Ciao di nuovo, sono nuovo del forum, vi chiedo un grosso aiuto. Ho beccato questo virus rilevato da Avira --TR/Dropper gen
Dopo aver letto le varie discusioni inerenti al virus TR/Dropper gen ho fatto tutto quello che era possibile.
Il mio virus si trova in C:\ Documents and setting\Al User\Dati applicazioni\ Avira\AntiVir Desktop\ Temp\ e sono la cartella AVSCAN-20101202-16070-2191CA4B che è vuota e poi la cartella AVSCAN-20101202 -185855 -1979CB4D dove dentro vi è ARK6. tmp che poi si trasforma ARK13.tmp e non riesco ad eliminarla.
provato in tutti i modi anche con killbox.
Non posso formattare il PC. allego
hijackthis.txt e poi il
comboFixLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.09.47, on 03/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\LiveOperator\LiveOperator.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=74005R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 10\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1139725498-3411232994-486013252-1632\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1139725498-3411232994-486013252-1632\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1139725498-3411232994-486013252-1909\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1139725498-3411232994-486013252-1909\..\Run: [Miscorosft Updates] C:\RESTORE\c-1-3-64-8794238531-8742492-9897532\Sys32.exe (User '?')
O4 - HKUS\S-1-5-21-1139725498-3411232994-486013252-1909\..\Run: [Google Update] "C:\Documents and Settings\alepore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-1139725498-3411232994-486013252-1909\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-21-1139725498-3411232994-486013252-5500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1139725498-3411232994-486013252-5542\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1139725498-3411232994-486013252-5581\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1855513250-1475990482-915804758-1011\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1855513250-1475990482-915804758-1016\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1855513250-1475990482-915804758-1022\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1855513250-1475990482-915804758-1024\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: LiveOperator.LNK = C:\LiveOperator\LiveOperator.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{3687557A-6974-4697-AE56-678614AAFE16}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{3687557A-6974-4697-AE56-678614AAFE16}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{3687557A-6974-4697-AE56-678614AAFE16}: NameServer = 208.67.222.222,208.67.220.220
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
--
End of file - 9466 bytes
comboFixComboFix 10-11-30.08 - angeli 03/12/2010 15.00.53.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1598 [GMT 1:00]
Eseguito da: c:\documents and settings\angeli\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Creati Da 2010-11-03 al 2010-12-03 )))))))))))))))))))))))))))))))))))
.
2010-12-03 13:09 . 2010-12-03 13:09 -------- d-----w- c:\programmi\Trend Micro
2010-12-03 13:00 . 2010-12-03 13:00 -------- d-----w- c:\documents and settings\angeli\Dati applicazioni\Uniblue
2010-12-03 13:00 . 2010-12-03 13:00 -------- d-----w- c:\documents and settings\angeli\Impostazioni locali\Dati applicazioni\PackageAware
2010-12-02 17:39 . 2010-12-02 17:39 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-12-02 17:38 . 2010-12-02 17:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2010-12-02 15:06 . 2010-12-02 17:22 -------- d-----w- c:\programmi\Trojan Dropper . Small Removal Tool
2010-12-02 13:12 . 2010-12-02 13:12 -------- d-----w- c:\documents and settings\angeli\Dati applicazioni\Simply Super Software
2010-12-02 12:59 . 2010-12-02 14:48 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-12-01 07:50 . 2010-12-01 07:50 -------- d-----w- c:\windows\system32\KB905474
2010-12-01 02:03 . 2010-12-01 02:13 -------- d-----w- c:\windows\ie8updates
2010-11-30 12:56 . 2010-11-30 12:56 -------- d-----w- c:\programmi\MSXML 4.0
2010-11-30 11:15 . 2010-11-30 11:15 -------- d-----w- c:\programmi\CCleaner
2010-11-30 09:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-30 09:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-30 09:57 . 2009-10-15 16:29 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-11-30 09:57 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-11-30 09:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-30 09:57 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-30 09:56 . 2010-09-10 05:49 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-11-30 09:56 . 2010-09-10 05:49 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-30 09:56 . 2010-09-10 05:49 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-30 09:52 . 2009-11-21 15:54 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-30 09:52 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-11-30 09:51 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-30 09:36 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-11-30 09:31 . 2010-11-30 09:31 -------- d-----w- c:\programmi\File comuni\Adobe
2010-11-30 09:29 . 2010-08-16 08:44 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-30 09:02 . 2010-11-30 09:06 -------- d-----w- C:\abc
2010-11-29 11:46 . 2010-11-29 11:46 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-11-29 10:56 . 2010-12-02 18:11 -------- d-----w- c:\windows\system32\NtmsData
2010-11-29 08:33 . 2010-11-29 08:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2006-04-23 22:08 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-04-23 22:08 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-04-23 22:08 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-04-23 22:08 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:49 . 2006-04-23 22:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49 . 2006-04-23 22:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49 . 2006-04-23 22:08 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-02 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
c:\documents and settings\angeli\Menu Avvio\Programmi\Esecuzione automatica\
LiveOperator.LNK - c:\liveoperator\LiveOperator.exe [2006-10-27 8048640]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2008-9-1 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1139725498-3411232994-486013252-1909\Scripts\Logon\0\0]
"Script"=AvvisoScadenzaUser.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1139725498-3411232994-486013252-1909\Scripts\Logon\0\1]
"Script"=IE7RunOnce.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1139725498-3411232994-486013252-1909\Scripts\Logon\0\2]
"Script"=DesktopExe.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1139725498-3411232994-486013252-4268\Scripts\Logon\0\0]
"Script"=AvvisoScadenzaUser.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1139725498-3411232994-486013252-5500\Scripts\Logon\0\0]
"Script"=AvvisoScadenzaUser.vbs
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\LiveOperator\\Ishsrv.exe"=
"c:\\LiveOperator\\ishview.exe"=
"c:\\LiveOperator\\livecarecttApp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 NHostNT1;NetOp Driver 1 ver. 8.00 (2005271);c:\windows\system32\drivers\NHOSTNT1.SYS [01/09/2008 10.17.29 65808]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [02/12/2010 18.39.21 76696]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [02/02/2010 13.44.39 135664]
S3 NHOSTNT3;NetOp Driver 3 ver. 8.00 (2005271) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [01/09/2008 10.17.29 3216]
S4 NetOp Host for NT Service;NetOp Helper ver. 8.00 (2005271);"c:\progetti\NETOPHOST\HOST\NHOSTSVC.EXE" --> c:\progetti\NETOPHOST\HOST\NHOSTSVC.EXE [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
donqvipaq
.
Contenuto della cartella 'Scheduled Tasks'
2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-02 12:44]
2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-02 12:44]
2010-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1139725498-3411232994-486013252-1909Core.job
- c:\documents and settings\alepore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-07-26 10:05]
2010-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1139725498-3411232994-486013252-1909UA.job
- c:\documents and settings\alepore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-07-26 10:05]
2010-12-03 c:\windows\Tasks\User_Feed_Synchronization-{586F06E6-B807-4DEE-B11D-FE71245F79E8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
2010-12-03 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-12-01 21:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: {3687557A-6974-4697-AE56-678614AAFE16} = 208.67.222.222,208.67.220.220
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-12-03 15:03
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(17372)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-12-03 15:04:02
ComboFix-quarantined-files.txt 2010-12-03 14:04
ComboFix2.txt 2010-12-02 17:19
Pre-Run: 237.352.071.168 byte disponibili
Post-Run: 237.336.498.176 byte disponibili
- - End Of File - - 263388EF7F4815999BE2FA146DEEBD2F
vi ringrazio in anticipo
