Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

kaspersky trova virus

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

kaspersky trova virus

Messaggioda wolly76 » ven feb 29, 2008 1:01 pm

active virus shield ad ogni avvio mia avvisa di un virus trojan win32.agent in una cartella temp
vi incollo il log di hijackthis e il log di activevirusshield

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.58.33, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\Programmi\Wave Systems Corp\Common\DataServer.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\Programmi\Apoint\HidFind.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Digital Line Detect\DLG.exe
C:\Programmi\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\ScanSoft\OPCaptureSDK12\BIN\VTest.exe
C:\PROGRA~1\ScanSoft\OPCAPT~1\BIN\xocr32b.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sly\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell ... bd=2070618
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell ... bd=2070618
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/ig/dell?hl=it&clie ... bd=2070618
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 194.243.38.9 RDS # servizio velocis
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Programmi\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmi\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series (Copia 2) (da GIANLUCA)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_SBB.tmp" /EF "HKCU"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Outlook 2007.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Programmi\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E2559BE-BFB9-40B5-A948-00ED7F051567}: NameServer = 194.243.38.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C14987F3-8896-4BD7-BC6F-F31B11444447}: NameServer = 194.243.38.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Programmi\AOL\Active Virus Shield\avp.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Programmi\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Programmi\OpenVPN\bin\openvpnserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Programmi\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Programmi\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Velocis (RDS) - Unknown owner - C:\PROGRA~1\Engine\BIN\RDS.EXE (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Xceed Chart for ASP.NET Renderer Service (Xceed.Chart.Renderer.Service) - Xceed Software Inc. - C:\Programmi\Xceed Components\Bin\.NET\Xceed.Chart.Renderer.Service.exe

--
End of file - 13219 bytes




Protection
----------
Total scanned: 18823
Detected: 72
Untreated: 0
Start time: 29/02/2008 8.32.17
Duration: 04.32.44


Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan.Win32.Agent.amp File: E:\Autorun.inf
not found: Trojan program Trojan.Win32.Agent.amp File: E:\autorun.inf
deleted: Trojan program Backdoor.Win32.PcClient.aai File: E:\RECYCLER\RECYCLER\autorun.exe
deleted: Trojan program Trojan.Win32.Agent.acw File: E:\Backup RNDSERVER\Backup\Farmacop 2.0\Backup FarmaCop 24-07-06\Librerie\Pegasus Demo e Key\Pegasus ImagXpress Professional v7.0.72 Keymaker.exe
deleted: Trojan program Trojan.Win32.Agent.acw File: E:\System Volume Information\_restore{96CF19D8-81C3-4A35-8411-E2299A2E4BBA}\RP167\A0056330.exe
deleted: Trojan program Trojan.Win32.Agent.acw File: E:\Backup RNDSERVER\Backup\Farmacop 2.0\Backup FarmaCop 24-07-06\Librerie\Pegasus Demo e Key\Pegasus PDFXpress v1.0.3x.0 Keymaker.exe
deleted: Trojan program Trojan.Win32.Agent.acw File: E:\System Volume Information\_restore{96CF19D8-81C3-4A35-8411-E2299A2E4BBA}\RP169\A0056333.exe
deleted: Trojan program Trojan.Win32.Agent.acw File: E:\System Volume Information\_restore{96CF19D8-81C3-4A35-8411-E2299A2E4BBA}\RP169\A0056335.exe
deleted: virus Virus.Win32.AutoRun.ht File: E:\Long.exe/PE_Patch.UPX/UPX
deleted: Trojan program Trojan-Downloader.Win32.Injecter.dj Mail attachment: [From:"Clark Mcconnell" <motherlync@one.net>][Subject:Buon Natale][Time:2007/12/26 23:57:15]\eCard\eCard2.scr
deleted: Trojan program Trojan-Downloader.Win32.Injecter.dj Mail attachment: [From:"Laurence Morton" <consciouslyg@electronicbills.postbillpay.com.au>][Subject:Buon Natale][Time:2007/12/27 14:26:33]\eCard\eCard2.scr
deleted: Trojan program Trojan-Downloader.Win32.Injecter.dj Mail attachment: [From:"Dusty Spence" <reinholdn65@mindspring.com>][Subject:Buon Natale][Time:2007/12/27 17:26:36]\eCard\eCard2.scr
deleted: Trojan program Trojan-Downloader.Win32.Injecter.dj Mail attachment: [From:"Edward Jaramillo" <spreedqt2@worldserver.com>][Subject:Buon Natale][Time:2007/12/27 20:53:44]\eCard\eCard2.scr
deleted: Trojan program Trojan-Downloader.Win32.Injecter.dj Mail attachment: [From:"Roland Eason" <inhalator@ci.waco.tx.us>][Subject:Buon Natale][Time:2007/12/28 01:28:22]\eCard\eCard2.scr
deleted: Trojan program Trojan-Downloader.Win32.Injecter.dj Mail attachment: [From:"Marion Earl" <unzip0@iccc.cc.ia.us>][Subject:Buon Natale][Time:2007/12/28 07:47:51]\eCard\eCard2.scr
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\3179947171.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\SLY\IMPOST~1\TEMP\3653002.EXE
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\3096389185.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\3979538210.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\2210066349.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\1582692993.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\1727071387.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\999970864.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\3286279032.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\3119038537.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\741315068.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\824608220.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\1074675695.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\1213723653.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\1558071607.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\2023308627.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\224643465.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\2456317555.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\2738407488.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\3337738637.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\3351637486.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\3363964583.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\4069907734.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\4148587104.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\559263175.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\571654112.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\620482444.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\633881055.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\Documents and Settings\Sly\Impostazioni locali\Temp\775590415.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\3548215582.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\4127052548.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\1184364859.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\2966918970.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\2907855946.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\1925700535.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\3238985908.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\2037301190.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\2749829001.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\2836477811.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\1804099992.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\2492081220.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\3903008436.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\2690360834.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\1174614973.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\3927083071.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\3506204041.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\612154503.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\16318867.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\2481786072.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\3974589966.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\1420423159.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\900141859.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\1308232264.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\1502368027.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\1580509033.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\3074800007.exe
deleted: Trojan program Trojan.Win32.Agent.dxh File: C:\DOCUME~1\Sly\IMPOST~1\Temp\4248594649.exe
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda crazy.cat » ven feb 29, 2008 1:29 pm

Fai una scansione con findaw e posta il log
http://noahdfear.geekstogo.com/FindAWF.exe

Disattiva il ripristino della configurazione e riavvia il pc prima di fare altre scansioni.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda wolly76 » sab mar 01, 2008 9:32 am

Mi dice impssibile caricare il supporto vdm ipx/spx e non mi fa fare lo scan
che posso fare?
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS


Messaggioda ste_95 » sab mar 01, 2008 9:44 am

Scarica ComboFix ed esegui la scansione. Al termine di essa, posta il log che ti apparirà.

La sua utilità al momento è quella di farci vedere le cartelle bak ed eventuali file in esse contenuti.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda wolly76 » sab mar 01, 2008 4:57 pm

ecco il log di combofix


ComboFix 08-03-01.3 - Sly 2008-03-01 16.41.41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1485 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Sly\Impostazioni locali\Temporary Internet Files\Content.IE5\R1HK6QEG\ComboFix[1].exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\MabryObj.dll
C:\windows\system32\system.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Creati Da 2008-02-01 al 2008-03-01 )))))))))))))))))))))))))))))))))))
.

2008-02-29 15:50 . 2007-12-07 12:36 354,312 --a------ C:\WINDOWS\system32\gdpicturepro4.tlb
2008-02-23 16:42 . 2008-02-23 16:42 <DIR> d-------- C:\Programmi\iPod
2008-02-23 16:42 . 2008-03-01 16:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-23 16:42 . 2008-02-23 16:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-14 17:16 . 2008-02-14 17:16 <DIR> d-------- C:\Documents and Settings\Sly\Dati applicazioni\Xceed
2008-02-09 16:17 . 2008-02-09 16:17 28,160 --a------ C:\WINDOWS\system32\vbaltab6.oca
2008-02-09 16:17 . 2008-02-09 16:17 28,160 --a------ C:\WINDOWS\system32\vbalarlb6.oca
2008-02-03 21:33 . 2008-02-04 08:43 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-03 21:32 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-02-01 09:25 . 2008-02-01 09:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\EPSON

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 15:54 105,823,008 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-01 15:52 2,595,872 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-01 15:45 534,620 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-01 15:45 1,440,056 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-29 14:54 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-02-29 14:50 --------- d-----w C:\Programmi\GdPicture ToolKit Pro Edition
2008-02-29 13:59 --------- d-----w C:\Programmi\Focus
2008-02-23 15:42 --------- d-----w C:\Programmi\iTunes
2008-02-23 15:41 --------- d-----w C:\Programmi\QuickTime
2008-02-20 17:52 --------- d-----w C:\Documents and Settings\Sly\Dati applicazioni\Skype
2008-02-19 18:51 --------- d-----w C:\Programmi\MH600HS Wizard
2008-02-09 22:20 --------- d-----w C:\Programmi\Apoint
2008-02-09 22:18 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-09 21:29 --------- d-----w C:\Programmi\Hexacto Games
2008-02-03 20:33 --------- d-----w C:\Programmi\Apple Software Update
2008-01-31 17:39 --------- d-----w C:\Programmi\eMule
2008-01-13 21:28 --------- d-----w C:\Programmi\DivX
2008-01-09 11:18 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-08 21:14 --------- d-----w C:\Programmi\Microsoft ActiveSync
2008-01-04 22:03 --------- d-----w C:\Programmi\Windows Defender
2008-01-04 22:03 --------- d-----w C:\Programmi\MSN Messenger
2007-12-12 10:34 410 ----a-w C:\DWORD.reg
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 483,328 2004-12-14 00:12:02 C:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe
----a-w 10,256 2008-01-04 22:03:06 C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

----a-w 39,792 2007-10-10 18:51:55 C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 10,256 2008-01-04 22:03:06 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe

----a-r 176,128 2005-10-07 11:13:38 C:\Programmi\Apoint\bak\Apoint.exe
----a-r 176,128 2005-10-07 11:13:38 C:\Programmi\Apoint\Apoint.exe

----a-w 118,784 2006-10-20 16:23:38 C:\Programmi\CyberLink\PowerDVD DX\bak\PDVDDXSrv.exe
----a-w 10,256 2008-01-04 22:03:06 C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe

----a-w 1,191,936 2007-02-20 11:29:08 C:\Programmi\Dell\QuickSet\bak\quickset.exe
----a-w 10,256 2008-01-04 22:03:06 C:\Programmi\Dell\QuickSet\quickset.exe

----a-w 81,920 2004-07-27 15:50:18 C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe
----a-w 10,256 2008-01-04 22:03:06 C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe

----a-w 221,184 2004-07-27 15:50:42 C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe
----a-w 10,256 2008-01-04 22:03:06 C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe

----a-w 696,320 2006-10-18 16:58:16 C:\Programmi\Intel\Wireless\Bin\bak\ifrmewrk.exe
----a-w 10,256 2008-01-04 22:03:06 C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe

----a-w 802,816 2006-10-18 17:04:28 C:\Programmi\Intel\Wireless\Bin\bak\ZCfgSvc.exe
----a-w 10,256 2008-01-04 22:03:06 C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe

----a-w 270,648 2007-07-10 08:18:20 C:\Programmi\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-02-19 12:10:32 C:\Programmi\iTunes\iTunesHelper.exe

----a-w 132,496 2007-09-24 23:11:35 C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe
----a-w 10,256 2008-01-04 22:03:06 C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

----a-w 1,694,208 2004-10-13 16:24:37 C:\Programmi\Messenger\bak\msmsgs.exe
----a-w 10,256 2008-01-04 22:03:06 C:\Programmi\Messenger\msmsgs.exe

----a-w 1,289,000 2006-11-13 13:38:54 C:\Programmi\Microsoft ActiveSync\bak\Wcescomm.exe
----a-w 1,289,000 2006-11-13 13:38:54 C:\Programmi\Microsoft ActiveSync\wcescomm.exe

----a-w 31,016 2006-10-26 22:47:42 C:\Programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe
----a-w 10,256 2008-01-04 22:03:06 C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

----a-w 286,720 2007-06-29 05:24:52 C:\Programmi\QuickTime\bak\qttask.exe
----a-w 385,024 2008-01-31 22:13:08 C:\Programmi\QuickTime\QTTask.exe

----a-w 1,116,920 2006-08-17 08:00:00 C:\Programmi\Roxio\Drag-to-Disc\bak\DrgToDsc.exe
----a-w 10,256 2008-01-04 22:03:06 C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe

----a-w 102,400 2006-09-08 07:32:54 C:\Programmi\Wave Systems Corp\Services Manager\DocMgr\bin\bak\docmgr.exe
----a-w 10,256 2008-01-04 22:03:06 C:\Programmi\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

----a-w 866,584 2006-11-03 17:20:12 C:\Programmi\Windows Defender\bak\MSASCui.exe
----a-w 10,256 2008-01-04 22:03:06 C:\Programmi\Windows Defender\MSASCui.exe

----a-w 15,360 2004-08-19 11:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 11:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
----a-w 10,256 2008-01-04 22:03:06 C:\WINDOWS\system32\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 12:00 15360]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2008-01-04 23:03 10256]
"H/PC Connection Agent"="C:\Programmi\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:38 1289000]
"EPSON Stylus Photo R265 Series (Copia 2) (da GIANLUCA)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.exe" [2006-05-19 05:00 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Programmi\Apoint\Apoint.exe" [2005-10-07 12:13 176128]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 08:14 7401472]
"nwiz"="nwiz.exe" [2006-01-19 08:14 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-01-19 08:14 73728 C:\WINDOWS\system32\nvhotkey.dll]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-04 23:03 10256]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe]
"Document Manager"="C:\Programmi\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2008-01-04 23:03 10256]
"Dell QuickSet"="C:\Programmi\Dell\QuickSet\quickset.exe" [2008-01-04 23:03 10256]
"IntelZeroConfig"="C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2008-01-04 23:03 10256]
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2008-01-04 23:03 10256]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-01-04 23:03 10256]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2008-01-04 23:03 10256]
"RoxioDragToDisc"="C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe" [2008-01-04 23:03 10256]
"PDVDDXSrv"="C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-01-04 23:03 10256]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2008-01-04 23:03 10256]
"aol"="C:\Programmi\AOL\Active Virus Shield\avp.exe" [2006-05-30 11:13 139367]
"Acrobat Assistant 7.0"="C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-01-04 23:03 10256]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-04 23:03 10256]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-01-04 23:03 10256]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 12:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 18:48 434528]

C:\Documents and Settings\Sly\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office Outlook 2007.lnk - C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe [2007-06-28 14:41:29 845584]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-06-29 07:22:14 25214]
Digital Line Detect.lnk - C:\Programmi\Digital Line Detect\DLG.exe [2007-06-18 14:05:51 24576]
EMBASSY Trust Suite Secure Update.lnk - C:\Programmi\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-08-25 09:45:30 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\AOL\\Active Virus Shield\\avp.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\OpenVPN\\bin\\openvpn.exe"=
"C:\Programmi\Microsoft ActiveSync\rapimgr.exe"= C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programmi\Microsoft ActiveSync\wcescomm.exe"= C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"= C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys [2005-12-09 15:35]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 10:35]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;C:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe [2007-04-19 20:05]
R2 SQLWriter;SQL Server VSS Writer;"c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
R3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S2 Velocis (RDS);Velocis (RDS);C:\PROGRA~1\Engine\BIN\RDS.EXE []
S3 ONDAUsbDiag;ONDA USB Diagnostics Port;C:\WINDOWS\system32\DRIVERS\ONDAUsbDiag.sys [2007-04-10 09:53]
S3 ONDAUsbModem;ONDA USB MODEM DRIVER;C:\WINDOWS\system32\DRIVERS\ONDAUsbModem.sys [2007-04-10 09:53]
S3 ONDAUsbNmea;ONDA USB NMEA Port;C:\WINDOWS\system32\DRIVERS\ONDAUsbNmea.sys [2007-04-10 09:53]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server;"C:\Programmi\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe" [2007-06-11 02:38]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 13:37]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S3 VSPerfDrv;Performance Tools Driver;C:\Programmi\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2005-09-23 01:42]
S3 Xceed.Chart.Renderer.Service;Xceed Chart for ASP.NET Renderer Service;"C:\Programmi\Xceed Components\Bin\.NET\Xceed.Chart.Renderer.Service.exe" [2006-07-03 14:32]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Programmi\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bc2f4d8-79b9-11dc-925e-001b7743f931}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65d8075a-77c6-11dc-9259-8000600fe800}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a398351-762d-11dc-8767-0019b979f02b}]
\Shell\AutoRun\command - E:\ReadMe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4873788-4192-11dc-af41-0019b979f02b}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcc046c4-7a61-11dc-9260-001b7743f931}]
\Shell\Auto\command - E:\Long.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Long.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcc046ec-7a61-11dc-9260-001b7743f931}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0876ee2-9aa4-11dc-8831-0019b979f02b}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cffbd688-7892-11dc-925b-0019b979f02b}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9752d01-7d77-11dc-9266-0019b979f02b}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f666e3e7-7cbc-11dc-9264-001b7743f931}]
\Shell\AutoRun\command - E:\AutoRun.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-25 08:48:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-03-01 15:49:10 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 16:54:43
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\detoured.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\detoured.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\detoured.dll
-> C:\WINDOWS\system32\DLAAPI_W.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Wave Systems Corp\Common\DataServer.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Programmi\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\Apoint\HidFind.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programmi\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2008-03-01 16:57:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-01 15:57:29
.
2008-02-29 07:41:08 --- E O F ---
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda ste_95 » sab mar 01, 2008 5:35 pm

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il flag su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto
Files to move:
C:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe | C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe | C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Apoint\bak\Apoint.exe | C:\Programmi\Apoint\Apoint.exe
C:\Programmi\CyberLink\PowerDVD DX\bak\PDVDDXSrv.exe | C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Programmi\Dell\QuickSet\bak\quickset.exe | C:\Programmi\Dell\QuickSet\quickset.exe
C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe| C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe | C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\Intel\Wireless\Bin\bak\ifrmewrk.exe | C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Intel\Wireless\Bin\bak\ZCfgSvc.exe | C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Programmi\iTunes\bak\iTunesHelper.exe | C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe | C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Messenger\bak\msmsgs.exe | C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft ActiveSync\bak\Wcescomm.exe | C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe | C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\Roxio\Drag-to-Disc\bak\DrgToDsc.exe | C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Programmi\Wave Systems Corp\Services Manager\DocMgr\bin\bak\docmgr.exe | C:\Programmi\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Programmi\Windows Defender\bak\MSASCui.exe | C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe


Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda wolly76 » sab mar 01, 2008 6:25 pm

cavoli ma che razza di virus è????

ora eseguo leistruzioni, ma mica mi cancellerà tutti quei programmi?
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda ste_95 » sab mar 01, 2008 6:29 pm

E' proprio questo qui:

http://www.MegaLab.it/2684
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda crazy.cat » sab mar 01, 2008 6:31 pm

wolly76 ha scritto:ora eseguo leistruzioni, ma mica mi cancellerà tutti quei programmi?

No, ti sposta i file puliti dalla cartella bak che vanno a sostituire quelli infetti nella cartella del programma.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda wolly76 » sab mar 01, 2008 6:42 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe|C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" completed successfully.
File move operation "C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe|C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" completed successfully.
File move operation "C:\Programmi\Apoint\bak\Apoint.exe|C:\Programmi\Apoint\Apoint.exe" completed successfully.
File move operation "C:\Programmi\CyberLink\PowerDVD DX\bak\PDVDDXSrv.exe|C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe" completed successfully.
File move operation "C:\Programmi\Dell\QuickSet\bak\quickset.exe|C:\Programmi\Dell\QuickSet\quickset.exe" completed successfully.
File move operation "C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe|C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" completed successfully.
File move operation "C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe|C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" completed successfully.
File move operation "C:\Programmi\Intel\Wireless\Bin\bak\ifrmewrk.exe|C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" completed successfully.
File move operation "C:\Programmi\Intel\Wireless\Bin\bak\ZCfgSvc.exe|C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe" completed successfully.
File move operation "C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe" completed successfully.
File move operation "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" completed successfully.
File move operation "C:\Programmi\Messenger\bak\msmsgs.exe|C:\Programmi\Messenger\msmsgs.exe" completed successfully.
File move operation "C:\Programmi\Microsoft ActiveSync\bak\Wcescomm.exe|C:\Programmi\Microsoft ActiveSync\wcescomm.exe" completed successfully.
File move operation "C:\Programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe|C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" completed successfully.
File move operation "C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\QTTask.exe" completed successfully.
File move operation "C:\Programmi\Roxio\Drag-to-Disc\bak\DrgToDsc.exe|C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe" completed successfully.
File move operation "C:\Programmi\Wave Systems Corp\Services Manager\DocMgr\bin\bak\docmgr.exe|C:\Programmi\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" completed successfully.
File move operation "C:\Programmi\Windows Defender\bak\MSASCui.exe|C:\Programmi\Windows Defender\MSASCui.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe" completed successfully.

Completed script processing.

*******************

Finished! Terminate.
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda ste_95 » sab mar 01, 2008 6:42 pm

Posta un nuovo log di ComboFix.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda wolly76 » sab mar 01, 2008 7:02 pm

ComboFix 08-03-01.3 - Sly 2008-03-01 18.53.32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1288 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Sly\Impostazioni locali\Temporary Internet Files\Content.IE5\R1HK6QEG\ComboFix[1].exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-02-01 al 2008-03-01 )))))))))))))))))))))))))))))))))))
.

2008-03-01 18:48 . 2008-03-01 18:48 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-03-01 18:48 . 2008-03-01 18:48 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-03-01 18:48 . 2008-03-01 18:48 <DIR> d-------- C:\Documents and Settings\Sly\Dati applicazioni\SUPERAntiSpyware.com
2008-03-01 18:48 . 2008-03-01 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-02-29 15:50 . 2007-12-07 12:36 354,312 --a------ C:\WINDOWS\system32\gdpicturepro4.tlb
2008-02-23 16:42 . 2008-02-23 16:42 <DIR> d-------- C:\Programmi\iPod
2008-02-23 16:42 . 2008-03-01 18:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-23 16:42 . 2008-02-23 16:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-14 17:16 . 2008-02-14 17:16 <DIR> d-------- C:\Documents and Settings\Sly\Dati applicazioni\Xceed
2008-02-09 16:17 . 2008-02-09 16:17 28,160 --a------ C:\WINDOWS\system32\vbaltab6.oca
2008-02-09 16:17 . 2008-02-09 16:17 28,160 --a------ C:\WINDOWS\system32\vbalarlb6.oca
2008-02-03 21:33 . 2008-02-04 08:43 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-03 21:32 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-02-01 09:25 . 2008-02-01 09:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\EPSON

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 17:58 2,606,368 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-01 17:58 106,005,792 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-01 17:57 535,604 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-01 17:57 1,442,648 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-01 17:39 --------- d-----w C:\Programmi\Windows Defender
2008-03-01 17:39 --------- d-----w C:\Programmi\QuickTime
2008-03-01 17:39 --------- d-----w C:\Programmi\Microsoft ActiveSync
2008-03-01 17:39 --------- d-----w C:\Programmi\iTunes
2008-03-01 17:39 --------- d-----w C:\Programmi\Apoint
2008-03-01 16:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-02-29 14:50 --------- d-----w C:\Programmi\GdPicture ToolKit Pro Edition
2008-02-29 13:59 --------- d-----w C:\Programmi\Focus
2008-02-20 17:52 --------- d-----w C:\Documents and Settings\Sly\Dati applicazioni\Skype
2008-02-19 18:51 --------- d-----w C:\Programmi\MH600HS Wizard
2008-02-09 22:18 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-09 21:29 --------- d-----w C:\Programmi\Hexacto Games
2008-02-03 20:33 --------- d-----w C:\Programmi\Apple Software Update
2008-01-31 17:39 --------- d-----w C:\Programmi\eMule
2008-01-13 21:28 --------- d-----w C:\Programmi\DivX
2008-01-09 11:18 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-04 22:03 --------- d-----w C:\Programmi\MSN Messenger
2007-12-12 10:34 410 ----a-w C:\DWORD.reg
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 12:00 15360]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"H/PC Connection Agent"="C:\Programmi\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:38 1289000]
"EPSON Stylus Photo R265 Series (Copia 2) (da GIANLUCA)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.exe" [2006-05-19 05:00 139264]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Programmi\Apoint\Apoint.exe" [2005-10-07 12:13 176128]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 08:14 7401472]
"nwiz"="nwiz.exe" [2006-01-19 08:14 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-01-19 08:14 73728 C:\WINDOWS\system32\nvhotkey.dll]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe]
"Document Manager"="C:\Programmi\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 08:32 102400]
"Dell QuickSet"="C:\Programmi\Dell\QuickSet\quickset.exe" [2007-02-20 12:29 1191936]
"IntelZeroConfig"="C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04 802816]
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58 696320]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"RoxioDragToDisc"="C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00 1116920]
"PDVDDXSrv"="C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"aol"="C:\Programmi\AOL\Active Virus Shield\avp.exe" [2006-05-30 11:13 139367]
"Acrobat Assistant 7.0"="C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12 483328]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-07-10 09:18 270648]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 12:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 18:48 434528]

C:\Documents and Settings\Sly\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office Outlook 2007.lnk - C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe [2007-06-28 14:41:29 845584]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-06-29 07:22:14 25214]
Digital Line Detect.lnk - C:\Programmi\Digital Line Detect\DLG.exe [2007-06-18 14:05:51 24576]
EMBASSY Trust Suite Secure Update.lnk - C:\Programmi\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-08-25 09:45:30 192512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\AOL\\Active Virus Shield\\avp.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\OpenVPN\\bin\\openvpn.exe"=
"C:\Programmi\Microsoft ActiveSync\rapimgr.exe"= C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programmi\Microsoft ActiveSync\wcescomm.exe"= C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"= C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys [2005-12-09 15:35]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 10:35]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;C:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe [2007-04-19 20:05]
R2 SQLWriter;SQL Server VSS Writer;"c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S2 Velocis (RDS);Velocis (RDS);C:\PROGRA~1\Engine\BIN\RDS.EXE []
S3 ONDAUsbDiag;ONDA USB Diagnostics Port;C:\WINDOWS\system32\DRIVERS\ONDAUsbDiag.sys [2007-04-10 09:53]
S3 ONDAUsbModem;ONDA USB MODEM DRIVER;C:\WINDOWS\system32\DRIVERS\ONDAUsbModem.sys [2007-04-10 09:53]
S3 ONDAUsbNmea;ONDA USB NMEA Port;C:\WINDOWS\system32\DRIVERS\ONDAUsbNmea.sys [2007-04-10 09:53]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server;"C:\Programmi\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe" [2007-06-11 02:38]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 13:37]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 VSPerfDrv;Performance Tools Driver;C:\Programmi\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2005-09-23 01:42]
S3 Xceed.Chart.Renderer.Service;Xceed Chart for ASP.NET Renderer Service;"C:\Programmi\Xceed Components\Bin\.NET\Xceed.Chart.Renderer.Service.exe" [2006-07-03 14:32]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Programmi\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bc2f4d8-79b9-11dc-925e-001b7743f931}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65d8075a-77c6-11dc-9259-8000600fe800}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a398351-762d-11dc-8767-0019b979f02b}]
\Shell\AutoRun\command - E:\ReadMe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4873788-4192-11dc-af41-0019b979f02b}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcc046c4-7a61-11dc-9260-001b7743f931}]
\Shell\Auto\command - E:\Long.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Long.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcc046ec-7a61-11dc-9260-001b7743f931}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0876ee2-9aa4-11dc-8831-0019b979f02b}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cffbd688-7892-11dc-925b-0019b979f02b}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9752d01-7d77-11dc-9266-0019b979f02b}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f666e3e7-7cbc-11dc-9264-001b7743f931}]
\Shell\AutoRun\command - E:\AutoRun.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-25 08:48:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-03-01 18:00:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 18:58:41
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\detoured.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\detoured.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\detoured.dll
-> C:\WINDOWS\system32\DLAAPI_W.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Wave Systems Corp\Common\DataServer.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Programmi\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\Apoint\HidFind.exe
C:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
.
**************************************************************************
.
Ora fine scansione: 2008-03-01 19:01:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-01 18:01:35
.
2008-02-29 07:41:08 --- E O F ---
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda ste_95 » sab mar 01, 2008 7:06 pm

Hai ancora problemi?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda wolly76 » sab mar 01, 2008 8:06 pm

no tutto a posto
ho fatto anche una passata con superantispyware e una di ccleaner
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda wolly76 » lun mar 03, 2008 8:53 am

Approfitto per far notare che avenger ha pubblicato una versione nuova infatti il procedimento per eseguire il text è diverso.
Il programma si apre direttemente con il rich text dove inserire il lo script e poi si preme execute.
Se già lo avevate notato chiedo scusa
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda ste_95 » lun mar 03, 2008 1:48 pm

Ne siamo a conoscenza, è in fase di creazione l'articolo a proposito [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising