5D1-97A6-4D1F-93A2-21661CC3E827}\RP76\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
Scan was interrupted by user!
|
Graziedi tutto,
riavvio  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 17 Mag 2008 19:25 Oggetto: |
|
|
Domandina veloce: usi WinVNC per il controllo remoto del pc?  |
|
| Top |
|
|
mystique82
Mortale devoto
Registrato: 17/05/08 17:26
Messaggi: 10
|
| Inviato: 17 Mag 2008 20:04 Oggetto: |
|
|
no uso realvnc 
sto scandendo con virit=)
EDIT: Per quanto riguarda VirIT questo è il risultato
nessun virus e nessun file infetto, nulla. |
|
| Top |
|
|
mystique82
Mortale devoto
Registrato: 17/05/08 17:26
Messaggi: 10
|
| Inviato: 17 Mag 2008 21:51 Oggetto: |
|
|
| mystique82 ha scritto: | no uso realvnc
sto scandendo con virit=)
EDIT: Per quanto riguarda VirIT questo è il risultato
nessun virus e nessun file infetto, nulla. |
Questo e' il log di combofix
| Codice: | ComboFix 08-05-15.3 - Dany 2008-05-17 21.01.31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1415 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Dany\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\bold.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\sktvsprp.ini
C:\WINDOWS\system32\SvvGgMoq.ini
C:\WINDOWS\system32\SvvGgMoq.ini2
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\ywugpcdc.ini
.
((((((((((((((((((((((((( Files Creati Da 2008-04-17 al 2008-05-17 )))))))))))))))))))))))))))))))))))
.
2008-05-17 19:52 . 2008-05-17 20:20 <DIR> d-------- C:\Programmi\VEXPLITE
2008-05-17 19:52 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-17 19:49 . 2008-05-17 19:49 <DIR> d-------- C:\WINDOWS\backup registro
2008-05-17 19:29 . 2008-01-31 00:54 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-05-17 19:29 . 2008-01-31 00:54 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-05-17 19:29 . 2008-01-31 00:54 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-05-17 19:29 . 2008-01-31 00:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-05-17 19:29 . 2008-01-31 00:54 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-05-17 19:29 . 2008-01-31 00:54 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-05-17 19:29 . 2008-01-31 00:54 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-05-17 19:29 . 2008-01-31 00:54 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-05-17 19:29 . 2008-05-17 19:29 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-17 19:29 . 2008-05-17 21:00 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG
2008-05-17 17:46 . 2008-05-17 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan
2008-05-17 17:45 . 2008-05-17 17:45 <DIR> d-------- C:\Programmi\Security Task Manager
2008-05-17 17:44 . 2008-05-17 17:44 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-17 17:44 . 2008-05-17 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-05-17 17:40 . 2008-05-17 17:40 22,352 --a------ C:\Documents and Settings\Dany\wwzasekr.exe
2008-05-17 17:37 . 2008-05-17 17:37 22,352 --a------ C:\Documents and Settings\Dany\wdkynsps.exe
2008-05-17 17:36 . 2008-05-17 17:36 22,352 --a------ C:\Documents and Settings\Dany\sbhmjmao.exe
2008-05-17 17:33 . 2008-05-17 17:33 22,352 --a------ C:\Documents and Settings\Dany\uljrdyoi.exe
2008-05-17 17:05 . 2008-05-17 17:05 22,352 --a------ C:\Documents and Settings\Dany\ywhxefng.exe
2008-05-17 17:03 . 2008-05-17 17:03 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-17 15:46 . 2008-05-17 15:46 <DIR> d-------- C:\Programmi\Avira
2008-05-17 15:46 . 2008-05-17 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-05-17 13:12 . 2008-05-17 13:12 58,368 --a------ C:\WINDOWS\system32\jkkJYstt.dll
2008-05-17 12:51 . 2008-05-17 12:51 115,712 --a------ C:\WINDOWS\system32\cdcpguwy.dll
2008-05-17 12:49 . 2008-05-17 12:49 133,632 --a------ C:\WINDOWS\system32\otvnvagf.dll
2008-05-17 12:47 . 2008-05-17 12:47 127,488 --a------ C:\WINDOWS\system32\ijfehlmx.dll
2008-05-17 12:47 . 2008-05-17 17:36 109,830 --a------ C:\WINDOWS\BM630e31bc.xml
2008-05-16 22:33 . 2008-05-16 22:33 58,368 --a------ C:\WINDOWS\system32\opnOHBst.dll
2008-05-16 22:20 . 2008-05-16 22:20 58,368 --a------ C:\WINDOWS\system32\byXPJYqO.dll
2008-05-16 22:07 . 2008-05-16 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2008-05-16 22:05 . 2008-05-16 22:06 376,320 --a------ C:\WINDOWS\system32\qoMgGvvS.dll
2008-05-16 22:00 . 2008-05-16 22:00 58,368 --a------ C:\WINDOWS\system32\awtronKd.dll
2008-05-16 21:47 . 2008-05-17 21:00 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-05-16 21:41 . 2008-05-16 21:51 <DIR> d-------- C:\Programmi\Alwil Software
2008-05-15 11:41 . 2008-05-15 11:57 <DIR> d-------- C:\Programmi\Prince of Persia 2
2008-05-15 11:35 . 2008-05-15 11:36 <DIR> d-------- C:\Programmi\Prince of Persia 1
2008-05-14 11:14 . 2008-05-14 11:14 <DIR> d-------- C:\Programmi\Riva
2008-05-14 11:14 . 2008-05-14 11:14 <DIR> d-------- C:\Programmi\File comuni\SWF Studio
2008-05-13 21:28 . 2008-05-14 23:21 <DIR> d-------- C:\divx
2008-05-13 12:54 . 2008-05-13 13:00 <DIR> d-------- C:\Documents and Settings\Dany\Dati applicazioni\Ulead Systems
2008-05-13 12:52 . 2008-05-13 12:52 <DIR> d-------- C:\SmartSound Software
2008-05-13 12:52 . 2008-05-13 12:52 <DIR> d-------- C:\Programmi\SmartSound Software
2008-05-13 12:52 . 2008-05-13 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SmartSound Software Inc
2008-05-13 12:51 . 2008-05-13 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
2008-05-13 12:50 . 2008-05-13 12:50 <DIR> d-------- C:\Programmi\Windows Media Components
2008-05-13 12:49 . 2008-05-13 12:49 <DIR> d-------- C:\Programmi\Ulead Systems
2008-05-13 12:49 . 2008-05-13 12:49 <DIR> d-------- C:\Programmi\File comuni\Ulead Systems
2008-05-13 12:49 . 2008-05-13 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ulead Systems
2008-05-13 12:44 . 2008-05-13 12:44 391 --a------ C:\WINDOWS\DSSCC.INI
2008-05-12 11:33 . 2008-05-02 18:07 2,076,672 --a------ C:\WINDOWS\libmysql.dll
2008-05-12 11:22 . 2008-05-12 11:22 <DIR> d-------- C:\Programmi\MySQL
2008-05-12 10:28 . 2008-05-12 10:59 <DIR> d-------- C:\Programmi\PHP
2008-05-09 10:39 . 2008-05-09 10:39 <DIR> d-------- C:\Programmi\ITEKSOFT
2008-05-09 10:39 . 2008-03-13 14:55 2,592,768 --a------ C:\WINDOWS\system32\epdfseal.dll
2008-05-09 10:39 . 2008-03-13 14:55 2,592,768 --a------ C:\WINDOWS\system32\edocpdfp.dll
2008-05-09 10:22 . 2008-03-27 15:42 7,477 --a------ C:\WINDOWS\system32\novap5.ctm
2008-05-09 10:10 . 2008-05-09 10:33 <DIR> d-------- C:\Programmi\Easy PDF Creator
2008-05-08 10:49 . 2008-05-09 10:20 35 --a------ C:\WINDOWS\system32\msvcrt23.dll
2008-05-06 16:36 . 2004-01-28 17:50 57,344 --a------ C:\WINDOWS\system32\pdfmont.dll
2008-04-26 16:32 . 2008-04-26 16:33 <DIR> d-------- C:\Programmi\efs
2008-04-26 13:51 . 2008-04-26 13:51 <DIR> d-------- C:\Programmi\Apple Software Update
2008-04-23 01:32 . 2008-04-23 01:32 <DIR> d-------- C:\Programmi\Microsoft Reader
2008-04-23 01:32 . 2003-06-05 17:15 57,436 --a------ C:\WINDOWS\DASShp.dll
2008-04-22 14:07 . 2008-04-22 14:08 <DIR> d-------- C:\djgpp
2008-04-20 03:28 . 2008-04-20 03:28 <DIR> d-------- C:\Programmi\AKS DataBasis
2008-04-18 11:02 . 2008-04-18 11:02 <DIR> d-------- C:\Documents and Settings\Dany\Dati applicazioni\Subversion
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 13:46 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-16 23:02 --------- d-----w C:\Programmi\UOGateway
2008-05-16 22:48 --------- d-----w C:\Programmi\EA GAMES
2008-05-16 21:06 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-16 20:06 87,552 ----a-w C:\WINDOWS\system32\ws2_32.dll
2008-05-16 10:34 --------- d-----w C:\Programmi\RunUO
2008-05-14 11:51 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-13 10:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-04-13 16:45 --------- d-----w C:\Documents and Settings\Dany\Dati applicazioni\EPSON
2008-04-13 13:15 --------- d-----w C:\Documents and Settings\Dany\Dati applicazioni\ICSharpCode
2008-04-13 13:14 --------- d-----w C:\Programmi\SharpDevelop
2008-04-13 09:44 --------- d-----w C:\Documents and Settings\Dany\Dati applicazioni\EditPlus 2
2008-04-13 01:34 --------- d-----w C:\Documents and Settings\Dany\Dati applicazioni\UO Localization Editor 2
2008-04-13 01:16 --------- d-----w C:\Programmi\OrBSydia
2008-04-09 11:59 --------- d-----w C:\Programmi\File comuni\L&H Shared
2008-04-09 11:58 --------- d-----w C:\Programmi\LHSP
2008-04-07 23:08 --------- d-----w C:\Programmi\Pandora's Box 2
2008-04-07 23:08 --------- d-----w C:\Documents and Settings\Dany\Dati applicazioni\Pandora's Box 2
2008-04-07 23:07 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-04-07 22:45 --------- d-----w C:\Programmi\Menasoft
2008-04-05 11:54 --------- d-----w C:\Programmi\iTunes
2008-04-05 11:54 --------- d-----w C:\Programmi\iPod
2008-04-05 11:52 --------- d-----w C:\Programmi\QuickTime
2008-04-04 10:02 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-04-03 20:44 --------- d-----w C:\Programmi\DivX
2008-04-03 20:06 --------- d-----w C:\Programmi\Easy RealMedia Tools
2008-04-03 20:04 --------- d-----w C:\Programmi\AviSynth 2.5
2008-04-03 20:04 --------- d-----w C:\Programmi\AC3Filter
2008-04-03 19:57 --------- d-----w C:\Programmi\VirtualDubMod
2008-04-01 11:23 --------- d-----w C:\Programmi\3D Ultra Cool Pool
2008-03-30 14:27 --------- d-----w C:\Documents and Settings\Dany\Dati applicazioni\vlc
2008-03-30 14:25 --------- d-----w C:\Programmi\VideoLAN
2008-03-25 17:16 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-03-25 11:07 --------- d-----w C:\Programmi\DAP
2008-03-25 11:05 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 15:04 --------- d-----w C:\Documents and Settings\Dany\Dati applicazioni\ACD Systems
2008-03-23 15:00 --------- d-----w C:\Programmi\File comuni\ACD Systems
2008-03-23 15:00 --------- d-----w C:\Programmi\ACD Systems
2008-03-23 15:00 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems
2008-03-21 20:48 --------- d-----w C:\Programmi\Microsoft GIF Animator
2008-03-21 14:12 22,328 ----a-w C:\Documents and Settings\Dany\Dati applicazioni\PnkBstrK.sys
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 01:09 --------- d-----w C:\Programmi\EditPlus 2
2008-03-18 21:10 --------- d-----w C:\Programmi\directx
2008-03-15 18:54 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-13 14:49 131,072 ----a-w C:\WINDOWS\system32\epdf041d.dll
2008-03-13 14:48 135,168 ----a-w C:\WINDOWS\system32\epdf0816.dll
2008-03-13 14:46 131,072 ----a-w C:\WINDOWS\system32\epdf0416.dll
2008-03-13 14:45 131,072 ----a-w C:\WINDOWS\system32\epdf0413.dll
2008-03-13 14:43 131,072 ----a-w C:\WINDOWS\system32\epdf0410.dll
2008-03-13 14:41 135,168 ----a-w C:\WINDOWS\system32\epdf040c.dll
2008-03-13 14:40 135,168 ----a-w C:\WINDOWS\system32\epdf040a.dll
2008-03-13 14:38 139,264 ----a-w C:\WINDOWS\system32\epdf0407.dll
2008-03-13 14:36 135,168 ----a-w C:\WINDOWS\system32\epdf0406.dll
2008-03-13 12:59 131,072 ----a-w C:\WINDOWS\system32\epdf0409.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-01 10:28 25,600 ----a-w C:\Documents and Settings\Dany\usbsermptxp.sys
2008-02-01 10:28 22,768 ----a-w C:\Documents and Settings\Dany\usbsermpt.sys
.
------- Sigcheck -------
2008-05-16 22:06 87552 4e8d23d7a90c97c083c84abab494f284 C:\WINDOWS\system32\ws2_32.dll
2004-08-19 15:39 82944 12ead983c875ed9bcc8b90e3f77f2e4a C:\WINDOWS\system32\dllcache\ws2_32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D0769A9-9397-4A42-8B6E-7148880E8EDE}]
2008-05-17 21:21 371712 --a------ C:\WINDOWS\system32\qoMfcdbA.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6b199e0e-15f2-48d9-b3af-1f64932fbd1d}]
2008-05-17 21:27 134144 --a------ C:\WINDOWS\system32\mjngdulq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C108AE59-C97F-4517-8B74-5590BE3C2A82}]
2008-05-16 22:00 58368 --a------ C:\WINDOWS\system32\awtronKd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E26405BE-1C33-4965-B462-13A203F19C88}]
2008-05-16 22:06 376320 --a------ C:\WINDOWS\system32\qoMgGvvS.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [2007-04-12 08:00 182272]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"DAEMON Tools Lite"="C:\Programmi\DAEMON Tools Lite\daemon.exe" [2008-01-17 18:51 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 11:22 1822720 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 20:40 2577632]
"ShowIcon_The Company_USB Storage Device v1.14e035"="C:\Programmi\USB Storage Device\shwicon.exe" [2002-04-16 21:01 49152]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"Norton Ghost 12.0"="C:\Programmi\Norton Ghost\Agent\VProTray.exe" [2007-03-28 21:41 2037352]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-02-08 15:19 185896]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"UVS10 Preload"="C:\Programmi\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-05-17 14:23 36864]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"VIRIT LITE MONITOR"="C:\PROGRAMMI\VEXPLITE\MONLITE.EXE" [2008-05-17 19:53 245760]
"BM630e31bc"="C:\WINDOWS\system32\qkxdlmda.dll" [2008-05-17 21:26 125952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]
C:\Documents and Settings\Dany\Menu Avvio\Programmi\Esecuzione automatica\
No-IP DUC.lnk - C:\Programmi\No-IP\DUC20.exe [2008-02-06 03:18:48 1172992]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Monitor Apache Servers.lnk - C:\Programmi\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-01-18 01:38:50 41041]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C108AE59-C97F-4517-8B74-5590BE3C2A82}"= C:\WINDOWS\system32\awtronKd.dll [2008-05-16 22:00 58368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtronKd]
awtronKd.dll 2008-05-16 22:00 58368 C:\WINDOWS\system32\awtronKd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= C:\PROGRA~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\FILECO~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FILECO~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\qoMfcdbA
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"L:\\Programmi\\Lphant\\eLePhantClient.exe"=
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R2 Apache2.2;Apache2.2;"C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice []
R2 viritsvclite;Virit eXplorer Lite;C:\PROGRAMMI\VEXPLITE\viritsvc.exe [2008-05-17 19:53]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 12:33]
R3 snpstd2;Trust WB-3400T Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 18:12]
S3 SNXSTOR_CFSD;SONIX USB READER CFSD;C:\WINDOWS\system32\DRIVERS\SNX_USB2k.sys [2001-12-19 19:58]
S3 SNXSTOR_SD;SONIX USB READER SD;C:\WINDOWS\system32\DRIVERS\SNX_USB2kSD.SYS [2001-12-19 20:18]
S3 USBSNXSTOR;USB Mass Storage driver ;C:\WINDOWS\system32\DRIVERS\Usbsnx2k.SYS [2002-07-30 11:43]
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-13 14:43:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-16 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-03-28 08:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-14 08:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-16 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-16 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-17 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-17 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-17 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-17 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-17 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-17 16:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-16 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-17 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-17 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-17 19:00:06 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-16 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-16 21:00:01 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-16 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-05-05 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-04-27 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-04-26 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-04-26 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-03-06 06:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
"2008-03-13 07:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\6u1Xh4nQ.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 21:13:34
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Programmi\MySQL\MySQL Server 5.0\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\awtronKd.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\qkxdlmda.dll
-> C:\WINDOWS\system32\qoMfcdbA.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Sygate\SPF\Smc.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2008-05-17 21:34:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-17 19:33:45
15 Directory 30,124,298,240 byte disponibili
18 Directory 30,245,879,808 byte disponibili
358 --- E O F --- 2008-05-15 23:20:35
|
E questo è il nuovo log di HiJackThis
| Codice: | Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.38.23, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRAMMI\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\USB Storage Device\shwicon.exe
C:\Programmi\Norton Ghost\Agent\VProTray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRAMMI\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Programmi\No-IP\DUC20.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zeusnews.com/viewtopic.php?p=302272#302272
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ShowIcon_The Company_USB Storage Device v1.14e035] "C:\Programmi\USB Storage Device\shwicon.exe" -t"The Company\USB Storage Device v1.14e035"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Programmi\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Programmi\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\PROGRAMMI\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [BM630e31bc] Rundll32.exe "C:\WINDOWS\system32\qkxdlmda.dll",s
O4 - HKLM\..\Run: [603d0220] rundll32.exe "C:\WINDOWS\system32\fcosvnin.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S103.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Programmi\No-IP\DUC20.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programmi\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201741512406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201741606281
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://acidclub.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF1E3EEE-7594-417E-9309-61DBD61C52C4}: NameServer = 192.168.2.1
O23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\PROGRAMMI\VEXPLITE\viritsvc.exe
--
End of file - 11104 bytes
|
VirIt mi trova alcuni files sospetti ogni tanto
e sono contenuti nella cartella system32
Che mi dite? *_* |
|
| Top |
|
|
mystique82
Mortale devoto
Registrato: 17/05/08 17:26
Messaggi: 10
|
| Inviato: 17 Mag 2008 22:12 Oggetto: |
|
|
e questo è uno dei file sospetto
QOMFCDBA.DLL
Sarà un vairus? |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 17 Mag 2008 22:16 Oggetto: |
|
|
| Cortesemente, posta il log di Virit, così controlliamo di preciso cosa ha eliminato e ciò che considera sospetto; giusto per avere la conferma di quello che vedo in Combofix... |
|
| Top |
|
|
mystique82
Mortale devoto
Registrato: 17/05/08 17:26
Messaggi: 10
|
| Inviato: 17 Mag 2008 22:27 Oggetto: |
|
|
| Codice: | VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
17/05/2008 - 20:00:23
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 158517.
Files Totali: 158517.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
[Hidden Services]
vkquwexg - system32\drivers\Combo-Fix.sys
OK
--------------------------------------------------------
17/05/2008 - 21:21:24
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
[SCANSIONE DELLA MEMORIA]
[Hidden Services]
vkquwexg - system32\drivers\Combo-Fix.sys
catchme - \??\C:\ComboFix\catchme.sys
OK
--------------------------------------------------------
17/05/2008 - 21:41:00
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
17/05/2008 - 21:58:32
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
[SCANSIONE DELLA MEMORIA]
OK |
Però il log non dice nulla.
I file che mi trova sono
QOMFCDBA.DLL
QOMGGVVS.DLL
RDKRNHXE.DLL
DIRWIWRB.DLL
e sono tutti in c:\windows\system32 |
|
| Top |
|
|
mystique82
Mortale devoto
Registrato: 17/05/08 17:26
Messaggi: 10
|
| Inviato: 17 Mag 2008 22:29 Oggetto: |
|
|
Nella cartella c:\document and settigs\dany\
c'erano degli eseguibili che ho cestinato
ywhxefng.exe
sbhmjmao.exe
uljrdyoi.exe
wdkynsps.exe
wwzasekr.exe
e i dll che mi dava come sospetti ho cercato di
tgierli da quella cartella, ma uno non si p togliere
perchè e' in uso Q0MGGVVS.DLL
e da notare anche
Praticamente quelli sono dei tasks che dovevano
eseguire il file c:\windows\system32\6asdfkjd.exe
ogno ora circa.
Li ho cancellati tutti  |
|
| Top |
|
|
mystique82
Mortale devoto
Registrato: 17/05/08 17:26
Messaggi: 10
|
| Inviato: 17 Mag 2008 23:10 Oggetto: |
|
|
questo è il log di esecuzione automatica
| Codice: | VirIT Lite Monitor: Lista dei programmi e servizi in esecuzione automatica
Sistema Operativo: Microsoft Windows XP (Service Pack 2)
VirIT eXplorer Lite: Kernel process
1 - (0) Idle
2 - (4) System
3 - (1e8) smss.exe (C:\WINDOWS\system32\smss.exe)
4 - (2e4) csrss.exe (C:\WINDOWS\system32\csrss.exe)
5 - (2fc) winlogon.exe (C:\WINDOWS\system32\winlogon.exe)
6 - (32c) services.exe (C:\WINDOWS\system32\services.exe)
7 - (338) lsass.exe (C:\WINDOWS\system32\lsass.exe)
8 - (3f8) svchost.exe (C:\WINDOWS\system32\svchost.exe)
9 - (468) svchost.exe (C:\WINDOWS\system32\svchost.exe)
10 - (4c4) svchost.exe (C:\WINDOWS\system32\svchost.exe)
11 - (4f0) Smc.exe
12 - (554) svchost.exe (C:\WINDOWS\system32\svchost.exe)
13 - (5b0) svchost.exe (C:\WINDOWS\system32\svchost.exe)
14 - (668) spoolsv.exe (C:\WINDOWS\system32\spoolsv.exe)
15 - (698) sched.exe
16 - (710) avguard.exe
17 - (71c) httpd.exe
18 - (73c) AppleMobileDeviceService.exe
19 - (75c) mDNSResponder.exe
20 - (7f4) mdm.exe
21 - (d4) mysqld-nt.exe (C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe)
22 - (210) httpd.exe
23 - (9b0) VProSvc.exe
24 - (ad8) nvsvc32.exe (C:\WINDOWS\system32\nvsvc32.exe)
25 - (b0c) explorer.exe (C:\WINDOWS\explorer.exe)
26 - (b18) svchost.exe (C:\WINDOWS\system32\svchost.exe)
27 - (b84) ULCDRSvr.exe
28 - (c10) VIRITSVC.EXE (C:\PROGRAMMI\VEXPLITE\VIRITSVC.EXE)
29 - (dbc) wmiprvse.exe (C:\WINDOWS\system32\wbem\wmiprvse.exe)
30 - (e2c) alg.exe (C:\WINDOWS\system32\alg.exe)
31 - (e4c) wscntfy.exe (C:\WINDOWS\system32\wscntfy.exe)
32 - (f88) RTHDCPL.exe (C:\WINDOWS\RTHDCPL.exe)
33 - (ad0) rundll32.exe (C:\WINDOWS\system32\rundll32.exe)
34 - (c7c) Shwicon.exe
35 - (f2c) VProTray.exe
36 - (f6c) realsched.exe
37 - (b44) jusched.exe
38 - (c64) iTunesHelper.exe
39 - (6c4) avgnt.exe
40 - (ec8) MONLITE.EXE (C:\PROGRAMMI\VEXPLITE\MONLITE.EXE)
41 - (b60) ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe)
42 - (ce8) msnmsgr.exe
43 - (e98) NMBgMonitor.exe
44 - (c8) msmsgs.exe
45 - (ec0) iPodService.exe
46 - (c68) ApacheMonitor.exe
47 - (438) DUC20.exe
48 - (1068) NMIndexingService.exe
49 - (1184) NMIndexStoreSvr.exe
50 - (1594) VIRITEXP.EXE (C:\PROGRAMMI\VEXPLITE\VIRITEXP.EXE)
51 - (1670) usnsvc.exe
52 - (1034) iexplore.exe
53 - (11a8) WLLoginProxy.exe
54 - (624) rundll32.exe (C:\WINDOWS\system32\rundll32.exe)
55 - (1730) rundll32.exe (C:\WINDOWS\system32\rundll32.exe)
56 - (b0) rundll32.exe (C:\WINDOWS\system32\rundll32.exe)
57 - (11dc) cmd.exe (C:\WINDOWS\system32\cmd.exe)
58 - (1368) search.exe
59 - (804d7000) ntkrnlpa.exe (C:\WINDOWS\system32\ntkrnlpa.exe)
60 - (806e3000) hal.dll (C:\WINDOWS\system32\hal.dll)
61 - (bada8000) KDCOM.DLL (C:\WINDOWS\system32\KDCOM.DLL)
62 - (bacb8000) BOOTVID.dll (C:\WINDOWS\system32\BOOTVID.dll)
63 - (ba6aa000) spuv.sys
64 - (badaa000) WMILIB.SYS
65 - (ba692000) SCSIPORT.SYS
66 - (ba664000) ACPI.sys
67 - (ba653000) pci.sys
68 - (ba8a8000) isapnp.sys
69 - (bae70000) pciide.sys
70 - (bab28000) PCIIDEX.SYS
71 - (ba8b8000) MountMgr.sys
72 - (ba634000) ftdisk.sys
73 - (badac000) dmload.sys
74 - (ba60e000) dmio.sys
75 - (bab30000) PartMgr.sys
76 - (ba8c8000) VIRAGTLT.SYS (C:\PROGRAMMI\VEXPLITE\VIRAGTLT.SYS)
77 - (ba8d8000) VolSnap.sys
78 - (ba5f6000) atapi.sys
79 - (ba8e8000) disk.sys
80 - (ba8f8000) CLASSPNP.SYS
81 - (ba5d6000) fltMgr.sys
82 - (ba5c4000) sr.sys
83 - (ba908000) PxHelp20.sys
84 - (ba5a5000) symsnap.sys
85 - (ba58e000) KSecDD.sys
86 - (ba501000) Ntfs.sys
87 - (ba4d4000) NDIS.sys
88 - (ba4b7000) Teefer.sys
89 - (ba49c000) Mup.sys
90 - (baa38000) intelppm.sys
91 - (b9802000) nv4_mini.sys
92 - (b97ee000) VIDEOPRT.SYS
93 - (b97c9000) HDAudBus.sys
94 - (baa48000) l251x86.sys
95 - (babc0000) usbuhci.sys
96 - (b97a6000) USBPORT.SYS
97 - (babc8000) usbehci.sys
98 - (b9792000) parport.sys
99 - (badbe000) ASACPI.sys
100 - (baa68000) i8042prt.sys
101 - (babd0000) kbdclass.sys
102 - (babd8000) mouclass.sys
103 - (b9781000) serial.sys
104 - (bad78000) serenum.sys
105 - (baa78000) imapi.sys
106 - (babe0000) pfc.sys
107 - (baa88000) cdrom.sys
108 - (baa98000) redbook.sys
109 - (b975e000) ks.sys
110 - (bad7c000) GEARAspiWDM.sys
111 - (b96f9000) arsic2ye.SYS
112 - (baef8000) audstub.sys
113 - (baaa8000) rasl2tp.sys
114 - (ba464000) ndistapi.sys
115 - (b9554000) ndiswan.sys
116 - (baab8000) raspppoe.sys
117 - (baac8000) raspptp.sys
118 - (bac30000) TDI.SYS
119 - (b94a3000) psched.sys
120 - (baad8000) msgpc.sys
121 - (b93df000) dmboot.sys
122 - (bac40000) ptilink.sys
123 - (bac48000) raspti.sys
124 - (b93ae000) rdpdr.sys
125 - (ba978000) termdd.sys
126 - (badca000) swenum.sys
127 - (b9355000) update.sys
128 - (b9ea0000) mssmbios.sys
129 - (ba988000) NDProxy.SYS
130 - (b5dd8000) RtkHDAud.sys
131 - (b5db6000) portcls.sys
132 - (ba9b8000) drmk.sys
133 - (ba9f8000) usbhub.sys
134 - (badce000) USBD.SYS
135 - (badd0000) Fs_Rec.SYS
136 - (baee8000) Null.SYS
137 - (badd2000) Beep.SYS
138 - (bac70000) HIDPARSE.SYS
139 - (bac78000) vga.sys
140 - (badd6000) mnmdd.SYS
141 - (badd8000) RDPCDD.sys
142 - (bac80000) Msfs.SYS
143 - (bac88000) Npfs.SYS
144 - (bada0000) rasacd.sys
145 - (b5cf3000) ipsec.sys
146 - (b5c9b000) tcpip.sys
147 - (b5c7a000) ipnat.sys
148 - (baa18000) wpsdrvnt.sys
149 - (b5c52000) netbt.sys
150 - (b5c30000) afd.sys
151 - (baa28000) netbios.sys
152 - (bac90000) ssmdrv.sys
153 - (b5c05000) rdbss.sys
154 - (b5b96000) mrxsmb.sys
155 - (baa58000) Fips.SYS
156 - (b5b83000) avipbb.sys
157 - (baddc000) avgio.sys
158 - (b9534000) wanarp.sys
159 - (b5b38000) Fastfat.SYS
160 - (baca8000) usbccgp.sys
161 - (bacb0000) USBSTOR.SYS
162 - (b5dae000) hidusb.sys
163 - (b94f4000) HIDCLASS.SYS
164 - (b5a43000) snpstd2.sys
165 - (b94e4000) STREAM.SYS
166 - (b94d4000) usbaudio.sys
167 - (b5daa000) usbscan.sys
168 - (bab40000) usbprint.sys
169 - (b5da6000) kbdhid.sys
170 - (bf800000) win32k.sys (C:\WINDOWS\system32\win32k.sys)
171 - (b5d9a000) Dxapi.sys
172 - (bab48000) watchdog.sys (C:\WINDOWS\system32\watchdog.sys)
173 - (bf9c3000) dxg.sys
174 - (baf9a000) dxgthk.sys
175 - (bf9d5000) nv4_disp.dll (C:\WINDOWS\system32\nv4_disp.dll)
176 - (bffa0000) ATMFD.DLL (C:\WINDOWS\system32\ATMFD.DLL)
177 - (b5a1b000) ndisuio.sys
178 - (b5607000) wg3n.sys
179 - (b5603000) wg4n.sys
180 - (b55fb000) wg5n.sys
181 - (b55f3000) wg6n.sys
182 - (b53b7000) mrxdav.sys
183 - (bae2e000) ParVdm.SYS
184 - (b5304000) avgntflt.sys
185 - (b51ea000) srv.sys
186 - (b4c85000) wdmaud.sys
187 - (b554b000) sysaudio.sys
188 - (babb8000) v2imount.sys
189 - (b48a9000) Cdfs.SYS
190 - (b4522000) HTTP.sys
191 - (b2a66000) kmixer.sys
192 - (7c910000) ntdll.dll (C:\WINDOWS\system32\ntdll.dll)
1 - 17/05/2008 - 19:59:05
0
RTHDCPL
RTHDCPL.EXE
Stato: File TROVATO (16126464)
2 - 17/05/2008 - 19:59:05
0
SkyTel
SkyTel.EXE
Stato: File TROVATO (1822720)
3 - 17/05/2008 - 19:59:06
0
NvCplDaemon
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Stato: File TROVATO (8466432)
4 - 17/05/2008 - 19:59:06
0
nwiz
nwiz.exe /install
Stato: File TROVATO (1626112)
5 - 17/05/2008 - 19:59:06
0
NvMediaCenter
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Stato: File TROVATO (81920)
6 - 17/05/2008 - 19:59:06
0
SmcService
C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
Stato: File TROVATO (2577632)
7 - 17/05/2008 - 19:59:06
0
ShowIcon_The Company_USB Storage Device v1.14e035
"C:\Programmi\USB Storage Device\shwicon.exe" -t"The Company\USB Storage Device v1.14e035"
Stato: File TROVATO (49152)
8 - 17/05/2008 - 19:59:06
0
NeroFilterCheck
C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
Stato: File TROVATO (153136)
9 - 17/05/2008 - 19:59:06
0
Norton Ghost 12.0
"C:\Programmi\Norton Ghost\Agent\VProTray.exe"
Stato: File TROVATO (2037352)
10 - 17/05/2008 - 19:59:06
0
TkBellExe
"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
Stato: File TROVATO (185896)
11 - 17/05/2008 - 19:59:06
0
Adobe Reader Speed Launcher
"C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Stato: File TROVATO (39792)
12 - 17/05/2008 - 19:59:06
0
SunJavaUpdateSched
"C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
Stato: File TROVATO (144784)
13 - 17/05/2008 - 19:59:06
0
QuickTime Task
"C:\Programmi\QuickTime\QTTask.exe" -atboottime
Stato: File TROVATO (413696)
14 - 17/05/2008 - 19:59:06
0
iTunesHelper
"C:\Programmi\iTunes\iTunesHelper.exe"
Stato: File TROVATO (267048)
15 - 17/05/2008 - 19:59:06
0
UVS10 Preload
C:\Programmi\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
Stato: File TROVATO (36864)
16 - 17/05/2008 - 19:59:06
0
avgnt
"C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
Stato: File TROVATO (262401)
17 - 17/05/2008 - 19:59:06
0
VIRIT LITE MONITOR
C:\PROGRAMMI\VEXPLITE\MONLITE.EXE
Stato: File TROVATO (245760)
18 - 17/05/2008 - 19:59:06
5
CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe
Stato: File TROVATO (15360)
19 - 17/05/2008 - 19:59:06
5
MsnMsgr
"C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
Stato: File TROVATO (5724184)
20 - 17/05/2008 - 19:59:06
5
EPSON Stylus DX8400 Series
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S103.tmp" /EF "HKCU"
Stato: File TROVATO (182272)
21 - 17/05/2008 - 19:59:06
5
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
Stato: File TROVATO (202024)
22 - 17/05/2008 - 19:59:06
5
MSMSGS
"C:\Programmi\Messenger\msmsgs.exe" /background
Stato: File TROVATO (1694208)
23 - 17/05/2008 - 19:59:06
5
DAEMON Tools Lite
"C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
Stato: File TROVATO (486856)
24 - 17/05/2008 - 19:59:06
7
"%1" %*
Stato: File NON trovato
25 - 17/05/2008 - 19:59:06
8
"%1" %*
Stato: File NON trovato
26 - 17/05/2008 - 19:59:06
9
"%1" %*
Stato: File NON trovato
27 - 17/05/2008 - 19:59:06
10
"%1" %*
Stato: File NON trovato
28 - 17/05/2008 - 19:59:06
11
"%1" /S
Stato: File NON trovato
29 - 17/05/2008 - 19:59:06
15
shell
Explorer.exe
Stato: File TROVATO (1035776)
30 - 17/05/2008 - 19:59:06
16
userinit
C:\WINDOWS\system32\userinit.exe,
Stato: File TROVATO (25088)
31 - 17/05/2008 - 19:59:06
38
SecurityProviders
msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Stato: File TROVATO (86016)
32 - 17/05/2008 - 19:59:06
24
PostBootReminder
C:\WINDOWS\system32\SHELL32.dll
Stato: File TROVATO (8489472)
33 - 17/05/2008 - 19:59:06
24
CDBurn
C:\WINDOWS\system32\SHELL32.dll
Stato: File TROVATO (8489472)
34 - 17/05/2008 - 19:59:06
24
WebCheck
C:\WINDOWS\system32\webcheck.dll
Stato: File TROVATO (233472)
35 - 17/05/2008 - 19:59:06
24
SysTray
C:\WINDOWS\system32\stobject.dll
Stato: File TROVATO (122368)
36 - 17/05/2008 - 19:59:06
24
WPDShServiceObj
C:\WINDOWS\system32\WPDShServiceObj.dll
Stato: File TROVATO (133632)
37 - 17/05/2008 - 19:59:06
34
{EE5D279F-081B-4404-994D-C6B60AAEBA6D}
C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
Stato: File TROVATO (368640)
38 - 17/05/2008 - 19:59:06
35
{438755C2-A8BA-11D1-B96B-00A0C90312E1}
C:\WINDOWS\system32\browseui.dll
Stato: File TROVATO (1024000)
39 - 17/05/2008 - 19:59:06
35
{8C7461EF-2B13-11d2-BE35-3078302C2030}
C:\WINDOWS\system32\browseui.dll
Stato: File TROVATO (1024000)
40 - 17/05/2008 - 19:59:06
62
{AEB6717E-7E19-11d0-97EE-00C04FD91972}
shell32.dll
Stato: File TROVATO (8489472)
41 - 17/05/2008 - 19:59:06
62
{C108AE59-C97F-4517-8B74-5590BE3C2A82}
C:\WINDOWS\system32\awtronKd.dll
Stato: File TROVATO (58368)
42 - 17/05/2008 - 19:59:06
23
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
Stato: File TROVATO (950272)
43 - 17/05/2008 - 19:59:06
23
{166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\system32\Adobe\Director\SwDir.dll
Stato: File TROVATO (202168)
44 - 17/05/2008 - 19:59:06
23
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll
Stato: File TROVATO (379704)
45 - 17/05/2008 - 19:59:06
23
{5C051655-FCD5-4969-9182-770EA5AA5565}
C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll
Stato: File TROVATO (142248)
46 - 17/05/2008 - 19:59:06
23
{5D6F45B3-9043-443D-A792-115447494D24}
C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
Stato: File TROVATO (381960)
47 - 17/05/2008 - 19:59:06
23
{5ED80217-570B-4DA9-BF44-BE107C0EC166}
C:\WINDOWS\Downloaded Program Files\wlscBase.dll
Stato: File TROVATO (465472)
48 - 17/05/2008 - 19:59:06
23
{6414512B-B978-451D-A0D8-FCFDF33E833C}
C:\WINDOWS\system32\wuweb.dll
Stato: File TROVATO (203096)
49 - 17/05/2008 - 19:59:06
23
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
C:\WINDOWS\system32\muweb.dll
Stato: File TROVATO (207736)
50 - 17/05/2008 - 19:59:06
23
{7FC1B346-83E6-4774-8D20-1A6B09B0E737}
C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
Stato: File TROVATO (360320)
51 - 17/05/2008 - 19:59:06
23
{8AD9C840-044E-11D1-B3E9-00805F499D93}
C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
Stato: File TROVATO (509328)
52 - 17/05/2008 - 19:59:06
23
{B8BE5E93-A60C-4D26-A2DC-220313175592}
C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
Stato: File TROVATO (159128)
53 - 17/05/2008 - 19:59:06
23
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
Stato: File TROVATO (304544)
54 - 17/05/2008 - 19:59:06
23
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
Stato: File TROVATO (509328)
55 - 17/05/2008 - 19:59:06
23
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
Stato: File TROVATO (509328)
56 - 17/05/2008 - 19:59:06
23
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
C:\Programmi\Java\jre1.6.0_05\bin\npjpi160_05.dll
Stato: File TROVATO (132496)
57 - 17/05/2008 - 19:59:06
23
{D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
Stato: File TROVATO (2987392)
58 - 17/05/2008 - 19:59:06
23
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}
C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
Stato: File TROVATO (130472)
59 - 17/05/2008 - 19:59:06
25
{3049C3E9-B461-4BC5-8870-4C09146192CA}
C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
Stato: File TROVATO (370296)
60 - 17/05/2008 - 19:59:06
25
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
Stato: File TROVATO (509328)
61 - 17/05/2008 - 19:59:06
25
{9030D464-4C02-4ABF-8ECC-5164760863C6}
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Stato: File TROVATO (328752)
62 - 17/05/2008 - 19:59:06
25
{C108AE59-C97F-4517-8B74-5590BE3C2A82}
C:\WINDOWS\system32\awtronKd.dll
Stato: File TROVATO (58368)
63 - 17/05/2008 - 19:59:06
25
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
Stato: File TROVATO (368640)
64 - 17/05/2008 - 19:59:06
36
{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
C:\Programmi\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
Stato: File TROVATO (2102568)
65 - 17/05/2008 - 19:59:06
36
{BED4C38B-F765-45AC-8C56-613F76BBF43E}
C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
Stato: File TROVATO (58976)
66 - 17/05/2008 - 19:59:06
36
{BED4C38B-F765-45AC-8C56-613F76BBF43E}
C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
Stato: File TROVATO (58976)
67 - 17/05/2008 - 19:59:06
36
{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}
C:\Programmi\EditPlus 2\eppshell.dll
Stato: File TROVATO (32256)
68 - 17/05/2008 - 19:59:06
36
{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}
C:\Programmi\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
Stato: File TROVATO (69632)
69 - 17/05/2008 - 19:59:06
36
{C65232B5-D249-4114-87AB-8F33B5BD4964}
C:\Programmi\ITEKSOFT\eDocPrinter PDF Pro\ext2pdf.dll
Stato: File TROVATO (147328)
70 - 17/05/2008 - 19:59:06
36
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll
Stato: File TROVATO (333824)
71 - 17/05/2008 - 19:59:06
36
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll
Stato: File TROVATO (8489472)
72 - 17/05/2008 - 19:59:06
36
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll
Stato: File TROVATO (8489472)
73 - 17/05/2008 - 19:59:06
36
{45AC2688-0253-4ED8-97DE-B5370FA7D48A}
C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll
Stato: File TROVATO (69889)
74 - 17/05/2008 - 19:59:06
36
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Programmi\WinRAR\rarext.dll
Stato: File TROVATO (129024)
75 - 17/05/2008 - 19:59:06
26
000000000001
C:\WINDOWS\System32\mswsock.dll
Stato: File TROVATO (247296)
76 - 17/05/2008 - 19:59:06
26
000000000002
C:\WINDOWS\System32\winrnr.dll
Stato: File TROVATO (16896)
77 - 17/05/2008 - 19:59:06
26
000000000003
C:\WINDOWS\System32\mswsock.dll
Stato: File TROVATO (247296)
78 - 17/05/2008 - 19:59:06
26
000000000004
C:\Programmi\Bonjour\mdnsNSP.dll
Stato: File TROVATO (147456)
79 - 17/05/2008 - 19:59:06
27
000000000001
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO (247296)
80 - 17/05/2008 - 19:59:06
27
000000000002
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO (247296)
81 - 17/05/2008 - 19:59:06
27
000000000003
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO (247296)
82 - 17/05/2008 - 19:59:06
27
000000000004
C:\WINDOWS\system32\rsvpsp.dll
Stato: File TROVATO (90112)
83 - 17/05/2008 - 19:59:06
27
000000000005
C:\WINDOWS\system32\rsvpsp.dll
Stato: File TROVATO (90112)
84 - 17/05/2008 - 19:59:06
27
000000000006
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO (247296)
85 - 17/05/2008 - 19:59:06
27
000000000007
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO (247296)
86 - 17/05/2008 - 19:59:06
27
000000000008
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO (247296)
87 - 17/05/2008 - 19:59:06
27
000000000009
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO (247296)
88 - 17/05/2008 - 19:59:06
27
000000000010
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO (247296)
89 - 17/05/2008 - 19:59:06
27
000000000011
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO (247296)
90 - 17/05/2008 - 19:59:06
27
000000000012
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO (247296)
91 - 17/05/2008 - 19:59:06
27
000000000013
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO (247296)
92 - 17/05/2008 - 19:59:06
28
awtronKd
awtronKd.dll
Stato: File TROVATO (58368)
93 - 17/05/2008 - 19:59:06
28
crypt32chain
crypt32.dll
Stato: File TROVATO (601600)
94 - 17/05/2008 - 19:59:06
28
cryptnet
cryptnet.dll
Stato: File TROVATO (63488)
95 - 17/05/2008 - 19:59:06
28
cscdll
cscdll.dll
Stato: File TROVATO (102400)
96 - 17/05/2008 - 19:59:06
28
ScCertProp
wlnotify.dll
Stato: File TROVATO (93184)
97 - 17/05/2008 - 19:59:06
28
Schedule
wlnotify.dll
Stato: File TROVATO (93184)
98 - 17/05/2008 - 19:59:06
28
sclgntfy
sclgntfy.dll
Stato: File TROVATO (21504)
99 - 17/05/2008 - 19:59:06
28
SensLogn
WlNotify.dll
Stato: File TROVATO (93184)
100 - 17/05/2008 - 19:59:06
28
termsrv
wlnotify.dll
Stato: File TROVATO (93184)
101 - 17/05/2008 - 19:59:06
28
wlballoon
wlnotify.dll
Stato: File TROVATO (93184)
102 - 17/05/2008 - 19:59:06
55
Your Image File Name Here without a path
ntsd -d
Stato: File NON trovato
103 - 17/05/2008 - 19:59:06
29
AntiVirScheduler - Avira AntiVir Personal ? Free Antivirus Scheduler
"C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe"
Stato: File TROVATO (68865)
104 - 17/05/2008 - 19:59:06
29
AntiVirService - Avira AntiVir Personal ? Free Antivirus Guard
"C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Stato: File TROVATO (147201)
105 - 17/05/2008 - 19:59:06
29
Apache2.2 - Apache2.2
"C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice
Stato: File TROVATO (20539)
106 - 17/05/2008 - 19:59:06
29
Apple Mobile Device - Apple Mobile Device
"C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Stato: File TROVATO (110592)
107 - 17/05/2008 - 19:59:06
29
AudioSrv - Audio Windows
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\audiosrv.dll)
Stato: File TROVATO (14336)
108 - 17/05/2008 - 19:59:06
29
BITS - Servizio trasferimento intelligente in background
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\system32\qmgr.dll)
Stato: File TROVATO (14336)
109 - 17/05/2008 - 19:59:06
29
Bonjour Service - Bonjour Service
C:\Programmi\Bonjour\mDNSResponder.exe
Stato: File TROVATO (229376)
110 - 17/05/2008 - 19:59:06
29
Browser - Browser di computer
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\System32\browser.dll)
Stato: File TROVATO (14336)
111 - 17/05/2008 - 19:59:06
29
CryptSvc - Servizi di crittografia
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\System32\cryptsvc.dll)
Stato: File TROVATO (14336)
112 - 17/05/2008 - 19:59:06
29
DcomLaunch - Utilità di avvio processo server DCOM
C:\WINDOWS\system32\svchost -k DcomLaunch (C:\WINDOWS\system32\rpcss.dll)
Stato: File NON trovato
113 - 17/05/2008 - 19:59:06
29
Dhcp - Client DHCP
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\System32\dhcpcsvc.dll)
Stato: File TROVATO (14336)
114 - 17/05/2008 - 19:59:06
29
dmserver - Gestione dischi logici
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\dmserver.dll)
Stato: File TROVATO (14336)
115 - 17/05/2008 - 19:59:06
29
Dnscache - Client DNS
C:\WINDOWS\system32\svchost.exe -k NetworkService (C:\WINDOWS\System32\dnsrslvr.dll)
Stato: File TROVATO (14336)
116 - 17/05/2008 - 19:59:06
29
Eventlog - Registro eventi
C:\WINDOWS\system32\services.exe
Stato: File TROVATO (108544)
117 - 17/05/2008 - 19:59:06
29
helpsvc - Guida in linea e supporto tecnico
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll)
Stato: File TROVATO (14336)
118 - 17/05/2008 - 19:59:06
29
HidServ - HID Input Service
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\hidserv.dll)
Stato: File TROVATO (14336)
119 - 17/05/2008 - 19:59:06
29
lanmanserver - Server
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\System32\srvsvc.dll)
Stato: File TROVATO (14336)
120 - 17/05/2008 - 19:59:06
29
lanmanworkstation - Workstation
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\System32\wkssvc.dll)
Stato: File TROVATO (14336)
121 - 17/05/2008 - 19:59:06
29
LmHosts - Helper NetBIOS di TCP/IP
C:\WINDOWS\system32\svchost.exe -k LocalService (C:\WINDOWS\System32\lmhsvc.dll)
Stato: File TROVATO (14336)
122 - 17/05/2008 - 19:59:07
29
MDM - Machine Debug Manager
"C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe"
Stato: File TROVATO (335872)
123 - 17/05/2008 - 19:59:09
29
MySQL - MySQL
"C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Programmi\MySQL\MySQL Server 5.0\my.ini" MySQL
Stato: File NON trovato
124 - 17/05/2008 - 19:59:09
29
Norton Ghost - Norton Ghost
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
Stato: File TROVATO (3290728)
125 - 17/05/2008 - 19:59:10
29
NVSvc - NVIDIA Display Driver Service
C:\WINDOWS\system32\nvsvc32.exe
Stato: File TROVATO (155716)
126 - 17/05/2008 - 19:59:10
29
PlugPlay - Plug and Play
C:\WINDOWS\system32\services.exe
Stato: File TROVATO (108544)
127 - 17/05/2008 - 19:59:11
29
PolicyAgent - Servizi IPSEC
C:\WINDOWS\system32\lsass.exe
Stato: File TROVATO (13312)
128 - 17/05/2008 - 19:59:11
29
ProtectedStorage - Archiviazione protetta
C:\WINDOWS\system32\lsass.exe
Stato: File TROVATO (13312)
129 - 17/05/2008 - 19:59:12
29
RemoteRegistry - Registro di sistema remoto
C:\WINDOWS\system32\svchost.exe -k LocalService (C:\WINDOWS\system32\regsvc.dll)
Stato: File TROVATO (14336)
130 - 17/05/2008 - 19:59:12
29
RpcSs - RPC (Remote Procedure Call)
C:\WINDOWS\system32\svchost -k rpcss (C:\WINDOWS\system32\rpcss.dll)
Stato: File NON trovato
131 - 17/05/2008 - 19:59:12
29
SamSs - Gestione account di protezione (SAM)
C:\WINDOWS\system32\lsass.exe
Stato: File TROVATO (13312)
132 - 17/05/2008 - 19:59:12
29
Schedule
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\system32\schedsvc.dll)
Stato: File TROVATO (14336)
133 - 17/05/2008 - 19:59:12
29
seclogon - Accesso secondario
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\seclogon.dll)
Stato: File TROVATO (14336)
134 - 17/05/2008 - 19:59:12
29
SENS - Notifica eventi di sistema
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\system32\sens.dll)
Stato: File TROVATO (14336)
135 - 17/05/2008 - 19:59:12
29
SharedAccess - Windows Firewall / Condivisione connessione Internet (ICS)
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\System32\ipnathlp.dll)
Stato: File TROVATO (14336)
136 - 17/05/2008 - 19:59:12
29
ShellHWDetection - Rilevamento hardware shell
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\shsvcs.dll)
Stato: File TROVATO (14336)
137 - 17/05/2008 - 19:59:12
29
SmcService - Sygate Personal Firewall
C:\Programmi\Sygate\SPF\smc.exe
Stato: File TROVATO (2577632)
138 - 17/05/2008 - 19:59:12
29
Spooler - Spooler di stampa
C:\WINDOWS\system32\spoolsv.exe
Stato: File TROVATO (57856)
139 - 17/05/2008 - 19:59:12
29
srservice - Servizio Ripristino configurazione di sistema
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\system32\srsvc.dll)
Stato: File TROVATO (14336)
140 - 17/05/2008 - 19:59:12
29
stisvc - Acquisizione di immagini di Windows (WIA)
C:\WINDOWS\system32\svchost.exe -k imgsvc (C:\WINDOWS\system32\wiaservc.dll)
Stato: File TROVATO (14336)
141 - 17/05/2008 - 19:59:12
29
Themes - Temi
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\shsvcs.dll)
Stato: File TROVATO (14336)
142 - 17/05/2008 - 19:59:12
29
TrkWks - Manutenzione collegamenti distribuiti client
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\system32\trkwks.dll)
Stato: File TROVATO (14336)
143 - 17/05/2008 - 19:59:12
29
UleadBurningHelper - Ulead Burning Helper
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
Stato: File TROVATO (49152)
144 - 17/05/2008 - 19:59:12
29
viritsvclite - Virit eXplorer Lite
C:\PROGRAMMI\VEXPLITE\viritsvc.exe
Stato: File TROVATO (57344)
145 - 17/05/2008 - 19:59:12
29
W32Time - Ora di Windows
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\system32\w32time.dll)
Stato: File TROVATO (14336)
146 - 17/05/2008 - 19:59:12
29
WebClient - WebClient
C:\WINDOWS\system32\svchost.exe -k LocalService (C:\WINDOWS\System32\webclnt.dll)
Stato: File TROVATO (14336)
147 - 17/05/2008 - 19:59:12
29
winmgmt - Strumentazione gestione Windows
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\system32\wbem\WMIsvc.dll)
Stato: File TROVATO (14336)
148 - 17/05/2008 - 19:59:12
29
wscsvc - Centro sicurezza PC
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\system32\wscsvc.dll)
Stato: File TROVATO (14336)
149 - 17/05/2008 - 19:59:12
29
WZCSVC - Zero Configuration reti senza fili
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\wzcsvc.dll)
Stato: File TROVATO (14336)
150 - 17/05/2008 - 19:59:12
37
v2imount - Symantec V2i Mount Driver
system32\DRIVERS\v2imount.sys
Stato: File TROVATO (37864)
151 - 17/05/2008 - 19:59:12
37
wg3n - SyGate for NT, wg3n
\SystemRoot\SYSTEM32\Drivers\wg3n.sys
Stato: File TROVATO (14568)
152 - 17/05/2008 - 19:59:12
37
wg4n - SyGate for NT, wg4n
\SystemRoot\SYSTEM32\Drivers\wg4n.sys
Stato: File TROVATO (14568)
153 - 17/05/2008 - 19:59:12
37
wg5n - SyGate for NT, wg5n
\SystemRoot\SYSTEM32\Drivers\wg5n.sys
Stato: File TROVATO (14568)
154 - 17/05/2008 - 19:59:12
37
wg6n - SyGate for NT, wg6n
\SystemRoot\SYSTEM32\Drivers\wg6n.sys
Stato: File TROVATO (14568)
155 - 17/05/2008 - 19:59:12
45
CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Stato: File NON trovato
156 - 17/05/2008 - 19:59:12
46
SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Stato: File NON trovato
157 - 17/05/2008 - 20:00:48
30
C:\Documents and Settings\Dany\Menu Avvio\Programmi\Esecuzione automatica\No-IP DUC.lnk
C:\Programmi\No-IP\DUC20.exe
Stato: File TROVATO (1172992)
158 - 17/05/2008 - 20:00:48
31
C:\Documents and Settings\Dany\Menu Avvio\Programmi\Esecuzione automatica\No-IP DUC.lnk
C:\Programmi\No-IP\DUC20.exe
Stato: File TROVATO (1172992)
159 - 17/05/2008 - 20:00:48
32
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Monitor Apache Servers.lnk
C:\Programmi\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
Stato: File TROVATO (41041)
160 - 17/05/2008 - 20:00:48
33
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Monitor Apache Servers.lnk
C:\Programmi\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
Stato: File TROVATO (41041)
161 - 17/05/2008 - 20:00:48
56
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\Programmi\Apple Software Update\SoftwareUpdate.exe
Stato: File TROVATO (566592)
162 - 17/05/2008 - 21:21:39
29
ERSvc - Error Reporting Service
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\ersvc.dll)
Stato: File TROVATO (14336)
163 - 17/05/2008 - 22:13:50
25
{521A69D2-CA99-4E98-AA28-39696DB868A4}
C:\WINDOWS\system32\qoMgGvvS.dll
Stato: File TROVATO (376320)
164 - 17/05/2008 - 22:14:57
0
BM630e31bc
Rundll32.exe "C:\WINDOWS\system32\rdkrnhxe.dll",s
Stato: File NON trovato
165 - 17/05/2008 - 22:14:57
25
{c176fc33-672f-44be-80f4-98a82e41f7bc}
C:\WINDOWS\system32\vadxpaat.dll
Stato: File NON trovato
166 - 17/05/2008 - 22:17:35
0
603d0220
rundll32.exe "C:\WINDOWS\system32\dirwiwrb.dll",b
Stato: File NON trovato
167 - 17/05/2008 - 22:25:35
49
Search Bar
http://home.microsoft.com/search/search.asp
Stato: File NON trovato
168 - 17/05/2008 - 22:25:35
50
Search Page
http://home.microsoft.com/intl/it/access/allinone.asp
Stato: File NON trovato
169 - 17/05/2008 - 22:25:35
51
Start Page
http://www.tgsoft.it/
Stato: File NON trovato
170 - 17/05/2008 - 22:25:35
52
CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Stato: File NON trovato
171 - 17/05/2008 - 22:25:35
53
SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Stato: File NON trovato
172 - 17/05/2008 - 22:25:35
48
Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Stato: File NON trovato
173 - 17/05/2008 - 22:25:35
44
Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
Stato: File NON trovato
174 - 17/05/2008 - 22:25:35
40
Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Stato: File NON trovato
175 - 17/05/2008 - 22:25:35
43
Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Stato: File NON trovato
176 - 17/05/2008 - 22:25:35
42
Search Bar
http://home.microsoft.com/search/search.asp
Stato: File NON trovato
177 - 17/05/2008 - 22:25:35
41
Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Stato: File NON trovato
178 - 17/05/2008 - 22:25:35
47
Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Stato: File NON trovato
|
|
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 17 Mag 2008 23:47 Oggetto: |
|
|
Bene, alcuno dei file li hai già eliminati;
adesso avvia Hijackthis e fixa queste altre righe:
| Citazione: | O4 - HKLM\..\Run: [BM630e31bc] Rundll32.exe "C:\WINDOWS\system32\qkxdlmda.dll",s
O4 - HKLM\..\Run: [603d0220] rundll32.exe "C:\WINDOWS\system32\fcosvnin.dll",b |
Poi manualmente elimina questi altri file se non lo hai già fatto:
| Citazione: | C:\WINDOWS\system32\6u1Xh4nQ.exe
C:\WINDOWS\system32\qkxdlmda.dll
C:\WINDOWS\system32\qoMfcdbA.dll |
Adesso fai la scansione con Systemscan e posta il log generato come
indicato quì |
|
| Top |
|
|
mystique82
Mortale devoto
Registrato: 17/05/08 17:26
Messaggi: 10
|
| Inviato: 19 Mag 2008 01:27 Oggetto: |
|
|
Grazie a tutti, per quanto mi riguarda, mi sono salvato perchè
ho norton ghost, ma una mia amica ha lo stesso identico probl.
Praticamente dopo il combofix, ho agito di testa mia facendo una
gran cavolata, cioe' sono entrato su regedit, e ho cominciato a cancellare
tutte le chiavi con quel nome strano QOMGGVVS
Nel mentre avevo scoperto che costui era un componente
aggiuntivo activex di internet explorer, e si poteva disattivare
ma al riavvio ricompariva.
Dopo aver eliminato quelle chiavi non mi è più partito windows.
Per cui ho infilato il cd di windows e ho ripristinato l'istallazione.
Poi ho ripristinato il disco fisso di una settimana fa con norton
ghost e ora non ho problemi.
Il tutto era derivato dal fatto che AVG diventa a pagamento, per cui
ho cambiato antivirus e ho messo Avast!.
Gravissimo errore, non mettetelo perchè è un antivirus schifoso.
L'ha messo pure la mia amica, effettivamente ha fatto come me,
e si è beccata lo stesso virus -.-'
Ora ho messo Kaspersky, e anche se windows non lo riconosce
attivo, ora va assolutamente meglio di prima.
La mia amica non ha però norton ghost, quindi farò ciò che mi avete
consigliato anche per lei, spero di risolvere, altrimenti formattone e via 
Solo che con lei è più complessa la storia, io ho 3 HD, lei no
Spero mi possiate aiutare
Cmq grazie per tutti i vostri consigli, è difficilissimo togliere questo
virus T_T che vairus palloso. |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 19 Mag 2008 08:28 Oggetto: |
|
|
E' sempre consigliabile seguire alla lettera le indicazioni di chi ti sta seguendo per evitare perdite di dati e/o formattazioni.
AVG a pagamento? C'è la versione nuova che è ancora Free e include anche l'antispyware.
Kaspersky è un ottimo antivirus, ma è a pagamento (o hai installato la trial 30gg?) anche lui.
Per quanto riguarda la tua amica, apri una discussione nuova e segui alla lettera le istruzioni che ti verranno date di volta in volta.
Ricordati che, per quanto un problema possa sembra simile, la soluzione può essere molto diversa.  |
|
| Top |
|
|
mystique82
Mortale devoto
Registrato: 17/05/08 17:26
Messaggi: 10
|
| Inviato: 19 Mag 2008 19:27 Oggetto: |
|
|
| bdoriano ha scritto: |
E' sempre consigliabile seguire alla lettera le indicazioni di chi ti sta seguendo per evitare perdite di dati e/o formattazioni.
AVG a pagamento? C'è la versione nuova che è ancora Free e include anche l'antispyware.
Kaspersky è un ottimo antivirus, ma è a pagamento (o hai installato la trial 30gg?) anche lui.
Per quanto riguarda la tua amica, apri una discussione nuova e segui alla lettera le istruzioni che ti verranno date di volta in volta.
Ricordati che, per quanto un problema possa sembra simile, la soluzione può essere molto diversa. |
Allora ho messo Kaspersky a pagamento, perchè mi sembra migliore di Avg, invece Avg diventa a pagamento dal 30 maggio, per ora ancora c'e'.
La mia ragazza , io e una mia amica, abbiamo fatto le stesse medesime
cose e purtroppo ci siamo beccati la stessa cosa XD
Ora comincio con qualche bottarella con hijackthis, spybot, adaware,
ccleaner e via dicendo XD
Ho anche tolto un po di cose sospette da c:\windows\downloaded files
e ho disattivato i componenti aggiuntivi di IE sospetti.
Infatti c'e' stato un netto miglioramento. Il rallentamento di IE e i popup
con donne nude, pubblicita' e quant'altro, sono spariti.
Ho anche tolto una chiave moooolto sospetta dal registro run.
L'unica cosa è che ora quei componenti che ho disattivato devo riuscire a
eliminarli e non so come fare, e che ho un problem,a con gli aggiornamenti di windows.
Praticamente mi dice che sono disattivati, mentre sono attivi, e se provo
ad andare a attivare il servizio aggiornamenti mi da errore di servizio.
T_T
continuo a sklerarci un po sopra, avete qualche suggerimento? |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 20 Mag 2008 10:07 Oggetto: |
 |
|
| bdoriano ha scritto: | Per quanto riguarda gli altri pc, apri una discussione nuova (una per ogni pc infetto) e segui alla lettera le istruzioni che ti verranno date di volta in volta.
Ricordati che, per quanto un problema possa sembra simile, la soluzione può essere molto diversa. |
Le sfere di cristallo le abbiamo ordinate, ma saremo gli ultimi a riceverle.
In poche parole: no logs, no help (nessun log, nessun aiuto).  |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
