|
| Precedente :: Successivo |
| Autore |
Messaggio |
@83
Eroe
Registrato: 19/11/07 19:21
Messaggi: 57
|
 Inviato: 04 Apr 2009 19:29 Oggetto: infetto da TR/Rookit ed altri |
 |
|
win XP sp2
PCU Pentium D 3.2GHz
1Gb ram
ho riscontrato alcuni problemi con internet tra cui un rallentamento generale della navigazione e l'impossibilità di accedere ad alcuni siti tra cui google utilizzavo AVG 8 ma non riuscendo ad aggiornalo a seguito del virus preso ho installato Avira che mi rileva il TR/Rookit mi sospende la scansione e mi fa riavviare il Pc invitandomi a rieffettuare al riavvio la scansione purtroppo quest'operazione la ripete perissequamente senza ottenere risultati ora alla richiesta di riavvio ho rifiutato dicendogli di ignorare le infezioni in modo che avira continuasse ad eseguire la scansione che è tutt'ora in corso cmq mi ha riscontrato anche altri malware tra cui TR/Crypt.XPACK e TR/TDss.roq ho effettuato la scansione con HJT e mi pare tutto ok cmq posto il log.
ringrazio anticipatemante ciunque mi dia una mano.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18.01.00, on 04/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\ASUS\PC Probe II\Probe2.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220b\dslmon.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\eMule\emule.exe
c:\programmi\avira\antivir desktop\avcenter.exe
C:\Programmi\Avira\AntiVir Desktop\avscan.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\HJT\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)
R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Programmi\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; SIMBAR={22E67A4A-9219-4D74-8C89-566E17931B5C}; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)" -"http://www.hotwheels.com/games/ferrari/popup.aspx"
O4 - HKLM\..\Policies\Explorer\Run: [mWPseb6gsq] C:\Documents and Settings\All Users\Dati applicazioni\ijebyzof\ufczqdgd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196612884718
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=27986
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{722B7783-3664-418C-80F3-66C111CB1C09}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Update Service (gupdate1c9895c2cf4c4a) (gupdate1c9895c2cf4c4a) - Unknown owner - C:\Programmi\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
--
End of file - 10856 bytes
Posto anche il log di Avira che ha appena finito la scansione
Avira AntiVir Personal - Free Antivirus Updater
Creation time: Sat Apr 04 19:39:29 2009
Operating system:
Windows XP (Service Pack 2) [5.1.2600]
Product information:
Product version: 9.0.0.387
Updater: C:\Programmi\Avira\AntiVir Desktop\update.exe 09.00.00.42
Plugin: C:\Programmi\Avira\AntiVir Desktop\updext.dll 09.00.00.06
Temp Directory: C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\TEMP\UPDATE\
Backup folder: C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\BACKUP\
Installation Directory: C:\Programmi\Avira\AntiVir Desktop\
Updater folder: C:\Programmi\Avira\AntiVir Desktop\
AppData folder: C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\
[UPD] [INFO] Checking whether newer files are available.
[UPD] [INFO] Select update server 'http://personal.avira-update.com/update'.
[UPD] [INFO] Downloading of 'http://personal.avira-update.com/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://personal.avira-update.com/update/idx/master.idx' failed. Error: Impossibile risolvere il nome del server o l'indirizzo
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://personal.avira-update.com/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://personal.avira-update.com/update/idx/master.idx' failed. Error: Impossibile risolvere il nome del server o l'indirizzo
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://personal.avira-update.com/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://personal.avira-update.com/update/idx/master.idx' failed. Error: Impossibile risolvere il nome del server o l'indirizzo
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://personal.avira-update.net/update'.
[UPD] [INFO] Downloading of 'http://personal.avira-update.net/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://personal.avira-update.net/update/idx/master.idx' failed. Error: Impossibile risolvere il nome del server o l'indirizzo
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://personal.avira-update.net/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://personal.avira-update.net/update/idx/master.idx' failed. Error: Impossibile risolvere il nome del server o l'indirizzo
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://personal.avira-update.net/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://personal.avira-update.net/update/idx/master.idx' failed. Error: Impossibile risolvere il nome del server o l'indirizzo
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.184/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPD] [INFO] No update available, the installation is up-to-date.
Summary:
********
0 Files downloaded
0 Files installed
19:39:30 The update was carried out successfully! |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 04 Apr 2009 20:07 Oggetto: |
|
|
Ciao @83, 
Stai utilizzando una vecchia versione di HijackThis. Scarica la versione aggiornata.
Procedi con queste operazioni preliminari:
|
|
| Top |
|
|
@83
Eroe
Registrato: 19/11/07 19:21
Messaggi: 57
|
| Inviato: 04 Apr 2009 20:47 Oggetto: Problema |
|
|
è comparsa la seguente finestra
svchost.exe - Errore di applicazione
L'istruzione a "0x6f891e2" ha fatto riferimento alla memoria a "0x6f891e2".La memoria non poteva essere "read".
Fare clic su OK per term,inare l'applicazione
Fare clic su Annulla per eseguire il debug dell'applicazione
Qualunque cosa clicchi si imballa Pc sono riuscito ad effettuare solo la scansione con CCcleaner e HJt non riesco ad installare mBam e SUPERAntiSpyware Free Edition una volta installato appena parte va in crasch questo tenendo aperta la finestrella di cui sopra.
PS con HJT ho seguito le istruzioni del topic da te segnalato mi escono molte cose nella finestra le seleziono tutte e faccio rimuovi??? |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 04 Apr 2009 21:14 Oggetto: |
|
|
Potrebbe anche esserci un problema hw... memoria difettosa... 
Facciamo un ultimo tentativo: segui le istruzioni di questo topic per postare il log di combofix.
Non cancellare nulla dal log di hijackthis, rischi di compromettere definitivamente il funzionamento del pc. |
|
| Top |
|
|
@83
Eroe
Registrato: 19/11/07 19:21
Messaggi: 57
|
| Inviato: 04 Apr 2009 22:02 Oggetto: |
|
|
log di Combo fix
ComboFix 09-04-04.01 - Paolo 2009-04-04 21:45:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1023.625 [GMT 2:00]
Eseguito da: c:\documents and settings\Paolo\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated)
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Menu Avvio\Online Security Guide.url
c:\documents and settings\All Users\Menu Avvio\Security Troubleshooting.url
c:\programmi\SAV
c:\windows\3.tmp
c:\windows\4.tmp
c:\windows\5.tmp
c:\windows\6.tmp
c:\windows\Fonts\Symblop.ttf
c:\windows\system32\abbKRXyb.ini
c:\windows\system32\abbKRXyb.ini2
c:\windows\system32\bJQBbccf.ini
c:\windows\system32\bJQBbccf.ini2
c:\windows\system32\drivers\UACbitevxod.sys
c:\windows\system32\UACaubwudor.dll
c:\windows\system32\UACcrqholth.log
c:\windows\system32\UACdyxgsgxu.dll
c:\windows\system32\UACgvxjlbqq.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmnfumcax.dll
c:\windows\system32\UACneuvuijd.log
c:\windows\system32\UACnrirnkpu.db
c:\windows\system32\UACpcpxluii.dll
c:\windows\system32\UACpwxyicil.dll
c:\windows\system32\UACteooqemq.dll
c:\windows\system32\UACvardluto.log
H:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Creati Da 2009-03-04 al 2009-04-04 )))))))))))))))))))))))))))))))))))
.
2009-04-04 20:34 . 2009-04-04 20:34 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2009-04-04 20:34 . 2009-04-04 20:34 <DIR> d-------- c:\documents and settings\Paolo\Dati applicazioni\SUPERAntiSpyware.com
2009-04-04 17:42 . 2009-04-04 17:42 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avg8
2009-04-04 17:42 . 2009-04-04 17:42 262,144 --a------ c:\documents and settings\UEEEBA~4
2009-04-04 17:42 . 2009-04-04 17:42 262,144 --a------ c:\documents and settings\NF5A72~4
2009-04-04 17:41 . 2009-04-04 17:41 262,144 --a------ c:\documents and settings\UEEEBA~3
2009-04-04 17:41 . 2009-04-04 17:41 262,144 --a------ c:\documents and settings\NF5A72~3
2009-04-04 15:48 . 2009-04-04 15:49 8,192 --a------ c:\documents and settings\UEEEBA~2
2009-04-04 15:48 . 2009-04-04 15:49 8,192 --a------ c:\documents and settings\NF5A72~2
2009-04-04 15:45 . 2009-04-04 15:45 262,144 --a------ c:\documents and settings\UEEEBA~1
2009-04-04 15:45 . 2009-04-04 15:45 262,144 --a------ c:\documents and settings\NF5A72~1
2009-04-04 15:44 . 2009-04-04 15:44 262,144 --a------ c:\documents and settings\UENBZL~4
2009-04-04 15:44 . 2009-04-04 15:44 262,144 --a------ c:\documents and settings\NFOUAO~4
2009-03-31 12:09 . 2009-03-31 12:09 <DIR> d-------- c:\programmi\Avira
2009-03-31 12:09 . 2009-03-31 12:09 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-03-31 12:09 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-03-31 12:05 . 2009-03-31 12:06 8,192 --a------ c:\documents and settings\UENBZL~3
2009-03-31 12:05 . 2009-03-31 12:06 8,192 --a------ c:\documents and settings\NFOUAO~3
2009-03-24 11:42 . 1999-09-29 22:04 1,238,288 --a------ c:\windows\system32\msjt4jlt.dll
2009-03-24 11:42 . 1998-06-01 16:37 344,064 --a------ c:\windows\system32\msexch35.dll
2009-03-24 11:42 . 1998-06-01 16:37 294,912 --a------ c:\windows\system32\msxbse35.dll
2009-03-24 11:42 . 1999-09-10 00:06 252,688 --a------ c:\windows\system32\msexcl35.dll
2009-03-24 11:42 . 1999-06-07 20:59 250,128 --a------ c:\windows\system32\mspdox35.dll
2009-03-24 11:42 . 2000-12-06 02:00 209,608 --------- c:\windows\system32\TABCTL32.OCX
2009-03-24 11:42 . 1998-09-24 15:03 171,967 --a------ c:\windows\system32\Odbcjet.hlp
2009-03-24 11:42 . 1999-09-10 00:06 168,720 --a------ c:\windows\system32\msltus35.dll
2009-03-24 11:42 . 1999-09-30 21:21 166,672 --a------ c:\windows\system32\mstext35.dll
2009-03-24 11:42 . 1999-04-26 22:08 44,304 --a------ c:\windows\system32\msrpfs35.dll
2009-03-24 11:42 . 1998-05-05 13:36 39,424 --a------ c:\windows\system32\JETCOMP.exe
2009-03-24 11:42 . 1998-09-24 15:03 7,348 --a------ c:\windows\system32\Odbcjet.cnt
2009-03-15 22:35 . 2009-03-15 22:35 <DIR> d-------- c:\documents and settings\Paolo\Tracing
2009-03-15 22:31 . 2009-03-15 22:31 <DIR> d-------- c:\programmi\File comuni\Windows Live
2009-03-11 15:16 . 2009-03-11 15:20 <DIR> d-------- c:\documents and settings\Paolo\Dati applicazioni\U3
2009-03-09 17:03 . 2009-03-09 17:03 4 -r-hs---- c:\documents and settings\All Users\Dati applicazioni\sysqcl1129139270.dat
2009-03-09 17:02 . 2009-03-09 17:02 <DIR> d-------- c:\programmi\plasq
2009-03-09 17:02 . 2009-04-04 20:34 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 18:26 --------- d-----w c:\programmi\CCleaner
2009-04-04 18:07 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Firefly Studios
2009-04-04 15:09 --------- d-----w c:\programmi\eMule
2009-04-03 12:57 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Skype
2009-04-03 08:53 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\skypePM
2009-03-24 09:42 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-23 20:44 --------- d-----w c:\programmi\GameShadow
2009-03-20 19:10 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\MSN6
2009-03-17 11:39 --------- d-----w c:\programmi\Yahoo!
2009-03-16 12:18 --------- d-----w c:\programmi\Symantec
2009-03-16 12:18 --------- d-----w c:\programmi\File comuni\Symantec Shared
2009-03-16 12:16 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-03-16 11:50 --------- d-----w c:\programmi\Autodesk
2009-03-16 11:50 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Autodesk
2009-03-16 11:37 --------- d-----w c:\programmi\NuGraf
2009-03-16 11:37 --------- d-----w c:\programmi\Azureus
2009-03-16 11:26 --------- d-----w c:\programmi\File comuni\Autodesk Shared
2009-03-16 11:20 --------- d-----w c:\programmi\Autodesk Network License Manager
2009-03-16 11:20 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Autodesk
2009-03-16 11:18 --------- d-----w c:\programmi\Windows Live
2009-03-03 12:17 --------- d-----w c:\programmi\Mediacenter 1.0a
2009-02-20 16:06 --------- d-----w c:\programmi\EA GAMES
2009-02-10 17:04 --------- d-----w c:\programmi\Java
2009-02-10 10:07 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-02-10 09:38 --------- d-----w c:\programmi\ChessBase
2009-02-10 09:38 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\ChessBase
2008-12-23 21:10 22,328 ----a-w c:\documents and settings\Paolo\Dati applicazioni\PnkBstrK.sys
2008-01-29 13:15 1,374 ----a-w c:\programmi\uninstal.log
2007-11-25 17:40 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2007-08-28 11:54 524,300 ----a-w c:\documents and settings\Paolo\Dati applicazioni\position.bin
2007-02-06 16:43 65 ----a-w c:\programmi\File comuni\appop.log
2006-10-14 16:27 1,028,096 ----a-w c:\documents and settings\Paolo\Dati applicazioni\arasanx.exe
2006-10-14 14:15 606,208 ----a-w c:\documents and settings\Paolo\Dati applicazioni\arasan.exe
2006-10-14 13:52 1,507,328 ----a-w c:\documents and settings\Paolo\Dati applicazioni\book.bin
2006-07-18 12:41 1,019,094 --sha-r c:\programmi\serial.zip
2006-07-18 12:41 1,019,094 --sha-r c:\programmi\serial.tde
2006-05-28 15:46 397,306 --sha-r c:\programmi\wunauclt.zip
2006-05-28 15:46 397,306 --sha-r c:\programmi\wunauclt.tbe
2001-08-13 14:51 1,396,337 ----a-w c:\programmi\Captura.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"Launch PC Probe II"="c:\programmi\ASUS\PC Probe II\Probe2.exe" [2005-04-15 1897472]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" [2005-04-26 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\Paolo\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-03 110592]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-03 110592]
Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2007-07-12 25214]
DSLMON.lnk - c:\programmi\ARESCOM\Modem Telindus Arescom ND220b\dslmon.exe [2008-08-05 917600]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\File comuni\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Programmi\\File comuni\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"h:\\3dsmax7\\3dsmax.exe"=
"c:\\Programmi\\backburner 2\\monitor.exe"=
"c:\\Programmi\\backburner 2\\manager.exe"=
"c:\\Programmi\\backburner 2\\server.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13972:TCP"= 13972:TCP:NortonAV
"18637:TCP"= 18637:TCP:NortonAV
"14258:TCP"= 14258:TCP:NortonAV
"15475:TCP"= 15475:TCP:NortonAV
"14995:TCP"= 14995:TCP:NortonAV
"15782:TCP"= 15782:TCP:NortonAV
"12583:TCP"= 12583:TCP:NortonAV
"17299:TCP"= 17299:TCP:NortonAV
"12380:TCP"= 12380:TCP:NortonAV
"17417:TCP"= 17417:TCP:NortonAV
"13600:TCP"= 13600:TCP:NortonAV
"16835:TCP"= 16835:TCP:NortonAV
"13289:TCP"= 13289:TCP:NortonAV
"18682:TCP"= 18682:TCP:NortonAV
"13234:TCP"= 13234:TCP:NortonAV
"14896:TCP"= 14896:TCP:NortonAV
"12189:TCP"= 12189:TCP:NortonAV
"14807:TCP"= 14807:TCP:NortonAV
"16789:TCP"= 16789:TCP:NortonAV
"13341:TCP"= 13341:TCP:NortonAV
"16231:TCP"= 16231:TCP:NortonAV
"17701:TCP"= 17701:TCP:NortonAV
"13448:TCP"= 13448:TCP:NortonAV
"13171:TCP"= 13171:TCP:NortonAV
"13626:TCP"= 13626:TCP:NortonAV
"12676:TCP"= 12676:TCP:NortonAV
"16840:TCP"= 16840:TCP:NortonAV
"18097:TCP"= 18097:TCP:NortonAV
"16609:TCP"= 16609:TCP:NortonAV
"18131:TCP"= 18131:TCP:NortonAV
"12941:TCP"= 12941:TCP:NortonAV
"14817:TCP"= 14817:TCP:NortonAV
"18523:TCP"= 18523:TCP:NortonAV
"13855:TCP"= 13855:TCP:NortonAV
"18642:TCP"= 18642:TCP:NortonAV
"12283:TCP"= 12283:TCP:NortonAV
"17031:TCP"= 17031:TCP:NortonAV
"18748:TCP"= 18748:TCP:NortonAV
"14842:TCP"= 14842:TCP:NortonAV
"15504:TCP"= 15504:TCP:NortonAV
"15809:TCP"= 15809:TCP:NortonAV
"12782:TCP"= 12782:TCP:NortonAV
"14920:TCP"= 14920:TCP:NortonAV
"16093:TCP"= 16093:TCP:NortonAV
"17260:TCP"= 17260:TCP:NortonAV
"17587:TCP"= 17587:TCP:NortonAV
"12100:TCP"= 12100:TCP:NortonAV
"14430:TCP"= 14430:TCP:NortonAV
"12778:TCP"= 12778:TCP:NortonAV
"16876:TCP"= 16876:TCP:NortonAV
"14794:TCP"= 14794:TCP:NortonAV
"18624:TCP"= 18624:TCP:NortonAV
"17776:TCP"= 17776:TCP:NortonAV
"14596:TCP"= 14596:TCP:NortonAV
"17094:TCP"= 17094:TCP:NortonAV
"15702:TCP"= 15702:TCP:NortonAV
"13033:TCP"= 13033:TCP:NortonAV
"18149:TCP"= 18149:TCP:NortonAV
"13710:TCP"= 13710:TCP:NortonAV
"16950:TCP"= 16950:TCP:NortonAV
"18971:TCP"= 18971:TCP:NortonAV
"16983:TCP"= 16983:TCP:NortonAV
"12396:TCP"= 12396:TCP:NortonAV
"16628:TCP"= 16628:TCP:NortonAV
"15358:TCP"= 15358:TCP:NortonAV
"17732:TCP"= 17732:TCP:NortonAV
"14454:TCP"= 14454:TCP:NortonAV
"12665:TCP"= 12665:TCP:NortonAV
"15612:TCP"= 15612:TCP:NortonAV
"15665:TCP"= 15665:TCP:NortonAV
"17736:TCP"= 17736:TCP:NortonAV
"15261:TCP"= 15261:TCP:NortonAV
"17226:TCP"= 17226:TCP:NortonAV
"13409:TCP"= 13409:TCP:NortonAV
"12783:TCP"= 12783:TCP:NortonAV
"12570:TCP"= 12570:TCP:NortonAV
"13580:TCP"= 13580:TCP:NortonAV
"15571:TCP"= 15571:TCP:NortonAV
"16220:TCP"= 16220:TCP:NortonAV
"14665:TCP"= 14665:TCP:NortonAV
"16030:TCP"= 16030:TCP:NortonAV
"15896:TCP"= 15896:TCP:NortonAV
"15808:TCP"= 15808:TCP:NortonAV
"13229:TCP"= 13229:TCP:NortonAV
"16253:TCP"= 16253:TCP:NortonAV
"14717:TCP"= 14717:TCP:NortonAV
"18032:TCP"= 18032:TCP:NortonAV
"14902:TCP"= 14902:TCP:NortonAV
"17995:TCP"= 17995:TCP:NortonAV
"14217:TCP"= 14217:TCP:NortonAV
"12008:TCP"= 12008:TCP:NortonAV
"17914:TCP"= 17914:TCP:NortonAV
"15281:TCP"= 15281:TCP:NortonAV
"17487:TCP"= 17487:TCP:NortonAV
"4661:TCP"= 4661:TCP:emule
"4662:TCP"= 4662:TCP:emuleTCP
"60981:TCP"= 60981:TCP:EmuleTCP
"4672:UDP"= 4672:UDP:emule UDP
"60991:UDP"= 60991:UDP:Emule UDP
"18967:TCP"= 18967:TCP:NortonAV
"16350:TCP"= 16350:TCP:NortonAV
"13293:TCP"= 13293:TCP:NortonAV
"13663:TCP"= 13663:TCP:NortonAV
"13505:TCP"= 13505:TCP:NortonAV
"15035:TCP"= 15035:TCP:NortonAV
"13596:TCP"= 13596:TCP:NortonAV
"3831:TCP"= 3831:TCP:qvnlqx
R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [2007-02-06 38784]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [2009-03-31 108289]
R2 SentinelKeysServer;Sentinel Keys Server;c:\programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2006-08-22 316992]
R3 EPPSCSIx;EPPSCSI Driver;c:\windows\system32\drivers\eppscan.sys [2007-05-26 105124]
S0 ipncrpnj;ipncrpnj;c:\windows\system32\drivers\qfsplknu.sys --> c:\windows\system32\drivers\qfsplknu.sys [?]
S2 apinnkl;Center Windows;c:\windows\system32\svchost.exe -k netsvcs [2001-08-31 14336]
S2 cpwnt;cpwnt; [x]
S2 gupdate1c9895c2cf4c4a;Google Update Service (gupdate1c9895c2cf4c4a);"c:\programmi\Google\Update\GoogleUpdate.exe" /svc --> c:\programmi\Google\Update\GoogleUpdate.exe [?]
S3 iviudf;iviudf;c:\windows\system32\drivers\IviUdf.sys [2007-02-06 116224]
S3 krdpdre;krdpdre;\??\c:\docume~1\Paolo\IMPOST~1\Temp\krdpdre.sys --> c:\docume~1\Paolo\IMPOST~1\Temp\krdpdre.sys [?]
S3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2005-04-23 14912]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2008-05-24 618112]
S3 Perti4x;Perti4x; [x]
S4 SrvFsi;SrvFsi;"c:\programmi\File comuni\System\ENpVWU.exe" --> c:\programmi\File comuni\System\ENpVWU.exe [?]
S4 SysOhz;SysOhz;"c:\programmi\File comuni\System\Irk.exe" --> c:\programmi\File comuni\System\Irk.exe [?]
S4 UpdJnp;UpdJnp;"c:\programmi\File comuni\System\oMB.exe" --> c:\programmi\File comuni\System\oMB.exe [?]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - udffsrec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
apinnkl
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d8d8c52-f042-11dc-b01c-0015f248a271}]
\Shell\AutoRun\command - I:\22wcb21o.exe
\Shell\explore\Command - I:\22wcb21o.exe
\Shell\open\Command - I:\22wcb21o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91b4dea6-b71c-11dd-b15d-4d6564696130}]
\Shell\AutoRun\command - wscript.exe snake.exe.vbs
\Shell\open\Command - wscript.exe snake.exe.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cec30b86-0e3e-11de-b232-4d6564696130}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cec30b87-0e3e-11de-b232-4d6564696130}]
\Shell\AutoRun\command - e8kj.exe
\Shell\explore\Command - e8kj.exe
\Shell\open\Command - e8kj.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc7330d4-84c9-11dd-b0e9-0015f2a74429}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeccb91a-c6ba-11dd-b17f-4d6564696130}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contenuto della cartella 'Scheduled Tasks'
2009-04-03 c:\windows\Tasks\At1.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-03 c:\windows\Tasks\At10.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At11.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At12.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At13.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At14.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At15.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At16.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At17.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At18.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At19.job
- c:\windows\system32\5aWYeKfU.exe []
2009-03-28 c:\windows\Tasks\At2.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At20.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-03 c:\windows\Tasks\At21.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At22.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-03 c:\windows\Tasks\At23.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-03 c:\windows\Tasks\At24.job
- c:\windows\system32\5aWYeKfU.exe []
2009-02-15 c:\windows\Tasks\At26.job
- c:\windows\system32\wunauclt.exe []
2009-03-15 c:\windows\Tasks\At27.job
- c:\windows\system32\wunauclt.exe []
2008-12-15 c:\windows\Tasks\At28.job
- c:\windows\system32\wunauclt.exe []
2009-01-25 c:\windows\Tasks\At3.job
- c:\windows\system32\5aWYeKfU.exe []
2008-12-29 c:\windows\Tasks\At4.job
- c:\windows\system32\5aWYeKfU.exe []
2008-07-19 c:\windows\Tasks\At5.job
- c:\windows\system32\5aWYeKfU.exe []
2008-07-19 c:\windows\Tasks\At6.job
- c:\windows\system32\5aWYeKfU.exe []
2008-07-19 c:\windows\Tasks\At7.job
- c:\windows\system32\5aWYeKfU.exe []
2008-09-10 c:\windows\Tasks\At8.job
- c:\windows\system32\5aWYeKfU.exe []
2008-09-19 c:\windows\Tasks\At9.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe []
2009-04-03 c:\windows\Tasks\ok.job
- G:\ok.avi []
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; SIMBAR={22E67A4A-9219-4D74-8C89-566E17931B5C}; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
HKLM-Explorer_Run-mWPseb6gsq - c:\documents and settings\All Users\Dati applicazioni\ijebyzof\ufczqdgd.exe
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 21:50:04
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\apinnkl]
"ServiceDll"="c:\windows\system32\gnbpbgl.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-789336058-926492609-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-789336058-926492609-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d4,36,bb,3a,84,a9,9c,4d,e9,fd,37,65,c8,fb,3f,5a,09,e4,55,30,22,a4,7e,
a8,c2,4f,fc,c0,38,41,4b,5f,95,08,27,05,b7,e4,20,ef,f7,30,dc,73,d1,0e,92,42,\
"??"=hex:72,51,c1,f8,a9,c3,62,74,60,64,6e,c2,61,e5,a2,3d
[HKEY_USERS\S-1-5-21-789336058-926492609-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:fe,64,b8,d3,16,21,89,a1,e4,df,25,02,5c,f4,2a,1f,bc,f0,a6,bb,e7,
e5,cb,70,19,e6,55,69,65,10,1b,05,1a,80,6b,23,9a,1b,06,1b,5a,9a,16,f2,aa,15,\
"rkeysecu"=hex:a8,24,f4,29,4f,7d,41,7e,da,7a,ad,4f,68,12,67,df
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E3A77057-D10B-B02A-D823-22E020C583B5}]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
[HKEY_LOCAL_MACHINE\software\Microsoft\iepsc]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{FA9FED85-47BE-43D8-EDD4-0C381D06627A}"=""
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\URLSearchHooks]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{B54B4FBA-EBDC-2EF7-13F4-2032556B884B}"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\kijpl]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(928)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-04-04 21:52:41 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-04-04 19:52:39
Pre-Run: 15,180,304,384 byte disponibili
Post-Run: 15,302,909,952 byte disponibili
464
log di hjt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.57.10, on 04/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220b\dslmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\internet explorer\iexplore.exe
C:\HJT\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)
R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Programmi\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196612884718
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=27986
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{722B7783-3664-418C-80F3-66C111CB1C09}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Update Service (gupdate1c9895c2cf4c4a) (gupdate1c9895c2cf4c4a) - Unknown owner - C:\Programmi\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
--
End of file - 10026 bytes
inoltre è comparsa la seguente finestra che non ho chiuso
Generic Host Process for Win 32 Services
Si è verificato un errore in Generic Host Process for Win 32 Services. L'applicazione verrà chiusa.
Se si sta eseguendo un'operazione, è possibile perdere i dati su cui si sta lavorando.
Segnalazione del problema a microsoft
E' stata creata una segnalazione errori che è possibile inviare in modo da consentire la soluzione del problema di Generic Host Process for Win 32 Services. Il contenuto della segnalazione sarà riservato e anonimo. |
|
| Top |
|
|
Riverside
Ban a tempo indeterminato
Registrato: 29/02/08 22:32
Messaggi: 4396
Residenza: Riverside House
|
| Inviato: 04 Apr 2009 22:41 Oggetto: |
|
|
Riesegui lascansione con Combofix ma questa volta accedendo al sistema in modalità provvisoria e con un accont con i privilegi di Amministratore.
Ovviamente allega il log che verrà rilasciato. |
|
| Top |
|
|
@83
Eroe
Registrato: 19/11/07 19:21
Messaggi: 57
|
| Inviato: 04 Apr 2009 22:55 Oggetto: |
|
|
Ho rieffettuato la scansione con combo ma non sono riuscito a riavviare in modalità provvisoria spero vada bene.
ComboFix 09-04-04.01 - Paolo 2009-04-04 22.45.39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1023.611 [GMT 2:00]
Eseguito da: c:\documents and settings\Paolo\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-03-04 al 2009-04-04 )))))))))))))))))))))))))))))))))))
.
2009-04-04 20:34 . 2009-04-04 20:34 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2009-04-04 20:34 . 2009-04-04 20:34 <DIR> d-------- c:\documents and settings\Paolo\Dati applicazioni\SUPERAntiSpyware.com
2009-04-04 17:42 . 2009-04-04 17:42 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avg8
2009-04-04 17:42 . 2009-04-04 17:42 262,144 --a------ c:\documents and settings\UEEEBA~4
2009-04-04 17:42 . 2009-04-04 17:42 262,144 --a------ c:\documents and settings\NF5A72~4
2009-04-04 17:41 . 2009-04-04 17:41 262,144 --a------ c:\documents and settings\UEEEBA~3
2009-04-04 17:41 . 2009-04-04 17:41 262,144 --a------ c:\documents and settings\NF5A72~3
2009-04-04 15:48 . 2009-04-04 15:49 8,192 --a------ c:\documents and settings\UEEEBA~2
2009-04-04 15:48 . 2009-04-04 15:49 8,192 --a------ c:\documents and settings\NF5A72~2
2009-04-04 15:45 . 2009-04-04 15:45 262,144 --a------ c:\documents and settings\UEEEBA~1
2009-04-04 15:45 . 2009-04-04 15:45 262,144 --a------ c:\documents and settings\NF5A72~1
2009-04-04 15:44 . 2009-04-04 15:44 262,144 --a------ c:\documents and settings\UENBZL~4
2009-04-04 15:44 . 2009-04-04 15:44 262,144 --a------ c:\documents and settings\NFOUAO~4
2009-03-31 12:09 . 2009-03-31 12:09 <DIR> d-------- c:\programmi\Avira
2009-03-31 12:09 . 2009-03-31 12:09 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-03-31 12:09 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-03-31 12:05 . 2009-03-31 12:06 8,192 --a------ c:\documents and settings\UENBZL~3
2009-03-31 12:05 . 2009-03-31 12:06 8,192 --a------ c:\documents and settings\NFOUAO~3
2009-03-24 11:42 . 1999-09-29 22:04 1,238,288 --a------ c:\windows\system32\msjt4jlt.dll
2009-03-24 11:42 . 1998-06-01 16:37 344,064 --a------ c:\windows\system32\msexch35.dll
2009-03-24 11:42 . 1998-06-01 16:37 294,912 --a------ c:\windows\system32\msxbse35.dll
2009-03-24 11:42 . 1999-09-10 00:06 252,688 --a------ c:\windows\system32\msexcl35.dll
2009-03-24 11:42 . 1999-06-07 20:59 250,128 --a------ c:\windows\system32\mspdox35.dll
2009-03-24 11:42 . 2000-12-06 02:00 209,608 --------- c:\windows\system32\TABCTL32.OCX
2009-03-24 11:42 . 1998-09-24 15:03 171,967 --a------ c:\windows\system32\Odbcjet.hlp
2009-03-24 11:42 . 1999-09-10 00:06 168,720 --a------ c:\windows\system32\msltus35.dll
2009-03-24 11:42 . 1999-09-30 21:21 166,672 --a------ c:\windows\system32\mstext35.dll
2009-03-24 11:42 . 1999-04-26 22:08 44,304 --a------ c:\windows\system32\msrpfs35.dll
2009-03-24 11:42 . 1998-05-05 13:36 39,424 --a------ c:\windows\system32\JETCOMP.exe
2009-03-24 11:42 . 1998-09-24 15:03 7,348 --a------ c:\windows\system32\Odbcjet.cnt
2009-03-15 22:35 . 2009-03-15 22:35 <DIR> d-------- c:\documents and settings\Paolo\Tracing
2009-03-15 22:31 . 2009-03-15 22:31 <DIR> d-------- c:\programmi\File comuni\Windows Live
2009-03-11 15:16 . 2009-03-11 15:20 <DIR> d-------- c:\documents and settings\Paolo\Dati applicazioni\U3
2009-03-09 17:03 . 2009-03-09 17:03 4 -r-hs---- c:\documents and settings\All Users\Dati applicazioni\sysqcl1129139270.dat
2009-03-09 17:02 . 2009-03-09 17:02 <DIR> d-------- c:\programmi\plasq
2009-03-09 17:02 . 2009-04-04 20:34 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 18:26 --------- d-----w c:\programmi\CCleaner
2009-04-04 18:07 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Firefly Studios
2009-04-04 15:09 --------- d-----w c:\programmi\eMule
2009-04-03 12:57 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Skype
2009-04-03 08:53 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\skypePM
2009-03-24 09:42 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-23 20:44 --------- d-----w c:\programmi\GameShadow
2009-03-20 19:10 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\MSN6
2009-03-17 11:39 --------- d-----w c:\programmi\Yahoo!
2009-03-16 12:18 --------- d-----w c:\programmi\Symantec
2009-03-16 12:18 --------- d-----w c:\programmi\File comuni\Symantec Shared
2009-03-16 12:16 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-03-16 11:50 --------- d-----w c:\programmi\Autodesk
2009-03-16 11:50 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Autodesk
2009-03-16 11:37 --------- d-----w c:\programmi\NuGraf
2009-03-16 11:37 --------- d-----w c:\programmi\Azureus
2009-03-16 11:26 --------- d-----w c:\programmi\File comuni\Autodesk Shared
2009-03-16 11:20 --------- d-----w c:\programmi\Autodesk Network License Manager
2009-03-16 11:20 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Autodesk
2009-03-16 11:18 --------- d-----w c:\programmi\Windows Live
2009-03-03 12:17 --------- d-----w c:\programmi\Mediacenter 1.0a
2009-02-20 16:06 --------- d-----w c:\programmi\EA GAMES
2009-02-10 17:04 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-10 17:04 --------- d-----w c:\programmi\Java
2009-02-10 10:07 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-02-10 09:38 --------- d-----w c:\programmi\ChessBase
2009-02-10 09:38 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\ChessBase
2008-12-23 21:10 22,328 ----a-w c:\documents and settings\Paolo\Dati applicazioni\PnkBstrK.sys
2008-01-29 13:15 1,374 ----a-w c:\programmi\uninstal.log
2007-11-25 17:40 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2007-08-28 11:54 524,300 ----a-w c:\documents and settings\Paolo\Dati applicazioni\position.bin
2007-02-06 16:43 65 ----a-w c:\programmi\File comuni\appop.log
2006-10-14 16:27 1,028,096 ----a-w c:\documents and settings\Paolo\Dati applicazioni\arasanx.exe
2006-10-14 14:15 606,208 ----a-w c:\documents and settings\Paolo\Dati applicazioni\arasan.exe
2006-10-14 13:52 1,507,328 ----a-w c:\documents and settings\Paolo\Dati applicazioni\book.bin
2006-07-18 12:41 1,019,094 --sha-r c:\programmi\serial.zip
2006-07-18 12:41 1,019,094 --sha-r c:\programmi\serial.tde
2006-05-28 15:46 397,306 --sha-r c:\programmi\wunauclt.zip
2006-05-28 15:46 397,306 --sha-r c:\programmi\wunauclt.tbe
2001-08-13 14:51 1,396,337 ----a-w c:\programmi\Captura.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"Launch PC Probe II"="c:\programmi\ASUS\PC Probe II\Probe2.exe" [2005-04-15 1897472]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" [2005-04-26 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\Paolo\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-03 110592]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-03 110592]
Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2007-07-12 25214]
DSLMON.lnk - c:\programmi\ARESCOM\Modem Telindus Arescom ND220b\dslmon.exe [2008-08-05 917600]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\File comuni\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Programmi\\File comuni\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"h:\\3dsmax7\\3dsmax.exe"=
"c:\\Programmi\\backburner 2\\monitor.exe"=
"c:\\Programmi\\backburner 2\\manager.exe"=
"c:\\Programmi\\backburner 2\\server.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13972:TCP"= 13972:TCP:NortonAV
"18637:TCP"= 18637:TCP:NortonAV
"14258:TCP"= 14258:TCP:NortonAV
"15475:TCP"= 15475:TCP:NortonAV
"14995:TCP"= 14995:TCP:NortonAV
"15782:TCP"= 15782:TCP:NortonAV
"12583:TCP"= 12583:TCP:NortonAV
"17299:TCP"= 17299:TCP:NortonAV
"12380:TCP"= 12380:TCP:NortonAV
"17417:TCP"= 17417:TCP:NortonAV
"13600:TCP"= 13600:TCP:NortonAV
"16835:TCP"= 16835:TCP:NortonAV
"13289:TCP"= 13289:TCP:NortonAV
"18682:TCP"= 18682:TCP:NortonAV
"13234:TCP"= 13234:TCP:NortonAV
"14896:TCP"= 14896:TCP:NortonAV
"12189:TCP"= 12189:TCP:NortonAV
"14807:TCP"= 14807:TCP:NortonAV
"16789:TCP"= 16789:TCP:NortonAV
"13341:TCP"= 13341:TCP:NortonAV
"16231:TCP"= 16231:TCP:NortonAV
"17701:TCP"= 17701:TCP:NortonAV
"13448:TCP"= 13448:TCP:NortonAV
"13171:TCP"= 13171:TCP:NortonAV
"13626:TCP"= 13626:TCP:NortonAV
"12676:TCP"= 12676:TCP:NortonAV
"16840:TCP"= 16840:TCP:NortonAV
"18097:TCP"= 18097:TCP:NortonAV
"16609:TCP"= 16609:TCP:NortonAV
"18131:TCP"= 18131:TCP:NortonAV
"12941:TCP"= 12941:TCP:NortonAV
"14817:TCP"= 14817:TCP:NortonAV
"18523:TCP"= 18523:TCP:NortonAV
"13855:TCP"= 13855:TCP:NortonAV
"18642:TCP"= 18642:TCP:NortonAV
"12283:TCP"= 12283:TCP:NortonAV
"17031:TCP"= 17031:TCP:NortonAV
"18748:TCP"= 18748:TCP:NortonAV
"14842:TCP"= 14842:TCP:NortonAV
"15504:TCP"= 15504:TCP:NortonAV
"15809:TCP"= 15809:TCP:NortonAV
"12782:TCP"= 12782:TCP:NortonAV
"14920:TCP"= 14920:TCP:NortonAV
"16093:TCP"= 16093:TCP:NortonAV
"17260:TCP"= 17260:TCP:NortonAV
"17587:TCP"= 17587:TCP:NortonAV
"12100:TCP"= 12100:TCP:NortonAV
"14430:TCP"= 14430:TCP:NortonAV
"12778:TCP"= 12778:TCP:NortonAV
"16876:TCP"= 16876:TCP:NortonAV
"14794:TCP"= 14794:TCP:NortonAV
"18624:TCP"= 18624:TCP:NortonAV
"17776:TCP"= 17776:TCP:NortonAV
"14596:TCP"= 14596:TCP:NortonAV
"17094:TCP"= 17094:TCP:NortonAV
"15702:TCP"= 15702:TCP:NortonAV
"13033:TCP"= 13033:TCP:NortonAV
"18149:TCP"= 18149:TCP:NortonAV
"13710:TCP"= 13710:TCP:NortonAV
"16950:TCP"= 16950:TCP:NortonAV
"18971:TCP"= 18971:TCP:NortonAV
"16983:TCP"= 16983:TCP:NortonAV
"12396:TCP"= 12396:TCP:NortonAV
"16628:TCP"= 16628:TCP:NortonAV
"15358:TCP"= 15358:TCP:NortonAV
"17732:TCP"= 17732:TCP:NortonAV
"14454:TCP"= 14454:TCP:NortonAV
"12665:TCP"= 12665:TCP:NortonAV
"15612:TCP"= 15612:TCP:NortonAV
"15665:TCP"= 15665:TCP:NortonAV
"17736:TCP"= 17736:TCP:NortonAV
"15261:TCP"= 15261:TCP:NortonAV
"17226:TCP"= 17226:TCP:NortonAV
"13409:TCP"= 13409:TCP:NortonAV
"12783:TCP"= 12783:TCP:NortonAV
"12570:TCP"= 12570:TCP:NortonAV
"13580:TCP"= 13580:TCP:NortonAV
"15571:TCP"= 15571:TCP:NortonAV
"16220:TCP"= 16220:TCP:NortonAV
"14665:TCP"= 14665:TCP:NortonAV
"16030:TCP"= 16030:TCP:NortonAV
"15896:TCP"= 15896:TCP:NortonAV
"15808:TCP"= 15808:TCP:NortonAV
"13229:TCP"= 13229:TCP:NortonAV
"16253:TCP"= 16253:TCP:NortonAV
"14717:TCP"= 14717:TCP:NortonAV
"18032:TCP"= 18032:TCP:NortonAV
"14902:TCP"= 14902:TCP:NortonAV
"17995:TCP"= 17995:TCP:NortonAV
"14217:TCP"= 14217:TCP:NortonAV
"12008:TCP"= 12008:TCP:NortonAV
"17914:TCP"= 17914:TCP:NortonAV
"15281:TCP"= 15281:TCP:NortonAV
"17487:TCP"= 17487:TCP:NortonAV
"4661:TCP"= 4661:TCP:emule
"4662:TCP"= 4662:TCP:emuleTCP
"60981:TCP"= 60981:TCP:EmuleTCP
"4672:UDP"= 4672:UDP:emule UDP
"60991:UDP"= 60991:UDP:Emule UDP
"18967:TCP"= 18967:TCP:NortonAV
"16350:TCP"= 16350:TCP:NortonAV
"13293:TCP"= 13293:TCP:NortonAV
"13663:TCP"= 13663:TCP:NortonAV
"13505:TCP"= 13505:TCP:NortonAV
"15035:TCP"= 15035:TCP:NortonAV
"13596:TCP"= 13596:TCP:NortonAV
"3831:TCP"= 3831:TCP:qvnlqx
R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [2007-02-06 38784]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [2009-03-31 108289]
R2 SentinelKeysServer;Sentinel Keys Server;c:\programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2006-08-22 316992]
R3 EPPSCSIx;EPPSCSI Driver;c:\windows\system32\drivers\eppscan.sys [2007-05-26 105124]
S0 ipncrpnj;ipncrpnj;c:\windows\system32\drivers\qfsplknu.sys --> c:\windows\system32\drivers\qfsplknu.sys [?]
S2 apinnkl;Center Windows;c:\windows\system32\svchost.exe -k netsvcs [2001-08-31 14336]
S2 cpwnt;cpwnt; [x]
S2 gupdate1c9895c2cf4c4a;Google Update Service (gupdate1c9895c2cf4c4a);"c:\programmi\Google\Update\GoogleUpdate.exe" /svc --> c:\programmi\Google\Update\GoogleUpdate.exe [?]
S3 iviudf;iviudf;c:\windows\system32\drivers\IviUdf.sys [2007-02-06 116224]
S3 krdpdre;krdpdre;\??\c:\docume~1\Paolo\IMPOST~1\Temp\krdpdre.sys --> c:\docume~1\Paolo\IMPOST~1\Temp\krdpdre.sys [?]
S3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2005-04-23 14912]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2008-05-24 618112]
S3 Perti4x;Perti4x; [x]
S4 SrvFsi;SrvFsi;"c:\programmi\File comuni\System\ENpVWU.exe" --> c:\programmi\File comuni\System\ENpVWU.exe [?]
S4 SysOhz;SysOhz;"c:\programmi\File comuni\System\Irk.exe" --> c:\programmi\File comuni\System\Irk.exe [?]
S4 UpdJnp;UpdJnp;"c:\programmi\File comuni\System\oMB.exe" --> c:\programmi\File comuni\System\oMB.exe [?]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - udffsrec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
apinnkl
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d8d8c52-f042-11dc-b01c-0015f248a271}]
\Shell\AutoRun\command - I:\22wcb21o.exe
\Shell\explore\Command - I:\22wcb21o.exe
\Shell\open\Command - I:\22wcb21o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91b4dea6-b71c-11dd-b15d-4d6564696130}]
\Shell\AutoRun\command - wscript.exe snake.exe.vbs
\Shell\open\Command - wscript.exe snake.exe.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cec30b86-0e3e-11de-b232-4d6564696130}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cec30b87-0e3e-11de-b232-4d6564696130}]
\Shell\AutoRun\command - e8kj.exe
\Shell\explore\Command - e8kj.exe
\Shell\open\Command - e8kj.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc7330d4-84c9-11dd-b0e9-0015f2a74429}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeccb91a-c6ba-11dd-b17f-4d6564696130}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contenuto della cartella 'Scheduled Tasks'
2009-04-03 c:\windows\Tasks\At1.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-03 c:\windows\Tasks\At10.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At11.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At12.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At13.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At14.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At15.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At16.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At17.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At18.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At19.job
- c:\windows\system32\5aWYeKfU.exe []
2009-03-28 c:\windows\Tasks\At2.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At20.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-03 c:\windows\Tasks\At21.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At22.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\At23.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-03 c:\windows\Tasks\At24.job
- c:\windows\system32\5aWYeKfU.exe []
2009-02-15 c:\windows\Tasks\At26.job
- c:\windows\system32\wunauclt.exe []
2009-03-15 c:\windows\Tasks\At27.job
- c:\windows\system32\wunauclt.exe []
2008-12-15 c:\windows\Tasks\At28.job
- c:\windows\system32\wunauclt.exe []
2009-01-25 c:\windows\Tasks\At3.job
- c:\windows\system32\5aWYeKfU.exe []
2008-12-29 c:\windows\Tasks\At4.job
- c:\windows\system32\5aWYeKfU.exe []
2008-07-19 c:\windows\Tasks\At5.job
- c:\windows\system32\5aWYeKfU.exe []
2008-07-19 c:\windows\Tasks\At6.job
- c:\windows\system32\5aWYeKfU.exe []
2008-07-19 c:\windows\Tasks\At7.job
- c:\windows\system32\5aWYeKfU.exe []
2008-09-10 c:\windows\Tasks\At8.job
- c:\windows\system32\5aWYeKfU.exe []
2008-09-19 c:\windows\Tasks\At9.job
- c:\windows\system32\5aWYeKfU.exe []
2009-04-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe []
2009-04-03 c:\windows\Tasks\ok.job
- G:\ok.avi []
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 22:46:50
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\apinnkl]
"ServiceDll"="c:\windows\system32\gnbpbgl.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-789336058-926492609-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-789336058-926492609-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d4,36,bb,3a,84,a9,9c,4d,e9,fd,37,65,c8,fb,3f,5a,09,e4,55,30,22,a4,7e,
a8,c2,4f,fc,c0,38,41,4b,5f,95,08,27,05,b7,e4,20,ef,f7,30,dc,73,d1,0e,92,42,\
"??"=hex:72,51,c1,f8,a9,c3,62,74,60,64,6e,c2,61,e5,a2,3d
[HKEY_USERS\S-1-5-21-789336058-926492609-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:fe,64,b8,d3,16,21,89,a1,e4,df,25,02,5c,f4,2a,1f,bc,f0,a6,bb,e7,
e5,cb,70,19,e6,55,69,65,10,1b,05,1a,80,6b,23,9a,1b,06,1b,5a,9a,16,f2,aa,15,\
"rkeysecu"=hex:a8,24,f4,29,4f,7d,41,7e,da,7a,ad,4f,68,12,67,df
[HKEY_LOCAL_MACHINE\software\Microsoft\iepsc]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{FA9FED85-47BE-43D8-EDD4-0C381D06627A}"=""
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\URLSearchHooks]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{B54B4FBA-EBDC-2EF7-13F4-2032556B884B}"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\kijpl]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(928)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-04-04 22.48.13
ComboFix-quarantined-files.txt 2009-04-04 20:48:12
ComboFix2.txt 2009-04-04 19:52:42
Pre-Run: 15.309.570.048 byte disponibili
Post-Run: 15,296,806,912 byte disponibili
407 |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 05 Apr 2009 12:02 Oggetto: |
|
|
E' normale che la modalità provvisoria sia disabilitata, sei ancora infetto. 
Sei messo parecchio male...
Hai qualche periferica USB (chiavetta o HD esterno) infetta, dobbiamo disabilitarne l'avvio automatico all'inserimento per controllarle.
Per farlo in maniera semplice, scaricati il programma TweakUI da questa pagina e installalo.
Una volta installato, eseguilo e procedi con questi passaggi:
| Citazione: | Espandi la sezione My Computer
Espandi la sottosezione Autoplay
Spostati in Types
Togli il segno di spunta a Enable Autoplay for removable drives
Clicca su Apply
Chiudi TweakUI
PS: Con Espandi intendo: clicca sul simbolo [+] di fianco alle voci che ti ho indicato |
Da questo momento tutti gli apparati USB smetteranno di avviarsi automaticamente.
Dopo aver finito le operazioni di pulizia, ripristineremo l'avvio automatico delle periferiche USB.
Apri il Blocco note e crea un file di testo con le seguenti istruzioni:
| Codice: | File::
c:\windows\system32\gnbpbgl.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\ok.job
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d8d8c52-f042-11dc-b01c-0015f248a271}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91b4dea6-b71c-11dd-b15d-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cec30b87-0e3e-11de-b232-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc7330d4-84c9-11dd-b0e9-0015f2a74429}]
Driver::
ipncrpnj
apinnkl
cpwnt
krdpdre
Perti4x
SrvFsi
SysOhz
UpdJnp |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.
Dimenticavo, per cortesia, i logs caricali su FreeFileHosting o WikiSend come indicato qui.
Diventa più semplice leggerli, grazie mille per la collaborazione.  |
|
| Top |
|
|
@83
Eroe
Registrato: 19/11/07 19:21
Messaggi: 57
|
| Inviato: 07 Apr 2009 10:10 Oggetto: vorrei formattare |
 |
|
| ho deciso che voglio foramattara Hd su cui gira windows però ho un problema su questo pc hanno tentato di installare sp3 facendo un emerito casino in quanto ora avviando il pc mi spunta in automatico una finestra in cui mi chiede di sceglire tra l'avvio di xp e l'installazione scegliendo l'avvio devo selezionare riavvia in ultima configurazione funzionante altrimenti il pc si blocca al logo di xp mentre se scelgo l'installazione mi dice che windows viene bloccato per evitare danni al pc ora ho provato a fare il boot da cd ma non mi onsenter cmq di formattre in quanto appena dovrebbe partire la schermata per iniziare la formattazione non rileva al cun cd come posso fare a formattare in modo che poi pulisco hd esterno su cui ho dati che non vorri perdere?? |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
