Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Temo di aver preso un'altra bestiaccia...

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Temo di aver preso un'altra bestiaccia...

Messaggioda CarDependant » gio gen 08, 2009 11:10 pm

Internet Explorer m'è diventato inaccessibile se lo avvio mi manda questo messaggio:

Immagine

Poco prima antivir aveva segnalato un trojan, ecco il solito log di HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.06.00, on 08/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Tall Emu\Online Armor\oaui.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Documents and Settings\Carmelo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\TechSmith\SnagIt 8\TSCHelp.exe
C:\Programmi\Tall Emu\Online Armor\oahlp.exe
C:\Programmi\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Carmelo\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Programmi\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carmelo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{976F4D7C-3FDD-4250-BF1E-900C93BA6C6D}: NameServer = 193.12.150.2 212.247.152.2
O20 - AppInit_DLLs:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Programmi\Tall Emu\Online Armor\oacat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Programmi\Tall Emu\Online Armor\oasrv.exe

--
End of file - 7292 bytes
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Re: Temo di aver preso un'altra bestiaccia...

Messaggioda ste_95 » ven gen 09, 2009 7:17 am

Scarica ComboFix ed esegui una scansione, le istruzioni le trovi in fondo a questo articolo.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Temo di aver preso un'altra bestiaccia...

Messaggioda CarDependant » ven gen 09, 2009 1:05 pm

Log ComboFix:

ComboFix 09-01-08.04 - Carmelo 2009-01-09 12:55:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1023.538 [GMT 1:00]
Eseguito da: c:\documents and settings\Carmelo\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-12-09 al 2009-01-09 )))))))))))))))))))))))))))))))))))
.

2009-01-09 01:11 . 2008-04-13 11:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2009-01-09 01:11 . 2008-04-13 11:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys
2009-01-09 01:10 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-01-09 01:10 . 2009-01-09 01:10 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-09 01:10 . 2009-01-09 01:10 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-08 17:40 . 2009-01-08 17:40 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-01-08 15:54 . 2009-01-08 15:54 <DIR> d-------- c:\programmi\Messenger Plus! Live
2009-01-08 12:41 . 2009-01-08 12:41 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2009-01-07 03:00 . 2009-01-07 03:00 <DIR> d-------- c:\programmi\MSXML 4.0
2009-01-06 17:34 . 2009-01-06 17:34 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\Image Zone Express
2009-01-06 17:34 . 2009-01-06 17:34 221 --a------ c:\windows\NCLogConfig.ini
2009-01-06 17:33 . 2009-01-06 17:34 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\HP
2009-01-06 17:32 . 2009-01-06 17:32 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\HP
2009-01-06 17:31 . 2009-01-06 17:32 <DIR> d-------- c:\programmi\File comuni\HP
2009-01-06 17:30 . 2009-01-06 17:30 <DIR> d-------- c:\programmi\Hewlett-Packard
2009-01-06 17:30 . 2009-01-06 17:30 <DIR> d-------- c:\programmi\File comuni\Hewlett-Packard
2009-01-06 17:29 . 2006-01-03 09:12 77,824 -ra------ c:\windows\system32\HPZIDS01.dll
2009-01-06 17:29 . 2006-04-12 03:04 49,664 -ra------ c:\windows\system32\drivers\HPZid412.sys
2009-01-06 17:29 . 2006-04-10 14:03 48,128 --a------ c:\windows\system32\hpzll054.dll
2009-01-06 17:29 . 2006-04-12 03:04 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2009-01-06 17:29 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-06 17:29 . 2008-04-13 11:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-06 17:28 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll
2009-01-06 17:28 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll
2009-01-06 17:28 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll
2009-01-06 17:28 . 2007-08-09 08:27 73,728 --a------ c:\windows\system32\HPZipm12.exe
2009-01-06 17:28 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe
2009-01-06 17:28 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll
2009-01-06 17:27 . 2009-01-08 12:41 <DIR> d-------- c:\programmi\HP
2009-01-06 17:27 . 2008-04-13 11:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-06 17:27 . 2008-04-13 11:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-01-06 17:21 . 2009-01-06 17:33 123,611 --a------ c:\windows\hpoins11.dat
2009-01-05 17:20 . 2009-01-05 17:20 <DIR> d-------- c:\windows\Sun
2009-01-05 16:52 . 2009-01-05 16:52 <DIR> d-------- c:\programmi\Java
2009-01-05 16:52 . 2009-01-05 16:52 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-05 16:52 . 2009-01-05 16:52 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-05 16:05 . 2009-01-05 16:05 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\Media Player Classic
2009-01-05 01:37 . 2009-01-05 01:37 <DIR> d-------- c:\programmi\Sports Interactive
2009-01-05 01:03 . 2009-01-05 01:03 <DIR> d-------- c:\programmi\Opera
2009-01-04 02:20 . 2009-01-06 14:05 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-04 02:20 . 2009-01-04 02:20 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\Malwarebytes
2009-01-04 02:20 . 2009-01-04 02:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-04 02:20 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 02:20 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-04 01:12 . 2009-01-04 01:12 <DIR> d-------- c:\documents and settings\All Users\all user
2009-01-04 01:04 . 2009-01-04 01:04 <DIR> d-------- c:\windows\Logs
2008-12-29 14:14 . 2008-12-12 18:01 3,088,896 -----c--- c:\windows\system32\dllcache\mshtml.dll
2008-12-29 14:14 . 2008-10-16 02:00 1,499,648 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2008-12-29 14:14 . 2008-10-16 02:00 668,672 -----c--- c:\windows\system32\dllcache\wininet.dll
2008-12-29 14:14 . 2008-10-16 02:00 619,520 -----c--- c:\windows\system32\dllcache\urlmon.dll
2008-12-29 01:41 . 2008-12-29 01:41 31,800 --a------ c:\windows\system32\xa20849218.exe
2008-12-29 01:41 . 2008-12-29 01:41 31,800 --a------ c:\windows\system32\xa20849031.exe
2008-12-29 01:40 . 2008-12-29 01:40 28,140,808 --a------ c:\windows\system32\xa20750812.exe
2008-12-29 01:40 . 2008-12-29 01:40 28,140,808 --a------ c:\windows\system32\xa20750156.exe
2008-12-29 01:39 . 2008-12-29 01:39 28,140,808 --a------ c:\windows\system32\xa20745875.exe
2008-12-29 01:39 . 2008-12-29 01:39 28,140,808 --a------ c:\windows\system32\xa20745234.exe
2008-12-29 01:39 . 2008-12-29 01:39 31,800 --a------ c:\windows\system32\xa20737593.exe
2008-12-29 01:39 . 2008-12-29 01:39 31,800 --a------ c:\windows\system32\xa20737406.exe
2008-12-29 01:38 . 2008-12-29 01:38 28,140,808 --a------ c:\windows\system32\xa20672656.exe
2008-12-29 01:38 . 2008-12-29 01:38 28,140,808 --a------ c:\windows\system32\xa20672000.exe
2008-12-29 01:38 . 2008-12-29 01:38 28,140,808 --a------ c:\windows\system32\xa20629937.exe
2008-12-29 01:37 . 2008-12-29 01:38 28,140,808 --a------ c:\windows\system32\xa20629250.exe
2008-12-29 01:37 . 2008-12-29 01:37 28,140,808 --a------ c:\windows\system32\xa20620062.exe
2008-12-29 01:37 . 2008-12-29 01:37 28,140,808 --a------ c:\windows\system32\xa20618546.exe
2008-12-29 01:37 . 2008-12-29 01:37 31,800 --a------ c:\windows\system32\xa20572890.exe
2008-12-29 01:37 . 2008-12-29 01:37 31,800 --a------ c:\windows\system32\xa20572687.exe
2008-12-29 01:36 . 2008-12-29 01:36 31,800 --a------ c:\windows\system32\xa20564562.exe
2008-12-29 01:36 . 2008-12-29 01:36 31,800 --a------ c:\windows\system32\xa20564359.exe
2008-12-28 23:05 . 2008-12-28 23:05 <DIR> d-------- C:\program files
2008-12-28 19:53 . 2008-12-28 19:53 230 --a------ c:\windows\system32\spupdsvc.inf
2008-12-28 01:06 . 2008-12-28 01:06 <DIR> d-------- c:\programmi\Any Video Converter
2008-12-28 01:06 . 2008-12-28 01:06 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\Any Video Converter
2008-12-28 00:28 . 2008-12-28 00:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2008-12-24 13:36 . 2008-12-24 13:36 <DIR> d-------- c:\programmi\Creative
2008-12-24 13:36 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-12-24 13:36 . 2002-06-06 14:38 139,264 --a------ c:\windows\system32\eax.dll
2008-12-24 13:09 . 2009-01-05 09:30 <DIR> d-------- c:\programmi\Mafia
2008-12-24 13:09 . 2002-08-20 13:17 217,088 -ra------ c:\windows\system32\MafiaSetup.exe
2008-12-23 14:07 . 2008-12-28 00:31 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\AdobeUM
2008-12-23 13:13 . 2009-01-04 00:54 <DIR> d-------- c:\programmi\File comuni\Adobe
2008-12-22 15:45 . 2009-01-09 12:37 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\OnlineArmor
2008-12-22 15:45 . 2008-12-23 13:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\OnlineArmor
2008-12-22 15:44 . 2008-12-22 15:44 <DIR> d-------- c:\programmi\Tall Emu
2008-12-22 15:44 . 2008-12-22 15:44 <DIR> d-------- C:\OnlineArmor
2008-12-22 15:44 . 2008-12-13 02:26 178,376 --a------ c:\windows\system32\drivers\OADriver.sys
2008-12-22 15:44 . 2008-12-13 02:26 30,920 --a------ c:\windows\system32\drivers\OAmon.sys
2008-12-22 15:44 . 2008-12-13 02:26 28,872 --a------ c:\windows\system32\drivers\OAnet.sys
2008-12-20 20:39 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-20 20:39 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-20 20:39 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-20 17:26 . 2008-12-20 18:07 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\Sports Interactive
2008-12-20 17:26 . 2008-12-20 17:32 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Sports Interactive
2008-12-20 17:15 . 2008-12-20 17:18 <DIR> d--h----- c:\programmi\Zero G Registry
2008-12-20 17:15 . 2008-12-20 17:15 <DIR> d--h----- c:\documents and settings\Carmelo\InstallAnywhere
2008-12-20 15:46 . 2008-12-20 15:46 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-12-20 15:46 . 2008-12-20 15:46 <DIR> d-------- c:\programmi\PC Connectivity Solution
2008-12-20 15:46 . 2008-12-20 15:46 <DIR> d-------- c:\programmi\File comuni\PCSuite
2008-12-20 15:46 . 2008-12-20 15:46 <DIR> d-------- c:\programmi\File comuni\Nokia
2008-12-20 15:46 . 2008-12-20 15:46 <DIR> d-------- c:\programmi\DIFX
2008-12-20 15:46 . 2009-01-09 01:11 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\PC Suite
2008-12-20 15:46 . 2009-01-09 01:11 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\Nokia
2008-12-20 15:46 . 2008-12-20 15:46 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2008-12-20 15:46 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2008-12-20 15:46 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-12-20 15:46 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-12-20 15:46 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2008-12-20 15:46 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-12-20 15:46 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-20 15:45 . 2008-12-20 15:46 <DIR> d-------- c:\programmi\Nokia
2008-12-20 15:45 . 2008-12-20 15:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Installations
2008-12-20 15:45 . 2008-09-15 07:56 91,136 --a------ c:\windows\system32\nmwcdcls.dll
2008-12-20 14:20 . 2009-01-09 12:37 <DIR> d-------- c:\documents and settings\Carmelo\Tracing
2008-12-20 14:12 . 2008-12-20 14:12 <DIR> d-------- c:\programmi\Microsoft
2008-12-20 14:11 . 2008-12-20 14:11 <DIR> d-------- c:\programmi\Windows Live SkyDrive
2008-12-20 14:11 . 2008-12-20 14:11 <DIR> d-------- c:\programmi\Windows Live
2008-12-20 13:46 . 2008-12-20 14:48 <DIR> d-------- c:\programmi\COMODO
2008-12-20 11:32 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-20 11:32 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-20 11:32 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-20 11:32 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-20 11:31 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-20 11:30 . 2008-06-14 18:32 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-20 11:29 . 2008-10-16 21:04 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-20 11:29 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-20 11:29 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 13:23 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-19 19:18 155,995 ----a-w c:\windows\java\Packages\8H7DRRF9.ZIP
2008-12-19 19:18 --------- d-----w c:\programmi\File comuni\InstallShield
2008-12-19 18:01 --------- d-----w c:\programmi\Realtek AC97
2008-12-19 17:57 --------- d-----w c:\programmi\Nvidia
2008-12-19 17:23 --------- d-----w c:\programmi\microsoft frontpage
2008-12-19 17:22 --------- d-----w c:\programmi\Servizi in linea
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:00 668,672 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2008-12-20 270128]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Google Update"="c:\documents and settings\Carmelo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-01-05 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"@OnlineArmor GUI"="c:\programmi\Tall Emu\Online Armor\oaui.exe" [2008-12-13 6223048]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-12-19 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
SnagIt 8.lnk - c:\programmi\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-16 6379080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2008-12-13 886984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=c:\windows\system32\ropfnqz.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Carmelo\\Desktop\\eMule0.49b\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-12-22 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-12-22 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-12-22 28872]
R4 OAcat;Online Armor Helper Service;c:\programmi\Tall Emu\Online Armor\oacat.exe [2008-12-22 1402568]
R4 SvcOnlineArmor;Online Armor;c:\programmi\Tall Emu\Online Armor\oasrv.exe [2008-12-22 3321032]
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1547161642-839522115-1003.job
- c:\documents and settings\Carmelo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-01-05 12:48]
.
- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementare di scansione -------
.
TCP: {976F4D7C-3FDD-4250-BF1E-900C93BA6C6D} = 193.12.150.2 212.247.152.2

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Carmelo\Dati applicazioni\Mozilla\Firefox\Profiles\rt5d0hw5.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Carmelo\Impostazioni locali\Dati applicazioni\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 13:02:46
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3260)
c:\programmi\Tall Emu\Online Armor\oawatch.dll
c:\progra~1\WINDOW~2\wmpband.dll
.
Ora fine scansione: 2009-01-09 13:05:19
ComboFix-quarantined-files.txt 2009-01-09 12:05:14

Pre-Run: 81,603,903,488 byte disponibili
Post-Run: 81,831,866,368 byte disponibili

259 --- E O F --- 2009-01-07 02:00:35
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT


Re: Temo di aver preso un'altra bestiaccia...

Messaggioda ste_95 » ven gen 09, 2009 2:56 pm

Scansiona il seguente file su www.virustotal.com
c:\windows\system32\xa20750812.exe
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Temo di aver preso un'altra bestiaccia...

Messaggioda CarDependant » ven gen 09, 2009 6:26 pm

Non lo analizza, è un file troppo grande, comunque questo file fa riferimento a un gioco installato da me, quindi è innocuo.
Qualcos'altro?
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Re: Temo di aver preso un'altra bestiaccia...

Messaggioda ste_95 » ven gen 09, 2009 7:03 pm

Quando ti appare il messaggio che hai postato?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Temo di aver preso un'altra bestiaccia...

Messaggioda CarDependant » ven gen 09, 2009 7:07 pm

Dopo molto tempo, ste_95.
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Re: Temo di aver preso un'altra bestiaccia...

Messaggioda ste_95 » ven gen 09, 2009 7:17 pm

CarDependant ha scritto:Dopo molto tempo, ste_95.

A caso?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Temo di aver preso un'altra bestiaccia...

Messaggioda CarDependant » ven gen 09, 2009 7:23 pm

Non ricordo perche ho lanciato la scansione su quel sito e mi ero allontanato perché vedevo che ci stava molto...il file che mi hai indicato comunque è di 26 MB circa, l'ho passato poi con Antivir e non m'ha trovato nulla...
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Re: Temo di aver preso un'altra bestiaccia...

Messaggioda ste_95 » ven gen 09, 2009 7:31 pm

Bah, se quel messaggio ti è apparso una volta, non vedo perché preoccuparsi, altrimenti non saprei, tutti i log sono puliti. Hai già provato ad effettuare qualche scansione locale od online?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Temo di aver preso un'altra bestiaccia...

Messaggioda CarDependant » ven gen 09, 2009 8:04 pm

A questo punto credo proprio che lo formatterò...
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising