Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

probabile virus (messenger)

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

probabile virus (messenger)

Messaggioda kegia20 » gio mag 07, 2009 3:29 pm

Ciao a tutti allego il log...sto sistemando il pc ad una mia amica che dice di aver accettato un file infetto su msn...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.29.39, on 07/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\Sony\VAIO Camera Utility\VCUServe.exe
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\dllcache\iexplore.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\msnmsgrss.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
C:\Programmi\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\TEMP\FXFF28.EXE
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Programmi\Windows Live\Toolbar\wltuser.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Trend Micro\OfficeScan Client\TSC.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Sony\Impostazioni locali\Dati applicazioni\CyberDefender\cdmyidd.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Sony\Impostazioni locali\Dati applicazioni\CyberDefender\cdmyidd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Sony\Impostazioni locali\Dati applicazioni\CyberDefender\cdmyidd.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Programmi\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Microsoft©] C:\WINDOWS\system32\dllcache\iexplore.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows UDP Control Center] msnmsgrss.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .cdx: C:\Programmi\Internet Explorer\PLUGINS\Npcdp32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://antivirus.ifom-ieo-campus.it:43 ... nNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://antivirus.ifom-ieo-campus.it:43 ... /setup.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://antivirus.ifom-ieo-campus.it:43 ... AtxEnc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://antivirus.ifom-ieo-campus.it:43 ... veCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programmi\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programmi\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 18125 bytes


ciao e grazie
Avatar utente
kegia20
Aficionado
Aficionado
 
Messaggi: 78
Iscritto il: ven feb 04, 2005 2:09 pm
Località: Verona, Milano, Firenze

Re: probabile virus (messenger)

Messaggioda Seba:-) » gio mag 07, 2009 3:45 pm

Ci sono un paio di cosette che proprio non mi convincono

O4 - HKLM\..\Run: [Windows UDP Control Center] msnmsgrss.exe
C:\WINDOWS\msnmsgrss.exe
C:\WINDOWS\TEMP\FXFF28.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
[R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Sony\Impostazioni locali\Dati applicazioni\CyberDefender\cdmyidd.dll
[list=]O4 - HKLM\..\Run: [Microsoft©] C:\WINDOWS\system32\dllcache\iexplore.exe

Falle controllare su virustotal.com.
Grazie Zane!
Avatar utente
Seba:-)
Silver Member
Silver Member
 
Messaggi: 1739
Iscritto il: ven nov 07, 2008 7:16 pm

Re: probabile virus (messenger)

Messaggioda crazy.cat » gio mag 07, 2009 3:47 pm

Qui ci sono un paio di validi candidati al titolo di virus
O4 - HKLM\..\Run: [Microsoft©] C:\WINDOWS\system32\dllcache\iexplore.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] msnmsgrss.exe
da analizzare su http://www.virustoal.com e poi da vaporizzare.

Questa mi era sfuggita, però potrebbe essere il controllo in tempo reale di Office scan che crea sempre un file dal nome casuale nella cartella temp, potrebbe avere l'icona di un cane.
Seba:-) ha scritto:C:\WINDOWS\TEMP\FXFF28.EXE

Comunque fallo analizzare lo stesso.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Re: probabile virus (messenger)

Messaggioda kegia20 » gio mag 07, 2009 4:10 pm

Seba:-) ha scritto:O4 - HKLM\..\Run: [Windows UDP Control Center] msnmsgrss.exe
C:\WINDOWS\msnmsgrss.exe
C:\WINDOWS\TEMP\FXFF28.EXE


allora il primo mi dà una probabilità del 25%, comunque anche dal nome direi che è un backdoor...come lo fulmino? lo fixo da hijackthis o uso combofix?
il secondo solo 1/40 di probabilità...che faccio? (ha effettivamente l'icona di un cane)

Seba:-) ha scritto:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
[R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Sony\Impostazioni locali\Dati applicazioni\CyberDefender\cdmyidd.dll
[list=]O4 - HKLM\..\Run: [Microsoft©] C:\WINDOWS\system32\dllcache\iexplore.exe

Falle controllare su virustotal.com.


il primo di questi lo controllo dopo, il secondo di questi mi dava paranoid euristic...non credo sia tanto sospettabile.

Che dite?

Ciao grazie
Avatar utente
kegia20
Aficionado
Aficionado
 
Messaggi: 78
Iscritto il: ven feb 04, 2005 2:09 pm
Località: Verona, Milano, Firenze

Re: probabile virus (messenger)

Messaggioda crazy.cat » gio mag 07, 2009 4:14 pm

kegia20 ha scritto:il secondo solo 1/40 di probabilità...che faccio? (ha effettivamente l'icona di un cane)
Lascialo in pace allora è parte dell'antivirus,

kegia20 ha scritto:il secondo di questi mi dava paranoid euristic...non credo sia tanto sospettabile.

In quella cartella con quel nome e messo in esecuzione automatica puzza tantissimo.
Cancellalo.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: probabile virus (messenger)

Messaggioda kegia20 » gio mag 07, 2009 4:17 pm

adesso sto scansionando con combofix, appena ha finito attacco il log e vediamo cos'ha tolto...poi eventualmente ciò che è rimasto lo fixo con hijack?

ecco il log:

ComboFix 09-05-06.08 - Sony 07/05/2009 17.14.07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1022.241 [GMT 2:00]
Running from: c:\documents and settings\Sony\Desktop\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090506-0] *On-access scanning enabled* (Updated)
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Outdated)
.

((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-05-07 15:13 . 2009-05-07 15:13 99328 ----a-w C:\rpgg.exe
2009-05-07 14:52 . 2009-05-07 15:05 100352 ----a-w C:\mp3.exe
2009-05-07 14:50 . 2009-05-07 14:50 -------- d-----w c:\docume~1\ALLUSE~1\DATIAP~1\SITEguard
2009-05-07 14:48 . 2009-05-07 14:48 -------- d-----w c:\programmi\STOPzilla!
2009-05-07 14:48 . 2009-05-07 14:48 -------- d-----w c:\programmi\File comuni\iS3
2009-05-07 14:48 . 2009-05-07 15:00 -------- d-----w c:\docume~1\ALLUSE~1\DATIAP~1\STOPzilla!
2009-05-07 01:41 . 2009-05-07 14:33 99328 ----a-w C:\rp.exe
2009-05-07 01:11 . 2009-05-07 01:11 -------- d-----w c:\programmi\Microsoft Sync Framework
2009-05-07 01:08 . 2009-05-07 01:11 -------- d-----w c:\programmi\Windows Live
2009-05-07 00:19 . 2009-05-07 00:19 -------- d-----w c:\programmi\Microsoft Silverlight
2009-05-06 08:13 . 2009-05-06 08:13 -------- d-----w c:\programmi\Alwil Software
2009-05-06 07:42 . 2009-05-07 14:26 -------- d-----w c:\documents and settings\Sony\Impostazioni locali\Dati applicazioni\CyberDefender
2009-05-06 07:42 . 2009-05-07 14:26 -------- d-----w c:\docume~1\Sony\IMPOST~1\DATIAP~1\CyberDefender
2009-05-06 03:04 . 2009-05-06 08:03 40498 ----a-w C:\msnmsgrss.exe
2009-05-06 00:07 . 2009-05-05 16:17 40498 --sh--r c:\windows\msnmsgrss.exe
2009-05-01 09:33 . 2009-05-01 09:33 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-01 09:33 . 2009-05-07 14:23 -------- d-----w c:\documents and settings\Sony\Dati applicazioni\skypePM
2009-05-01 09:33 . 2009-05-07 14:23 -------- d-----w c:\docume~1\Sony\DATIAP~1\skypePM
2009-05-01 09:27 . 2009-05-01 09:27 -------- d-----w c:\programmi\File comuni\Skype
2009-05-01 09:27 . 2009-05-01 09:27 -------- d-----r c:\programmi\Skype
2009-04-19 11:17 . 2005-07-26 04:27 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-19 11:17 . 2009-03-06 13:59 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-19 11:17 . 2009-02-06 09:41 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 11:17 . 2009-02-09 10:02 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 11:17 . 2009-02-09 10:02 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 11:17 . 2009-02-06 09:54 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-19 11:17 . 2009-02-09 09:50 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-19 11:17 . 2009-02-09 10:02 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 11:17 . 2009-02-09 10:02 736768 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-19 10:43 . 2008-04-21 21:26 219136 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 14:54 . 2009-05-07 14:54 240 ----a-w c:\windows\system32\drivers\kgpcpy.cfg
2009-05-07 14:28 . 2007-12-11 11:04 -------- d-----w c:\programmi\Trend Micro
2009-05-06 20:57 . 2009-03-15 16:51 -------- d-----w c:\programmi\Microsoft
2009-05-06 16:35 . 2008-05-05 10:43 -------- d-----w c:\programmi\BitTorrent Fastest Tool
2009-04-20 10:04 . 2006-03-20 05:31 436224 ----a-w c:\windows\system32\perfh010.dat
2009-04-20 10:04 . 2006-03-20 05:31 67744 ----a-w c:\windows\system32\perfc010.dat
2009-03-31 12:57 . 2009-03-31 12:57 17408 ----a-r c:\windows\system32\SZIO5.dll
2009-03-31 12:56 . 2009-03-31 12:56 294912 ----a-r c:\windows\system32\SZBase5.dll
2009-03-31 12:55 . 2009-03-31 12:55 540672 ----a-r c:\windows\system32\SZComp5.dll
2009-03-27 08:56 . 2009-03-27 08:56 126976 ----a-r c:\windows\system32\IS3HTUI5.dll
2009-03-27 08:55 . 2009-03-27 08:55 393216 ----a-r c:\windows\system32\IS3DBA5.dll
2009-03-27 08:55 . 2009-03-27 08:55 372736 ----a-r c:\windows\system32\IS3UI5.dll
2009-03-27 08:55 . 2009-03-27 08:55 61440 ----a-r c:\windows\system32\IS3Hks5.dll
2009-03-27 08:54 . 2009-03-27 08:54 23040 ----a-r c:\windows\system32\IS3XDat5.dll
2009-03-27 08:54 . 2009-03-27 08:54 221184 ----a-r c:\windows\system32\IS3Win325.dll
2009-03-27 08:54 . 2009-03-27 08:54 94208 ----a-r c:\windows\system32\IS3Inet5.dll
2009-03-27 08:53 . 2009-03-27 08:53 90112 ----a-r c:\windows\system32\IS3Svc5.dll
2009-03-27 08:50 . 2009-03-27 08:50 716800 ----a-r c:\windows\system32\IS3Base5.dll
2009-03-15 17:01 . 2007-12-20 20:16 -------- d-----w c:\programmi\Windows Live Toolbar
2009-03-15 16:51 . 2009-03-15 16:51 -------- d-----w c:\programmi\Windows Live SkyDrive
2009-03-15 16:35 . 2009-03-15 16:35 -------- d-----w c:\programmi\File comuni\Windows Live
2009-03-12 10:18 . 2009-03-12 10:18 54656 ----a-r c:\windows\system32\drivers\SZKG.sys
2009-03-06 13:59 . 2006-03-20 05:30 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-03-20 05:30 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:08 . 2006-03-20 05:30 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:56 . 2006-03-20 05:30 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:41 . 2004-08-04 00:48 2024448 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:41 . 2006-03-20 05:30 2146304 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:02 . 2006-03-20 05:30 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:02 . 2006-03-20 05:30 736768 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:02 . 2006-03-20 05:30 734208 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:02 . 2006-03-20 05:29 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 09:50 . 2006-03-20 05:30 111104 ----a-w c:\windows\system32\services.exe
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-01 14:59 . 2007-12-12 13:15 67688 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2009-02-01 14:59 . 2007-12-12 13:15 54368 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2009-02-01 14:59 . 2007-12-12 13:15 34944 ----a-w c:\programmi\mozilla firefox\components\myspell.dll
2009-02-01 14:59 . 2007-12-12 13:15 46712 ----a-w c:\programmi\mozilla firefox\components\spellchk.dll
2009-02-01 14:59 . 2007-12-12 13:15 172136 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
2009-05-06 07:40 3962184 ----a-w c:\documents and settings\Sony\Impostazioni locali\Dati applicazioni\CyberDefender\cdmyidd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\documents and settings\Sony\Impostazioni locali\Dati applicazioni\CyberDefender\cdmyidd.dll" [2009-05-06 3962184]

[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\documents and settings\Sony\Impostazioni locali\Dati applicazioni\CyberDefender\cdmyidd.dll" [2009-05-06 3962184]

[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Packard Bell Software Suite"="c:\programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2008-01-09 1914168]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-09-07 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 68856]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"VAIOCameraUtility"="c:\programmi\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2005-12-13 217088]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"PDService.exe"="c:\programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"OfficeScanNT Monitor"="c:\programmi\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-05-07 702072]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-06 7557120]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-03-28 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-07 15360]

c:\documents and settings\Sony\Menu Avvio\Programmi\Esecuzione automatica\
Stardock ObjectDock.lnk - c:\programmi\Stardock\ObjectDock\ObjectDock.exe [2007-12-14 3450608]
Utilit… controllo supporti di Picture Motion Browser.lnk - c:\programmi\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-10-13 385024]

c:\docume~1\ALLUSE~1\MENUAV~1\PROGRA~1\ESECUZ~1\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-7 1744896]

c:\docume~1\Sony\MENUAV~1\PROGRA~1\ESECUZ~1\
Stardock ObjectDock.lnk - c:\programmi\Stardock\ObjectDock\ObjectDock.exe [2007-12-14 3450608]
Utilit… controllo supporti di Picture Motion Browser.lnk - c:\programmi\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-10-13 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\ImageJh\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\MBF_ImageJ\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Sony\\Desktop\\eMule\\emule.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19173:TCP"= 19173:TCP:Trend Micro OfficeScan Listener

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [12/03/2009 12.18.10 54656]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/05/2009 10.14.01 114768]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 15.07.06 45627]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/05/2009 10.14.01 20560]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 SeaPort;SeaPort;c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 17.53.02 226656]
R2 TmFilter;Trend Micro Filter;c:\programmi\Trend Micro\OfficeScan Client\tmxpflt.sys [17/09/2007 15.40.48 202768]
R2 TmPreFilter;Trend Micro PreFilter;c:\programmi\Trend Micro\OfficeScan Client\tmpreflt.sys [17/09/2007 15.40.44 35856]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [20/03/2006 7.31.17 29184]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [20/03/2006 7.31.17 226304]
S3 OxUSBTIMOUT;OxUSBTIMOUT;c:\windows\system32\drivers\OxUSBTIMOUT.sys [07/06/2007 8.48.34 34152]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 TmProxy;OfficeScan NT Proxy Service;c:\programmi\Trend Micro\OfficeScan Client\TmProxy.exe [27/04/2007 20.35.28 575064]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SZKG5
*NewlyCreated* - SZSERVER
*NewlyCreated* - WS2IFSL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fd6e88d-8bfb-11dd-aafd-0002c7e7cd44}]
\Shell\AutoRun\command - g:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Drive13.exe
\Shell\open\command - g:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Drive13.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6298a3b0-acdb-11dd-ab43-0002c7e7cd44}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6b17e60-0106-11dd-aa52-0002c7e7cd44}]
\Shell\AutoRun\command - g:\.\run\autorun.exe
\Shell\open\Command - g:\.\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9d847eb-1a1f-11dd-aa74-0002c7e7cd44}]
\Shell\AutoRun\command - g:\.\run\autorun.exe
\Shell\open\Command - g:\.\run\autorun.exe
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxy:3128
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\programmi\File comuni\iS3\Anti-Spyware\iS3lsp.dll
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://antivirus.ifom-ieo-campus.it:43 ... AtxEnc.cab
FF - ProfilePath - c:\docume~1\Sony\DATIAP~1\Mozilla\Firefox\Profiles\56v1v5ja.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\programmi\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 17:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1180)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(5420)
c:\programmi\Stardock\ObjectDock\DockShellHook.dll
.
Completion time: 2009-05-07 17.27.53
ComboFix-quarantined-files.txt 2009-05-07 15:27

Pre-Run: 17.361.428.480 byte disponibili
Post-Run: 17.869.107.200 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

245 --- E O F --- 2009-05-06 20:36
Avatar utente
kegia20
Aficionado
Aficionado
 
Messaggi: 78
Iscritto il: ven feb 04, 2005 2:09 pm
Località: Verona, Milano, Firenze


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising