Condividi:        

Iutuuu al virus?! O.o

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Iutuuu al virus?! O.o

Postdi tHeCaGeMaD » 30/05/08 00:16

Penso di avere un virus che non viene trovato tramite il mio antivirus AVG, ho problemi con internet il Pc si inkioda, ho perso misteriosamente alcuni programmi di Office...
Mi hanno detto di scaricare il programma Hijackthis e fare copia-incolla del log su un forum e... eccomi qui... :D
Spero ke qualcuno possa darmi una mano! grazieeeee

"Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.58.56, on 30/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Acer\Empowering Technology\admServ.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Acer\Acer Arcade\PCMService.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
c:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\sara arizzoli\impostazioni locali\dati applicazioni\thvbwc.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Web Accelerator\slipgui.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\AVG\AVG8\avgui.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\AVG\AVG8\avgscanx.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\AVG\AVG8\avgscanx.exe
C:\Programmi\AVG\AVG8\avgscanx.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Programmi\Web Accelerator\PBHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programmi\Web Accelerator\components\NOWImaging.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SlipStream] "C:\Programmi\Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [thvbwc] c:\documents and settings\sara arizzoli\impostazioni locali\dati applicazioni\thvbwc.exe thvbwc
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Programmi\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Programmi\Web Accelerator\slipgui.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - c:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://allfadesout.spaces.live.com//Pho ... nPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://thecagemad1988.spaces.live.com/P ... nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62C3C7E0-1777-4D88-A365-E16543FAB652}: NameServer = 193.70.192.25 193.70.152.25
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 13198 bytes"
*®*`¯*..*`¯*∂ση'т ѕтαу ιη тнє ¢αgє*¯`*..*¯`*®*
tHeCaGeMaD
Newbie
 
Post: 9
Iscritto il: 30/05/08 00:07
Località: Turin

Sponsor
 

Re: Iutuuu al virus?! O.o

Postdi Luke57 » 30/05/08 07:52

Ciao, apri hijackthis, premi "open the misc tools section", "open pocess manager", cerca tra i processi:
C:\documents and settings\sara arizzoli\impostazioni locali\dati applicazioni\thvbwc.exe

evidenzialo e premi kill process.

orna alla pagina centrale del menu con back, premi "scan", cerca e spunta la voce seguente:
O4 - HKCU\..\Run: [thvbwc] c:\documents and settings\sara arizzoli\impostazioni locali\dati applicazioni\thvbwc.exe thvbwc
premi fix checked.

Apri risorse del computer>strumenti>opzioni cartella>visualizzazione> metti la spunta a visualizza file e cartelle nascosti>OK
Ceca ed elimina il seguente file:
C:\documents and settings\sara arizzoli\impostazioni locali\dati applicazioni\thvbwc.exe
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Iutuuu al virus?! O.o

Postdi tHeCaGeMaD » 30/05/08 13:43

Luke57 ha scritto:Ciao, apri hijackthis, premi "open the misc tools section", "open pocess manager", cerca tra i processi:
C:\documents and settings\sara arizzoli\impostazioni locali\dati applicazioni\thvbwc.exe

evidenzialo e premi kill process.

orna alla pagina centrale del menu con back, premi "scan", cerca e spunta la voce seguente:
O4 - HKCU\..\Run: [thvbwc] c:\documents and settings\sara arizzoli\impostazioni locali\dati applicazioni\thvbwc.exe thvbwc
premi fix checked.

Apri risorse del computer>strumenti>opzioni cartella>visualizzazione> metti la spunta a visualizza file e cartelle nascosti>OK
Ceca ed elimina il seguente file:
C:\documents and settings\sara arizzoli\impostazioni locali\dati applicazioni\thvbwc.exe


non mi da piu questo processo O.o oddiiiioooo :aaah
*®*`¯*..*`¯*∂ση'т ѕтαу ιη тнє ¢αgє*¯`*..*¯`*®*
tHeCaGeMaD
Newbie
 
Post: 9
Iscritto il: 30/05/08 00:07
Località: Turin

Re: Iutuuu al virus?! O.o

Postdi Luke57 » 30/05/08 14:11

Ciao, scarica ComboFix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconettiti da internet

Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione, se le icone del desktop spariscono è normale)
Segui le istruzioni e alla fine verrà generato un log.
collegati e posta il report (C:\combofix.txt)
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Iutuuu al virus?! O.o

Postdi tHeCaGeMaD » 02/06/08 21:08

Luke57 ha scritto:Ciao, scarica ComboFix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconettiti da internet

Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione, se le icone del desktop spariscono è normale)
Segui le istruzioni e alla fine verrà generato un log.
collegati e posta il report (C:\combofix.txt)



Ciau :D Ecco il log :P


ComboFix 08-06-01.2 - Sara Arizzoli 2008-06-02 21.51.36.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.530 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Sara Arizzoli\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\Documents and Settings\Sara Arizzoli\Impostazioni locali\Dati applicazioni\egcbgwenkb.dat
c:\documents and settings\sara arizzoli\impostazioni locali\dati applicazioni\egcbgwenkb.exe
C:\Documents and Settings\Sara Arizzoli\Impostazioni locali\Dati applicazioni\egcbgwenkb_nav.dat
C:\Documents and Settings\Sara Arizzoli\Impostazioni locali\Dati applicazioni\egcbgwenkb_navps.dat
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2008-05-02 al 2008-06-02 )))))))))))))))))))))))))))))))))))
.

2008-05-30 00:44 . 2008-05-30 00:44 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-25 20:13 . 2008-05-25 20:13 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-25 18:38 . 2008-05-25 18:38 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-25 18:38 . 2008-05-25 18:38 <DIR> d-------- C:\Programmi\AVG
2008-05-25 18:38 . 2008-05-25 18:38 <DIR> d-------- C:\Documents and Settings\Sara Arizzoli\Dati applicazioni\AVGTOOLBAR
2008-05-25 18:38 . 2008-05-25 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-05-25 18:38 . 2008-05-25 18:38 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-25 18:38 . 2008-05-25 18:38 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-25 18:38 . 2008-05-25 18:38 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-25 18:38 . 2008-05-25 18:38 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-25 17:56 . 2008-05-25 17:56 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-25 17:56 . 2008-05-25 17:56 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 00:43 96,744 ----a-w C:\Documents and Settings\Sara Arizzoli\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-05-05 12:45 94,208 ----a-w C:\WINDOWS\DUMPbcbe.tmp
2008-05-02 17:42 94,208 ----a-w C:\WINDOWS\DUMP42a6.tmp
2008-05-01 10:05 94,208 ----a-w C:\WINDOWS\DUMP4798.tmp
2008-05-01 09:58 94,208 ----a-w C:\WINDOWS\DUMP41ac.tmp
2008-05-01 09:51 94,208 ----a-w C:\WINDOWS\DUMP3d66.tmp
2008-05-01 09:48 94,208 ----a-w C:\WINDOWS\DUMP3efd.tmp
2008-05-01 09:43 94,208 ----a-w C:\WINDOWS\DUMPaf8f.tmp
2008-04-13 11:36 94,208 ----a-w C:\WINDOWS\DUMPafdd.tmp
2008-04-11 09:52 8,840 ----a-w C:\Documents and Settings\Sara Arizzoli\Dati applicazioni\wklnhst.dat
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 08:30 94,208 ----a-w C:\WINDOWS\DUMP3827.tmp
2008-03-12 21:06 94,208 ----a-w C:\WINDOWS\DUMP3cab.tmp
2008-03-04 16:45 94,208 ----a-w C:\WINDOWS\DUMPacff.tmp
2007-02-26 17:51 25,600 ----a-w C:\Documents and Settings\Sara Arizzoli\usbsermptxp.sys
2007-02-26 17:51 22,768 ----a-w C:\Documents and Settings\Sara Arizzoli\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-25 18:38 2051328 --a------ C:\Programmi\AVG\AVG8\avgtoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\Programmi\AVG\AVG8\avgtoolbar.dll" [2008-05-25 18:38 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\Programmi\AVG\AVG8\avgtoolbar.dll [2008-05-25 18:38 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 05:00 15360]
"Vidalia"="C:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-07 20:02 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-07 19:59 77824]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-19 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 05:00 455168]
"PCMService"="C:\Programmi\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-07 20:03 114688]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 21:05 344064]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-07-29 17:48 462848]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 11:36 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-07-15 10:53 196608]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-07-15 10:53 2985472]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-08-16 09:56 368640]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-09-14 20:11 2461696]
"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"SlipStream"="C:\Programmi\Web Accelerator\slipcore.exe" [2006-04-07 04:51 253952]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"SMSTray"="C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-25 18:38 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 05:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-08-16 14:06:22 577597]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
SlipStream Web Accelerator.lnk - C:\Programmi\Web Accelerator\slipgui.exe [2006-07-18 15:37:42 159744]
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-11 15:13:09 110592]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\StubInstaller.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\Microsoft Office\\Office10\\NSREX.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Motorola\\Software Update\\msu.exe"=
"C:\\Programmi\\Motorola Phone Tools\\mPhonetools.exe"=
"C:\\WINDOWS\\System32\\muzapp.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"42795:TCP"= 42795:TCP:emule tcp in ingresso
"5872:TCP"= 5872:TCP:emule:UPD in ingresso
"3470:UDP"= 3470:UDP:Windows Media Format SDK (iexplore.exe)
"3471:UDP"= 3471:UDP:Windows Media Format SDK (iexplore.exe)
"3473:UDP"= 3473:UDP:Windows Media Format SDK (iexplore.exe)

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-25 18:38]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-25 18:38]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-09-06 14:26]
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-03 19:07]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-25 18:38]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-25 18:38]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-05-25 18:38]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-25 18:38]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-24 03:25]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-25 17:56]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 afb88c2e-5ae2-4b9d-bccc-c5f98ec983dd;afb88c2e-5ae2-4b9d-bccc-c5f98ec983dd;E:\Player\cds300.dll []
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2005-06-14 03:12]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-25 17:56]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-20 14:57]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 17:04]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 21:58:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\AVG\AVG8\avgrsx.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-02 22:01:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 20:01:12

19 Directory 18,168,414,208 byte disponibili
24 Directory 18,295,029,760 byte disponibili

208 --- E O F --- 2008-05-29 14:16:30
*®*`¯*..*`¯*∂ση'т ѕтαу ιη тнє ¢αgє*¯`*..*¯`*®*
tHeCaGeMaD
Newbie
 
Post: 9
Iscritto il: 30/05/08 00:07
Località: Turin


Torna a Sicurezza e Privacy


Topic correlati a "Iutuuu al virus?! O.o":


Chi c’è in linea

Visitano il forum: Nessuno e 96 ospiti

cron