Invio log per controllo - Sicurezza VIRUS - Aiutamici Forum

Aiutamici Forum

Benvenuto Ospite

Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Invio log per controllo

Invio log per controllo

Opzioni

Topic Precedente · Topic Sucessivo

ppaola

Inviato: Sunday, October 11, 2009 4:44:03 PM

Rank: Member

Iscritto dal : 1/2/2005
Posts: 11

Ciao a tutti,
vorrei inviarvi i miei log per controllo dato che da un pò di tempo il mio computer si è notevolmente rallentato, quando cerco di intallare dei programmi immancabilmente mi và in errore, mi parte una scansione automatica ogni volta che vado in internet oppure vengo dirottata su dei siti da me non richiesti per ultimo mi arriva tanta posta spazzatura che non riesco a bloccare (anche con il mio stesso indirizzo di posta elettronica).
Per cercare di risolvere il problema non faccio altro che peggiorare la situazione installando vari programmi che poi non riesco più a disistallare o a disistallare completamente.
Potete aiutarmi per favore?????? ve ne sarei grata.
Grazie

p.s. non è molto che mi hanno formattato tutto

Sponsor

Inviato: Sunday, October 11, 2009 4:44:03 PM

ppaola

Inviato: Sunday, October 11, 2009 4:46:35 PM

Rank: Member

Iscritto dal : 1/2/2005
Posts: 11

Scusate mi sono dimenticata i log che allego:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.24.25, on 11/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Programmi\PHPNukeIT\tbPHP1.dll
O2 - BHO: (no name) - {05647034-1833-4EF0-AD7E-D6603C152BFe} - C:\WINDOWS\System32\dpvoice32.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Programmi\PHPNukeIT\tbPHP1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Programmi\PHPNukeIT\tbPHP1.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Programmi\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programmi\bonjour\mdnsnsp.dll' missing
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\expsrv32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: fc170e3e660 - C:\WINDOWS\System32\expsrv32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98afdb2c2012c) (gupdate1c98afdb2c2012c) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9964 bytes

shapiro

Inviato: Sunday, October 11, 2009 5:41:37 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

ciao
hai delle belle infezioni da togliere

Scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disconnetiti da internet
Disattiva l'antivirus.
Avvia il file ComboFix.exe
Digita 1 per avviare il tool
Segui le istruzioni (non fare nulla durante la scansione, se spariscono le icone dal desktop è normale) e alla fine verrà generato un log.
Finito, posta il log che trovi in C:\Combofix.txt

non installare la recovery console e non toccare niente durante la scansione

ppaola

Inviato: Monday, October 12, 2009 3:55:42 AM

Rank: Member

Iscritto dal : 1/2/2005
Posts: 11

Ho fatto tutto come indicato e invio i log Combofix

ComboFix 09-10-11.01 - Proprietario 12/10/2009 3.18.12.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1024.600 [GMT 2:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Proprietario\Dati applicazioni\02000000e751b0e8660C.manifest
c:\documents and settings\Proprietario\Dati applicazioni\02000000e751b0e8660O.manifest
c:\documents and settings\Proprietario\Dati applicazioni\02000000e751b0e8660P.manifest
c:\documents and settings\Proprietario\Dati applicazioni\02000000e751b0e8660S.manifest
c:\programmi\\setup.exe
c:\programmi\autorun.inf
c:\windows\GnuHashes.ini
c:\windows\Installer\65d12f.msi
c:\windows\Installer\f562.msi
c:\windows\system32\29MF0.vbs
c:\windows\system32\9.tmp
c:\windows\system32\A.tmp
c:\windows\system32\aN9tz6L91lEOe.vbs
c:\windows\system32\DHCPMON32.DLL
c:\windows\system32\DPVOICE32.DLL
c:\windows\system32\DPWSOCKX32.DLL
c:\windows\system32\DSSEC32.DLL
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\hjpPS.vbs
c:\windows\system32\LocalService\313.crack.zip.kwd
c:\windows\system32\LocalService\314.keygen.zip.kwd
c:\windows\system32\LocalService\315.serial.zip.kwd
c:\windows\system32\LocalService\316.setup.zip.kwd
c:\windows\system32\LocalService\317.music.au
c:\windows\system32\LocalService\317.music.au.kwd
c:\windows\system32\LocalService\318.music2.au
c:\windows\system32\LocalService\318.music2.au.kwd
c:\windows\system32\LocalService\319.music3.au
c:\windows\system32\LocalService\319.music3.au.kwd
c:\windows\system32\LocalService\320.music4.au
c:\windows\system32\LocalService\320.music4.au.kwd
c:\windows\system32\lUP4K7MSpXnyF.vbs
c:\windows\system32\mCsIqXT5RC3MH.vbs
c:\windows\system32\MtcJw.vbs
c:\windows\system32\nbUK5gM.vbs
c:\windows\system32\oDScgoqCfMuTDBO.vbs
c:\windows\system32\QzI9Y.vbs
c:\windows\system32\RhSUcMs9N9OzMij.vbs
c:\windows\system32\u3HTW.vbs
c:\windows\system32\vKPRRWKZPQAJN.vbs
c:\windows\system32\VX86mb1.vbs
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((( Files Creati Da 2009-09-12 al 2009-10-12 )))))))))))))))))))))))))))))))))))
.

2010-04-28 13:32 . 2010-04-28 13:32 -------- d-----w- c:\programmi\AVG
2010-04-28 13:23 . 2010-04-28 13:23 65950560 ----a-w- c:\programmi\avg_free_stf_eu_85_287a1483.exe
2009-10-12 01:07 . 2009-10-12 01:07 116736 ----a-w- c:\windows\system32\csseqchk32.dll
2009-10-11 20:51 . 2009-10-11 20:51 116736 ----a-w- c:\windows\system32\fontext32.dll
2009-10-11 14:22 . 2009-10-11 14:22 -------- d-----w- c:\programmi\Trend Micro
2009-10-11 14:21 . 2009-10-11 14:21 812344 ----a-w- c:\programmi\HJTInstall.exe
2009-10-11 07:34 . 2009-10-11 07:34 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2009-10-11 06:38 . 2009-10-11 14:52 -------- d-----w- c:\programmi\Bonjour
2009-10-08 21:27 . 2009-10-12 01:23 -------- d-sh--w- c:\windows\system32\LocalService
2009-09-26 13:33 . 2009-09-26 13:33 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 01:27 . 2008-09-28 17:43 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-10-12 01:26 . 2008-09-26 16:21 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-005A1102}.dat
2009-10-12 01:26 . 2008-09-26 16:21 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000A-00001102-00000004-005A1102}.dat
2009-10-12 01:25 . 2009-08-12 14:02 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Skype
2009-10-12 01:14 . 2008-09-26 16:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-10-11 18:21 . 2009-08-07 20:02 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\skypePM
2009-10-11 14:35 . 2009-08-25 08:41 129 ----a-w- c:\documents and settings\Proprietario\udpcrawl.tmp
2009-10-11 07:45 . 2008-09-26 16:53 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-11 07:26 . 2008-09-28 22:45 -------- d-----w- c:\programmi\Java
2009-10-11 06:46 . 2008-09-26 16:06 74984 ----a-w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-06 17:55 . 2009-02-09 21:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-10-02 18:21 . 2008-09-28 22:50 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\LimeWire
2009-09-05 21:27 . 2009-09-05 21:27 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Leadertech
2009-08-30 19:53 . 2009-08-30 19:53 -------- d-----w- c:\programmi\File comuni\PAC7311
2009-08-30 19:53 . 2009-08-30 19:53 -------- d-----w- c:\programmi\Trust
2009-08-30 10:05 . 2009-08-30 10:05 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\GlarySoft
2009-08-30 10:01 . 2009-08-30 10:01 -------- d-----w- c:\programmi\Glary Utilities
2009-08-30 10:00 . 2009-08-30 10:00 -------- d-----w- c:\programmi\Glary_Utilities
2009-08-30 09:56 . 2009-08-30 09:56 5488957 ----a-w- c:\programmi\Glary_Utilities.zip
2009-08-30 09:39 . 2009-08-30 09:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Fighters
2009-08-24 23:38 . 2009-08-24 23:37 -------- d-----w- c:\programmi\Paint.NET
2009-08-24 21:13 . 2009-08-24 21:13 1603760 ----a-w- c:\programmi\Paint.NET.3.36.zip
2009-08-24 15:57 . 2009-08-24 15:57 -------- d-----w- c:\programmi\File comuni\Adobe Systems Shared
2009-08-24 05:49 . 2009-08-24 05:22 -------- d-----w- c:\programmi\PhotoScape
2009-08-24 05:21 . 2009-08-24 05:21 15063882 ----a-w- c:\programmi\PhotoScapeSetup_V3.3.exe
2009-08-23 19:53 . 2009-08-23 19:53 119296 ----a-w- c:\windows\system32\expsrv32.dll
2009-08-23 14:56 . 2009-08-23 14:56 52636 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-23 13:47 . 2009-08-23 13:46 -------- d-----w- c:\programmi\Informazioni Tecniche
2009-08-23 13:47 . 2009-08-23 13:46 -------- d-----w- c:\programmi\Extra
2009-08-23 13:47 . 2009-08-23 13:46 -------- d-----w- c:\programmi\AutoPlay
2009-08-23 13:46 . 2009-08-23 13:46 -------- d-----w- c:\programmi\Assistenza clienti
2009-08-23 13:46 . 2009-08-23 13:46 -------- d-----w- c:\programmi\Adobe Solutions Network
2009-08-23 13:46 . 2009-08-23 13:46 -------- d-----w- c:\programmi\Adobe Reader 7.0
2009-08-23 08:15 . 2009-08-23 08:15 -------- d-----w- c:\programmi\Alice ti aiuta
2009-08-19 22:25 . 2009-08-19 22:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Adobe Systems
2009-08-16 06:33 . 2009-08-16 06:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
2009-08-15 05:01 . 2009-08-15 05:01 -------- d-----w- c:\programmi\Microsoft CAPICOM 2.1.0.2
2009-08-14 10:37 . 2008-11-23 18:33 -------- d-----w- c:\programmi\Virtual Earth 3D
2009-08-12 14:01 . 2009-08-12 14:00 2032936 ----a-w- c:\programmi\SkypeSetup.exe
2009-08-12 13:53 . 2009-08-12 13:53 8599101 ----a-w- c:\programmi\15355_01.exe
2009-08-07 20:02 . 2009-08-07 20:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-06 17:24 . 2008-09-26 15:43 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2008-09-26 15:43 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2008-09-26 15:43 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-07-18 20:10 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2008-09-26 15:43 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2006-03-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2008-09-26 15:43 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-08-15 04:07 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2009-08-15 04:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 17:23 . 2008-09-26 15:43 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 08:59 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-19 23:35 . 2009-07-19 23:34 22962563 ----a-w- c:\programmi\Rubrica.exe
2009-07-19 16:48 . 2009-07-19 16:48 71540 ----a-w- c:\programmi\CalendarPrint.zip
2009-07-17 19:01 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-06-09 17:07 . 2009-06-09 17:07 3342809 ----a-w- c:\programmi\eMule0.49c-Installer.exe
2009-06-09 09:57 . 2009-06-09 09:57 10053112 ----a-w- c:\programmi\picasa3-setup.exe
2009-05-02 05:28 . 2009-05-02 05:28 1053744 ----a-w- c:\programmi\revosetup.exe
2008-12-14 19:13 . 2008-12-14 19:13 372520 ----a-w- c:\programmi\ymjsetup_24.exe
2008-12-07 18:27 . 2008-12-07 18:27 14958253 ----a-w- c:\programmi\Windows_Sidebar__Real_one_Pack_by_joshoon.zip
2008-10-13 00:00 . 2008-10-12 23:55 183 ----a-w- c:\programmi\presence_sip_pandreoni_alice_it.xml
2008-10-12 23:52 . 2008-10-12 23:52 183 ----a-w- c:\programmi\presence_sip_pandreono_alice_it.xml
2008-10-07 20:12 . 2008-10-07 20:11 1011844 ----a-w- c:\programmi\SetupPoigpsGo.zip
2008-10-05 21:41 . 2008-10-05 21:41 7730856 ----a-w- c:\programmi\GoogleEarth.exe
2004-08-10 21:09 . 2009-08-23 13:46 126976 ----a-w- c:\programmi\epic_eula.dll
2004-03-01 05:43 . 2009-08-23 13:46 625 ----a-w- c:\programmi\Setup.exe.manifest
2003-04-20 18:39 . 2009-08-23 13:46 245408 ----a-w- c:\programmi\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP1.dll" [2009-07-12 2215960]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05647034-1833-4EF0-AD7E-D6603C152BFe}]
2009-10-11 20:51 116736 ----a-w- c:\windows\system32\fontext32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
2009-07-12 09:38 2215960 ----a-w- c:\programmi\PHPNukeIT\tbPHP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP1.dll" [2009-07-12 2215960]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}"= "c:\programmi\PHPNukeIT\tbPHP1.dll" [2009-07-12 2215960]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144]
"TaskTray"="c:\programmi\Creative\SBAudigy\TaskBar\CTLTray.exe" [2001-06-29 163840]
"TaskBar"="c:\programmi\Creative\SBAudigy\TaskBar\CTLTask.exe" [2002-05-08 122880]
"Sidebar"="c:\programmi\Windows Sidebar\sidebar.exe" [2007-07-28 1230848]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-16 68856]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"CTStartup"="c:\programmi\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-19 28672]
"Jet Detection"="c:\programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"StormCodec_Helper"="c:\programmi\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2008-12-11 2652056]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"DeviceDiscovery"="c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Disc Detector"="c:\programmi\Creative\ShareDLL\CtNotify.exe" [2001-12-25 191488]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-08 68592]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-06-22 569344]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2002-07-02 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-12-24 483328]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fc170e3e660]
2009-08-23 19:53 119296 ----a-w- c:\windows\system32\expsrv32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [14/04/2009 13.16.34 159600]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [14/04/2009 13.16.40 73840]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [07/08/2009 16.31.40 92008]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [14/04/2009 13.16.20 95640]
S2 gupdate1c98afdb2c2012c;Google Update Service (gupdate1c98afdb2c2012c);c:\programmi\Google\Update\GoogleUpdate.exe [09/02/2009 23.30.56 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [28/09/2008 10.38.09 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
"c:\programmi\Windows Sidebar\sidebar.exe" /RegServer
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-11 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-08-30 14:09]

2009-10-12 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-28 06:09]

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-09 21:30]

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-09 21:30]

2009-07-12 c:\windows\Tasks\User_Feed_Synchronization-{7B6974CF-900C-467F-9F8B-3243D7DE8C97}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-AliceRE_McciTrayApp - c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
Notify-avgrsstarter - avgrsstx.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 03:27
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\programmi\Creative\Splash Screen\CTEaxSpl.EXE /run???????h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&??????\??? ??? ???\???\???????????5?:~e?:~\???\????????9`??????C@?\???\??????s????\??????s\????&??A??s?&???C@?x???`|?w\?????@
Disc Detector = c:\programmi\Creative\ShareDLL\CtNotify.exe?? ??X???????????????????E?@?Disc Detector?A????? ?A?p ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?? ????B???@?????P?????@?? ??????~?:~??????????@???????????????????B?????? ??????????????????????????r?B

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1844237615-2052111302-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\System32\expsrv32.dll

- - - - - - - > 'explorer.exe'(3468)
c:\windows\system32\WININET.dll
c:\programmi\Google\Quick Search Box\bin\1.2.1150.158\qsb.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\System32\expsrv32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Creative\ShareDLL\MEDIADET.EXE
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2009-10-12 3.30.41 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-10-12 01:30

Pre-Run: 81.158.500.352 byte disponibili
Post-Run: 81.267.724.288 byte disponibili

282 --- E O F --- 2009-09-09 06:01

ppaola

Inviato: Monday, October 12, 2009 3:58:32 AM

Rank: Member

Iscritto dal : 1/2/2005
Posts: 11

ComboFix 09-10-11.01 - Proprietario 12/10/2009 3.18.12.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1024.600 [GMT 2:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Proprietario\Dati applicazioni\02000000e751b0e8660C.manifest
c:\documents and settings\Proprietario\Dati applicazioni\02000000e751b0e8660O.manifest
c:\documents and settings\Proprietario\Dati applicazioni\02000000e751b0e8660P.manifest
c:\documents and settings\Proprietario\Dati applicazioni\02000000e751b0e8660S.manifest
c:\programmi\\setup.exe
c:\programmi\autorun.inf
c:\windows\GnuHashes.ini
c:\windows\Installer\65d12f.msi
c:\windows\Installer\f562.msi
c:\windows\system32\29MF0.vbs
c:\windows\system32\9.tmp
c:\windows\system32\A.tmp
c:\windows\system32\aN9tz6L91lEOe.vbs
c:\windows\system32\DHCPMON32.DLL
c:\windows\system32\DPVOICE32.DLL
c:\windows\system32\DPWSOCKX32.DLL
c:\windows\system32\DSSEC32.DLL
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\hjpPS.vbs
c:\windows\system32\LocalService\313.crack.zip.kwd
c:\windows\system32\LocalService\314.keygen.zip.kwd
c:\windows\system32\LocalService\315.serial.zip.kwd
c:\windows\system32\LocalService\316.setup.zip.kwd
c:\windows\system32\LocalService\317.music.au
c:\windows\system32\LocalService\317.music.au.kwd
c:\windows\system32\LocalService\318.music2.au
c:\windows\system32\LocalService\318.music2.au.kwd
c:\windows\system32\LocalService\319.music3.au
c:\windows\system32\LocalService\319.music3.au.kwd
c:\windows\system32\LocalService\320.music4.au
c:\windows\system32\LocalService\320.music4.au.kwd
c:\windows\system32\lUP4K7MSpXnyF.vbs
c:\windows\system32\mCsIqXT5RC3MH.vbs
c:\windows\system32\MtcJw.vbs
c:\windows\system32\nbUK5gM.vbs
c:\windows\system32\oDScgoqCfMuTDBO.vbs
c:\windows\system32\QzI9Y.vbs
c:\windows\system32\RhSUcMs9N9OzMij.vbs
c:\windows\system32\u3HTW.vbs
c:\windows\system32\vKPRRWKZPQAJN.vbs
c:\windows\system32\VX86mb1.vbs
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((( Files Creati Da 2009-09-12 al 2009-10-12 )))))))))))))))))))))))))))))))))))
.

2010-04-28 13:32 . 2010-04-28 13:32 -------- d-----w- c:\programmi\AVG
2010-04-28 13:23 . 2010-04-28 13:23 65950560 ----a-w- c:\programmi\avg_free_stf_eu_85_287a1483.exe
2009-10-12 01:07 . 2009-10-12 01:07 116736 ----a-w- c:\windows\system32\csseqchk32.dll
2009-10-11 20:51 . 2009-10-11 20:51 116736 ----a-w- c:\windows\system32\fontext32.dll
2009-10-11 14:22 . 2009-10-11 14:22 -------- d-----w- c:\programmi\Trend Micro
2009-10-11 14:21 . 2009-10-11 14:21 812344 ----a-w- c:\programmi\HJTInstall.exe
2009-10-11 07:34 . 2009-10-11 07:34 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2009-10-11 06:38 . 2009-10-11 14:52 -------- d-----w- c:\programmi\Bonjour
2009-10-08 21:27 . 2009-10-12 01:23 -------- d-sh--w- c:\windows\system32\LocalService
2009-09-26 13:33 . 2009-09-26 13:33 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 01:27 . 2008-09-28 17:43 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-10-12 01:26 . 2008-09-26 16:21 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-005A1102}.dat
2009-10-12 01:26 . 2008-09-26 16:21 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000A-00001102-00000004-005A1102}.dat
2009-10-12 01:25 . 2009-08-12 14:02 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Skype
2009-10-12 01:14 . 2008-09-26 16:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-10-11 18:21 . 2009-08-07 20:02 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\skypePM
2009-10-11 14:35 . 2009-08-25 08:41 129 ----a-w- c:\documents and settings\Proprietario\udpcrawl.tmp
2009-10-11 07:45 . 2008-09-26 16:53 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-11 07:26 . 2008-09-28 22:45 -------- d-----w- c:\programmi\Java
2009-10-11 06:46 . 2008-09-26 16:06 74984 ----a-w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-06 17:55 . 2009-02-09 21:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-10-02 18:21 . 2008-09-28 22:50 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\LimeWire
2009-09-05 21:27 . 2009-09-05 21:27 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Leadertech
2009-08-30 19:53 . 2009-08-30 19:53 -------- d-----w- c:\programmi\File comuni\PAC7311
2009-08-30 19:53 . 2009-08-30 19:53 -------- d-----w- c:\programmi\Trust
2009-08-30 10:05 . 2009-08-30 10:05 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\GlarySoft
2009-08-30 10:01 . 2009-08-30 10:01 -------- d-----w- c:\programmi\Glary Utilities
2009-08-30 10:00 . 2009-08-30 10:00 -------- d-----w- c:\programmi\Glary_Utilities
2009-08-30 09:56 . 2009-08-30 09:56 5488957 ----a-w- c:\programmi\Glary_Utilities.zip
2009-08-30 09:39 . 2009-08-30 09:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Fighters
2009-08-24 23:38 . 2009-08-24 23:37 -------- d-----w- c:\programmi\Paint.NET
2009-08-24 21:13 . 2009-08-24 21:13 1603760 ----a-w- c:\programmi\Paint.NET.3.36.zip
2009-08-24 15:57 . 2009-08-24 15:57 -------- d-----w- c:\programmi\File comuni\Adobe Systems Shared
2009-08-24 05:49 . 2009-08-24 05:22 -------- d-----w- c:\programmi\PhotoScape
2009-08-24 05:21 . 2009-08-24 05:21 15063882 ----a-w- c:\programmi\PhotoScapeSetup_V3.3.exe
2009-08-23 19:53 . 2009-08-23 19:53 119296 ----a-w- c:\windows\system32\expsrv32.dll
2009-08-23 14:56 . 2009-08-23 14:56 52636 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-23 13:47 . 2009-08-23 13:46 -------- d-----w- c:\programmi\Informazioni Tecniche
2009-08-23 13:47 . 2009-08-23 13:46 -------- d-----w- c:\programmi\Extra
2009-08-23 13:47 . 2009-08-23 13:46 -------- d-----w- c:\programmi\AutoPlay
2009-08-23 13:46 . 2009-08-23 13:46 -------- d-----w- c:\programmi\Assistenza clienti
2009-08-23 13:46 . 2009-08-23 13:46 -------- d-----w- c:\programmi\Adobe Solutions Network
2009-08-23 13:46 . 2009-08-23 13:46 -------- d-----w- c:\programmi\Adobe Reader 7.0
2009-08-23 08:15 . 2009-08-23 08:15 -------- d-----w- c:\programmi\Alice ti aiuta
2009-08-19 22:25 . 2009-08-19 22:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Adobe Systems
2009-08-16 06:33 . 2009-08-16 06:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
2009-08-15 05:01 . 2009-08-15 05:01 -------- d-----w- c:\programmi\Microsoft CAPICOM 2.1.0.2
2009-08-14 10:37 . 2008-11-23 18:33 -------- d-----w- c:\programmi\Virtual Earth 3D
2009-08-12 14:01 . 2009-08-12 14:00 2032936 ----a-w- c:\programmi\SkypeSetup.exe
2009-08-12 13:53 . 2009-08-12 13:53 8599101 ----a-w- c:\programmi\15355_01.exe
2009-08-07 20:02 . 2009-08-07 20:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-06 17:24 . 2008-09-26 15:43 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2008-09-26 15:43 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2008-09-26 15:43 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-07-18 20:10 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2008-09-26 15:43 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2006-03-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2008-09-26 15:43 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-08-15 04:07 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2009-08-15 04:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 17:23 . 2008-09-26 15:43 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 08:59 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-19 23:35 . 2009-07-19 23:34 22962563 ----a-w- c:\programmi\Rubrica.exe
2009-07-19 16:48 . 2009-07-19 16:48 71540 ----a-w- c:\programmi\CalendarPrint.zip
2009-07-17 19:01 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-06-09 17:07 . 2009-06-09 17:07 3342809 ----a-w- c:\programmi\eMule0.49c-Installer.exe
2009-06-09 09:57 . 2009-06-09 09:57 10053112 ----a-w- c:\programmi\picasa3-setup.exe
2009-05-02 05:28 . 2009-05-02 05:28 1053744 ----a-w- c:\programmi\revosetup.exe
2008-12-14 19:13 . 2008-12-14 19:13 372520 ----a-w- c:\programmi\ymjsetup_24.exe
2008-12-07 18:27 . 2008-12-07 18:27 14958253 ----a-w- c:\programmi\Windows_Sidebar__Real_one_Pack_by_joshoon.zip
2008-10-13 00:00 . 2008-10-12 23:55 183 ----a-w- c:\programmi\presence_sip_pandreoni_alice_it.xml
2008-10-12 23:52 . 2008-10-12 23:52 183 ----a-w- c:\programmi\presence_sip_pandreono_alice_it.xml
2008-10-07 20:12 . 2008-10-07 20:11 1011844 ----a-w- c:\programmi\SetupPoigpsGo.zip
2008-10-05 21:41 . 2008-10-05 21:41 7730856 ----a-w- c:\programmi\GoogleEarth.exe
2004-08-10 21:09 . 2009-08-23 13:46 126976 ----a-w- c:\programmi\epic_eula.dll
2004-03-01 05:43 . 2009-08-23 13:46 625 ----a-w- c:\programmi\Setup.exe.manifest
2003-04-20 18:39 . 2009-08-23 13:46 245408 ----a-w- c:\programmi\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP1.dll" [2009-07-12 2215960]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05647034-1833-4EF0-AD7E-D6603C152BFe}]
2009-10-11 20:51 116736 ----a-w- c:\windows\system32\fontext32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
2009-07-12 09:38 2215960 ----a-w- c:\programmi\PHPNukeIT\tbPHP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP1.dll" [2009-07-12 2215960]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}"= "c:\programmi\PHPNukeIT\tbPHP1.dll" [2009-07-12 2215960]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144]
"TaskTray"="c:\programmi\Creative\SBAudigy\TaskBar\CTLTray.exe" [2001-06-29 163840]
"TaskBar"="c:\programmi\Creative\SBAudigy\TaskBar\CTLTask.exe" [2002-05-08 122880]
"Sidebar"="c:\programmi\Windows Sidebar\sidebar.exe" [2007-07-28 1230848]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-16 68856]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"CTStartup"="c:\programmi\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-19 28672]
"Jet Detection"="c:\programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"StormCodec_Helper"="c:\programmi\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2008-12-11 2652056]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"DeviceDiscovery"="c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Disc Detector"="c:\programmi\Creative\ShareDLL\CtNotify.exe" [2001-12-25 191488]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-08 68592]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-06-22 569344]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2002-07-02 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-12-24 483328]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fc170e3e660]
2009-08-23 19:53 119296 ----a-w- c:\windows\system32\expsrv32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [14/04/2009 13.16.34 159600]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [14/04/2009 13.16.40 73840]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [07/08/2009 16.31.40 92008]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [14/04/2009 13.16.20 95640]
S2 gupdate1c98afdb2c2012c;Google Update Service (gupdate1c98afdb2c2012c);c:\programmi\Google\Update\GoogleUpdate.exe [09/02/2009 23.30.56 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [28/09/2008 10.38.09 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
"c:\programmi\Windows Sidebar\sidebar.exe" /RegServer
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-11 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-08-30 14:09]

2009-10-12 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-28 06:09]

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-09 21:30]

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-09 21:30]

2009-07-12 c:\windows\Tasks\User_Feed_Synchronization-{7B6974CF-900C-467F-9F8B-3243D7DE8C97}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-AliceRE_McciTrayApp - c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
Notify-avgrsstarter - avgrsstx.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 03:27
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\programmi\Creative\Splash Screen\CTEaxSpl.EXE /run???????h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&??????\??? ??? ???\???\???????????5?:~e?:~\???\????????9`??????C@?\???\??????s????\??????s\????&??A??s?&???C@?x???`|?w\?????@
Disc Detector = c:\programmi\Creative\ShareDLL\CtNotify.exe?? ??X???????????????????E?@?Disc Detector?A????? ?A?p ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?? ????B???@?????P?????@?? ??????~?:~??????????@???????????????????B?????? ??????????????????????????r?B

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1844237615-2052111302-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\System32\expsrv32.dll

- - - - - - - > 'explorer.exe'(3468)
c:\windows\system32\WININET.dll
c:\programmi\Google\Quick Search Box\bin\1.2.1150.158\qsb.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\System32\expsrv32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Creative\ShareDLL\MEDIADET.EXE
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2009-10-12 3.30.41 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-10-12 01:30

Pre-Run: 81.158.500.352 byte disponibili
Post-Run: 81.267.724.288 byte disponibili

282 --- E O F --- 2009-09-09 06:01

shapiro

Inviato: Monday, October 12, 2009 9:49:52 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

ciao

analizza qui ====> http://www.virustotal.com/it/

questo file segnalato in rosso e dammi il responso dei 40 antivirus

c:\windows\system32\fontext32.dll

ppaola

Inviato: Monday, October 12, 2009 1:37:18 PM

Rank: Member

Iscritto dal : 1/2/2005
Posts: 11

fatto

Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | | | Magyar | Deutsch | Česky | Polski | Español | English
Virustotal è un servizio che analizza files sospetti e permette la rapida identificazione di virus, worms, trojans, e di tutti i tipi di malware rilevati dai motori antivirus. Più informazioni...

File 913A026600CA6D21C8FC01BAC55210009419A8E7.dll ricevuto il 2009.10.09 13:57:20 (UTC)
Stato corrente: finito

Risultato: 2/41 (4.88%)
Formattato Stampa risultati Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.5.0.41 2009.10.09 -
AhnLab-V3 5.0.0.2 2009.10.09 -
AntiVir 7.9.1.35 2009.10.09 -
Antiy-AVL 2.0.3.7 2009.10.09 -
Authentium 5.1.2.4 2009.10.09 -
Avast 4.8.1351.0 2009.10.08 -
AVG 8.5.0.420 2009.10.04 -
BitDefender 7.2 2009.10.09 -
CAT-QuickHeal 10.00 2009.10.09 -
ClamAV 0.94.1 2009.10.09 -
Comodo 2546 2009.10.09 -
DrWeb 5.0.0.12182 2009.10.09 -
eSafe 7.0.17.0 2009.10.08 Suspicious File
eTrust-Vet 35.1.7059 2009.10.09 -
F-Prot 4.5.1.85 2009.10.09 -
F-Secure 8.0.14470.0 2009.10.09 -
Fortinet 3.120.0.0 2009.10.09 -
GData 19 2009.10.09 -
Ikarus T3.1.1.72.0 2009.10.09 -
Jiangmin 11.0.800 2009.10.08 -
K7AntiVirus 7.10.866 2009.10.09 -
Kaspersky 7.0.0.125 2009.10.09 -
McAfee 5765 2009.10.08 -
McAfee+Artemis 5765 2009.10.08 Suspect-29!2D34BEF093A3
McAfee-GW-Edition 6.8.5 2009.10.09 -
Microsoft 1.5101 2009.10.09 -
NOD32 4493 2009.10.09 -
Norman 6.01.09 2009.10.09 -
nProtect 2009.1.8.0 2009.10.09 -
Panda 10.0.2.2 2009.10.08 -
PCTools 4.4.2.0 2009.10.09 -
Prevx 3.0 2009.10.09 -
Rising 21.50.44.00 2009.10.09 -
Sophos 4.45.0 2009.10.09 -
Sunbelt 3.2.1858.2 2009.10.09 -
Symantec 1.4.4.12 2009.10.09 -
TheHacker 6.5.0.2.033 2009.10.07 -
TrendMicro 8.950.0.1094 2009.10.09 -
VBA32 3.12.10.11 2009.10.08 -
ViRobot 2009.10.9.1978 2009.10.09 -
VirusBuster 4.6.5.0 2009.10.08 -
Informazioni addizionali
File size: 116736 bytes
MD5 : 2d34bef093a34ff7b78befd16adcf9c0
SHA1 : 963203c2008b01fd138c2cc4572ddefa32864e87
SHA256: 00c9e6fa1bad52e24853858b2f14b3a915b38751e7fa0e2645618554767ffc81
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1A9AE
timedatestamp.....: 0x48C25CCE (Sat Sep 6 12:34:54 2008)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x199E3 0x19A00 7.98 c0433d8e663ef962474157ea870d28aa
DATA 0x1B000 0xBF14 0x600 3.88 ec0439c59bf0099c31ea8478a7d611ce
BSS 0x27000 0xF06 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x28000 0x9E2 0xA00 4.72 9ab7aec1d05adf87ac5217376db14276
.reloc 0x29000 0x196D 0x1A00 6.69 e8de97454b609eabe830b91f08281cc2

( 5 imports )

> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> dsound.dll: DirectSoundCreate
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc, WriteFile, WaitForSingleObject, VirtualQuery, SetFilePointer, SetEvent, SetEndOfFile, ResetEvent, ReadFile, LeaveCriticalSection, InitializeCriticalSection, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcAddress, GetOEMCP, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCPInfo, GetACP, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateFileA, CreateEventA, CompareStringA, CloseHandle, Sleep
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen, SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA, MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA

( 0 exports )

ssdeep: 3072:z6COTRM2QxXq46mrUBSFeO0Y8qV/TDSuaDXJr:2CO9M2QxPZP4O0Y/TDkr
PEiD : -
RDS : NSRL Reference Data Set
-

ATTENZIONE: VirusTotal è un servizio gratuito offerto da Hispasec Sistemas. Non esiste garanzia circa la disponibilità e la continuità di questo servizio. Nonostante il livello di identificazione conseguito da multipli motori antivirus sia molto superiore a quello offerto dal singolo prodotto, questi risultati NON garantiscono la sicurezza di un file. Attualmente, non esiste soluzione che offra certezza al 100% sull'identificazione di virus e malware.

VirusTotal © Hispasec Sistemas - Blog - Contatto: info@virustotal.com - Terms of Service & Privacy Policy

Non mi sembra si veda il risultato lo aggiungo io qui in fondo

eSafe risultato Suspicious File

McAfee+Artemis risultato Suspect-29! 2D34BEF093A3

shapiro

Inviato: Monday, October 12, 2009 1:44:05 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

praticamente ti dice che non e' dannoso? potresti ripetere la scansione e salvare la pagina?

fai anche questo

tasto destro sul file in questione e scegli ''proprieta' ''- in alto clicca su ''versione'' e dammi le informazioni che riesci a prendere

societa'....file originale... ecc...ecc....

ppaola

Inviato: Tuesday, October 13, 2009 2:24:30 AM

Rank: Member

Iscritto dal : 1/2/2005
Posts: 11

Fatta di nuovo la scansione che allego

Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | | | Magyar | Deutsch | Česky | Polski | Español | English
Virustotal è un servizio che analizza files sospetti e permette la rapida identificazione di virus, worms, trojans, e di tutti i tipi di malware rilevati dai motori antivirus. Più informazioni...

File 913A026600CA6D21C8FC01BAC55210009419A8E7.dll ricevuto il 2009.10.09 13:57:20 (UTC)
Stato corrente: finito

Risultato: 2/41 (4.88%)
Formattato Stampa risultati Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.5.0.41 2009.10.09 -
AhnLab-V3 5.0.0.2 2009.10.09 -
AntiVir 7.9.1.35 2009.10.09 -
Antiy-AVL 2.0.3.7 2009.10.09 -
Authentium 5.1.2.4 2009.10.09 -
Avast 4.8.1351.0 2009.10.08 -
AVG 8.5.0.420 2009.10.04 -
BitDefender 7.2 2009.10.09 -
CAT-QuickHeal 10.00 2009.10.09 -
ClamAV 0.94.1 2009.10.09 -
Comodo 2546 2009.10.09 -
DrWeb 5.0.0.12182 2009.10.09 -
eSafe 7.0.17.0 2009.10.08 Suspicious File
eTrust-Vet 35.1.7059 2009.10.09 -
F-Prot 4.5.1.85 2009.10.09 -
F-Secure 8.0.14470.0 2009.10.09 -
Fortinet 3.120.0.0 2009.10.09 -
GData 19 2009.10.09 -
Ikarus T3.1.1.72.0 2009.10.09 -
Jiangmin 11.0.800 2009.10.08 -
K7AntiVirus 7.10.866 2009.10.09 -
Kaspersky 7.0.0.125 2009.10.09 -
McAfee 5765 2009.10.08 -
McAfee+Artemis 5765 2009.10.08 Suspect-29!2D34BEF093A3
McAfee-GW-Edition 6.8.5 2009.10.09 -
Microsoft 1.5101 2009.10.09 -
NOD32 4493 2009.10.09 -
Norman 6.01.09 2009.10.09 -
nProtect 2009.1.8.0 2009.10.09 -
Panda 10.0.2.2 2009.10.08 -
PCTools 4.4.2.0 2009.10.09 -
Prevx 3.0 2009.10.09 -
Rising 21.50.44.00 2009.10.09 -
Sophos 4.45.0 2009.10.09 -
Sunbelt 3.2.1858.2 2009.10.09 -
Symantec 1.4.4.12 2009.10.09 -
TheHacker 6.5.0.2.033 2009.10.07 -
TrendMicro 8.950.0.1094 2009.10.09 -
VBA32 3.12.10.11 2009.10.08 -
ViRobot 2009.10.9.1978 2009.10.09 -
VirusBuster 4.6.5.0 2009.10.08 -
Informazioni addizionali
File size: 116736 bytes
MD5 : 2d34bef093a34ff7b78befd16adcf9c0
SHA1 : 963203c2008b01fd138c2cc4572ddefa32864e87
SHA256: 00c9e6fa1bad52e24853858b2f14b3a915b38751e7fa0e2645618554767ffc81
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1A9AE
timedatestamp.....: 0x48C25CCE (Sat Sep 6 12:34:54 2008)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x199E3 0x19A00 7.98 c0433d8e663ef962474157ea870d28aa
DATA 0x1B000 0xBF14 0x600 3.88 ec0439c59bf0099c31ea8478a7d611ce
BSS 0x27000 0xF06 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x28000 0x9E2 0xA00 4.72 9ab7aec1d05adf87ac5217376db14276
.reloc 0x29000 0x196D 0x1A00 6.69 e8de97454b609eabe830b91f08281cc2

( 5 imports )

> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> dsound.dll: DirectSoundCreate
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc, WriteFile, WaitForSingleObject, VirtualQuery, SetFilePointer, SetEvent, SetEndOfFile, ResetEvent, ReadFile, LeaveCriticalSection, InitializeCriticalSection, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcAddress, GetOEMCP, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCPInfo, GetACP, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateFileA, CreateEventA, CompareStringA, CloseHandle, Sleep
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen, SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA, MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA

( 0 exports )

ssdeep: 3072:z6COTRM2QxXq46mrUBSFeO0Y8qV/TDSuaDXJr:2CO9M2QxPZP4O0Y/TDkr
PEiD : -
RDS : NSRL Reference Data Set
-

ATTENZIONE: VirusTotal è un servizio gratuito offerto da Hispasec Sistemas. Non esiste garanzia circa la disponibilità e la continuità di questo servizio. Nonostante il livello di identificazione conseguito da multipli motori antivirus sia molto superiore a quello offerto dal singolo prodotto, questi risultati NON garantiscono la sicurezza di un file. Attualmente, non esiste soluzione che offra certezza al 100% sull'identificazione di virus e malware.

VirusTotal © Hispasec Sistemas - Blog - Contatto: info@virustotal.com - Terms of Service & Privacy Policy

Fatto anche come mi hai detto tasto destro ecc. ecc. ma in alto non c'è "versione" ma solo "Generale" e "Riepilogo" e quindi non riesco a darti le informazioni richieste

shapiro

Inviato: Tuesday, October 13, 2009 10:11:10 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

saltiamo questo passaggio per ora, lo riprendiamo dopo

esegui questa scansione

Scarica e installa malwarebytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.

per ora non rimuovere niente

Vai nel pannello di controllo ed elimina la GoogleToolbarNotifier, e' solo un pericolo in piu' per il tuo pc

ppaola

Inviato: Wednesday, October 14, 2009 12:54:27 AM

Rank: Member

Iscritto dal : 1/2/2005
Posts: 11

Fatta scansione e eliminato Google Toolbar for Internet Explorer allego rapporto ciao

Malwarebytes' Anti-Malware 1.41
Versione del database: 2955
Windows 5.1.2600 Service Pack 3

14/10/2009 0.36.21
mbam-log-2009-10-14 (00-36-05).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 212733
Tempo trascorso: 1 hour(s), 2 minute(s), 4 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 3
Chiavi di registro infette: 3
Valori di registro infetti: 1
Elementi dato del registro infetti: 3
Cartelle infette: 1
File infetti: 35

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\WINDOWS\system32\expsrv32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\A.tmp (Worm.P2P) -> No action taken.
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\B.tmp (Trojan.Dropper) -> No action taken.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05647034-1833-4ef0-ad7e-d6603c152bfe} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{05647034-1833-4ef0-ad7e-d6603c152bfe} (Trojan.BHO.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fc170e3e660 (Trojan.Tracur) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StormCodec_Helper (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\expsrv32.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\expsrv32.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
C:\WINDOWS\system32\LocalService (Worm.Archive) -> No action taken.

File infetti:
C:\WINDOWS\system32\ctl3dv232.dll (Trojan.BHO.H) -> No action taken.
C:\WINDOWS\system32\expsrv32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\A.tmp (Worm.P2P) -> No action taken.
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\B.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\9.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\A.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\C.tmp (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\9.tmp.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\A.tmp.vir (Worm.P2P) -> No action taken.
C:\System Volume Information\_restore{1EEB92AF-CC56-40D9-857D-1B2F62FD7A55}\RP169\A0027579.exe (Adware.NaviPromo) -> No action taken.
D:\System Volume Information\_restore{1EEB92AF-CC56-40D9-857D-1B2F62FD7A55}\RP241\A0045371.exe (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\LocalService\313.crack.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\313.crack.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\314.keygen.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\314.keygen.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\315.serial.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\315.serial.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\316.setup.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\316.setup.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\317.music.au (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\317.music.au.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\318.music2.au (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\318.music2.au.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\319.music3.au (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\319.music3.au.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\320.music4.au (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\320.music4.au.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\B.tmp (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\csseqchk32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\dnsrslvr32.dll (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\ds16gt32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\fontext32.dll (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> No action taken.
C:\Programmi\Ringz Studio\Storm Codec\StormSet.exe (Trojan.Agent) -> No action taken.

shapiro

Inviato: Wednesday, October 14, 2009 10:50:19 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

e pensare che ben 40 antivirus non avevano rilevato il file

C:\WINDOWS\system32\fontext32.dll

malwarebytes lo ha scovato- riavvia il programma ed elimina tutto

disinstalla ComboFix in questa maniera:

Start\esegui

nella casella di dlialogo copia ed incolla questo comando: combofix /u

2) vai in Disco Locale C: ed elimina la cartella QooBox

3) elimina l'eventuale cartella che avevi creato sul Desktop in cui avevi posizionato Combofix.

Postami un log aggiornato di hjt

ppaola

Inviato: Thursday, October 15, 2009 1:59:21 AM

Rank: Member

Iscritto dal : 1/2/2005
Posts: 11

Ho riavviato la scansione con malwarebytes e ho chiesto di rimuovere le infezioni ma una non riesce a toglierla appare avviso (impossibile trovare il file specificato)

C:\Systrm Volume Information\restore(1eeb92af-cc56-40d9-857d-1b2f62fd7a55)\rp274\a0056622.dll
Nome processo.c.\windows\system32\svchost.exe

e quando ho avviato internet explorer è apparso un avviso di awg che ha trovato un virus e non è riuscito a bloccarlo

c:\windows\system32\ctl3dv232.dll

Malwarebytes' Anti-Malware 1.41
Versione del database: 2962
Windows 5.1.2600 Service Pack 3

15/10/2009 1.35.21
mbam-log-2009-10-15 (01-35-21).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 213963
Tempo trascorso: 1 hour(s), 5 minute(s), 13 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 1
Elementi dato del registro infetti: 1
Cartelle infette: 1
File infetti: 35

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StormCodec_Helper (Trojan.Agent) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.

File infetti:
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\9.tmp.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\A.tmp.vir (Worm.P2P) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1EEB92AF-CC56-40D9-857D-1B2F62FD7A55}\RP169\A0027579.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1EEB92AF-CC56-40D9-857D-1B2F62FD7A55}\RP274\A0056622.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1EEB92AF-CC56-40D9-857D-1B2F62FD7A55}\RP275\A0056624.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1EEB92AF-CC56-40D9-857D-1B2F62FD7A55}\RP275\A0056631.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\313.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\313.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\314.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\314.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\315.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\315.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\316.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\316.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\317.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\317.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\318.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\318.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\319.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\319.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\320.music4.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\320.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\B.tmp (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csseqchk32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dnsrslvr32.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ds16gt32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fontext32.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Programmi\Ringz Studio\Storm Codec\StormSet.exe (Trojan.Agent) -> Quarantined and deleted successfully.

- Disistallato Combofix e su disco c eliminata la cartella Combofix ma non trovo la cartella QooBox

infine allego log ciao

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.56.31, on 15/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\ShareDLL\MEDIADET.EXE
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - (no file)
O2 - BHO: (no name) - {05647034-1833-4EF0-AD7E-D6603C152BFe} - C:\WINDOWS\System32\ctl3dv232.dll (file missing)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Programmi\PHPNukeIT\tbPHP1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Programmi\PHPNukeIT\tbPHP1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programmi\bonjour\mdnsnsp.dll' missing
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\expsrv32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: fc170e3e660 - C:\WINDOWS\System32\expsrv32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98afdb2c2012c) (gupdate1c98afdb2c2012c) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 10052 bytes

shapiro

Inviato: Thursday, October 15, 2009 8:58:38 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

Disattiva il ripristino, riavvia il pc- riattivalo e crea un nuovo punto

Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:

Commenta:

R3 - URLSearchHook: (no name) - *{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - (no file)

O2 - BHO: (no name) - {05647034-1833-4EF0-AD7E-D6603C152BFe} - C:\WINDOWS\System32\ctl3dv232.dll (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\System32\expsrv32.dll

O20 - Winlogon Notify: fc170e3e660 - C:\WINDOWS\System32\expsrv32.dll (file missing)

scarica Ccleaner

http://www.filehippo.com/download_ccleaner/

1) per il download dell'ultima versione clicca a destra in alto sotto la freccia verde
2) installalo
3) clicca su "avvia pulizia", ripeti il procedimento 2 volte

poi

scarica Atfcleaner

http://www.atribune.org/ccount/click.php?id=1

Avvia ATFCleaner.exe con un doppio click

1) seleziona la casella Select All
2) clicca sul pulsante Empty selected
3) aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta) - (se usi opera o firefox,spunta anche le loro sezioni)

Riesegui malwarebytes aggiornato e fai una nuova scansione completa

Utenti presenti in questo topic

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Invio log per controllo

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS :

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded