Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi controllate il log di hijack

2 pages: [1] 2
mi controllate il log di hijack Opzioni
Topic Precedente · Topic Sucessivo
ares86
Inviato: Thursday, July 09, 2009 1:28:43 PM
Rank: Member

Iscritto dal : 7/9/2009
Posts: 12


non mi è possibile aprire nessun .exe e qualsiasi porgramma risulta bloccato per mancanza di autorizzazione ho eseguito hijack e questo è il log....dategli una controllata e se potete farmi sapere quali sono i file da eliminare....grazie e ciao


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.16.28, on 09/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\VIA\RAID\vialogsv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Programmi\AVG\AVG8\avgscanx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
G:\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60429
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60429
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60429
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60429
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60429
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programmi\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229591093046
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Programmi\VIA\RAID\vialogsv.exe

--
End of file - 8097 bytes
Torna in alto
 
Sponsor
Inviato: Thursday, July 09, 2009 1:28:43 PM

 
Torna in alto
 
shapiro
Inviato: Thursday, July 09, 2009 4:47:27 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

disinstalla da pannello di controllo la Ask Toolbar, e' solo una porta aperta per spyware ed altre schifezze

fai una scansione con malwarebytes

http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.

per ora non rimuovere niente


quando avrai finito posta il log e postami un nuovo hjt per completare le pulizie
Torna in alto
 
ares86
Inviato: Thursday, July 09, 2009 5:03:04 PM
Rank: Member

Iscritto dal : 7/9/2009
Posts: 12
ok ora faccio tutto e poi ti posto di nuovo quello che mi esce....ti ringrazio
Torna in alto
 
ares86
Inviato: Thursday, July 09, 2009 7:08:11 PM
Rank: Member

Iscritto dal : 7/9/2009
Posts: 12
ho eseguito la scansione con l'antimalaware e mi ha rilevato 3 file sospetti che ho corretto visto che evidentemente erano quelli che creavano problemi, però il problema persiste e non mi fa accedere a nessuna applicazione ripetendomi sempre l'errore che ti ho detto prima....ho effettuato un altra analisi con hijack e ho il rapporto di malawarebytes prima dalla pulizia dei file.
grazie ti posto tutto qui

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.01.44, on 09/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\VIA\RAID\vialogsv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wuauclt.exe
G:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60429
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60429
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60429
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60429
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60429
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programmi\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229591093046
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Programmi\VIA\RAID\vialogsv.exe

--
End of file - 8120 bytes
Torna in alto
 
shapiro
Inviato: Thursday, July 09, 2009 7:59:30 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
avresti dovuto postarmi il risultato di malwarebytes

vedi se riesci a recuperarlo - apri il programma, scegli in alto ''file di log'' , clicca sulla scansione controllando la data e l'ora in cui e' stata fatta e copia in blocco note



Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe


Scarica ed installa CCleaner: clicca qui per il download

http://blog.aiutamici.com/post/2009/06/16/CCleaner-220920-nuove-funzionalita.aspx
Una volta installato configuralo in questo modo:
lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi clicca su:
Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
alla voce Pulizia, nella sezione Avanzate spunta le voci Vecchi dati Prefetch e Disinstallatori aggiornamenti di WinUpdate
nel menu a sinistra, clicca sulla voce Pulizia
clicca su tasto Avvia pulizia per eseguire la scansione
finita la scansione, sempre nel menu a sinistra, clicca sulla voce Registro e spunta tutte le voci comprese nella sezione meno la voce estensioni file non usate
clicca sul tasto Trova problemi ed avvia una scansione
al termine della scansione clicca sulla voce Ripara selezionati e prosegui con la riparazione (questo ultimo passaggio ripetilo più volte, fino a quando non verranno rilevati più problemi da correggere)

scarica questo file .bat - eseguilo (dura pochi secondi)


http://wikisend.com/download/893078/1.bat

In C dovresti trovare i file .txt da 1 a 10 o perlomeno quelli che sono stati individuati, Inseriscili tutti in una cartella .zip e allegali a un post.
Torna in alto
 
ares86
Inviato: Thursday, July 09, 2009 8:44:44 PM
Rank: Member

Iscritto dal : 7/9/2009
Posts: 12
Ti posto il risultato di malawarebytes intanto, poi ti tengo aggiornato appena faccio quello che mi hai detto

Malwarebytes' Anti-Malware 1.38
Versione del database: 2398
Windows 5.1.2600 Service Pack 3

09/07/2009 18.53.24
mbam-log-2009-07-09 (18-53-14).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 254400
Tempo trascorso: 1 hour(s), 9 minute(s), 4 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 3

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
c:\documents and settings\UTENTE\Desktop\IMG0007876581176314-JPEG.EXE (Backdoor.Bot) -> No action taken.
c:\documents and settings\UTENTE\impostazioni locali\dati applicazioni\Mozilla\Firefox\Profiles\o8omncd2.default\Cache\841B1175d01 (Backdoor.Bot) -> No action taken.
c:\documents and settings\UTENTE\impostazioni locali\dati applicazioni\Mozilla\Firefox\Profiles\o8omncd2.default\Cache\BD1B1175d01 (Backdoor.Bot) -> No action taken.
Torna in alto
 
ares86
Inviato: Thursday, July 09, 2009 10:20:39 PM
Rank: Member

Iscritto dal : 7/9/2009
Posts: 12
non so come si allega l'archivio quindi te ne posto uno x volta....scusa

FILE1:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\\Programmi\\Analog Devices\\SoundMAX\\SMTray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"kX Mixer"="C:\\WINDOWS\\system32\\kxmixer.exe --startup"
"NeroFilterCheck"="C:\\Programmi\\File comuni\\Nero\\Lib\\NeroCheck.exe"
"NBKeyScan"="\"C:\\Programmi\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""
"SpywareTerminator"="\"C:\\Programmi\\Spyware Terminator\\SpywareTerminatorShield.exe\""
"COMODO SafeSurf"="\"C:\\Programmi\\COMODO\\SafeSurf\\cssurf.exe\" -s"
"COMODO Firewall Pro"="\"C:\\Programmi\\COMODO\\Firewall\\cfp.exe\" -h"
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
"QuickTime Task"="\"C:\\Programmi\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programmi\\iTunes\\iTunesHelper.exe\""

FILE2:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programmi\\File comuni\\Nero\\Lib\\NMBgMonitor.exe\""
"msnmsgr"="\"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
"BitTorrent DNA"="\"C:\\Programmi\\DNA\\btdna.exe\""

FILE3:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programmi\\File comuni\\Nero\\Lib\\NMBgMonitor.exe\""
"msnmsgr"="\"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
"BitTorrent DNA"="\"C:\\Programmi\\DNA\\btdna.exe\""

FILE4:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\\WINDOWS\\system32\\guard32.dll C:\\WINDOWS\\system32\\cssdll32.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"LoadAppInit_DLLs"=dword:00000001

FILE5:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

FILE6:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=dword:00000001
"DefaultDomainName"="UTENTE-FBF39387"
"DefaultUserName"="UTENTE"
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PowerdownAfterShutdown"="0"
"ReportBootOk"="1"
"Shell"="Explorer.exe"
"ShutdownWithoutLogon"="0"
"System"=""
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"SfcQuota"=dword:ffffffff
"allocatecdroms"="0"
"allocatedasd"="0"
"allocatefloppies"="0"
"cachedlogonscount"="10"
"forceunlocklogon"=dword:00000000
"passwordexpirywarning"=dword:0000000e
"scremoveoption"="0"
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=hex(2):6c,00,6f,00,67,00,6f,00,6e,00,75,00,69,00,2e,00,65,00,78,00,65,\
00,00,00
"LogonType"=dword:00000001
"Background"="0 0 0"
"DebugServerCommand"="no"
"SFCDisable"=dword:00000000
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
"ShowLogonOptions"=dword:00000000
"AltDefaultUserName"="UTENTE"
"AltDefaultDomainName"="UTENTE-FBF39387"
"ChangePasswordUseKerberos"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Senza fili"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=hex(2):66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,\
6c,00,00,00
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=hex(7):28,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,\
00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,2c,00,41,00,70,00,\
70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,29,00,00,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Quota disco Microsoft"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=hex(2):64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="Utilità di pianificazione pacchetti QoS"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Script"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Mapping aree Internet Explorer"
"DllName"=hex(2):69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=hex(2):69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,00,64,00,\
6c,00,6c,00,00,00
@="Personalizzazione Internet Explorer"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@="802.3 Group Policy"
"DisplayName"=hex(2):40,00,64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,\
00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=hex(2):64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,00,74,00,\
2e,00,64,00,6c,00,6c,00,00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
00,73,00,63,00,75,00,69,00,2e,00,64,00,6c,00,6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Installazione software"
"DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\
74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,29,00,00,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="Protezione IP"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
"DLLName"="avgrsstx.dll"
"Startup"="AvgStartup"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
"Asynchronous"=dword:00000001
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\
00,69,00,6d,00,73,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,00,00,00
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
"InstallEvent"="1.9.0040.0"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
@=""
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,9d,f9,52,d8,ed,1d,83,42,b8,7a,0c,0e,39,dd,69,38,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,d7,df,7e,56,9a,fa,55,b4,\
85,b3,7c,c7,00,c0,a5,e8,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,b9,\
54,ff,74,8a,19,1d,93,c3,d2,d2,4f,eb,0f,bb,ae,b0,01,00,00,96,ad,a1,64,99,a4,\
50,98,47,4c,4a,35,3d,9f,c5,a3,e8,5e,b1,03,fe,99,b0,83,58,56,56,35,f9,20,7f,\
22,c3,08,6f,99,be,83,e4,38,40,12,c9,78,c2,33,48,7b,09,cc,75,9b,94,ad,97,84,\
75,86,96,8b,30,9c,f4,7c,d8,d6,47,c1,74,fe,f8,fa,10,2d,24,eb,fc,32,bd,55,6e,\
6e,ad,9f,d3,c1,59,f8,c4,42,85,81,68,18,f6,9a,81,03,e1,8d,fc,4f,6b,50,6d,67,\
74,bd,71,40,2b,45,84,6b,c0,e4,a3,9c,ae,5d,6d,21,7d,bd,28,18,29,51,b3,6a,1a,\
4f,09,69,cd,72,74,ef,d0,87,19,0e,e7,a9,8a,8e,15,b2,98,22,3f,00,4d,76,6c,60,\
96,33,e5,c5,a8,45,86,77,72,a9,f4,0f,39,00,51,ef,45,5a,ff,d6,1d,c9,f3,33,42,\
21,97,49,02,ce,87,7f,f1,a2,25,3a,ee,6d,56,48,3a,0a,2d,7b,2d,f4,bb,57,1b,e4,\
2d,72,6a,d4,0f,e8,94,9f,0a,40,c6,30,fd,e5,dc,4e,0c,9a,93,6e,c2,62,1b,55,6e,\
a4,d2,10,7f,ef,c1,8c,88,be,8c,13,c4,23,28,a3,e0,af,d7,41,eb,c7,fa,ad,d3,3d,\
f5,5a,4c,7d,06,f1,e9,99,96,c0,81,9e,da,4c,b3,e8,12,5b,2e,2b,ff,b5,91,f0,ff,\
71,f0,09,b5,7d,f4,df,2b,2c,49,3d,bb,58,db,9e,34,7a,17,d8,f5,dc,b0,04,eb,ce,\
71,22,aa,67,d9,2b,fb,bf,d0,9f,09,25,25,8e,5d,08,14,9e,87,71,2a,7e,9b,7d,f8,\
9e,ca,7c,7b,c8,8d,51,ae,d2,35,9e,da,6c,4d,ee,53,a8,41,0f,0b,f7,c4,19,0e,08,\
91,d4,ce,ce,96,2a,99,4a,b3,e2,ab,84,75,d5,40,1d,df,84,64,54,4f,0c,73,33,1c,\
86,e0,0e,fa,73,68,36,58,b5,38,2d,98,98,3a,f3,b2,0a,d5,ca,9e,8d,e7,9b,bf,fb,\
94,d0,91,e0,9d,1b,25,28,a8,50,55,a9,98,69,b7,da,32,53,70,50,65,d6,58,b1,04,\
8c,14,00,00,00,53,02,95,26,be,46,7c,ec,e6,1a,04,d5,59,92,f6,be,ad,4e,2a,e1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

FILE8:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
@=""
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]


File9:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\italian\\setup.exe"="C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\italian\\setup.exe:*:Enabled:Kaspersky Anti-Virus 2009 Setup"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"="C:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe:*:Enabled:eMule"
"D:\\Programmi\\Sports Interactive\\Football Manager 2009\\fm.exe"="D:\\Programmi\\Sports Interactive\\Football Manager 2009\\fm.exe:*:Enabled:Football Manager 2009"
"C:\\Programmi\\Messenger\\msmsgs.exe"="C:\\Programmi\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Programmi\\Lphant\\eLePhantClient.exe"="D:\\Programmi\\Lphant\\eLePhantClient.exe:*:Enabled:Lphant"
"C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"="C:\\Programmi\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"="C:\\Programmi\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"="C:\\Programmi\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"D:\\Programmi\\mIRC\\mirc.exe"="D:\\Programmi\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Programmi\\Lphant Applications\\Lphant\\Lphant.exe"="C:\\Programmi\\Lphant Applications\\Lphant\\Lphant.exe:*:Enabled:Lphant"
"C:\\Programmi\\DNA\\btdna.exe"="C:\\Programmi\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Programmi\\BitTorrent\\bittorrent.exe"="C:\\Programmi\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"="C:\\Programmi\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"="C:\\Programmi\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

FILE10:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
Torna in alto
 
shapiro
Inviato: Friday, July 10, 2009 10:38:58 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
sto' controllando il report

per favore fai una nuova scansione con malwarebytes dopo averlo aggiornato e posta il log che rilascia
Torna in alto
 
ares86
Inviato: Saturday, July 11, 2009 3:16:27 PM
Rank: Member

Iscritto dal : 7/9/2009
Posts: 12
ecco qui il nuovo report del malware

Malwarebytes' Anti-Malware 1.38
Versione del database: 2406
Windows 5.1.2600 Service Pack 3

11/07/2009 15.11.09
mbam-log-2009-07-11 (15-11-09).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 247214
Tempo trascorso: 1 hour(s), 5 minute(s), 1 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
ares86
Inviato: Sunday, July 12, 2009 2:23:40 PM
Rank: Member

Iscritto dal : 7/9/2009
Posts: 12
comunque qui il problema persiste... eppure nessun malaware trovato,..
che dici di fare?
grazie ancora dell'aiuto
Torna in alto
 
shapiro
Inviato: Sunday, July 12, 2009 2:44:16 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
controlliamo piu' a fondo


se c'e' qualche minaccia ben nascosta verra' fuori

_______


volevo chiederti una cosa

controlla se nella cartella System32 hai il file rundll32.exe


______________

esegui queste due scansioni



scarica http://www.gmer.net/files.php

Eseguilo, clicca su >>> e poi su "autostart" - "scan" - "copy" - apri un nuovo file di testo - incolla e salva il file.
Poi,clicca su "rootkit" - "scan" - "copy" - apri un nuovo file di testo - incolla e salva il file.
Posta anche questi due rapporti



disattiva il tuo antivirus


esegui una scansione con

http://downloads1.kaspersky-labs.com/devbuilds/AVPTool/

Crea una cartella sul Desktop e salvaci al suo interno il file che andrai a scaricare
lancia il tool
imposta le aree che vuoi scansionare
attendere.....al termine della scansione sarà possibile rimuovere e/o mettere in quarantena i file infetti rilevati
Salva il log che verrà rilasciato e postalo sul forum

Fai il copia\incolla solo dei file infetti(il report sarebbe troppo pesante)



Torna in alto
 
ares86
Inviato: Monday, July 13, 2009 6:20:46 PM
Rank: Member

Iscritto dal : 7/9/2009
Posts: 12
TI POSTO IL LOG DEL PRIMO PROGRAMMA CHE MI HAI DETTO DI USARE E CI HA MESSO TUTTA LA NOTTE A SCANNERIZZARE E LA SCANSIONE CON L'ANTOVIRUS NN HA RILEVATO NULLA

GMER 1.0.15.14972 - http://www.gmer.net
Autostart scan 2009-07-12 19:14:54
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
avgrsstarter@DLLName = avgrsstx.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
avg8emc@ = C:\PROGRA~1\AVG\AVG8\avgemc.exe
avg8wd@ = C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Bonjour Service@ = C:\Programmi\Bonjour\mDNSResponder.exe
cmdAgent@ = "C:\Programmi\COMODO\Firewall\cmdagent.exe"
Nero BackItUp Scheduler 3@ = C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SoundMAX Agent Service (default)@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
sp_rssrv@ = "C:\Programmi\Spyware Terminator\sp_rsser.exe"
VRAID Log Service@ = C:\Programmi\VIA\RAID\vialogsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SmappC:\Programmi\Analog Devices\SoundMAX\SMTray.exe = C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@kX MixerC:\WINDOWS\system32\kxmixer.exe --startup = C:\WINDOWS\system32\kxmixer.exe --startup
@NeroFilterCheckC:\Programmi\File comuni\Nero\Lib\NeroCheck.exe = C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
@NBKeyScan"C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" = "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
@SpywareTerminator"C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" = "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
@COMODO SafeSurf"C:\Programmi\COMODO\SafeSurf\cssurf.exe" -s = "C:\Programmi\COMODO\SafeSurf\cssurf.exe" -s
@COMODO Firewall Pro"C:\Programmi\COMODO\Firewall\cfp.exe" -h = "C:\Programmi\COMODO\Firewall\cfp.exe" -h
@AVG8_TRAYC:\PROGRA~1\AVG\AVG8\avgtray.exe = C:\PROGRA~1\AVG\AVG8\avgtray.exe
@QuickTime Task"C:\Programmi\QuickTime\QTTask.exe" -atboottime = "C:\Programmi\QuickTime\QTTask.exe" -atboottime
@iTunesHelper"C:\Programmi\iTunes\iTunesHelper.exe" = "C:\Programmi\iTunes\iTunesHelper.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce >>>
@Malwarebytes' Anti-MalwareC:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent /*file not found*/ = C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent /*file not found*/
@Malwarebytes Anti-Malware (reboot)"C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript = "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@CTFMON.EXE = C:\WINDOWS\system32\CTFMON.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} /*NeroCoverEd Live Icons*/C:\Programmi\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll = C:\Programmi\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Nero\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Nero\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Nero\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Nero\Lib\NeroDigitalExt.dll
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/C:\Programmi\Spyware Terminator\sptcontmenu.dll = C:\Programmi\Spyware Terminator\sptcontmenu.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG8 Shell Extension*/C:\Programmi\AVG\AVG8\avgse.dll = C:\Programmi\AVG\AVG8\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG8 Find Extension*/(null) =
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG8 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\AVG\AVG8\avgse.dll
Cover Designer@{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} = C:\Programmi\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = C:\Programmi\Spyware Terminator\sptcontmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{100BD527-7304-4b7f-BEE2-26D97B04EBA4} = C:\Programmi\Nero\Nero8\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG8 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\AVG\AVG8\avgse.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Programmi\Malwarebytes' Anti-Malware\mbamext.dll
SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = C:\Programmi\Spyware Terminator\sptcontmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{100BD527-7304-4b7f-BEE2-26D97B04EBA4} = C:\Programmi\Nero\Nero8\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}C:\Programmi\Crawler\Toolbar\ctbr.dll = C:\Programmi\Crawler\Toolbar\ctbr.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = %SystemRoot%\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
linkscanner@CLSID = C:\Programmi\AVG\AVG8\avgpp.dll
livecall@CLSID = C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
tbr@CLSID = C:\Programmi\Crawler\Toolbar\ctbr.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Programmi\Bonjour\mdnsNSP.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.15 ----



GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-13 11:29:51
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwClose [0xF75BCAF8]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreateKey [0xF75BCAB0]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF75B0B00]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF75B1388]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF75BCBF0]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xF75BCA74]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF75B13A8]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xF75BCB46]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF75BC390]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 100 804E275C 2 Bytes [00, 0B] {ADD [EBX], CL}
.text ntoskrnl.exe!_abnormal_termination + 103 804E275F 1 Byte [F7]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[268] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[268] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[268] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[268] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[268] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[268] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[268] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[268] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[268] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [1B, 98]
.text C:\WINDOWS\system32\winlogon.exe[268] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[268] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[312] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[312] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[312] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[312] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[312] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[312] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[312] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[312] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[312] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [1B, 98]
.text C:\WINDOWS\system32\services.exe[312] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[312] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[324] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[324] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[324] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[324] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[324] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[324] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[324] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[324] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[324] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [1B, 98]
.text C:\WINDOWS\system32\lsass.exe[324] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[324] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[476] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[476] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[476] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[476] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[476] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[476] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[476] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[476] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[476] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [1B, 98]
.text C:\WINDOWS\system32\svchost.exe[476] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[476] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[536] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[536] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[536] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[536] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[536] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[536] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[536] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[536] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[536] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [1B, 98]
.text C:\WINDOWS\system32\svchost.exe[536] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[536] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[580] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[580] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[580] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[580] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [1B, 98]
.text C:\WINDOWS\system32\svchost.exe[580] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[580] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[856] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[856] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[856] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[856] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[856] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[856] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [1B, 98]
.text C:\WINDOWS\Explorer.EXE[856] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[856] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[856] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[856] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[856] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text G:\e3x925v2.exe[1116] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text G:\e3x925v2.exe[1116] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text G:\e3x925v2.exe[1116] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text G:\e3x925v2.exe[1116] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text G:\e3x925v2.exe[1116] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text G:\e3x925v2.exe[1116] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [1B, 98]
.text G:\e3x925v2.exe[1116] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text G:\e3x925v2.exe[1116] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text G:\e3x925v2.exe[1116] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text G:\e3x925v2.exe[1116] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text G:\e3x925v2.exe[1116] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[1212] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[1212] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[1212] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[1212] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[1212] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[1212] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [1B, 98]
.text C:\WINDOWS\system32\NOTEPAD.EXE[1212] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[1212] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[1212] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[1212] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[1212] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 898C83E8
Device \FileSystem\Fastfat \FatCdrom 893451C8
Device \FileSystem\Udfs \UdfsCdRom 89348298
Device \FileSystem\Udfs \UdfsDisk 89348298
Device \Driver\Cdrom \Device\CdRom0 895590F8
Device \Driver\Cdrom \Device\CdRom1 895590F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8955C9A8
Device \Driver\atapi \Device\Ide\IdePort0 8955C9A8
Device \Driver\atapi \Device\Ide\IdePort1 8955C9A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8955C9A8
Device \FileSystem\Npfs \Device\NamedPipe 8956DA58
Device \FileSystem\Msfs \Device\Mailslot 89558948
Device \Driver\a347scsi \Device\Scsi\a347scsi1 89571748
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 89571748
Device \FileSystem\Fastfat \Fat 893451C8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 894E0888
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 894E0888
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 894E0888
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 894E0888
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 894E0888
Device \FileSystem\Cdfs \Cdfs 89486E98

---- Modules - GMER 1.0.15 ----

Module _________ F7473000-F748B000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej40 0x09 0xF4 0x02 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej41 0xB8 0xF4 0x02 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej42 0xB8 0xF4 0x02 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej43 0xB8 0xF4 0x02 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej44 0xB8 0xF4 0x02 0x08 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120%
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120%

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\LastGood 0 bytes
File C:\WINDOWS\LastGood\INF 0 bytes
File C:\WINDOWS\LastGood\INF\oem20.inf 0 bytes
File C:\WINDOWS\LastGood\INF\oem20.PNF 0 bytes
File C:\WINDOWS\LastGood\system32 0 bytes
File C:\WINDOWS\LastGood\system32\DRIVERS 0 bytes
File C:\WINDOWS\LastGood\system32\DRIVERS\69193838.sys 148496 bytes executable

---- EOF - GMER 1.0.15 ----
Torna in alto
 
shapiro
Inviato: Monday, July 13, 2009 6:33:58 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
hai controllato se nella cartella System32 hai il file rundll32.exe ?
Torna in alto
 
ares86
Inviato: Monday, July 13, 2009 7:44:50 PM
Rank: Member

Iscritto dal : 7/9/2009
Posts: 12
effettivamente non c'è.... ecco trovato il problema. come mi comporto?mi servono i cd di windows per forza?
Torna in alto
 
shapiro
Inviato: Monday, July 13, 2009 7:56:12 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
infatti il tuo problema e' proprio la mancanza di quel file

si serve il cd di windows.....oppure se hai il sp3 li preleviamo da li' con la procedura standard
Torna in alto
 
ares86
Inviato: Tuesday, July 14, 2009 12:42:36 PM
Rank: Member

Iscritto dal : 7/9/2009
Posts: 12
credo prorpio di si xkè windows è originale quindi dovrei averlo il sp3 come faccio a vedere se c'è?? grazie
Torna in alto
 
shapiro
Inviato: Tuesday, July 14, 2009 1:08:01 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
prendi il cd originale di windows e ti dico cosa fare

il percorso per raggiungere il sp3 e' questo

c:\windows\servicepackfiles\i386\.....
Torna in alto
 
ares86
Inviato: Tuesday, July 14, 2009 2:51:53 PM
Rank: Member

Iscritto dal : 7/9/2009
Posts: 12
ottimo ti ringrazio
Torna in alto
 
shapiro
Inviato: Tuesday, July 14, 2009 7:56:09 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
non toccare i file nella cartella del service pack

dobbiamo eseguire la procedura per ripristinare il file rundll32.exe
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi controllate il log di hijack


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.