Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » potreste aiutarmi a leggere il log di hijack?

potreste aiutarmi a leggere il log di hijack? Opzioni
Topic Precedente · Topic Sucessivo
raffaele84
Inviato: Saturday, July 19, 2008 1:44:24 PM
Rank: Newbie

Iscritto dal : 7/19/2008
Posts: 0
salve a tutti, è da circa una settimana che ho problemi con alcuni trojan e spyware, ho utlizzato vari software appositi, e in un primo momento non ho problemi, successivamente però ritornano dinuovo gli stessi trojan. se inserisco il log di hijack potreste aiutarmi a sapere cosa fixare?



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22.40.51, on 18/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Utente\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {0D7F7C8A-8C4B-4B9F-A465-44ADAB768707} - (no file)
O2 - BHO: (no name) - {17557AF9-B517-44EC-B14F-471574172218} - (no file)
O2 - BHO: (no name) - {2E45289B-901B-4641-AC54-16368AE2F10C} - (no file)
O2 - BHO: (no name) - {30AC3983-813F-4C34-9FDF-F456889A1BE7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {69BEBB25-E90B-4D45-A19F-D09AD8A35B0A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85993B15-4529-4EDE-969C-35C5BA417733} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D2B9F556-2E3D-4724-8156-F2DC44F935E0} - (no file)
O2 - BHO: (no name) - {E91C2855-AC7E-4ED9-B488-0F78FAE8AD2D} - (no file)
O2 - BHO: (no name) - {ec081b19-507b-4f71-a1bf-79a997be2943} - (no file)
O2 - BHO: (no name) - {F6AC6FEC-4EC3-49A2-ADD8-B7A452442BA1} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-5ebee64df424c30e.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1B5FDEE-6715-4AC5-A242-995DD9E4637F}: NameServer = 85.37.17.39 85.38.28.71
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: nnnkHyvU - nnnkHyvU.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10450 bytes
Torna in alto
 
Sponsor
Inviato: Saturday, July 19, 2008 1:44:24 PM

 
Torna in alto
 
r16
Inviato: Saturday, July 19, 2008 3:34:42 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao raffaele84.
Certo che ti aiutamo,Raffaele, siamo qui per questo.
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O2 - BHO: (no name) - {0D7F7C8A-8C4B-4B9F-A465-44ADAB768707} - (no file)
O2 - BHO: (no name) - {17557AF9-B517-44EC-B14F-471574172218} - (no file)
O2 - BHO: (no name) - {2E45289B-901B-4641-AC54-16368AE2F10C} - (no file)
O2 - BHO: (no name) - {30AC3983-813F-4C34-9FDF-F456889A1BE7} - (no file)
O2 - BHO: (no name) - {69BEBB25-E90B-4D45-A19F-D09AD8A35B0A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85993B15-4529-4EDE-969C-35C5BA417733} - (no file)
O2 - BHO: (no name) - {D2B9F556-2E3D-4724-8156-F2DC44F935E0} - (no file)
O2 - BHO: (no name) - {E91C2855-AC7E-4ED9-B488-0F78FAE8AD2D} - (no file)
O2 - BHO: (no name) - {ec081b19-507b-4f71-a1bf-79a997be2943} - (no file)
O2 - BHO: (no name) - {F6AC6FEC-4EC3-49A2-ADD8-B7A452442BA1} - (no file)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-5ebee64df424c30e.spaces.live.com/PhotoUpload/MsnPUpld.cab
O20 - Winlogon Notify: nnnkHyvU - nnnkHyvU.dll (file missing)

Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riavvia il pc
*********************************************************************************************************
Esegui alla lettera queste istruzioni:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .
Sempre qui.
ComboFix non funziona in modalità provvisoria

P.S:
Non ho visto un Firewall,io ti consiglierei di installarne 1.
Torna in alto
 
raffaele84
Inviato: Saturday, July 19, 2008 9:27:23 PM
Rank: Newbie

Iscritto dal : 7/19/2008
Posts: 0
allora il log che ho fatto con ComboFix è il seguente:

ComboFix 08-07-18.5 - Utente 2008-07-19 20:42:54.1 - NTFSx86
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMa34ae689.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\cmygdgna.ini
C:\WINDOWS\system32\gqcjyver.ini
C:\WINDOWS\system32\gqyhsskd.ini
C:\WINDOWS\system32\mVxbHkkj.ini
C:\WINDOWS\system32\mVxbHkkj.ini2
C:\WINDOWS\system32\mwrpbuti.ini
C:\WINDOWS\system32\NnVDJkkj.ini
C:\WINDOWS\system32\NnVDJkkj.ini2
C:\WINDOWS\system32\poawfwle.ini
C:\WINDOWS\system32\QpYJRqru.ini
C:\WINDOWS\system32\QpYJRqru.ini2
C:\WINDOWS\system32\riupmgsk.ini
C:\WINDOWS\system32\rsvuDJlm.ini
C:\WINDOWS\system32\rsvuDJlm.ini2
C:\WINDOWS\system32\tiqfpydr.ini
C:\WINDOWS\system32\totjrepx.ini
C:\WINDOWS\system32\UtBLkUvw.ini
C:\WINDOWS\system32\UtBLkUvw.ini2

.
((((((((((((((((((((((((( Files Creati Da 2008-06-19 al 2008-07-19 )))))))))))))))))))))))))))))))))))
.

2008-07-19 18:52 . 2008-07-19 20:07 <DIR> d-------- C:\VEXPLITE
2008-07-19 18:52 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-07-19 16:05 . 2008-07-19 16:05 <DIR> d-------- C:\Programmi\d-lusion
2008-07-19 14:53 . 2008-07-19 14:53 <DIR> d-------- C:\Programmi\JLC's Software
2008-07-19 14:53 . 2008-07-19 14:53 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\JLC's Software
2008-07-19 14:17 . 2008-07-19 14:17 <DIR> d-------- C:\Programmi\Auslogics
2008-07-19 14:17 . 2008-07-19 14:17 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Auslogics
2008-07-18 16:34 . 2008-07-18 16:34 <DIR> d-------- C:\WINDOWS\system32\it
2008-07-18 16:34 . 2008-07-18 16:34 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-18 16:34 . 2008-07-18 16:34 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-18 16:27 . 2008-07-18 16:35 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-18 15:51 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-07-18 15:51 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-07-18 15:51 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-18 15:51 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-07-18 15:51 . 2004-08-03 22:29 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2008-07-18 15:51 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-07-18 15:51 . 2004-08-03 22:41 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2008-07-18 15:51 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-07-18 15:51 . 2004-08-03 22:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-07-18 15:51 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-07-18 15:51 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-07-18 15:48 . 2004-08-03 22:29 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2008-07-18 15:48 . 2004-07-17 11:36 64,352 --------- C:\WINDOWS\system32\drivers\ativmc20.cod
2008-07-18 15:48 . 2004-08-03 22:29 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2008-07-18 15:48 . 2004-08-03 22:29 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2008-07-18 15:48 . 2004-08-03 22:29 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2008-07-18 10:27 . 2007-10-07 11:27 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-07-18 10:27 . 2007-10-07 11:27 40,960 --a------ C:\WINDOWS\system32\SSUBTMR6.DLL
2008-07-18 10:24 . 2004-09-03 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-07-18 10:24 . 2007-10-07 11:27 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2008-07-18 10:12 . 2008-07-18 10:15 <DIR> d-------- C:\Documents and Settings\Utente\SecurityScans
2008-07-16 23:11 . 2008-07-16 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-07-16 16:57 . 2008-07-16 16:57 <DIR> d-------- C:\Programmi\Yahoo!
2008-07-16 16:56 . 2008-07-16 16:57 <DIR> d-------- C:\Programmi\CCleaner
2008-07-16 11:16 . 2008-07-16 11:16 1,173 --a------ C:\Documents and Settings\Utente\blvfyrvo.exe
2008-07-14 22:05 . 2008-07-14 22:05 1,173 --a------ C:\Documents and Settings\Utente\prungpka.exe
2008-07-14 21:30 . 2008-07-14 21:30 1,173 --a------ C:\Documents and Settings\Utente\kzziuyue.exe
2008-07-14 21:29 . 2008-07-14 21:29 1,173 --a------ C:\Documents and Settings\Utente\colwmurh.exe
2008-07-14 17:16 . 2008-07-14 17:16 1,173 --a------ C:\Documents and Settings\Utente\lenwmujv.exe
2008-07-13 23:03 . 2008-07-14 20:57 269 --a------ C:\WINDOWS\wininit.ini
2008-07-13 21:14 . 2008-07-13 21:14 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-07-13 21:14 . 2008-07-19 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-13 20:51 . 2008-07-13 20:51 1,173 --a------ C:\Documents and Settings\Utente\zzwfvlth.exe
2008-07-13 18:21 . 2008-07-18 21:00 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-13 18:09 . 2008-07-19 18:05 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-13 18:09 . 2008-07-13 18:09 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-13 18:09 . 2008-07-13 18:09 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-13 18:09 . 2008-07-13 18:09 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-07-13 18:09 . 2008-07-13 18:09 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-13 18:08 . 2008-07-13 18:08 <DIR> d-------- C:\Programmi\AVG
2008-07-13 18:08 . 2008-07-18 13:09 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\AVGTOOLBAR
2008-07-13 18:08 . 2008-07-13 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-07-13 17:27 . 2008-07-13 17:27 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-13 11:55 . 2008-07-13 11:55 73 --a------ C:\WINDOWS\EurekaLog.ini
2008-07-13 11:52 . 2008-07-13 11:52 <DIR> d-------- C:\Programmi\AntiDialer
2008-07-12 22:17 . 2008-07-12 22:18 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-12 15:15 . 2008-07-12 15:17 <DIR> d-------- C:\Programmi\Unlocker
2008-07-12 14:21 . 2008-07-12 14:21 100 --a------ C:\index.ini
2008-07-11 22:41 . 2008-07-11 22:41 <DIR> d-------- C:\Programmi\Sophos
2008-07-11 21:44 . 2008-07-11 21:44 <DIR> d-------- C:\Programmi\CodeStuff
2008-07-11 19:26 . 2008-07-11 19:26 <DIR> d-------- C:\Programmi\PSTRUH
2008-07-11 19:20 . 2008-07-12 13:53 <DIR> d-------- C:\Programmi\SPYWAREfighter
2008-07-11 14:06 . 2008-07-11 14:06 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Smart PC Solutions
2008-07-11 14:05 . 2008-07-11 14:05 <DIR> d-------- C:\Programmi\Smart PC Solutions
2008-07-11 12:12 . 2008-07-11 12:12 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Uniblue
2008-07-11 11:39 . 2008-07-11 11:39 <DIR> d-------- C:\Programmi\Lavasoft
2008-07-11 11:39 . 2008-07-12 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-07-11 11:36 . 2008-07-11 11:37 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-07-10 21:01 . 2008-07-12 13:52 <DIR> d-------- C:\Programmi\Enigma Software Group
2008-07-10 20:50 . 2008-07-10 20:54 <DIR> d-------- C:\Programmi\MemInfo
2008-07-10 18:05 . 2008-07-10 17:39 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-10 16:16 . 2008-07-10 16:16 <DIR> d-------- C:\Programmi\Seterra
2008-07-10 10:41 . 2008-07-14 22:21 110,415 --a------ C:\WINDOWS\BMa34ae689.xml
2008-07-09 23:22 . 2008-07-10 16:16 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-09 19:42 . 2008-07-09 19:42 1,853,025 --ahs---- C:\WINDOWS\system32\poawfwle.tmp
2008-07-08 11:15 . 2008-07-08 19:00 <DIR> d-------- C:\Programmi\SimuSetup
2008-07-07 21:31 . 2008-07-07 22:45 <DIR> d-------- C:\Programmi\Alawar
2008-07-07 18:58 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-07-07 18:58 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-07-07 18:58 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-07-07 18:58 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-07-07 18:58 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-07-07 18:58 . 2006-09-28 16:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-07-07 15:57 . 2008-07-07 15:58 <DIR> d-------- C:\Programmi\Flowgo
2008-07-07 13:32 . 2008-07-07 13:32 <DIR> d-------- C:\Programmi\File comuni\DirectX
2008-07-05 19:53 . 2008-07-07 17:46 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-05 19:52 . 2008-07-07 21:04 <DIR> d-------- C:\Programmi\Oberon Media
2008-07-05 19:52 . 2008-07-05 19:52 <DIR> d-------- C:\Programmi\File comuni\Oberon Media
2008-07-05 18:28 . 2001-06-11 03:21 14,240,209 --------- C:\Documents and Settings\Utente\global.zip
2008-07-05 18:28 . 2001-06-12 11:01 9,116,930 --------- C:\Documents and Settings\Utente\animals2.zip
2008-07-05 18:28 . 2001-06-12 11:01 8,954,880 --------- C:\Documents and Settings\Utente\objects.zip
2008-07-05 18:28 . 2001-06-12 11:02 6,397,370 --------- C:\Documents and Settings\Utente\ui.zip
2008-07-05 18:28 . 2001-06-12 11:02 3,635,656 --------- C:\Documents and Settings\Utente\scenario.zip
2008-07-05 18:28 . 2001-06-12 11:01 2,983,796 --------- C:\Documents and Settings\Utente\scenery.zip
2008-07-05 18:28 . 2001-06-12 11:01 905,097 --------- C:\Documents and Settings\Utente\terrain.zip
2008-07-05 18:28 . 2001-06-12 11:01 687,504 --------- C:\Documents and Settings\Utente\staff.zip
2008-07-05 18:28 . 2001-06-12 11:01 357,129 --------- C:\Documents and Settings\Utente\guests.zip
2008-07-05 18:28 . 2001-06-14 11:44 135,989 --------- C:\Documents and Settings\Utente\fences.zip
2008-07-05 18:28 . 2001-03-28 16:10 55,809 --------- C:\Documents and Settings\Utente\tiles.zip
2008-07-05 18:28 . 2001-06-12 11:02 24,146 --------- C:\Documents and Settings\Utente\items.zip
2008-07-05 18:28 . 2001-01-03 22:29 10,043 --------- C:\Documents and Settings\Utente\fringe.zip
2008-07-05 18:28 . 2001-06-12 11:02 7,337 --------- C:\Documents and Settings\Utente\research.zip
2008-07-05 18:28 . 2001-06-12 11:01 6,564 --------- C:\Documents and Settings\Utente\config.zip
2008-07-05 18:28 . 2001-06-12 11:01 5,884 --------- C:\Documents and Settings\Utente\paths.zip
2008-07-05 18:27 . 2008-07-05 18:27 <DIR> d-------- C:\Documents and Settings\Utente\ztst
2008-07-05 18:27 . 2008-07-05 18:27 <DIR> d-------- C:\Documents and Settings\Utente\ztat
2008-07-05 18:27 . 2008-07-05 18:27 <DIR> d-------- C:\Documents and Settings\Utente\3082
2008-07-05 18:27 . 2008-07-05 18:27 <DIR> d-------- C:\Documents and Settings\Utente\1046
2008-07-05 18:27 . 2008-07-05 18:27 <DIR> d-------- C:\Documents and Settings\Utente\1042
2008-07-05 18:27 . 2008-07-05 18:27 <DIR> d-------- C:\Documents and Settings\Utente\1041
2008-07-05 18:27 . 2008-07-05 18:27 <DIR> d-------- C:\Documents and Settings\Utente\1040
2008-07-05 18:27 . 2008-07-05 18:27 <DIR> d-------- C:\Documents and Settings\Utente\1036
2008-07-05 18:27 . 2008-07-05 18:27 <DIR> d-------- C:\Documents and Settings\Utente\1033
2008-07-05 18:27 . 2008-07-05 18:27 <DIR> d-------- C:\Documents and Settings\Utente\1031
2008-07-05 18:27 . 2008-07-05 18:27 <DIR> d-------- C:\Documents and Settings\Utente\1028
2008-07-05 18:27 . 2001-06-12 08:55 86,362,105 --------- C:\Documents and Settings\Utente\animals.zip
2008-07-05 18:27 . 2001-06-12 10:51 2,826,275 --------- C:\Documents and Settings\Utente\zoo.exe
2008-07-05 18:27 . 2001-05-10 11:15 1,112,504 --------- C:\Documents and Settings\Utente\dwdebug.exe
2008-07-05 18:27 . 2001-06-12 10:20 466,997 --------- C:\Documents and Settings\Utente\lang0.dll
2008-07-05 18:27 . 2001-05-10 11:15 161,184 --------- C:\Documents and Settings\Utente\dw.exe
2008-07-05 18:27 . 2001-06-07 13:38 118,784 --------- C:\Documents and Settings\Utente\res0.dll
2008-07-05 18:27 . 2001-03-14 14:29 53,300 --------- C:\Documents and Settings\Utente\EBUEula.dll
2008-07-05 18:27 . 2001-06-05 14:24 45,056 --------- C:\Documents and Settings\Utente\ImeUiResJpn.dll
2008-07-05 18:27 . 2001-06-05 14:24 45,056 --------- C:\Documents and Settings\Utente\ImeUiResEnu.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 15:50 --------- d-----w C:\Programmi\Microsoft Works
2008-07-11 16:36 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\LimeWire
2008-07-08 19:15 --------- d---a-w C:\Programmi\Imperivm - Le Grandi Battaglie di Roma
2008-07-05 13:15 --------- d-----w C:\Programmi\Glary Utilities
2008-07-02 14:44 --------- d-----w C:\Programmi\LimeWire
2008-07-02 13:24 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-27 11:48 155,995 ----a-w C:\WINDOWS\java\Packages\TB9NRX31.ZIP
2008-06-25 18:53 --------- d-----w C:\Programmi\ALCATEL PC Suite
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:32 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 16:58 --------- d-----w C:\Programmi\DivX
2008-05-29 12:36 --------- d-----w C:\Programmi\MKT
2008-05-26 19:56 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\HPAppData
2008-05-26 17:48 --------- d-----w C:\Programmi\MSXML 4.0
2008-05-26 17:34 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\GlarySoft
2008-05-26 17:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\MSScanAppDataDir
2008-05-24 13:10 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Leadertech
2008-05-24 13:02 --------- d-----w C:\Programmi\NovaLogic
2008-05-23 17:08 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\HP
2008-05-23 17:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\HP
2008-05-23 16:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WEBREG
2008-05-23 16:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Hewlett-Packard
2008-05-23 16:47 --------- d-----w C:\Programmi\HP
2008-05-23 16:47 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\HPSSUPPLY
2008-05-23 16:45 --------- d-----w C:\Programmi\File comuni\HP
2008-05-23 16:45 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\HP Product Assistant
2008-05-23 16:44 --------- d-----w C:\Programmi\Hewlett-Packard
2008-05-23 16:44 --------- d-----w C:\Programmi\File comuni\Hewlett-Packard
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-11 18:06 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:10 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-17 22:41 68856]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe" [2006-11-21 16:26 936960]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-13 18:08 1232152]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-07-19 18:54 245760]
"VTTimer"="VTTimer.exe" [2003-05-07 16:32 36864 C:\WINDOWS\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:14 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\AutorunsDisabled
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-17 18:18:08 113664]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2008-04-17 18:32:12 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= mtkjpeg.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-13 18:09]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-13 18:09]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-13 18:09]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 23:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-19 18:49:43 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Programmi\Glary Utilities\initialize.exe
"2008-07-18 20:39:02 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-07-19 18:31:04 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORFÇOS REMOVIDOS - - - -

ShellExecuteHooks-{E91C2855-AC7E-4ED9-B488-0F78FAE8AD2D} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-19 20:51:21
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\VEXPLITE\VIRITSVC.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WGATray.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-19 21:04:45 - machine was rebooted [Utente]
ComboFix-quarantined-files.txt 2008-07-19 19:03:43

Pre-Run: 21,834,305,536 byte disponibili
Post-Run: 21,744,234,496 byte disponibili

291 --- E O F --- 2008-07-19 08:59:39




MENTRE IL NUOVO LOG DI HIJACK E' IL SEGUENTE:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.25.32, on 19/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Utente\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1B5FDEE-6715-4AC5-A242-995DD9E4637F}: NameServer = 85.37.17.39 85.38.28.71
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 9400 bytes
Torna in alto
 
r16
Inviato: Saturday, July 19, 2008 11:36:38 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok.
pulisci, prima di tutto, gli eventuali ADS (Alternate Data Streams), quindi:
lancia Hijackthis
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
lascia la spunta alla voce Ignore safe system info streams
togli la spunta alla voce Calculate md5 checksum of streams
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Terminata la scansione, devi riavviare il sistema.


Provvedi a svuotare del suo contenuto la cartella Prefetch :

Start
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri, ed elimina tutte le voci conservate al suo interno (mi raccomando, non eliminare la cartella)
SVUOTA il CESTINO.
Consiglio: se eliminassi qualche Toolbar,il pc ti ringrazierebbe......poi installa un Firewall,ti serve.
Come và il pc?
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » potreste aiutarmi a leggere il log di hijack?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.