Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

msn?!?!?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

msn?!?!?

Messaggioda alessandrocolombano » lun feb 23, 2009 4:24 pm

salve a tutti! i miei contatti mi hanno detto di aver ricevuto una mail che gli diceva che il mio indirizzo msn era infettato da virus e di cambiare il mio contatto in uno che era uguale a quello che chiedeva di sostituire. avevo messenger plus ma ora non più. che può essere successo? uno spam? virus di plus? ho kaspersky internet security e non ha rilevato niente! grazie per l'aiuto!
Avatar utente
alessandrocolombano
Aficionado
Aficionado
 
Messaggi: 49
Iscritto il: lun ago 18, 2008 7:53 pm

Re: msn?!?!?

Messaggioda crazy.cat » lun feb 23, 2009 7:16 pm

Fai la scansione con combofix e poi posta il log che ne risulta.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: msn?!?!?

Messaggioda alessandrocolombano » mar feb 24, 2009 10:11 am

ecco il log

ComboFix 09-02-21.01 - SYSTEM 2009-02-24 0:53:30.3 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.2046.1603 [GMT 1:00]
Eseguito da: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 080523-0] *On-access scanning enabled* (Updated)
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *disabled*
FW: ZoneAlarm Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\fufvnten.ini
c:\windows\system32\miehedle.ini
c:\windows\system32\ncfigtba.ini
c:\windows\system32\pepjceto.ini
c:\windows\system32\tnqhhfaw.ini

.
((((((((((((((((((((((((( Files Creati Da 2009-01-23 al 2009-02-23 )))))))))))))))))))))))))))))))))))
.

2009-02-15 22:07 . 2009-02-15 22:07 8,280 --a------ c:\windows\SETUP.LST
2009-02-15 22:07 . 2009-02-15 22:07 256 --a------ c:\windows\ST6UNST.002
2009-02-15 21:59 . 2009-02-15 22:00 1,090 --a------ c:\windows\ST6UNST.001
2009-02-14 21:40 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-14 21:40 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-14 21:40 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-14 21:40 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-14 21:40 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-14 21:40 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-14 21:40 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-14 21:40 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-14 21:31 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-14 21:31 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-14 21:31 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-14 21:31 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-14 21:31 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-14 16:54 . 2009-02-23 15:09 <DIR> d-------- c:\users\user\Tracing
2009-02-13 01:17 . 2009-02-23 17:06 <DIR> d-------- c:\users\Ale\Tracing
2009-02-13 01:14 . 2009-02-13 01:14 <DIR> d----c--- c:\program files\Microsoft Sync Framework
2009-02-13 01:04 . 2009-02-13 01:04 <DIR> d----c--- c:\program files\Windows Live SkyDrive
2009-02-13 01:04 . 2009-02-13 01:04 <DIR> d----c--- c:\program files\Microsoft
2009-02-12 20:06 . 2009-02-12 20:06 <DIR> d----c--- c:\program files\Common Files\Windows Live
2009-02-08 16:27 . 2009-02-08 16:27 98,304 --a------ c:\windows\system32CmdLineExt.dll
2009-02-08 01:54 . 2009-02-08 11:47 <DIR> d----c--- c:\program files\SpeedBit Video Accelerator
2009-02-08 01:47 . 2009-02-08 11:44 <DIR> d-------- c:\users\All Users\SpeedBit
2009-02-08 01:47 . 2009-02-08 11:44 <DIR> d-------- c:\programdata\SpeedBit
2009-02-08 01:16 . 2009-02-23 17:04 10,056,736 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-02-08 01:16 . 2009-02-24 01:00 1,212,448 --ahs---- c:\windows\System32\drivers\fidbox2.dat
2009-02-08 01:16 . 2009-02-23 17:04 80,696 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-02-08 01:16 . 2009-02-24 01:00 5,224 --ahs---- c:\windows\System32\drivers\fidbox2.idx
2009-02-06 20:01 . 2009-02-06 20:01 308,088 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:58 . 2009-02-06 20:13 <DIR> d-------- c:\windows\Internet Logs
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
2009-02-06 18:51 . 2009-02-06 18:51 135,168 --a--c--- C:\zip.exe
2009-02-06 18:51 . 2009-02-06 18:51 19,286 --a--c--- C:\cleanup.exe
2009-02-06 18:51 . 2009-02-06 18:51 574 --a--c--- C:\cleanup.bat
2009-02-03 19:45 . 2009-02-03 19:45 <DIR> dr-h-c--- C:\MSOCache
2009-02-03 19:05 . 2009-02-03 19:07 <DIR> d----c--- c:\program files\FreePOPs
2009-02-03 18:51 . 2009-02-03 18:51 <DIR> d-------- c:\users\Ale\AppData\Roaming\Thunderbird
2009-02-01 12:41 . 2009-02-01 12:41 <DIR> d----c--- c:\program files\MagicDVDRipper
2009-01-28 18:07 . 2009-01-28 18:07 <DIR> d----c--- c:\program files\Hewlett-Packard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 00:00 --------- d-----w c:\users\Ale\AppData\Roaming\Skype
2009-02-23 23:59 --------- d-----w c:\users\Ale\AppData\Roaming\soundcrank
2009-02-23 23:59 --------- d-----w c:\users\Ale\AppData\Roaming\skypePM
2009-02-23 23:41 --------- d-----w c:\users\Ale\AppData\Roaming\uTorrent
2009-02-23 21:19 --------- d-----w c:\programdata\Google Updater
2009-02-23 16:06 --------- d-----w c:\programdata\Kaspersky Lab
2009-02-23 14:09 --------- d-----w c:\users\user\AppData\Roaming\soundcrank
2009-02-19 14:51 --------- d-----w c:\users\Ale\AppData\Roaming\HTNetMeter
2009-02-19 14:50 --------- dc----w c:\program files\HooTech
2009-02-15 21:07 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-02-15 21:07 249,856 ------w c:\windows\Setup1.exe
2009-02-15 12:59 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-14 20:55 --------- d-----w c:\program files\Windows Mail
2009-02-14 15:54 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-13 00:16 --------- d-----w c:\program files\Windows Live
2009-02-13 00:15 --------- d-----w c:\program files\Windows Live Toolbar
2009-02-12 22:38 --------- dc----w c:\program files\FSacars
2009-02-12 21:52 --------- d-----w c:\users\Ale\AppData\Roaming\teamspeak2
2009-02-12 19:04 --------- dc----w c:\program files\Messenger Plus! Live
2009-02-08 10:44 --------- d---a-w c:\programdata\TEMP
2009-02-08 00:50 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-08 00:50 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-08 00:50 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-08 00:14 --------- dc----w c:\program files\Spybot - Search & Destroy
2009-02-05 21:01 --------- dc----w c:\program files\Unlocker
2009-02-03 18:05 --------- d-----w c:\users\Ale\AppData\Roaming\Any Video Converter
2009-01-30 14:29 --------- d-----w c:\programdata\Yahoo! Companion
2009-01-30 12:27 --------- d-----w c:\users\user\AppData\Roaming\Skype
2009-01-28 22:13 --------- dc----w c:\program files\CCleaner
2009-01-28 17:09 --------- d-----w c:\programdata\HP
2009-01-22 14:00 --------- dc----w c:\program files\iTunes
2009-01-22 14:00 --------- dc----w c:\program files\iPod
2009-01-22 14:00 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-22 13:59 --------- dc----w c:\program files\Common Files\Apple
2009-01-22 13:58 --------- dc----w c:\program files\QuickTime
2009-01-22 13:57 --------- d-----w c:\programdata\Apple Computer
2009-01-22 13:53 --------- dc----w c:\program files\Google
2009-01-21 12:29 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-18 09:29 --------- dc----w c:\program files\vasfmc
2009-01-13 18:15 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-01-13 18:14 --------- dc----w c:\program files\TP-LINK
2009-01-13 17:33 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-01-13 17:33 --------- dc----w c:\program files\Logitech
2009-01-13 17:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-13 17:31 --------- dc----w c:\program files\Common Files\LogiShrd
2009-01-13 17:30 --------- d-----w c:\programdata\Logishrd
2009-01-08 23:04 --------- dc----w c:\program files\SpeedFan
2009-01-07 23:35 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-01-07 23:35 --------- d-----w c:\program files\Realtek
2009-01-07 22:17 --------- dc----w c:\program files\Teamspeak2_RC2
2009-01-07 11:36 --------- dc----w c:\program files\Common Files\Logitech
2009-01-04 23:03 --------- d-----w c:\program files\Microsoft Games
2009-01-04 22:56 --------- d-----w c:\users\Ale\AppData\Roaming\Image Zone Express
2009-01-03 17:48 --------- dc----w c:\program files\DOSBox-0.72
2008-12-30 20:41 --------- dc----w c:\program files\FSC
2008-12-29 10:47 --------- d-----w c:\users\Giampiero\AppData\Roaming\uTorrent
2008-12-29 10:41 --------- d-----w c:\users\Giampiero\AppData\Roaming\soundcrank
2008-12-29 10:40 --------- d-----w c:\users\Giampiero\AppData\Roaming\Skype
2008-12-29 10:40 --------- d-----w c:\users\Giampiero\AppData\Roaming\qliner
2008-12-29 10:39 --------- d-----w c:\users\Giampiero\AppData\Roaming\skypePM
2008-12-29 10:38 --------- d-----w c:\users\Giampiero\AppData\Roaming\Nero
2008-12-28 17:48 --------- dc----w c:\program files\NCH Swift Sound
2008-12-11 15:14 22,328 ----a-w c:\users\Ale\AppData\Roaming\PnkBstrK.sys
2008-12-06 12:52 737,280 ----a-w c:\windows\iun6002.exe
2008-11-26 20:29 283,648 ----a-w c:\windows\sduninstall.exe
2008-08-18 15:49 100 -c--a-w c:\program files\lpsrrs.txt
2008-03-20 17:29 32 ----a-w c:\users\All Users\ezsid.dat
2008-03-20 17:29 32 ----a-w c:\programdata\ezsid.dat
2007-12-11 21:50 174 --sha-w c:\program files\desktop.ini
2002-08-20 12:17 217,088 ----a-r c:\users\Ale\AppData\Roaming\MafiaSetup.exe
2008-07-30 13:27 90 --sh--w c:\windows\cnerolf.bin
2008-07-07 18:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-07 18:09 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-07 18:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-07-17 09:56 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-17 09:56 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-17 09:56 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-08-19 09:26 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-18 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-05-28 219952]
"Google Update"="c:\users\Ale\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"NetMeter"="c:\program files\HooTech\NetMeter\HooNetMeter.exe" [2009-02-19 458752]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"KMCONFIG"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-09 144792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"AliceRV_McciTrayApp"="c:\program files\Alice ti aiuta\McciTrayApp.exe" [2007-01-23 1001472]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-16 185872]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"00Hotkeys"="c:\program files\Qliner Hotkeys\HotKeys.exe" [2006-12-02 45056]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-08 206088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-03-25 218496]

c:\users\Ale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Alice ADSL.lnk - c:\windows\System32\rasphone.exe [2008-06-06 39424]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-01-13 66864]
SoundcrankLoader.lnk - c:\program files\Soundcrank\SoundcrankLoader.exe [2008-06-14 97280]
TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe [2009-01-13 622592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_Dlls"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.IV41"= IR41_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000004
"UpdatesDisableNotify"=dword:00000004

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-654735759-1580040636-1870263581-1001]
"EnableNotificationsRef"=dword:00000009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F53BF8E9-868D-472D-9B19-F862D72D5F5A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6255F4C3-FED8-4498-B8CB-31F181FBA8F8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{951258A4-86D2-46D0-BB24-95393399E9F4}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4DF24077-AF71-4E81-A40A-5E380C04CE96}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{0813CB8B-E2AF-42D6-81DE-FDC02A8A63AF}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{9291E9FA-3A40-42C1-96B4-DD93DA03B617}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{13BA4036-7309-4D8A-AA4B-6D9731143153}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{DBEAB16F-4BDE-4159-BBEB-5AAB1884863C}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{8F08D1EC-CF1A-4497-80F8-71CC687508EB}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{3294867D-822F-436E-A5E8-7FCCA59BA1C8}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{24F6CD2A-DF95-4DA1-A1F8-3DB566FA4AE2}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{0412EC3D-D865-4CB2-B670-5A8A18A3568F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{281306B9-08D5-4897-9D92-64D0F785EC3B}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{94A3F6DA-3593-4DA3-B05F-D9AED95463AF}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{CB1B0CFC-9FAE-426E-872F-CCB909A79CB3}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{A646F472-459D-49E7-BD7E-46F035002031}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{223461B5-5783-4529-96A5-116AF3F89492}c:\\users\\ale\\program files\\dna\\btdna.exe"= UDP:c:\users\ale\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CE3CA3D5-5C9A-4C4C-9CD7-19345B0A07E0}c:\\users\\ale\\program files\\dna\\btdna.exe"= TCP:c:\users\ale\program files\dna\btdna.exe:btdna.exe
"TCP Query User{B51FDD98-65E2-4C22-8101-DF14F2EF4D35}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{12C0663F-7480-4027-BF37-44BF8B3B2AEC}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"{D05A000A-3FF0-4957-99FA-B7B8EDE87BEE}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3638D3CD-1F82-45D6-8C13-7BFC8130E05F}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0134BA45-59B8-47E0-8159-EA68E699A784}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{40AC4A1B-B488-42B9-BB34-3B347CA5F547}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{7AE08522-637D-40B7-9595-085B9508F70A}c:\\team17\\worms2\\frontend.exe"= UDP:c:\team17\worms2\frontend.exe:Worms 2 Frontend
"UDP Query User{4B5A5DE4-65E9-4BD0-9E9B-BC1A0ECC6AA3}c:\\team17\\worms2\\frontend.exe"= TCP:c:\team17\worms2\frontend.exe:Worms 2 Frontend
"TCP Query User{8A9A0F31-81E0-44DF-8C24-58E208A3F0DB}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Helper Microsoft DirectPlay
"UDP Query User{33B055B4-60A4-4EB1-85D8-4EA15623BE83}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Helper Microsoft DirectPlay
"{E1E013FE-6A11-467D-9A33-867502A6D51E}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{8E0F01FF-4C1A-488F-B649-EC86A741E407}"= UDP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{2389B8E6-1755-458F-BBEF-D8983DB5C6E3}"= TCP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"TCP Query User{65D7FC00-86D6-4A4E-9088-19B6438B86CC}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{111B2485-93E7-4658-8B4C-8424CFA0DE41}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{012C312B-75B2-42E4-AFC7-62030B6FAD58}c:\\program files\\ubisoft\\il-2 sturmovik 1946\\il2fb.exe"= Disabled:UDP:c:\program files\ubisoft\il-2 sturmovik 1946\il2fb.exe:il2fb
"UDP Query User{95F44684-4854-413D-AE52-C3DABB5E5DA8}c:\\program files\\ubisoft\\il-2 sturmovik 1946\\il2fb.exe"= Disabled:TCP:c:\program files\ubisoft\il-2 sturmovik 1946\il2fb.exe:il2fb
"TCP Query User{E341DEA7-04A8-473B-904B-61FBF7C5D39A}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= Disabled:UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{0D80DFFA-B318-410C-98BE-587DC878A1DA}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= Disabled:TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{CC201CB5-3406-46B7-9053-A1A1607A7F85}c:\\kav\\kav7.0\\english\\setup.exe"= UDP:c:\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{3C2EB320-BE74-48DB-88B5-711397C00FFD}c:\\kav\\kav7.0\\english\\setup.exe"= TCP:c:\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{C63290AC-866A-4BEC-B704-C03EA98A880A}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{7B6B7DEF-8891-4909-8778-E209C3834EE3}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"{B48AA4E9-F51E-489E-A54D-7B99B67C8ABF}"= UDP:c:\program files\uTorrent\uTorrent.exe:uTorrent
"{339BF3E7-01F2-48A1-99A1-BFCB45A651E3}"= TCP:c:\program files\uTorrent\uTorrent.exe:uTorrent
"TCP Query User{75FB8904-9187-4DF2-BD25-3F3DE1DF8FE5}c:\\users\\ale\\desktop\\cacca\\utorrent_1.7.7.exe"= UDP:c:\users\ale\desktop\cacca\utorrent_1.7.7.exe:utorrent_1.7.7.exe
"UDP Query User{85C3A2F5-C367-47AB-B0E1-0DFC7A934F15}c:\\users\\ale\\desktop\\cacca\\utorrent_1.7.7.exe"= TCP:c:\users\ale\desktop\cacca\utorrent_1.7.7.exe:utorrent_1.7.7.exe
"{2839A547-105A-474A-93FC-0828CCFBCB2C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5CFA8F96-264D-4E80-ABD6-1967F4026266}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7D99BFFE-8F70-441F-8E94-7CFB2568422A}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{A7574008-B0FE-4800-8688-B7E834E6E8E0}"= UDP:c:\program files\Microsoft Games\Flight Simulator\FLTSIM98.EXE:Flight Simulator 98
"{EE774F48-0261-4CA2-BF4B-3BF5420DA927}"= TCP:c:\program files\Microsoft Games\Flight Simulator\FLTSIM98.EXE:Flight Simulator 98
"TCP Query User{2B207A12-46C3-4D65-B825-8582677AED26}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\italian\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\italian\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{F59E8432-FFBB-4313-B1E5-EF0C20D79F47}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\italian\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\italian\setup.exe:Kaspersky Internet Security 2009 Setup
"{A5F19E0A-77F9-4C32-9261-114592CEAA11}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{67017158-3744-4529-A07E-3BB78294A142}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{88EC1F5B-2E11-4BAE-8336-37680BF3A7C2}"= UDP:C:\winvnc.exe:mqdsmode=enablescope=all
"{E3EE27CE-3748-471A-ACFA-5E8F4C602BC7}"= TCP:C:\winvnc.exe:mqdsmode=enablescope=all
"{1643B963-B44C-485E-B1FA-CEC5347A8BD6}"= UDP:C:\winvnc.exe:mqdsmode=enablescope=all
"{CBD89356-F521-445F-9295-6BF7A78F19FD}"= TCP:C:\winvnc.exe:mqdsmode=enablescope=all
"TCP Query User{3CE30692-F254-4051-A415-74232A02D285}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C13157F7-3E54-46BA-B371-A3D2E145CA2B}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{71373EE6-0B1E-46F7-8701-0C28F79BE2EE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3F7A91F4-635E-4CCF-8746-E287151498B2}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{33E6D7BD-7D88-4553-95B3-07377A200BEB}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{4606D10E-B2DE-49EE-A658-B09ED16B0504}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{67E080A8-A268-4009-BE66-7155B93B4F7A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{8046D2E0-E147-4233-AF6A-DA111F81A89A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{385D74C8-C890-4595-B85E-1F9BB391823E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CD3B3CAA-B031-4DF5-9CA7-EC60FEB9C924}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{0C5F9C65-409E-47E7-A12B-3E9B12F360B9}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{E73C92EA-7733-4CA8-96DB-DE9B8385907B}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BBCDD317-E717-4D26-8F00-D1F5F369C255}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9EE70C06-804D-4C89-9EF6-33407C3439C9}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{89131462-2922-4017-B4D4-3791654EFE13}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{921F8021-CEBD-4048-8E4E-C08BE7ADD576}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3C512C21-984F-41D0-BFDF-737A3BB1A244}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{12AC90E6-A60E-433E-AB17-68EAB20F1D5F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2008-08-17 28544]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\System32\drivers\StarPortLite.sys [2008-04-23 85760]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe [2007-05-10 208896]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [2008-11-12 46592]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [2007-05-11 329728]
S3 RkPavproc2;RkPavproc2;c:\windows\System32\drivers\RkPavproc2.sys [2008-08-17 16952]
S3 sdAuxService;PC Tools Auxiliary Service; [x]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70b33549-1cee-11dd-adf9-001d6088553e}]
\shell\AutoRun\command - e:\setup\rsrc\autorun.exe
\shell\dinstall\command - e:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b482af38-ec47-11dc-8651-001d6088553e}]
\shell\AutoRun\command - g:\setup\rsrc\autorun.exe
\shell\dinstall\command - g:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9038d3e-c75f-11dd-bb18-001d6088553e}]
\shell\AutoRun\command - F:\MafiaLauncher.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdd54e11-2f1c-11dd-95e4-001d6088553e}]
\shell\AutoRun\command - g:\setup\rsrc\autorun.exe
\shell\dinstall\command - g:\directx\dxsetup.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-654735759-1580040636-1870263581-1001.job
- c:\users\Ale\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 11:34]

2009-02-23 c:\windows\Tasks\User_Feed_Synchronization-{D2F2E3AE-B412-4662-AE8D-EFA8A45FE823}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
ShellExecuteHooks-{508E980C-F09F-4908-BCC6-F4C533A15EA6} - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://mystart.incredimail.com/
IE: c:\users\Ale\Desktop\Rapidown\Nuova cartella\rapidownGetAll.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi a PDF esistente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi al banner Blocco pubblicità - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Converti destinazione link in Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
TCP: {28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E} = 85.37.17.8 85.38.28.73
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Ale\AppData\Roaming\Mozilla\Firefox\Profiles\42jyl095.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Ale\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 01:00:44
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(11020)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\conime.exe
c:\program files\Trust\R-Series Mouse And Keyboard\KMCONFIG.exe
c:\windows\System32\rundll32.exe
c:\program files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Musicmatch\Musicmatch Jukebox\mim.exe
c:\program files\Trust\R-Series Mouse And Keyboard\KMProcess.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\iashost.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-24 1:09:24 - Il pc è stato riavviato [Ale]
ComboFix-quarantined-files.txt 2009-02-24 00:08:44
ComboFix2.txt 2008-09-05 18:06:55
ComboFix3.txt 2008-08-20 11:58:07

Pre-Run: Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
Post-Run: 180,640,247,808 byte disponibili

430 --- E O F --- 2009-02-14 20:53:48
Avatar utente
alessandrocolombano
Aficionado
Aficionado
 
Messaggi: 49
Iscritto il: lun ago 18, 2008 7:53 pm


Re: msn?!?!?

Messaggioda ste_95 » mar feb 24, 2009 10:50 am

Dai un'occhiata a questo articolo:
http://www.MegaLab.it/2785/vundo-liberi ... per-sempre
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: msn?!?!?

Messaggioda alessandrocolombano » mar feb 24, 2009 11:00 am

ancora vundo?????? credevo di averlo eliminato mannaggia!
Avatar utente
alessandrocolombano
Aficionado
Aficionado
 
Messaggi: 49
Iscritto il: lun ago 18, 2008 7:53 pm

Re: msn?!?!?

Messaggioda alessandrocolombano » mar feb 24, 2009 12:04 pm

ho usato i vari programmi per rimuovere vundo ma non hanno trovato niente
Avatar utente
alessandrocolombano
Aficionado
Aficionado
 
Messaggi: 49
Iscritto il: lun ago 18, 2008 7:53 pm

Re: msn?!?!?

Messaggioda ste_95 » mar feb 24, 2009 12:15 pm

Scarica HijackThis
Salvalo in una cartella (non aprirlo direttamente, sennò non farà i backup!)
Apri l'eseguibile
Clicca quindi su "Do a System Scan and Save a Logfile"
Attendi che finisca la scansione
Posta sul forum il risultato facendo attenzione a queste regole.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: msn?!?!?

Messaggioda alessandrocolombano » mar feb 24, 2009 12:51 pm

ecco il lodg di hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54, on 2009-02-24
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\KMConfig.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alice ti aiuta\McciTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Qliner Hotkeys\HotKeys.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Ale\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Soundcrank\SoundcrankLoader.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\KMProcess.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Ale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [KMCONFIG] "C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" KMConfig.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AliceRV_McciTrayApp] C:\Program Files\Alice ti aiuta\McciTrayApp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [00Hotkeys] "C:\Program Files\Qliner Hotkeys\HotKeys.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ale\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: Alice ADSL.lnk = C:\Windows\System32\rasphone.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: SoundcrankLoader.lnk = C:\Program Files\Soundcrank\SoundcrankLoader.exe
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.avp.it/kos/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packa ... anager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.8 85.38.28.73
O17 - HKLM\System\CS1\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.8 85.38.28.73
O17 - HKLM\System\CS2\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.8 85.38.28.73
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 16249 bytes
Avatar utente
alessandrocolombano
Aficionado
Aficionado
 
Messaggi: 49
Iscritto il: lun ago 18, 2008 7:53 pm

Re: msn?!?!?

Messaggioda ste_95 » mar feb 24, 2009 1:06 pm

Non vedo anomalie... Dovresti essere a posto. [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: msn?!?!?

Messaggioda Amantide » mar feb 24, 2009 1:25 pm

Proprio a posto non direi, visto che è ancora presente questo trojan http://www.f-secure.com/v-descs/trojan- ... a_rm.shtml

Copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.

Codice: Seleziona tutto
File::
C:\zip.exe
C:\cleanup.exe
C:\cleanup.bat
C:\WINDOWS\msnmsgsr.exe


Ora trascina il file CFScript.txt sull'icona di Combofix.exe ed aspetta il termine della scansione. Posta il nuovo log di Combofix.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: msn?!?!?

Messaggioda ste_95 » mar feb 24, 2009 2:06 pm

L'hai intuito da questi?
alessandrocolombano ha scritto:2009-02-06 18:51 . 2009-02-06 18:51 135,168 --a--c--- C:\zip.exe
2009-02-06 18:51 . 2009-02-06 18:51 19,286 --a--c--- C:\cleanup.exe
2009-02-06 18:51 . 2009-02-06 18:51 574 --a--c--- C:\cleanup.bat

Potrebbero anche essere resti di Avenger... [uhm]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: msn?!?!?

Messaggioda alessandrocolombano » mar feb 24, 2009 3:53 pm

beh in effetti in passato ho avuto bisogno di avenger per bagle! in ogni caso non posso usare lo script perché ho vista e il programma per funzionare deve essere avviato come amministratore usando il tasto destro e quindi capite che se trascino un il file dello script il programma non si avvia da amministratore e quindi niente...ho provato sempre col tasto destro a far eseguire il programma automaticamente come amministratore ma la casella è sbiadita e non si fa toccare...bo non so che fare
Avatar utente
alessandrocolombano
Aficionado
Aficionado
 
Messaggi: 49
Iscritto il: lun ago 18, 2008 7:53 pm

Re: msn?!?!?

Messaggioda Amantide » mar feb 24, 2009 5:36 pm

ste_95 ha scritto:L'hai intuito da questi?
alessandrocolombano ha scritto:2009-02-06 18:51 . 2009-02-06 18:51 135,168 --a--c--- C:\zip.exe
2009-02-06 18:51 . 2009-02-06 18:51 19,286 --a--c--- C:\cleanup.exe
2009-02-06 18:51 . 2009-02-06 18:51 574 --a--c--- C:\cleanup.bat

Potrebbero anche essere resti di Avenger... [uhm]

Diciamo che mi ha insospettito il fatto che tra i file infetti creati da quel trojan è indicato anche il file dal nome C:\WINDOWS\msnmsgsr.exe, e visto che il problema originale era dovuto proprio al msn... ho fatto semplicemente 2+2 [boh]

P.S. I file possono essere rimossi anche con l'aiuto di Unlocker.

P.S2. La scansione con Kaspersky hai effettuato dalla modalità provvisoria?
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: msn?!?!?

Messaggioda alessandrocolombano » mer feb 25, 2009 9:20 pm

appena ho un attimo di tempo faccio la scansione con kaspersky in modalità provvisoria e vi mostro il log!
Avatar utente
alessandrocolombano
Aficionado
Aficionado
 
Messaggi: 49
Iscritto il: lun ago 18, 2008 7:53 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising