Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

[Virus?]Continuo rilevamento Trojan e problema con Avira

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

[Virus?]Continuo rilevamento Trojan e problema con Avira

Messaggioda Anathema » gio giu 25, 2009 10:57 am

Salve a tutti!

Da ieri pomeriggio Avira continua a rilevarmi dei trojan, precisamente:

Drop.Agent.ahdz in C:\Documents and Settings\User\Impostazioni locali\Temp\am.exe , C:\System Volume Information\_restore{51FB5163-4095-4259-AF8A-E96CB0D47CDD}\RP502\A0113533.exe , C:\WINDOWS\system32\olhrwef.exe

Crypt.XPACK.Gen in C:\System Volume Information\_restore{51FB5163-4095-4259-AF8A-E96CB0D47CDD}\RP502\A0113676.cmd , C:\gpcdt.cmd , G:\gpcdt.cmd , C:\WINDOWS\system32\nmdfgds0.dll , F:\gpcdt.cmd

PSW.Magania.bhht.2 in C:\System Volume Information\_restore{51FB5163-4095-4259-AF8A-E96CB0D47CDD}\RP501\A0113432.sys

Alcuni di questi file li ho già eliminati ieri sera in modalità provvisoria con Avira, altri sono ancora in quarantena.

Inoltre Avira non si vuole aggiornare e mi dice che il programma è non valido o corrotto:

http://img134.imageshack.us/img134/1697/erroreavira.jpg

Infine, quando vado su Risorse del Computer e tento di aprire Disco Locale, mi appare la schermata di scelta del programma con qui aprire il file.

Come sistema operativo ho Windows XP Professional SP3; antivirus è Avira AntiVir Personal 8.2.0.353.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.56.16, on 25/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\User\Desktop\Silvia\Programmi\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Documents and Settings\User\Desktop\Silvia\Programmi\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AskBarDis\bar\bin\AskService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Documents and Settings\User\Desktop\Silvia\Programmi\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\User\Desktop\Silvia\Programmi\Zone Alarm\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\User\Desktop\Silvia\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\Silvia\Programmi\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar2.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Documents and Settings\User\Desktop\Silvia\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\User\Desktop\Silvia\PROGRA~1\Spybot\SPYBOT~2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar2.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Documents and Settings\User\Desktop\Silvia\Programmi\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Documents and Settings\User\Desktop\Silvia\Programmi\Zone Alarm\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Documents and Settings\User\Desktop\Silvia\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\User\Desktop\Silvia\PROGRA~1\Spybot\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\User\Desktop\Silvia\PROGRA~1\Spybot\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} (WSpell ActiveX Spelling Checker V5.15) - http://www.ukweatherworld.co.uk/forum/r ... pellam.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA42DD6B-96C0-463E-AEEB-18557553F979}: NameServer = 212.216.112.112 212.216.172.62
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Documents and Settings\User\Desktop\Silvia\Programmi\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Documents and Settings\User\Desktop\Silvia\Programmi\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Programmi\AskBarDis\bar\bin\AskService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10450 bytes



Grazie in anticipo per l'aiuto!
Avatar utente
Anathema
Aficionado
Aficionado
 
Messaggi: 95
Iscritto il: mar ott 24, 2006 1:05 am

Re: [Virus?]Continuo rilevamento Trojan e problema con Avira

Messaggioda Mikleman » gio giu 25, 2009 11:07 am

Elimina o metti in quarantena C:\WINDOWS\system32\olhrwef.exe poi

fixa:
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

Fixa questa voce se non conosci il sito http://www.ukweatherworld.co.uk/forum/
O16 - DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} (WSpell ActiveX Spelling Checker V5.15) - http://www.ukweatherworld.co.uk/forum/r ... pellam.cab

Inoltre vedo che hai la askbar,in teoria non è pericolosa ma a parer mio è inutile ^^

Siccome il tuo avira è danneggiato riscarica l'installer e scegli repair,farà tutto in automatico
Avatar utente
Mikleman
Aficionado
Aficionado
 
Messaggi: 87
Iscritto il: lun mar 30, 2009 10:37 pm

Re: [Virus?]Continuo rilevamento Trojan e problema con Avira

Messaggioda Anathema » gio giu 25, 2009 11:12 am

Sinceramente la Askbar non so neanche da dove venga fuori [uhm] mi sapresti dire come si è installata?

E come si potrebbe esser danneggiato Avira?

Scusa ma sono curiosa, più che altro per evitare ulteriori problemi in futuro se possibile [std]
Avatar utente
Anathema
Aficionado
Aficionado
 
Messaggi: 95
Iscritto il: mar ott 24, 2006 1:05 am


Re: [Virus?]Continuo rilevamento Trojan e problema con Avira

Messaggioda Mikleman » gio giu 25, 2009 11:15 am

Anathema ha scritto:Sinceramente la Askbar non so neanche da dove venga fuori [uhm] mi sapresti dire come si è installata?

E come si potrebbe esser danneggiato Avira?

Scusa ma sono curiosa, più che altro per evitare ulteriori problemi in futuro se possibile [std]

avira può essere stato danneggiato da un malware,un bagle per precisione
Per evitare questo tipo di problemi devi avere un modulo HIPS che generalmente è fornito dai firewall,ma io personalmente preferisco usare programmi appositi come Malwarebytes-antimalware (la versione a pagamento)

E la askbar beh è offerta da numerosi programmi uno ad esempio è glary utilities
Avatar utente
Mikleman
Aficionado
Aficionado
 
Messaggi: 87
Iscritto il: lun mar 30, 2009 10:37 pm

Re: [Virus?]Continuo rilevamento Trojan e problema con Avira

Messaggioda Anathema » gio giu 25, 2009 3:47 pm

Allora: il problema del Disco Locale non è risolto.
Ho scaricato la nuova versiona di Avira, mandata in scansione in modalità provvisoria e mi ha trovato PCK/Molebox in 2 file...........
Avatar utente
Anathema
Aficionado
Aficionado
 
Messaggi: 95
Iscritto il: mar ott 24, 2006 1:05 am

Re: [Virus?]Continuo rilevamento Trojan e problema con Avira

Messaggioda ste_95 » gio giu 25, 2009 3:59 pm

Disabilita il ripristino configurazione di sistema.

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: [Virus?]Continuo rilevamento Trojan e problema con Avira

Messaggioda Anathema » gio giu 25, 2009 4:31 pm

Ecco

ComboFix 09-06-24.05 - User 25/06/2009 17.21.46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.569 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Desktop\fantasia.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVPsys


((((((((((((((((((((((((( Files Creati Da 2009-05-25 al 2009-06-25 )))))))))))))))))))))))))))))))))))
.

2009-06-25 10:59 . 2009-06-25 10:59 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-25 10:35 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-25 10:35 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-25 10:35 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-25 10:35 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-24 22:04 . 2009-06-24 22:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-24 21:43 . 2009-06-24 21:43 -------- d-sh--w- c:\documents and settings\User\IETldCache
2009-06-24 21:38 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-24 21:38 . 2009-06-24 21:38 -------- d-----w- c:\windows\ie8updates
2009-06-24 21:37 . 2009-04-30 21:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-24 21:37 . 2009-04-30 21:13 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-24 21:34 . 2009-06-24 21:36 -------- dc-h--w- c:\windows\ie8
2009-06-17 09:57 . 2009-06-17 09:57 1878984 ----a-w- c:\documents and settings\User\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 15:28 . 2008-02-08 09:48 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-25 10:35 . 2008-02-08 09:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-06-24 21:16 . 2008-02-10 13:34 -------- d-----w- c:\programmi\PeerGuardian2
2009-06-24 09:35 . 2008-02-10 12:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-06-23 08:36 . 2008-03-10 09:18 -------- d-----w- c:\documents and settings\User\Dati applicazioni\gtk-2.0
2009-06-21 12:37 . 2008-02-10 13:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-06-20 15:58 . 2008-05-10 12:44 14656497 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-06-16 23:00 . 2009-05-20 17:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\pdf995
2009-06-16 22:57 . 2009-05-20 17:27 60 ----a-w- c:\windows\wpd99.drv
2009-06-15 14:15 . 2008-04-01 08:36 -------- d-----w- c:\documents and settings\User\Dati applicazioni\CoreFTP
2009-06-14 21:13 . 2008-05-07 22:29 323648 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-06-14 21:10 . 2008-10-31 18:28 -------- d-----w- c:\programmi\DOSBox-0.61
2009-06-13 15:01 . 2008-02-09 16:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-06-10 22:24 . 2009-06-10 22:25 1564672 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-05-27 19:13 . 2009-05-28 06:07 2909184 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-05-21 08:49 . 2009-05-21 08:49 -------- d-----w- c:\documents and settings\User\Dati applicazioni\pdf995
2009-05-20 17:27 . 2009-05-20 17:27 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-05-20 17:27 . 2009-05-20 17:27 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-05-20 17:27 . 2009-05-20 17:14 -------- d-----w- c:\programmi\pdf995
2009-05-20 17:20 . 2009-05-20 17:19 2659736 ----a-w- C:\pdf995s.exe
2009-05-20 17:13 . 2009-05-20 17:13 5801368 ----a-w- C:\ps2pdf995.exe
2009-05-14 18:45 . 2009-05-15 08:46 2780672 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-05-13 05:02 . 2001-08-31 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2001-08-31 12:00 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 19:15 . 2009-05-05 07:28 1779200 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-04-30 12:10 . 2009-04-30 12:11 1461248 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-04-30 12:10 . 2009-04-30 12:11 2953728 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-04-27 16:00 . 2001-08-31 12:00 85306 ----a-w- c:\windows\system32\perfc010.dat
2009-04-27 16:00 . 2001-08-31 12:00 492454 ----a-w- c:\windows\system32\perfh010.dat
2009-04-26 11:00 . 2009-04-26 11:04 1438208 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-04-19 19:47 . 2001-08-31 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 18:19 . 2009-04-17 18:18 70 ----a-w- c:\programmi\Paradox
2009-04-17 09:15 . 2009-04-17 09:15 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-17 09:14 . 2009-04-17 09:14 152576 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-15 14:52 . 2001-08-31 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 12:16 . 2008-05-19 17:31 224 ----a-w- c:\windows\popcinfo.dat
2009-04-07 07:51 . 2009-04-07 07:50 25236447 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_04_07_00_20_37_full.dmp.zip
2009-04-07 07:50 . 2009-04-07 07:50 26011727 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_07_00_20_18_full.dmp.zip
2009-04-05 17:49 . 2009-04-05 17:48 25237748 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_04_05_17_56_10_full.dmp.zip
2009-04-05 17:48 . 2009-04-05 17:48 26013751 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_05_17_55_44_full.dmp.zip
2009-04-05 10:11 . 2009-04-05 10:11 25280214 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_04_04_19_56_20_full.dmp.zip
2009-04-05 10:11 . 2009-04-05 10:10 26064751 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_04_19_55_58_full.dmp.zip
2009-04-04 07:22 . 2009-04-04 07:22 143627 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_04_00_46_20_small.dmp.zip
2009-04-03 07:49 . 2009-04-03 07:49 140572 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_03_00_07_21_small.dmp.zip
2009-04-02 17:31 . 2009-04-02 17:31 249856 ------w- c:\windows\Setup1.exe
2009-04-02 17:31 . 2009-04-02 17:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-03-31 07:58 . 2009-03-31 07:58 143573 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_03_31_00_30_03_small.dmp.zip
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 16:22 333192 ----a-w- c:\programmi\AskBarDis\bar\bin\askBar2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-12 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-17 148888]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"ZoneAlarm Client"="c:\documents and settings\User\Desktop\Silvia\Programmi\Zone Alarm\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"avgnt"="c:\documents and settings\User\Desktop\Silvia\Programmi\Antivir\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di HP Image Zone.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido di HP Image Zone.lnk
backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^Last.fm Helper.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\User\\Desktop\\Silvia\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R2 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe [08/12/2008 14.30.26 464264]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-06-16 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-06-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DA42DD6B-96C0-463E-AEEB-18557553F979} = 212.216.112.112 212.216.172.62
DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} - hxxp://www.ukweatherworld.co.uk/forum/r ... pellam.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 17:28
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\WgaTray.exe
c:\documents and settings\User\Desktop\Silvia\Programmi\Antivir\Avira\AntiVir Desktop\sched.exe
c:\documents and settings\User\Desktop\Silvia\Programmi\Antivir\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-06-25 17.33.05 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-06-25 15:33

Pre-Run: 40.529.592.320 byte disponibili
Post-Run: 40.606.638.080 byte disponibili

196 --- E O F --- 2009-06-24 21:38
Avatar utente
Anathema
Aficionado
Aficionado
 
Messaggi: 95
Iscritto il: mar ott 24, 2006 1:05 am

Re: [Virus?]Continuo rilevamento Trojan e problema con Avira

Messaggioda ste_95 » gio giu 25, 2009 7:00 pm

Il log è pulito. Hai ancora gli stessi problemi di rilevazione malware?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: [Virus?]Continuo rilevamento Trojan e problema con Avira

Messaggioda Anathema » gio giu 25, 2009 7:14 pm

No [:)] e anzi ho notato che ora funziona pure il Disco Locale!

Grazie mille!!!

Ma allora che virus era? Come mi può essere entrato?
Avatar utente
Anathema
Aficionado
Aficionado
 
Messaggi: 95
Iscritto il: mar ott 24, 2006 1:05 am

Re: [Virus?]Continuo rilevamento Trojan e problema con Avira

Messaggioda ste_95 » gio giu 25, 2009 7:16 pm

Vi erano molti rimasugli di vecchie infezioni, e un malware di questa specie qui. [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: [Virus?]Continuo rilevamento Trojan e problema con Avira

Messaggioda Anathema » ven giu 26, 2009 9:31 am

Ti chiedo un ultimo piacere: tramite chiavetta, mi si è infettato un altro pc. Mi diresti se è a posto ora o bisogna fare qualcosa?

HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.24.28, on 26/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\GPSNET~1\IMPOST~1\Temp\Rar$EX00.516\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unipd.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9287293239
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{501CFAD6-E06F-4E46-B4DB-7AE6B0D66AFE}: NameServer = 147.162.1.2,147.162.100.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{501CFAD6-E06F-4E46-B4DB-7AE6B0D66AFE}: NameServer = 147.162.1.2,147.162.100.180
O17 - HKLM\System\CS2\Services\Tcpip\..\{501CFAD6-E06F-4E46-B4DB-7AE6B0D66AFE}: NameServer = 147.162.1.2,147.162.100.180
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe

--
End of file - 7826 bytes


ComboFix

ComboFix 09-06-25.03 - GpsNetwork 26/06/2009 10.09.46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.479.276 [GMT 2:00]
Eseguito da: c:\documents and settings\GpsNetwork\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mdm.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-05-26 al 2009-06-26 )))))))))))))))))))))))))))))))))))
.

2009-06-26 07:53 . 2009-06-26 07:59 -------- d-----w- C:\chiavetta_filippo
2009-06-17 09:27 . 2005-04-20 12:52 31273 ----a-r- c:\windows\system32\drivers\wceusbsh.sys
2009-06-15 10:27 . 2009-06-15 10:27 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\CanonIJMyPrinter
2009-06-15 10:27 . 2009-06-15 10:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CanonIJPLM
2009-06-15 10:26 . 2008-07-14 20:20 92672 ----a-w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP540 series Printer\LanguageModules\0c0a\CNMsr9E.dll
2009-06-15 10:26 . 2008-07-14 20:20 199680 ----a-w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP540 series Printer\LanguageModules\0c0a\CNMlr9E.dll
2009-06-15 10:26 . 2008-07-14 20:20 87040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP540 series Printer\LanguageModules\0816\CNMsr9E.dll
2009-06-15 10:26 . 2008-07-14 20:20 441856 ----a-w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP540 series Printer\LanguageModules\0c0a\CNMur9E.dll
2009-06-15 10:26 . 2008-07-14 20:20 64512 ----a-w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP540 series Printer\LanguageModules\0804\CNMlr9E.dll
2009-06-15 10:26 . 2008-07-14 20:20 422400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP540 series Printer\LanguageModules\0816\CNMur9E.dll
2009-06-15 10:26 . 2008-07-14 20:20 30208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP540 series Printer\LanguageModules\0804\CNMsr9E.dll
2009-06-15 10:26 . 2008-07-14 20:20 183296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP540 series Printer\LanguageModules\0816\CNMlr9E.dll
2009-06-15 10:20 . 2009-06-15 10:20 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ
2009-06-15 10:19 . 2009-06-15 10:19 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-06-15 10:19 . 2007-03-15 05:12 188416 ----a-w- c:\windows\system32\CNC540O.DLL
2009-06-15 10:19 . 2008-05-30 00:27 270336 ----a-w- c:\windows\system32\CNC540L.DLL
2009-06-15 10:19 . 2008-04-07 05:58 98304 ----a-w- c:\windows\system32\CNC540I.DLL
2009-06-15 10:19 . 2008-04-07 05:58 1339392 ----a-w- c:\windows\system32\CNC540C.DLL
2009-06-15 10:18 . 2009-06-15 10:18 -------- d--h--w- c:\programmi\CanonBJ
2009-06-15 09:10 . 2009-06-15 09:10 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Roxio
2009-06-12 11:21 . 2009-06-24 08:35 -------- d-----w- C:\maggio2009
2009-06-11 11:42 . 2009-06-11 11:42 -------- d-----w- c:\documents and settings\GpsNetwork\Dati applicazioni\pdf995
2009-06-11 11:26 . 2009-06-17 09:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\pdf995
2009-06-11 11:26 . 2009-06-17 09:40 59 ----a-w- c:\windows\wpd99.drv
2009-06-11 11:26 . 2009-06-11 11:26 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-06-11 11:26 . 2009-06-11 11:26 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-06-11 11:26 . 2009-06-11 11:28 -------- d-----w- c:\programmi\pdf995
2009-06-04 07:01 . 2009-06-04 07:01 -------- d-----w- c:\programmi\CartLab1
2009-05-29 13:30 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-05-29 13:30 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-29 13:30 . 2009-05-29 13:30 -------- d-----w- c:\programmi\File comuni\CANON
2009-05-29 13:26 . 2008-10-08 20:00 230912 ----a-w- c:\windows\system32\CNMLM9E.DLL
2009-05-29 13:24 . 2009-06-15 10:27 -------- d-----w- c:\programmi\Canon
2009-05-29 13:24 . 2008-04-13 09:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-05-29 13:24 . 2008-04-13 09:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-05-29 13:23 . 2008-04-13 09:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-05-29 13:23 . 2008-04-13 09:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 11:36 . 2009-04-14 13:51 -------- d-----w- c:\documents and settings\GpsNetwork\Dati applicazioni\CoreFTP
2009-06-15 10:38 . 2009-04-15 10:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-15 10:37 . 2009-05-26 14:20 -------- d-----w- c:\documents and settings\GpsNetwork\Dati applicazioni\Roxio
2009-06-15 10:08 . 2009-04-15 10:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Bluetooth
2009-06-15 10:05 . 2009-04-15 09:32 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-15 10:04 . 2009-04-15 09:32 -------- d-----w- c:\programmi\LEICA Geosystems
2009-05-26 14:20 . 2009-04-15 10:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sonic
2009-05-07 15:32 . 2008-04-14 12:00 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 09:34 . 2009-05-06 09:34 -------- d-----w- c:\programmi\SafeNet Sentinel
2009-05-06 09:34 . 2009-05-06 09:34 -------- d-----w- c:\programmi\File comuni\SafeNet Sentinel
2009-05-06 09:33 . 2008-04-14 12:00 69568 ----a-w- c:\windows\system32\perfc010.dat
2009-05-06 09:33 . 2008-04-14 12:00 437272 ----a-w- c:\windows\system32\perfh010.dat
2009-05-06 09:27 . 2009-04-09 14:59 -------- d-----w- c:\programmi\File comuni\Adobe
2009-04-29 04:45 . 2008-04-14 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:44 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 08:28 . 2009-04-09 14:47 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-28 08:28 . 2009-04-09 14:47 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-24 08:25 . 2009-04-24 08:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-24 08:24 . 2009-04-24 08:24 152576 ----a-w- c:\documents and settings\GpsNetwork\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-19 19:47 . 2008-04-14 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 11:57 . 2009-04-17 11:52 35968 ----a-w- c:\documents and settings\GpsNetwork\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-15 14:52 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 09:48 . 2009-04-15 09:48 4990 ----a-w- c:\windows\Help\hhcolreg.dat
2009-04-14 14:09 . 2009-04-09 14:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-09 14:06 . 2009-04-09 14:06 21840 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\programmi\File comuni\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RoxioDragToDisc"="c:\programmi\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 172032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\GNSS Internet Radio\\GNSS.exe"=
"c:\\Programmi\\File comuni\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Programmi\\File comuni\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Programmi\\CoreFTP\\coreftp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [09/04/2009 16.47.11 108289]
R2 SentinelKeysServer;Sentinel Keys Server;c:\programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27/04/2007 1.00.04 316992]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.unipd.it/
TCP: {501CFAD6-E06F-4E46-B4DB-7AE6B0D66AFE} = 147.162.1.2,147.162.100.180
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programmi\CoreFTP\pftpns.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 10:12
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-06-26 10.14.21
ComboFix-quarantined-files.txt 2009-06-26 08:14

Pre-Run: 5.626.859.520 byte disponibili
Post-Run: 5.880.877.056 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

146 --- E O F --- 2009-06-11 12:02


Grazie ancora!
Avatar utente
Anathema
Aficionado
Aficionado
 
Messaggi: 95
Iscritto il: mar ott 24, 2006 1:05 am

Re: [Virus?]Continuo rilevamento Trojan e problema con Avira

Messaggioda ste_95 » ven giu 26, 2009 11:27 am

I log sono puliti.
Segui comunque le istruzioni di questo articolo.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: [Virus?]Continuo rilevamento Trojan e problema con Avira

Messaggioda guacal » gio lug 16, 2009 6:07 pm

Anch'io ho lo stesso problema con quel file e con l'update di avira.
Chi potrebbe controllare il mio log e darmi dei consigli?

ComboFix 09-07-14.08 - GCalabrese 16/07/2009 18.49.46.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2009.1412 [GMT 2:00]
Eseguito da: c:\documents and settings\GCalabrese\Desktop\Gualtiero.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\GCalabrese\Impostazioni locali\Dati applicazioni\auekw_nav.dat
c:\documents and settings\GCalabrese\Impostazioni locali\Dati applicazioni\ikkwy.dat
c:\documents and settings\GCalabrese\Impostazioni locali\Dati applicazioni\ikkwy.exe
c:\documents and settings\GCalabrese\Impostazioni locali\Dati applicazioni\ikkwy_nav.dat
c:\documents and settings\GCalabrese\Impostazioni locali\Dati applicazioni\ikkwy_navps.dat
c:\recycler\S-1-5-21-2063134809-4172584492-3817067914-500
c:\windows\Installer\9af1e4.msp
c:\windows\system32\winspool.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-06-16 al 2009-07-16 )))))))))))))))))))))))))))))))))))
.

2009-07-15 01:00 . 2008-04-13 17:13 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-07-14 19:20 . 2009-07-14 22:48 -------- d-----w- c:\documents and settings\GCalabrese\Dati applicazioni\Apple Computer
2009-07-14 19:19 . 2009-07-14 19:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-07-14 19:19 . 2009-07-14 19:20 -------- d-----w- c:\documents and settings\GCalabrese\Impostazioni locali\Dati applicazioni\Apple Computer
2009-07-14 19:09 . 2008-04-13 17:13 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-07-14 19:09 . 2001-08-30 21:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-14 19:09 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-14 19:09 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-07-14 01:04 . 2009-07-14 01:04 -------- d-----w- c:\programmi\Microsoft CAPICOM 2.1.0.2
2009-07-14 01:01 . 2009-07-14 01:01 -------- d-----w- c:\programmi\MSXML 6.0
2009-07-06 12:08 . 2009-07-06 12:08 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\Vodafone
2009-07-04 17:21 . 2009-07-04 17:21 -------- d-----w- c:\programmi\MSDN
2009-07-04 17:13 . 2009-07-14 01:04 -------- d-----w- c:\programmi\Microsoft SQL Server
2009-07-04 17:13 . 2009-07-04 17:13 -------- d-----w- c:\programmi\Microsoft Device Emulator
2009-07-04 17:13 . 2009-07-04 17:13 -------- d-----w- c:\programmi\Microsoft SQL Server 2005 Mobile Edition
2009-07-04 17:09 . 2009-07-04 17:09 -------- d-----w- c:\programmi\MSBuild
2009-07-04 17:05 . 2009-07-04 17:09 -------- d-----w- c:\programmi\HTML Help Workshop
2009-07-04 17:05 . 2009-07-04 17:08 -------- d-----w- c:\programmi\File comuni\Merge Modules
2009-07-04 17:05 . 2009-07-04 17:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PreEmptive Solutions
2009-07-04 17:05 . 2009-07-04 17:05 -------- d-----w- c:\windows\Symbols
2009-07-04 17:05 . 2009-07-04 17:05 -------- d-----w- c:\programmi\File comuni\Business Objects
2009-07-04 17:05 . 2009-07-04 17:05 -------- d-----w- c:\programmi\CE Remote Tools
2009-07-04 17:04 . 2009-07-04 17:09 -------- d-----w- c:\programmi\Microsoft Visual Studio 8
2009-07-04 17:01 . 2009-07-04 17:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-07-04 17:01 . 2009-07-04 17:01 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2009-07-04 17:01 . 2009-07-04 17:01 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-07-04 16:59 . 2009-07-04 16:59 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-04 16:59 . 2009-07-04 17:03 -------- d-----w- c:\documents and settings\GCalabrese\Dati applicazioni\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 01:00 . 2008-06-25 03:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-07-15 01:00 . 2009-07-15 01:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-15 01:00 . 2009-07-15 01:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-14 19:20 . 2009-07-14 19:20 -------- d-----w- c:\programmi\iTunes
2009-07-14 19:20 . 2009-07-14 19:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-14 19:20 . 2009-07-14 19:20 -------- d-----w- c:\programmi\iPod
2009-07-14 19:20 . 2009-07-14 19:19 -------- d-----w- c:\programmi\File comuni\Apple
2009-07-14 19:20 . 2009-07-14 19:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-07-14 19:20 . 2009-07-14 19:20 -------- d-----w- c:\programmi\Bonjour
2009-07-14 19:20 . 2009-07-14 19:20 -------- d-----w- c:\programmi\QuickTime
2009-07-14 19:19 . 2009-07-14 19:19 -------- d-----w- c:\programmi\Apple Software Update
2009-07-14 17:54 . 2009-07-14 17:54 0 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml3E.tmp
2009-07-14 17:54 . 2009-07-14 17:54 0 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml3D.tmp
2009-07-14 17:54 . 2009-06-07 15:24 13636 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml9D.tmp
2009-07-14 17:54 . 2009-06-07 15:24 8858 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml9C.tmp
2009-07-14 17:53 . 2009-02-17 15:33 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-07-14 17:52 . 2008-12-12 09:53 -------- d-----w- c:\programmi\Google
2009-07-14 01:02 . 2008-06-24 15:03 99822 ----a-w- c:\windows\system32\perfc010.dat
2009-07-14 01:02 . 2008-06-24 15:03 511984 ----a-w- c:\windows\system32\perfh010.dat
2009-07-04 17:14 . 2008-06-25 03:54 -------- d-----w- c:\programmi\Microsoft.NET
2009-07-04 17:11 . 2009-02-17 10:04 68888 ----a-w- c:\documents and settings\GCalabrese\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-16 14:36 . 2008-06-24 15:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2008-06-24 15:03 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-10 23:08 . 2009-06-10 23:08 1915520 ----a-w- c:\documents and settings\GCalabrese\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-07 15:24 . 2009-06-07 15:24 0 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml9F.tmp
2009-06-07 15:24 . 2009-06-07 15:24 0 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml9E.tmp
2009-06-07 14:59 . 2009-06-07 14:59 -------- d-----w- c:\programmi\SiSoftware
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-07-14 19:19 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-07-14 19:19 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 19:09 . 2008-06-24 15:03 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 17:09 . 2009-05-25 17:09 -------- d-----w- c:\programmi\DivX
2009-05-25 17:09 . 2009-05-25 17:09 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-05-08 23:14 . 2009-05-08 23:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-08 23:14 . 2009-05-08 23:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 15:32 . 2008-06-24 15:03 347648 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2008-06-24 15:03 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:44 . 2008-06-24 15:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:47 . 2008-06-24 15:03 1847168 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WRPCAgent"="c:\programmi\WinSoftMagic\WinRemotePC\WRPCAgent.exe" [2009-02-12 115712]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-03-06 1036288]
"COMImpersonator"="c:\programmi\Fujitsu Siemens Computers\Mobile Software Suite\Common\UiMdmTip\UiMdmTip.exe" [2008-07-17 143360]
"ITSecMng"="c:\programmi\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"openvpn-gui"="c:\programmi\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-06-25 504080]
"MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-07-23 16804864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\IBM\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\\jre\\bin\\notes2w.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\WinSoftMagic\\WinRemotePC\\WinRemotePC.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4321:TCP"= 4321:TCP:WinRemotePC Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 HaMDevMg.1.00;Fujitsu Siemens Computers HaMDevMg.1.00;c:\programmi\File comuni\Fujitsu Siemens Computers\Manageability\HaMDevMg.exe\1.00\HaMDevMg.exe [17/07/2008 9.18.18 544768]
R2 Sigma32;Sigma32;c:\windows\system32\drivers\Sigma32.SYS [05/12/2008 12.08.36 23296]
R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04/07/2008 13.52.18 14336]
R2 WRPCAgentSrv;WinRemotePC Agent Helper;c:\programmi\WinSoftMagic\WinRemotePC\WRPCServer.exe [14/04/2009 17.06.40 522752]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [25/11/2008 9.47.35 13312]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [25/11/2008 9.47.33 244368]
R3 FscGabi;FscGabi;c:\windows\system32\drivers\FscGabi.sys [25/11/2008 9.47.35 12160]
R3 FSCSLII;FSCSLII;c:\windows\system32\drivers\FSCSLII.sys [25/11/2008 9.47.35 15232]
R3 radmrdd;radmrdd;c:\windows\system32\drivers\radmrdd.sys [14/04/2009 17.06.41 3328]
S3 FastLynx;FastLynx;\??\c:\documents and settings\Costa\Desktop\Fastlynx\Fastlynx\FastLynx.sys --> c:\documents and settings\Costa\Desktop\Fastlynx\Fastlynx\FastLynx.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programmi\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [07/06/2009 16.59.03 98488]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [01/10/2006 14.37.02 26624]
S3 WinRPC10;WinRemotePC Server;c:\programmi\WinSoftMagic\WinRemotePC\WRPCServer.exe [14/04/2009 17.06.40 522752]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\programmi\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [09/12/2005 10.39.38 2799808]
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-07-16 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-23 20:18]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-ikkwy - c:\documents and settings\gcalabrese\impostazioni locali\dati applicazioni\ikkwy.exe


.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\Office\Office12\EXCEL.EXE/3000
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxp://mail.kpitalia.it/dwa8W.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 18:53
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinRPC10]
"ImagePath"="c:\programmi\WinSoftMagic\WinRemotePC\WRPCServer.exe /startedbyscm:14801308-40E2C9B6-WinRPC10"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WRPCAgentSrv]
"ImagePath"="c:\programmi\WinSoftMagic\WinRemotePC\WRPCServer.exe /startedbyscm:7DA1B81C-40E33B56-WRPCAgentSrv"
.
Ora fine scansione: 2009-07-16 18.54.51
ComboFix-quarantined-files.txt 2009-07-16 16:54

Pre-Run: 125.556.662.272 byte disponibili
Post-Run: 127.235.350.528 byte disponibili

192 --- E O F --- 2009-07-16 01:00
Avatar utente
guacal
Neo Iscritto
Neo Iscritto
 
Messaggi: 1
Iscritto il: gio lug 16, 2009 5:55 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 0 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising