Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log di Hijack

2 pages: [1] 2
Log di Hijack Opzioni
Topic Precedente · Topic Sucessivo
borisba
Inviato: Sunday, June 13, 2010 11:29:00 AM
Rank: AiutAmico

Iscritto dal : 12/10/2006
Posts: 51
I problemi che riscontro sono: impossibilità di connettersi alla rete aziendale (o meglio, si connette solo a Skype, ma non scarica nessun aggiornamento di nulla, nè riesco a navigare nè con IE, nè con Firefox) e il fatto che dopo 5 minuti di inattività, se non lo sto ricaricando, va in stand-by. In più, dallo stand-by non si riprende (nel senso che poi devo spegnerlo a forza e quando lo riaccendo mi compare una schermata blu di errore).
Grazie!
Commenta:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.25.56, on 11/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\File comuni\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Programmi\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Documenti\Download\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Programmi\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aggiornamento del software del ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmi\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238572343000
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Programmi\File comuni\Virtual Token\vtserver.exe

--
End of file - 9598 bytes
Torna in alto
 
Sponsor
Inviato: Sunday, June 13, 2010 11:29:00 AM

 
Torna in alto
 
paolopa
Inviato: Sunday, June 13, 2010 11:55:07 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ma sei senza antivirus?sara' meglio installarne uno al piu' presto,assieme ad un firewall che quello di windows in xp è un colabrodo...non so se i tuoi problemi derivino da infezioni,prova a fare questa scansione:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
se trova infezioni posta il log che ti rilascera'.
Torna in alto
 
borisba
Inviato: Sunday, June 13, 2010 7:42:46 PM
Rank: AiutAmico

Iscritto dal : 12/10/2006
Posts: 51
Grazie!
Allora, per l'antivirus il problema è che non riesco a installare Avg perchè la connessione qua è lentissima, e dal lavoro non riesco a connettermi.
Per il firewall: so che quello di Windows non blocca nulla, ma riesco a usare poco quel pc da connesso e anche col semplice firewall di Windows ci son programmi che fan fatica a funzionar bene.
Ora la situazione è complicata dal fatto che da oggi dopo pranzo non riesco neanche a caricar la batteria (sto usando un altro pc per postare ora): finchè non trovo una soluzione a questo problema non posso eseguire le operazioni che m'hai detto.
Borisba
Torna in alto
 
paolopa
Inviato: Sunday, June 13, 2010 8:05:52 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
per l antivirus ti consiglio di scaricarti l installer(magari insieme a quello di malwarebytes)su una pendrive,e trasportarlo sul tuo pc,almeno non sarai propio del tutto sguarnito,e con quello e con mbam(sperando che tu riesca ad aggiornarli)ti fai una scansione...sempre che il pc funzioni almeno attaccato alla spina.
Torna in alto
 
borisba
Inviato: Wednesday, June 16, 2010 2:59:37 PM
Rank: AiutAmico

Iscritto dal : 12/10/2006
Posts: 51
Grazie! Son riuscito a ricaricare. Allora: ho scaricato MBAM. Alla fine m'ha chiesto se volevo aggiornar il programma e aprirlo, ma non ho più visto niente. Dopo 5-10 minuti l'ho aperto clickando sull'icona, ma mi dava il messaggio di errore che il programma era già in funzione. Poi ha cominciato a darmi invece un altro errore: "Si è verificato un errore. Segnala questo codice di errore al nostro team di supporto.
MBAM_ERROR_LOAD_DATABASE (0, 5)".
Borisba
Torna in alto
 
maopapof
Inviato: Wednesday, June 16, 2010 3:21:06 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,185
impossibilità di connettersi alla rete aziendale ? .... scusa ma hai account come amministratore ? :o)
sono tante le cose da fare
pannello di controllo ...opzioni internet ....e click su predefinite
puoi anche
cercare di controllare le impostazioni wireless ... al limite disinserisci o non abilitare il wba o vpn .... e poi riprova :O)

è da tanto tempo che fà questo difetto ? ..... se è da poco puoi provare anche con un punto di ripristino


poi può essere anche un problema hardware ..... memorie o interno pc impolverate o alimentatore che stà partendo :O(
Torna in alto
 
borisba
Inviato: Thursday, June 17, 2010 12:32:22 PM
Rank: AiutAmico

Iscritto dal : 12/10/2006
Posts: 51
maopapof ha scritto:
impossibilità di connettersi alla rete aziendale ? .... scusa ma hai account come amministratore ? :o)

Sono amministratore del mio pc. Per connettersi alla rete aziendale non c'e' nessuna password: basta attaccare il filo della LAN. Il mio capo m'ha portato 2 suoi pc da casa e uso quelli.
maopapof ha scritto:

sono tante le cose da fare
pannello di controllo ...opzioni internet ....e click su predefinite
puoi anche
cercare di controllare le impostazioni wireless ... al limite disinserisci o non abilitare il wba o vpn .... e poi riprova :O)

Sulla LAN ho messo l'opzione di cercare automaticamente le impostazioni.
maopapof ha scritto:

è da tanto tempo che fà questo difetto ? ..... se è da poco puoi provare anche con un punto di ripristino

E' sempre stato cosi': connesso a Skype, ma non naviga e non aggiorna nulla.
maopapof ha scritto:

poi può essere anche un problema hardware ..... memorie o interno pc impolverate o alimentatore che stà partendo :O(

Guarda: quando m'han dato questo pc (un anno fa) stava acceso solo con la spina attaccata. Poi le cose son migliorate nel senso che dopo un mese ha cominciato a ricaricarsi. Il problema del non riuscire a stare in stand-by e poi riavviarsi normalmente l'ha sempre avuto.
Ora per fortuna son riuscito a scaricare Malware Bytes da un altro pc: stasera aggiorno e vedo cosa dice.
Ad Aprile ho comprato una batteria nuova ma non e' cambiato nulla. Questo cmq il report di Ie:
Commenta:

Ultima esecuzione diagnostica: 06/17/10 11:22:31
Diagnostica scheda di rete
Rilevamento percorso di rete

info Utilizzo di connessione Internet domestica
Identificazione scheda di rete

info Connessione di rete: nome=Connessione alla rete locale (LAN) 2, periferica=Broadcom NetXtreme Gigabit Ethernet, tipo supporto=LAN, tipo supporto secondario=LAN
info Connessione di rete: nome=Connessione rete senza fili, periferica=Intel(R) PRO/Wireless 2915ABG Network Connection, tipo supporto=LAN, tipo supporto secondario=Senza fili
info Connessione di rete: nome=Connessione alla rete locale (LAN), periferica=Driver del server di accesso alla rete LAN Bluetooth, tipo supporto=LAN, tipo supporto secondario=LAN
info Connessione di rete: nome=Alice ADSL, periferica=Miniport WAN (PPPOE), tipo supporto=PPPoE, tipo supporto secondario=NESSUNO
warn Nel computer è presente più di una scheda Ethernet o più di una scheda senza fili
info Reindirizzamento dell'utente al supporto tecnico

Diagnostica HTTP, HTTPS, FTP
Connettività HTTP, HTTPS, FTP

warn FTP (passiva): errore 12007 durante la connessione a ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: errore 12007 durante la connessione a www.microsoft.com: The server name or address could not be resolved
warn HTTPS: errore 12007 durante la connessione a www.microsoft.com: The server name or address could not be resolved
warn FTP (attiva): errore 12007 durante la connessione a ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: errore 12007 durante la connessione a www.hotmail.com: The server name or address could not be resolved
warn HTTPS: errore 12007 durante la connessione a www.passport.net: The server name or address could not be resolved
error Impossibile eseguire una connessione HTTP.
error Impossibile eseguire una connessione HTTPS.
error Impossibile eseguire una connessione FTP.

Grazie!
Borisba
Torna in alto
 
borisba
Inviato: Thursday, June 17, 2010 9:43:17 PM
Rank: AiutAmico

Iscritto dal : 12/10/2006
Posts: 51
Pare che Malwarebytes si sia limitato a ripristinarmi il "warning" del centro sicurezza di Windows:
Commenta:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4209

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

17/06/2010 20.41.55
mbam-log-2010-06-17 (20-41-55).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 218741
Tempo trascorso: 1 ore, 1 minuti, 43 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 3
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

Borisba
Torna in alto
 
paolopa
Inviato: Thursday, June 17, 2010 9:58:28 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
fai:Start >> Esegui >> digita services.msc -> OK

Cerca
Centro Sicurezza PC fai doppio clic verifica che lo stato del
servizio sia avviato
poi se vogliamo andare piu' a fondo facciamo una scansione con combofix,io ti do le indicazioni,poi decidi tu:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX chiudi la connessione disabilita il tuo antivirus e
chiudi TUTTI i programmi aperti,(Firewall compreso) e

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix)
tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse)
e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
borisba
Inviato: Thursday, June 17, 2010 10:18:22 PM
Rank: AiutAmico

Iscritto dal : 12/10/2006
Posts: 51
Ok grazie, ora mi scarico ComboFix poi faccio tutto dall'ufficio domattina (che sarò sconnesso da web con questo pc quindi non avrò problemi). Il Centro Sicurezza è avviato. Finalmente son riuscito a installar Avg ma ora ci mette una vita ad aggiornarsi.
Borisba
Torna in alto
 
borisba
Inviato: Friday, June 18, 2010 9:19:26 AM
Rank: AiutAmico

Iscritto dal : 12/10/2006
Posts: 51
Ce l'ho fatta anche se solo al terzo riavvio ha smesso di dirmi che lo scanner di AVG era attivo e che quindi continuavo solo a mio rischio e pericolo (nonostante AVG mi segnalasse "nessun componente attivo", ma d'altronde anche con Symantec su un altro pc continuavo a ricevere un warning simile nonostante avessi disattivato tutte le voci).
Questo il log:
Commenta:

ComboFix 10-06-17.01 - Administrator 18/06/2010 9.00.47.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.502 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pwdmon.dll
c:\windows\system32\win.com

.
((((((((((((((((((((((((( Files Creati Da 2010-05-18 al 2010-06-18 )))))))))))))))))))))))))))))))))))
.

2010-06-17 19:45 . 2010-06-17 19:45 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-17 19:45 . 2010-06-17 19:45 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-17 19:45 . 2010-06-17 19:45 325640 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-17 19:45 . 2010-06-17 19:45 27656 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-17 19:45 . 2010-06-17 19:45 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-17 09:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-17 09:16 . 2010-06-17 09:16 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-17 09:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-16 12:39 . 2010-06-16 12:39 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-06-16 12:39 . 2010-06-16 12:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-15 20:13 . 2010-05-06 10:32 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-30 17:24 . 2010-05-30 17:24 -------- d-----w- c:\programmi\CCleaner
2010-05-30 13:29 . 2010-05-30 13:29 -------- d-----w- c:\programmi\TeXnicCenter
2010-05-30 13:27 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-05-30 13:27 . 1998-08-05 05:45 122128 ----a-w- c:\windows\system32\VB6IT.DLL
2010-05-30 13:27 . 2010-05-30 13:28 -------- d-----w- c:\programmi\PDFCreator
2010-05-30 13:27 . 1998-08-05 05:45 150528 ----a-w- c:\windows\system32\MSCMCIT.DLL
2010-05-30 13:27 . 1998-08-05 05:45 63488 ----a-w- c:\windows\system32\MSCC2IT.DLL
2010-05-30 13:27 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-05-30 13:25 . 2010-05-30 13:25 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\MiKTeX
2010-05-30 13:25 . 2010-05-30 13:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MiKTeX
2010-05-30 13:22 . 2010-05-30 13:24 -------- d-----w- c:\programmi\MiKTeX 2.6
2010-05-30 13:21 . 2010-05-30 13:21 -------- d-----w- c:\programmi\Ghostgum
2010-05-30 13:06 . 2010-05-30 13:06 -------- d-----w- c:\programmi\gs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 07:10 . 2009-09-28 07:26 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-06-18 07:10 . 2009-09-28 07:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-06-17 19:45 . 2009-04-22 13:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2010-06-16 05:54 . 2009-04-01 08:46 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-06-15 21:07 . 1979-12-31 22:00 84354 ----a-w- c:\windows\system32\perfc010.dat
2010-06-15 21:07 . 1979-12-31 22:00 489648 ----a-w- c:\windows\system32\perfh010.dat
2010-05-16 12:50 . 2008-10-09 13:42 86800 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-16 08:45 . 2010-05-16 08:45 -------- d-----r- c:\programmi\Skype
2010-05-16 08:45 . 2010-05-16 08:45 -------- d-----w- c:\programmi\File comuni\Skype
2010-05-16 08:44 . 2009-09-28 07:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-05-15 18:22 . 2010-05-15 18:16 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\VoipStunt
2010-05-15 18:12 . 2010-05-15 18:12 -------- d-----w- c:\programmi\VoipStunt.com
2010-05-15 17:37 . 2010-05-15 17:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\VoipBuster
2010-05-10 17:58 . 2010-05-10 17:58 -------- d-----w- c:\programmi\VoipBuster.com
2010-05-09 08:35 . 2010-05-09 08:20 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\VoipCheapCom
2010-05-09 08:13 . 2010-05-09 08:13 -------- d-----w- c:\programmi\VoipCheapCom.com
2010-05-06 10:32 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 1979-12-31 22:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-22 16:05 . 2010-04-22 16:05 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\InterVideo
2010-04-20 05:30 . 1979-12-31 22:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ibmmessages"="c:\programmi\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"ControlCenter"="c:\programmi\IBM fingerprint software\ctlcntr.exe" [2005-04-12 287845]
"TPKMAPHELPER"="c:\programmi\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"TpShocks"="TpShocks.exe" [2005-04-05 106496]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208]
"TP4EX"="tp4ex.exe" [2004-11-11 40960]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-10 344064]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"ibmmessages"="c:\programmi\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2005-04-27 90112]
"QCTRAY"="c:\programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-03-18 745472]
"QCWLICON"="c:\programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-13 139264]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-13 208896]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-06-17 1932568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\ThinkPad\Bluetooth Software\BTTray.exe [2005-5-24 565309]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-9 24576]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-17 19:45 10520 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-04-12 15:21 110691 ----a-w- c:\programmi\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 01:07 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-12 18:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-01-07 11:02 49152 ----a-w- c:\programmi\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
2004-02-11 23:08 61440 ----a-w- c:\programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-02-12 21:40 163840 ----a-w- c:\programmi\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programmi\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\VoipCheapCom.com\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Programmi\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [09/10/2008 14.48.01 14208]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/06/2010 21.45.46 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17/06/2010 21.45.56 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [17/06/2010 21.45.12 298264]
R2 SmiHlp;SMI helper driver;c:\programmi\IBM fingerprint software\smihlp.sys [12/04/2005 17.13.36 3328]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [09/10/2008 14.48.01 6016]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [09/10/2008 15.17.04 12288]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [01/01/1980 14336]
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-18 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-09 23:01]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\34rfb0rm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 09:09
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3349503580-3171475752-1871950131-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,de,19,b5,85,d2,38,40,97,93,61,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,de,19,b5,85,d2,38,40,97,93,61,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll
c:\programmi\IBM fingerprint software\psfus.dll
c:\programmi\File comuni\Virtual Token\psutil.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(1776)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Virtual Token\vtserver.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\QCONSVC.EXE
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TpShocks.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\programmi\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-18 09:13:38 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-18 07:13

Pre-Run: 24.234.434.560 byte disponibili
Post-Run: 24.151.396.352 byte disponibili

- - End Of File - - 78E0BA19A488CE16F040B0128920C2D0


Grazie!
Torna in alto
 
paolopa
Inviato: Friday, June 18, 2010 10:07:36 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
combofix tin ha eliminato un paio di infezioni,ed è gia qualcosa,ora aspettiamo che r16 dia un occhiata al report,puo' darsi che decida di farti eseguire uno script.
ps:ma scusa,hai scaricato la versione8 di avg?!la 9 è certamente preferibile....
Torna in alto
 
borisba
Inviato: Friday, June 18, 2010 10:26:58 AM
Rank: AiutAmico

Iscritto dal : 12/10/2006
Posts: 51
Ok grazie. Ora si spiega perche' ieri sera e' riuscito finalmente a scaricarmi Avg: perche' era la versione 8, di cui non avevo cancellato i file di setup.
Borisba
Torna in alto
 
borisba
Inviato: Friday, June 18, 2010 8:36:11 PM
Rank: AiutAmico

Iscritto dal : 12/10/2006
Posts: 51
Purtroppo tornando a casa il mio pc non trovava nessuna rete senza fili. Siccome da casa mi connetto così, ho dovuto far "Ripristino configurazione di sistema" (annullando gli effetti della scansione di Combo) altrimenti sarei rimasto senza connessione fino a lunedì.
Torna in alto
 
paolopa
Inviato: Saturday, June 19, 2010 4:03:02 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
allora magari riproviamo combofix lunedi'...devi disinstallarlo e reinstallarlo quando ti servira'(non prima).
per disinstallarlo fai cosi':
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.
questo programma si disinstallera' assieme a combofix.
Torna in alto
 
borisba
Inviato: Sunday, June 20, 2010 10:32:29 AM
Rank: AiutAmico

Iscritto dal : 12/10/2006
Posts: 51
Ok, domattina riprovo. Nel frattempo venerdì sera stando connesso 2 ore son riuscito a scaricare Avg9 (il ripristino era al momento dell'installazione di Avg8, che quindi non era più installato), che non ha rilevato infezioni.
Borisba
Torna in alto
 
borisba
Inviato: Monday, June 21, 2010 12:17:43 PM
Rank: AiutAmico

Iscritto dal : 12/10/2006
Posts: 51
Questo il nuovo log di Combo:
Commenta:

ComboFix 10-06-20.03 - Administrator 21/06/2010 11.56.38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.360 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-5105173411-5204251970-794292032-9510\MsMxEng.exe
c:\windows\system32\pwdmon.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-05-21 al 2010-06-21 )))))))))))))))))))))))))))))))))))
.

2010-06-21 08:46 . 2010-06-21 08:46 -------- d-----w- C:\$AVG
2010-06-18 19:55 . 2010-06-18 19:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-18 19:55 . 2010-06-18 19:55 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-18 19:55 . 2010-06-18 19:55 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-18 19:55 . 2010-06-18 19:55 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-18 19:44 . 2010-06-18 19:44 -------- d-----w- c:\programmi\VS Revo Group
2010-06-18 19:32 . 2010-06-18 19:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-06-18 18:02 . 2010-06-18 18:02 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-18 08:25 . 2010-06-18 18:01 -------- d-----w- C:\RECYCLER(2)
2010-06-17 19:45 . 2010-06-18 19:56 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-17 09:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-17 09:16 . 2010-06-17 09:16 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-17 09:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-16 12:39 . 2010-06-16 12:39 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-06-16 12:39 . 2010-06-16 12:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-15 20:13 . 2010-05-06 10:32 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-30 17:24 . 2010-05-30 17:24 -------- d-----w- c:\programmi\CCleaner
2010-05-30 13:29 . 2010-05-30 13:29 -------- d-----w- c:\programmi\TeXnicCenter
2010-05-30 13:27 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-05-30 13:27 . 1998-08-05 05:45 122128 ----a-w- c:\windows\system32\VB6IT.DLL
2010-05-30 13:27 . 2010-05-30 13:28 -------- d-----w- c:\programmi\PDFCreator
2010-05-30 13:27 . 1998-08-05 05:45 150528 ----a-w- c:\windows\system32\MSCMCIT.DLL
2010-05-30 13:27 . 1998-08-05 05:45 63488 ----a-w- c:\windows\system32\MSCC2IT.DLL
2010-05-30 13:27 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-05-30 13:25 . 2010-05-30 13:25 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\MiKTeX
2010-05-30 13:25 . 2010-05-30 13:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MiKTeX
2010-05-30 13:22 . 2010-05-30 13:24 -------- d-----w- c:\programmi\MiKTeX 2.6
2010-05-30 13:21 . 2010-05-30 13:21 -------- d-----w- c:\programmi\Ghostgum
2010-05-30 13:06 . 2010-05-30 13:06 -------- d-----w- c:\programmi\gs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 10:06 . 2009-09-28 07:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-06-21 08:17 . 2009-09-28 07:26 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-06-18 19:40 . 2009-04-22 13:25 -------- d-----w- c:\programmi\AVG
2010-06-16 05:54 . 2009-04-01 08:46 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-06-15 21:07 . 1979-12-31 22:00 84354 ----a-w- c:\windows\system32\perfc010.dat
2010-06-15 21:07 . 1979-12-31 22:00 489648 ----a-w- c:\windows\system32\perfh010.dat
2010-05-16 12:50 . 2008-10-09 13:42 86800 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-16 08:45 . 2010-05-16 08:45 -------- d-----r- c:\programmi\Skype
2010-05-16 08:45 . 2010-05-16 08:45 -------- d-----w- c:\programmi\File comuni\Skype
2010-05-16 08:44 . 2009-09-28 07:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-05-15 18:22 . 2010-05-15 18:16 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\VoipStunt
2010-05-15 18:12 . 2010-05-15 18:12 -------- d-----w- c:\programmi\VoipStunt.com
2010-05-15 17:37 . 2010-05-15 17:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\VoipBuster
2010-05-10 17:58 . 2010-05-10 17:58 -------- d-----w- c:\programmi\VoipBuster.com
2010-05-09 08:35 . 2010-05-09 08:20 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\VoipCheapCom
2010-05-09 08:13 . 2010-05-09 08:13 -------- d-----w- c:\programmi\VoipCheapCom.com
2010-05-06 10:32 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 1979-12-31 22:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-22 16:05 . 2010-04-22 16:05 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\InterVideo
2010-04-20 05:30 . 1979-12-31 22:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\programmi\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"ControlCenter"="c:\programmi\IBM fingerprint software\ctlcntr.exe" [2005-04-12 287845]
"TPKMAPHELPER"="c:\programmi\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"TpShocks"="TpShocks.exe" [2005-04-05 106496]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208]
"TP4EX"="tp4ex.exe" [2004-11-11 40960]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-10 344064]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"ibmmessages"="c:\programmi\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2005-04-27 90112]
"QCTRAY"="c:\programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-03-18 745472]
"QCWLICON"="c:\programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-13 139264]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-13 208896]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-18 2064736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\ThinkPad\Bluetooth Software\BTTray.exe [2005-5-24 565309]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-9 24576]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-18 19:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-04-12 15:21 110691 ----a-w- c:\programmi\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 01:07 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-12 18:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-01-07 11:02 49152 ----a-w- c:\programmi\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
2004-02-11 23:08 61440 ----a-w- c:\programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-02-12 21:40 163840 ----a-w- c:\programmi\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programmi\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\VoipCheapCom.com\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Programmi\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [09/10/2008 14.48.01 14208]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/06/2010 21.55.20 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/06/2010 21.55.33 242896]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [18/06/2010 21.37.24 308064]
R2 SmiHlp;SMI helper driver;c:\programmi\IBM fingerprint software\smihlp.sys [12/04/2005 17.13.36 3328]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [09/10/2008 14.48.01 6016]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [09/10/2008 15.17.04 12288]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [01/01/1980 14336]
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-21 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-09 23:01]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\34rfb0rm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 12:06
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3349503580-3171475752-1871950131-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,de,19,b5,85,d2,38,40,97,93,61,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,de,19,b5,85,d2,38,40,97,93,61,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
c:\programmi\IBM fingerprint software\psfus.dll
c:\programmi\File comuni\Virtual Token\psutil.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Virtual Token\vtserver.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\QCONSVC.EXE
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TpShocks.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\programmi\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-21 12:10:09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-21 10:10

Pre-Run: 24.067.149.824 byte disponibili
Post-Run: 24.140.312.576 byte disponibili

- - End Of File - - 98E042443FAB822E6DCC7C07E96FF005
ComboFix 10-06-20.03 - Administrator 21/06/2010 11.56.38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.360 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-5105173411-5204251970-794292032-9510\MsMxEng.exe
c:\windows\system32\pwdmon.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-05-21 al 2010-06-21 )))))))))))))))))))))))))))))))))))
.

2010-06-21 08:46 . 2010-06-21 08:46 -------- d-----w- C:\$AVG
2010-06-18 19:55 . 2010-06-18 19:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-18 19:55 . 2010-06-18 19:55 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-18 19:55 . 2010-06-18 19:55 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-18 19:55 . 2010-06-18 19:55 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-18 19:44 . 2010-06-18 19:44 -------- d-----w- c:\programmi\VS Revo Group
2010-06-18 19:32 . 2010-06-18 19:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-06-18 18:02 . 2010-06-18 18:02 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-18 08:25 . 2010-06-18 18:01 -------- d-----w- C:\RECYCLER(2)
2010-06-17 19:45 . 2010-06-18 19:56 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-17 09:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-17 09:16 . 2010-06-17 09:16 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-17 09:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-16 12:39 . 2010-06-16 12:39 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-06-16 12:39 . 2010-06-16 12:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-15 20:13 . 2010-05-06 10:32 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-30 17:24 . 2010-05-30 17:24 -------- d-----w- c:\programmi\CCleaner
2010-05-30 13:29 . 2010-05-30 13:29 -------- d-----w- c:\programmi\TeXnicCenter
2010-05-30 13:27 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-05-30 13:27 . 1998-08-05 05:45 122128 ----a-w- c:\windows\system32\VB6IT.DLL
2010-05-30 13:27 . 2010-05-30 13:28 -------- d-----w- c:\programmi\PDFCreator
2010-05-30 13:27 . 1998-08-05 05:45 150528 ----a-w- c:\windows\system32\MSCMCIT.DLL
2010-05-30 13:27 . 1998-08-05 05:45 63488 ----a-w- c:\windows\system32\MSCC2IT.DLL
2010-05-30 13:27 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-05-30 13:25 . 2010-05-30 13:25 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\MiKTeX
2010-05-30 13:25 . 2010-05-30 13:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MiKTeX
2010-05-30 13:22 . 2010-05-30 13:24 -------- d-----w- c:\programmi\MiKTeX 2.6
2010-05-30 13:21 . 2010-05-30 13:21 -------- d-----w- c:\programmi\Ghostgum
2010-05-30 13:06 . 2010-05-30 13:06 -------- d-----w- c:\programmi\gs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 10:06 . 2009-09-28 07:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-06-21 08:17 . 2009-09-28 07:26 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-06-18 19:40 . 2009-04-22 13:25 -------- d-----w- c:\programmi\AVG
2010-06-16 05:54 . 2009-04-01 08:46 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-06-15 21:07 . 1979-12-31 22:00 84354 ----a-w- c:\windows\system32\perfc010.dat
2010-06-15 21:07 . 1979-12-31 22:00 489648 ----a-w- c:\windows\system32\perfh010.dat
2010-05-16 12:50 . 2008-10-09 13:42 86800 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-16 08:45 . 2010-05-16 08:45 -------- d-----r- c:\programmi\Skype
2010-05-16 08:45 . 2010-05-16 08:45 -------- d-----w- c:\programmi\File comuni\Skype
2010-05-16 08:44 . 2009-09-28 07:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-05-15 18:22 . 2010-05-15 18:16 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\VoipStunt
2010-05-15 18:12 . 2010-05-15 18:12 -------- d-----w- c:\programmi\VoipStunt.com
2010-05-15 17:37 . 2010-05-15 17:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\VoipBuster
2010-05-10 17:58 . 2010-05-10 17:58 -------- d-----w- c:\programmi\VoipBuster.com
2010-05-09 08:35 . 2010-05-09 08:20 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\VoipCheapCom
2010-05-09 08:13 . 2010-05-09 08:13 -------- d-----w- c:\programmi\VoipCheapCom.com
2010-05-06 10:32 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 1979-12-31 22:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-22 16:05 . 2010-04-22 16:05 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\InterVideo
2010-04-20 05:30 . 1979-12-31 22:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\programmi\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"ControlCenter"="c:\programmi\IBM fingerprint software\ctlcntr.exe" [2005-04-12 287845]
"TPKMAPHELPER"="c:\programmi\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"TpShocks"="TpShocks.exe" [2005-04-05 106496]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208]
"TP4EX"="tp4ex.exe" [2004-11-11 40960]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-10 344064]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"ibmmessages"="c:\programmi\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2005-04-27 90112]
"QCTRAY"="c:\programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-03-18 745472]
"QCWLICON"="c:\programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-13 139264]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-13 208896]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-18 2064736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\ThinkPad\Bluetooth Software\BTTray.exe [2005-5-24 565309]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-9 24576]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-18 19:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-04-12 15:21 110691 ----a-w- c:\programmi\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 01:07 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-12 18:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-01-07 11:02 49152 ----a-w- c:\programmi\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
2004-02-11 23:08 61440 ----a-w- c:\programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-02-12 21:40 163840 ----a-w- c:\programmi\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programmi\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\VoipCheapCom.com\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Programmi\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [09/10/2008 14.48.01 14208]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/06/2010 21.55.20 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/06/2010 21.55.33 242896]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [18/06/2010 21.37.24 308064]
R2 SmiHlp;SMI helper driver;c:\programmi\IBM fingerprint software\smihlp.sys [12/04/2005 17.13.36 3328]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [09/10/2008 14.48.01 6016]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [09/10/2008 15.17.04 12288]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [01/01/1980 14336]
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-21 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-09 23:01]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\34rfb0rm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 12:06
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3349503580-3171475752-1871950131-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,de,19,b5,85,d2,38,40,97,93,61,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,de,19,b5,85,d2,38,40,97,93,61,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
c:\programmi\IBM fingerprint software\psfus.dll
c:\programmi\File comuni\Virtual Token\psutil.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Virtual Token\vtserver.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\QCONSVC.EXE
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TpShocks.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\programmi\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-21 12:10:09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-21 10:10

Pre-Run: 24.067.149.824 byte disponibili
Post-Run: 24.140.312.576 byte disponibili

- - End Of File - - 98E042443FAB822E6DCC7C07E96FF005
ComboFix 10-06-20.03 - Administrator 21/06/2010 11.56.38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.360 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-5105173411-5204251970-794292032-9510\MsMxEng.exe
c:\windows\system32\pwdmon.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-05-21 al 2010-06-21 )))))))))))))))))))))))))))))))))))
.

2010-06-21 08:46 . 2010-06-21 08:46 -------- d-----w- C:\$AVG
2010-06-18 19:55 . 2010-06-18 19:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-18 19:55 . 2010-06-18 19:55 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-18 19:55 . 2010-06-18 19:55 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-18 19:55 . 2010-06-18 19:55 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-18 19:44 . 2010-06-18 19:44 -------- d-----w- c:\programmi\VS Revo Group
2010-06-18 19:32 . 2010-06-18 19:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-06-18 18:02 . 2010-06-18 18:02 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-18 08:25 . 2010-06-18 18:01 -------- d-----w- C:\RECYCLER(2)
2010-06-17 19:45 . 2010-06-18 19:56 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-17 09:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-17 09:16 . 2010-06-17 09:16 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-17 09:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-16 12:39 . 2010-06-16 12:39 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-06-16 12:39 . 2010-06-16 12:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-15 20:13 . 2010-05-06 10:32 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-30 17:24 . 2010-05-30 17:24 -------- d-----w- c:\programmi\CCleaner
2010-05-30 13:29 . 2010-05-30 13:29 -------- d-----w- c:\programmi\TeXnicCenter
2010-05-30 13:27 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-05-30 13:27 . 1998-08-05 05:45 122128 ----a-w- c:\windows\system32\VB6IT.DLL
2010-05-30 13:27 . 2010-05-30 13:28 -------- d-----w- c:\programmi\PDFCreator
2010-05-30 13:27 . 1998-08-05 05:45 150528 ----a-w- c:\windows\system32\MSCMCIT.DLL
2010-05-30 13:27 . 1998-08-05 05:45 63488 ----a-w- c:\windows\system32\MSCC2IT.DLL
2010-05-30 13:27 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-05-30 13:25 . 2010-05-30 13:25 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\MiKTeX
2010-05-30 13:25 . 2010-05-30 13:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MiKTeX
2010-05-30 13:22 . 2010-05-30 13:24 -------- d-----w- c:\programmi\MiKTeX 2.6
2010-05-30 13:21 . 2010-05-30 13:21 -------- d-----w- c:\programmi\Ghostgum
2010-05-30 13:06 . 2010-05-30 13:06 -------- d-----w- c:\programmi\gs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 10:06 . 2009-09-28 07:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-06-21 08:17 . 2009-09-28 07:26 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-06-18 19:40 . 2009-04-22 13:25 -------- d-----w- c:\programmi\AVG
2010-06-16 05:54 . 2009-04-01 08:46 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-06-15 21:07 . 1979-12-31 22:00 84354 ----a-w- c:\windows\system32\perfc010.dat
2010-06-15 21:07 . 1979-12-31 22:00 489648 ----a-w- c:\windows\system32\perfh010.dat
2010-05-16 12:50 . 2008-10-09 13:42 86800 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-16 08:45 . 2010-05-16 08:45 -------- d-----r- c:\programmi\Skype
2010-05-16 08:45 . 2010-05-16 08:45 -------- d-----w- c:\programmi\File comuni\Skype
2010-05-16 08:44 . 2009-09-28 07:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-05-15 18:22 . 2010-05-15 18:16 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\VoipStunt
2010-05-15 18:12 . 2010-05-15 18:12 -------- d-----w- c:\programmi\VoipStunt.com
2010-05-15 17:37 . 2010-05-15 17:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\VoipBuster
2010-05-10 17:58 . 2010-05-10 17:58 -------- d-----w- c:\programmi\VoipBuster.com
2010-05-09 08:35 . 2010-05-09 08:20 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\VoipCheapCom
2010-05-09 08:13 . 2010-05-09 08:13 -------- d-----w- c:\programmi\VoipCheapCom.com
2010-05-06 10:32 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 1979-12-31 22:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-22 16:05 . 2010-04-22 16:05 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\InterVideo
2010-04-20 05:30 . 1979-12-31 22:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\programmi\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"ControlCenter"="c:\programmi\IBM fingerprint software\ctlcntr.exe" [2005-04-12 287845]
"TPKMAPHELPER"="c:\programmi\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"TpShocks"="TpShocks.exe" [2005-04-05 106496]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208]
"TP4EX"="tp4ex.exe" [2004-11-11 40960]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-10 344064]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"ibmmessages"="c:\programmi\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2005-04-27 90112]
"QCTRAY"="c:\programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-03-18 745472]
"QCWLICON"="c:\programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-13 139264]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-13 208896]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-18 2064736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\ThinkPad\Bluetooth Software\BTTray.exe [2005-5-24 565309]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-9 24576]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-18 19:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-04-12 15:21 110691 ----a-w- c:\programmi\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 01:07 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-12 18:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-01-07 11:02 49152 ----a-w- c:\programmi\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
2004-02-11 23:08 61440 ----a-w- c:\programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-02-12 21:40 163840 ----a-w- c:\programmi\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programmi\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\VoipCheapCom.com\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Programmi\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [09/10/2008 14.48.01 14208]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/06/2010 21.55.20 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/06/2010 21.55.33 242896]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [18/06/2010 21.37.24 308064]
R2 SmiHlp;SMI helper driver;c:\programmi\IBM fingerprint software\smihlp.sys [12/04/2005 17.13.36 3328]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [09/10/2008 14.48.01 6016]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [09/10/2008 15.17.04 12288]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [01/01/1980 14336]
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-21 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-09 23:01]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\34rfb0rm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 12:06
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3349503580-3171475752-1871950131-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,de,19,b5,85,d2,38,40,97,93,61,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,de,19,b5,85,d2,38,40,97,93,61,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
c:\programmi\IBM fingerprint software\psfus.dll
c:\programmi\File comuni\Virtual Token\psutil.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Virtual Token\vtserver.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\QCONSVC.EXE
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TpShocks.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\programmi\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-21 12:10:09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-21 10:10

Pre-Run: 24.067.149.824 byte disponibili
Post-Run: 24.140.312.576 byte disponibili

- - End Of File - - 98E042443FAB822E6DCC7C07E96FF005

Grazie!
Torna in alto
 
paolopa
Inviato: Monday, June 21, 2010 12:39:02 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
strano,avrebbe dovuto trovare le stesse infezioni della precedente scansione,invece una manca e una è nuova...aspetta che r16 ti dia un occhiata al log e decida se farti eseguire uno script(io non sono in grado).
Torna in alto
 
borisba
Inviato: Monday, June 21, 2010 7:44:02 PM
Rank: AiutAmico

Iscritto dal : 12/10/2006
Posts: 51
paolopa ha scritto:
strano,avrebbe dovuto trovare le stesse infezioni della precedente scansione,invece una manca e una è nuova...

C'è anche un'altra differenza rispetto a prima: ora visualizza e riesco a connettermi alle reti senza fili.
Borisba
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log di Hijack


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.