Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Scotty. Chi era costui ?.... Opzioni
curiosit
Inviato: Wednesday, September 17, 2008 4:07:49 AM
Rank: AiutAmico

Iscritto dal : 11/22/2001
Posts: 545
Siete tutti, sempre, tremendamente gentili e disponibili. Vi ringrazio moltissimo.
Di seguito allego i due LOG (HijackThis e Combo) ma, con l'occasione segnalo che, mentre Combo componeva il suo LOG, si è aperta la solita finestra che mi chiedeva di autorizzare il cambio del solito file: regedit.exe %1 %*, associato al sistema operativo Microsoft Windows- Microsoft corporation.
Il bello è che il "prima" e il "dopo" mostrati sono assolutamente identici. L'ho guardato più volte.
Poi si è aperta un'altra finestra per proporre un cambio di un file HOST al System 32.
Nell'ignoranza ho, come le volte precedenti, negato il cambiamento. Ma, tanto, continuerà a ripropormeli!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3.42.49, on 17/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\Acer\Empowering Technology\admServ.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmi\Acer\Acer Arcade\PCMService.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\Acronis\TrueImageEnterprise\TrueImageMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\My Lockbox\flockbox.exe
C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\explorer.exe
C:\Programmi scaricati\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "c:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageEnterprise\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [flockbox] C:\Programmi\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - c:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - c:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 9130 bytes



--------------------------------------------------------



ComboFix 08-09-15.02 - mino 2008-09-17 3.24.15.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.161 [GMT 2:00]
Eseguito da: C:\Documents and Settings\mino\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\pthreadVC.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2008-08-17 al 2008-09-17 )))))))))))))))))))))))))))))))))))
.

2008-09-14 17:08 . 2008-09-14 17:09 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-09-08 20:46 . 2008-09-08 20:46 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-08 20:45 . 2008-09-08 20:46 <DIR> d-------- C:\Programmi\Microsoft.NET
2008-09-08 20:42 . 2008-09-08 20:42 <DIR> dr-h----- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 09:32 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-16 16:46 --------- d-----w C:\Programmi\BillP Studios
2008-08-16 16:46 --------- d-----w C:\Documents and Settings\mino\Dati applicazioni\WinPatrol
2008-08-08 12:08 286,720 ----a-w C:\WINDOWS\iun506.exe
2008-08-06 10:54 --------- d-----w C:\Programmi\Malwarebytes' Anti-Malware
2008-08-06 10:54 --------- d-----w C:\Documents and Settings\mino\Dati applicazioni\Malwarebytes
2008-08-06 10:54 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-08-05 22:58 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-07-29 17:08 --------- d-----w C:\Programmi\Yahoo!
2008-07-23 23:10 --------- d-----w C:\Programmi\K-Lite Codec Pack
2008-07-22 18:40 --------- d-----w C:\Programmi\My Lockbox
2008-07-21 11:24 --------- d-----w C:\Programmi\Java
2008-07-21 11:24 --------- d-----w C:\Programmi\File comuni\Java
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-07-03 10:03 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 114688]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PCMService"="C:\Programmi\Acer\Acer Arcade\PCMService.exe" [2005-08-22 147456]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 344064]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-07-15 196608]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-07-15 2985472]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2005-08-10 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-08-16 368640]
"ADMTray.exe"="c:\Acer\Empowering Technology\admtray.exe" [2005-07-21 3564032]
"00PCTFW"="C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2007-12-31 2594712]
"TrueImageMonitor.exe"="C:\Programmi\Acronis\TrueImageEnterprise\TrueImageMonitor.exe" [2005-02-15 785047]
"Acronis Scheduler2 Service"="C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2005-02-15 98304]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"flockbox"="C:\Programmi\My Lockbox\flockbox.exe" [2007-12-14 1071472]
"WinPatrol"="C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 333120]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 C:\WINDOWS\RTHDCPL.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-07-19 11978]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-01-04 218520]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2008-01-04 40856]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2008-01-04 18328]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 78208]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2004-06-07 5035]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2005-06-14 480512]
Stop Pending2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Invia a &Bluetooth - c:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 03:29:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
"ImagePath"="\"C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00\00«Ô’|\00\00\00\00\00\00\00\00\00\00\00\00l\00\00\00\00\00
[\02pè\13\00pè\13\00\18î‘|Ð\0fc\02ð\18f\02m\05’|æ\1b€|"

.
--------------------- DLLs Carregadas Sob os Processos em Execu‡Æo ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2008-09-17 3:31:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-17 01:31:36

Pre-Run: 19,133,071,360 byte disponibili
Post-Run: 19,138,215,936 byte disponibili

182 --- E O F --- 2008-09-09 18:20:30







Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.