Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

chi mi controlla un log hijack

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

chi mi controlla un log hijack

Messaggioda poppiski » mer apr 15, 2009 6:27 pm

Se volete controllare cortesemente questo log di hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.54.46, on 14/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\vsnpstd2.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\carpserv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\documents and settings\user\impostazioni locali\dati applicazioni\iaiusam.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [rfagent] "C:\Programmi\RFA\rfagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [iaiusam] "c:\documents and settings\user\impostazioni locali\dati applicazioni\iaiusam.exe" iaiusam
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?0ce4664fa6124eb7baa63ff45ff01034
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?0ce4664fa6124eb7baa63ff45ff01034
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {58321A86-43C6-4AD1-9919-B20398289D49} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate1c98bc18eb01c28) (gupdate1c98bc18eb01c28) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9805 bytes



grazie
vista / XP dualboot + ubuntu su virtualbox
Avatar utente
poppiski
Senior Member
Senior Member
 
Messaggi: 325
Iscritto il: dom apr 06, 2008 6:25 pm
Località: Giulianova
Top

Re: chi mi controlla un log hijack

Messaggioda crazy.cat » mer apr 15, 2009 6:38 pm

trojan cid presente, fixa questa riga con hijackthis
O4 - HKCU\..\Run: [iaiusam] "c:\documents and settings\user\impostazioni locali\dati applicazioni\iaiusam.exe" iaiusam
e poi fai una scansione con combofix e postane il log.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Re: chi mi controlla un log hijack

Messaggioda poppiski » mer apr 15, 2009 7:17 pm

inanzi tutto ti ringrazio per la tua celere risposta.

crazy.cat ha scritto:trojan cid presente, fixa questa riga con hijackthis
O4 - HKCU\..\Run: [iaiusam] "c:\documents and settings\user\impostazioni locali\dati applicazioni\iaiusam.exe" iaiusam
e poi fai una scansione con combofix e postane il log.


L'avevo gia individuato.
però mi chiedevo se non ci fosse altro che mi sfugge.
ci sono vari sintomi che non mi quadrano.
1) antivirus , torrent , msn funzionano
2) impossibile navigare con IE o Firefox
3) commando esegui non funziona
4) impossibile aprire impostazioni internet nel pannello di controllo
5) impossibile fare assistenza remota

ti risulta che questo troian faccia tutto questo ???

purtroppo non ho il pc sotto mano, quindi adesso non posso provare.
appena posso farò comunque quello che mi hai suggerito.

grazie
vista / XP dualboot + ubuntu su virtualbox
Avatar utente
poppiski
Senior Member
Senior Member
 
Messaggi: 325
Iscritto il: dom apr 06, 2008 6:25 pm
Località: Giulianova
Top
Top

Re: chi mi controlla un log hijack

Messaggioda Max01 » mer apr 15, 2009 8:13 pm

Anche questo è piuttosto sospetto: O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
Analizzalo su http://www.virustotal.com/it/
"Vederselo davanti è un’esperienza che non si dimentica. Il Maine Coon è davvero un gatto enorme, imponente e regale.
Avatar utente
Max01
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 1975
Iscritto il: sab feb 23, 2008 3:00 pm
Località: Firenze
Top

Re: chi mi controlla un log hijack

Messaggioda crazy.cat » gio apr 16, 2009 7:21 am

poppiski ha scritto:ti risulta che questo troian faccia tutto questo ???

No.
di solito si limita a mostrare pagine pubblicitarie, per quello ti ho consigliato combofix che oltre a rimuoverlo offre un log molto più dettagliato.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Re: chi mi controlla un log hijack

Messaggioda poppiski » dom apr 19, 2009 12:03 pm

Ciao crazy
eccomi di nuovo.
Scusa se è passato qualche giorno ma il pc infetto l'ho visto ieri sera.

inanzi tutto ecco il log di combofix

ComboFix 09-04-18.07 - user 18/04/2009 22.46.27.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.762 [GMT 2:00]
Eseguito da: E:\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Impostazioni locali\Dati applicazioni\difcbedz.dat
c:\documents and settings\user\Impostazioni locali\Dati applicazioni\difcbedz_nav.dat
c:\documents and settings\user\Impostazioni locali\Dati applicazioni\difcbedz_navps.dat
c:\documents and settings\user\Impostazioni locali\Dati applicazioni\iaiusam_navps.dat
c:\documents and settings\user\Impostazioni locali\Dati applicazioni\igigq.dat
c:\documents and settings\user\Impostazioni locali\Dati applicazioni\igigq_nav.dat
c:\documents and settings\user\Impostazioni locali\Dati applicazioni\igigq_navps.dat
c:\documents and settings\user\Impostazioni locali\Dati applicazioni\jfqmplh.dat
c:\documents and settings\user\Impostazioni locali\Dati applicazioni\jfqmplh_nav.dat
c:\documents and settings\user\Impostazioni locali\Dati applicazioni\jfqmplh_navps.dat
c:\windows\system32\msconfig.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-03-18 al 2009-04-18 )))))))))))))))))))))))))))))))))))
.

2009-04-17 21:16 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 21:16 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 21:16 . 2009-02-09 11:22 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 21:16 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 21:16 . 2009-02-09 10:51 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 21:16 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 21:16 . 2009-02-09 10:51 734720 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 21:16 . 2009-02-09 10:51 736256 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 21:16 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 21:13 . 2009-03-27 06:48 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 21:13 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 21:52 . 2009-04-14 21:52 -------- d-----w c:\programmi\Trend Micro
2009-04-12 21:38 . 2009-04-12 21:38 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-12 21:38 . 2009-04-12 21:38 232 ---ha-w C:\sqmdata00.sqm
2009-04-07 20:26 . 2009-04-07 20:26 -------- d-----w c:\documents and settings\user\IECompatCache
2009-04-07 20:23 . 2009-04-07 20:23 -------- d-----w c:\documents and settings\user\PrivacIE
2009-04-07 20:21 . 2009-04-07 20:21 -------- d-----w c:\documents and settings\user\IETldCache
2009-04-07 20:19 . 2009-04-07 20:19 -------- d-----w c:\windows\ie8updates
2009-04-07 20:15 . 2009-04-10 21:13 -------- dc----w c:\windows\ie8
2009-03-21 14:06 . 2009-03-21 14:06 1033728 -c----w c:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 18:41 . 2009-04-18 18:39 2124 ----a-w C:\avenger.txt
2009-04-18 16:41 . 2007-10-14 15:42 -------- d-----w c:\programmi\PeerGuardian2
2009-04-18 14:55 . 2007-10-27 18:12 -------- d-----w c:\documents and settings\user\Dati applicazioni\uTorrent
2009-04-18 10:17 . 2004-08-19 12:00 72884 ----a-w c:\windows\system32\perfc010.dat
2009-04-18 10:17 . 2004-08-19 12:00 446384 ----a-w c:\windows\system32\perfh010.dat
2009-04-17 23:50 . 2005-01-11 20:11 -------- d-----w c:\programmi\DVD Decrypter
2009-04-17 21:14 . 2008-03-08 08:03 -------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-04-17 21:13 . 2006-07-17 21:23 -------- d-----w c:\programmi\SpywareBlaster
2009-04-17 21:09 . 2007-08-04 12:11 -------- d-----w c:\programmi\Microsoft ActiveSync
2009-04-17 20:57 . 2009-02-10 20:49 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-04-14 22:59 . 2007-07-16 20:13 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-04-14 20:35 . 2008-02-16 14:19 -------- d-----w c:\programmi\DeskMates
2009-04-10 21:13 . 2006-07-17 21:25 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-04-07 20:44 . 2007-11-10 16:51 -------- d-----w c:\documents and settings\user\Dati applicazioni\Skype
2009-03-07 22:36 . 2008-11-08 15:58 270 ----a-w C:\VundoFix.txt
2009-03-06 14:19 . 2004-08-19 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 23:17 . 2005-12-29 17:38 -------- d-----w c:\programmi\Alice ti aiuta
2009-03-03 23:17 . 2005-12-29 17:39 -------- d-----w c:\programmi\Motive
2009-03-03 23:07 . 2007-07-16 19:52 -------- d-----w c:\programmi\ENCICLOPEDIA MEDICA 2007
2009-03-03 00:03 . 2004-08-19 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:08 . 2004-08-19 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:04 . 2004-08-19 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2004-08-19 15:34 2027520 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2004-08-19 12:00 2148864 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2004-08-19 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-08-19 12:00 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-08-19 12:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-08-19 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-08-19 12:00 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-08-19 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2004-08-19 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-31 17:31 . 2007-12-25 20:59 230424 ----a-w C:\img2-001.raw
2009-01-03 23:27 . 2005-01-11 13:03 75760 ----a-w c:\documents and settings\user\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2005-01-11 16:15 . 2005-01-11 16:15 56 --sh--r c:\windows\system32\4E2CD3D108.sys
2005-01-11 16:15 . 2005-01-11 16:15 1682 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-12-26 01:00 . 2008-12-26 01:00 32768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008122620081227\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\programmi\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-18 68856]
"msnmsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"DeskMateAutoUpdate"="c:\progra~1\DESKMA~1\DeskMateAutoUpdate.exe" [2009-01-31 25896]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"rfagent"="c:\programmi\RFA\rfagent.exe" [2007-12-04 916800]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"EPSON Stylus C66 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE" [2003-11-26 99840]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 335872]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2001-12-23 4608]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe [2009-1-26 19357696]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^Cyber Poti.lnk]
backup=c:\windows\pss\Cyber Poti.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^Morpheus.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^VirtuaGirl HD.LNK.disabled]
backup=c:\windows\pss\VirtuaGirl HD.LNK.disabledStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bypkihez
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Instant Access"=rundll32.exe EGDACCESS_1063.dll,InstantAccess
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"=c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CnxTrApp"=rundll32.exe "c:\programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
"rfagent"="c:\programmi\RFA\rfagent.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SNPSTD2"=c:\windows\vsnpstd2.exe
"DeskMateAutoUpdate"=c:\progra~1\DESKMA~1\DeskMateAutoUpdate.exe
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\user\\Desktop\\applemule\\emule.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Documents and Settings\\user\\Documenti\\utorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
R2 gupdate1c98bc18eb01c28;Google Update Service (gupdate1c98bc18eb01c28);c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
R3 MEMSWEEP2;MEMSWEEP2; [x]


--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - PARPORT

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2004-08-25 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-17 20:49]

2004-08-25 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-10 20:52]

2009-04-18 c:\windows\Tasks\User_Feed_Synchronization-{777F768A-968C-4FAF-ACA7-056A66EB414E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:58]

2009-04-18 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2004-08-25 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-21 10:05]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?0ce4664fa6124eb7baa63ff45ff01034
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?0ce4664fa6124eb7baa63ff45ff01034
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\n1acwh0u.default\
FF - prefs.js: browser.startup.homepage - google.it
FF - plugin: c:\programmi\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 22:49
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(244)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\DivXa32.acm
.
Ora fine scansione: 2009-04-18 22.52.09
ComboFix-quarantined-files.txt 2009-04-18 20:52

Pre-Run: 58.812.436.480 byte disponibili
Post-Run: 58.838.745.088 byte disponibili

224 --- E O F --- 2009-04-18 02:43


mi ha eliminato alcune cosette, e dopodichè firefox è ripartito regolarmente.
Per risolvere con IE ho dovuto aggiornare con IE8 e mi ha risolto anche l'accesso ad impostazioni internet.
Il comando esegui pare rifunzionare pure.
L'assistenza remota devo ancora provarla.

Quindi all apparenza sembrerebbe essere tornato tutto alla normalità.
Fammi sapere se mi sfugge qualcosa.
E ancora grazie per la tua collaborazione.

P.S: il log e stato fatto prima di installare IE8.
vista / XP dualboot + ubuntu su virtualbox
Avatar utente
poppiski
Senior Member
Senior Member
 
Messaggi: 325
Iscritto il: dom apr 06, 2008 6:25 pm
Località: Giulianova
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 23 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising