Condividi:        

...securitycenter\antivirus0verrride (is not)dword:0

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

...securitycenter\antivirus0verrride (is not)dword:0

Postdi boxerdog » 27/06/08 10:30

salve a tutti,
ho un problema con il mio PC: spybot mi dice che ho questo "antivirus0verride", il computer è diventato molto lento e quando navigo in internet, improvvisamente si aprono delle pagine strane che nulla hanno a che vedere con il sito che sto visitando.
Uso Kaspersky, il quale stamane mi ha anche rilevato, eliminato e messo in backup i seguenti files:
eliminato: adware not-a-virus:AdWare.Win32.Virtumonde.zij File: c:\windows\system32\cffolvit.dll
eliminato: Trojan program Trojan.Win32.Monder.acy
...dopo averli rilevati mi si spegne il computer e lo riaccente.

Copio/incollo il mio log di HiJackThis e se qualcuno mi volesse dare una mano, gli sarei molto grato
Grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.37.24, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Programmi\USR WLAN\USR 22Mbps WLAN Adapter\USRWLAN.exe
C:\Documents and Settings\Enzo\Menu Avvio\Programmi\Esecuzione automatica\html2pop3.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\totalcmd\TOTALCMD.EXE
D:\SW\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {f504cdab-6ada-dc98-b344-d550cd50f192} - {291f05dc-055d-443b-89cd-ada6badc405f} - C:\WINDOWS\system32\qxgtrcft.dll
O2 - BHO: (no name) - {335441DE-CC7F-467F-BC49-B7C76D10AF73} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {B31E99F6-924B-4ADC-B59A-F224C2CA143A} - (no file)
O2 - BHO: (no name) - {F86B11F3-0CE1-475F-9541-5329BF7B3597} - (no file)
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: html2pop3.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: U.S.Robotics WLAN Adapter Configuration Utility.lnk = C:\Programmi\USR WLAN\USR 22Mbps WLAN Adapter\USRWLAN.exe
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Apri immagine in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1040\phdintl.dll/phdContext.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Salva oggetto con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kasperskyitalia.it/servizi/k ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hpphoto.com/Download/ ... lPrint.CAB
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 0318017668
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 7899047560
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7899023255
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFFEDC79-7C75-4915-AD16-4E5C10019CC4}: NameServer = 193.12.150.2,212.247.152.2
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: vtUopPhg - C:\WINDOWS\
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\DOCUME~1\Enzo\IMPOST~1\Temp\500064-PMLPatch\HPZipm12.exe (file missing)
O24 - Desktop Component 0: (no name) - http://genweb.dsa.unipd.it/hb/hb.asp

--
End of file - 10211 bytes
boxerdog
Utente Junior
 
Post: 15
Iscritto il: 22/08/06 15:32
Località: Lombardia

Sponsor
 

Re: ...securitycenter\antivirus0verrride (is not)dword:0

Postdi Luke57 » 27/06/08 10:46

Ciao, scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Per eseguirlo,doppio click su Combofix.exe
Si aprirà una finestra blu....Attendere....
Dopo qualche attimo apparirà l'avviso che declina l'autore da ogni problema legato ad una errata utilizzazione del tool.
A questo punto selezionate 1 quindi ENTER per lanciare lo scan..
Attendere.....
Un avviso vi segnalerà la fine dell'operazione e dopo qualche attimo apparirà il log con i dettagli dello scan.
IL log verrà memorizzato in C:\Combofix.txt
Allega il file a un post.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: ...securitycenter\antivirus0verrride (is not)dword:0

Postdi boxerdog » 27/06/08 12:12

Questo è il log di Combo ottenuto, grazie:
ComboFix 08-06-20.4 - Enzo 2008-06-27 12.21.25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.149 [GMT 2:00]
Eseguito da: D:\SW\Antivirus\anti\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Enzo\Dati applicazioni\Microsoft\dtsc
C:\Documents and Settings\Enzo\Dati applicazioni\Microsoft\dtsc\id
C:\WINDOWS\BM9f1ccc02.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\DegjQqru.ini
C:\WINDOWS\system32\DegjQqru.ini2
C:\WINDOWS\system32\KQBJknnn.ini
C:\WINDOWS\system32\KQBJknnn.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\tivloffc.ini
C:\WINDOWS\system32\ublcjxhc.ini

.
((((((((((((((((((((((((( Files Creati Da 2008-05-27 al 2008-06-27 )))))))))))))))))))))))))))))))))))
.

2008-06-26 12:55 . 2008-06-26 12:56 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-26 09:45 . 2008-06-26 09:45 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-06-25 18:22 . 2008-06-25 18:22 106,496 --a------ C:\WINDOWS\system32\qxgtrcft.dll
2008-06-25 18:20 . 2008-06-25 18:20 106,496 --a------ C:\WINDOWS\system32\vdnowdej.dll
2008-06-23 19:10 . 2008-06-23 19:10 50 --a------ C:\WINDOWS\cdplayer.ini
2008-06-22 21:34 . 2008-06-22 21:34 24,576 --a------ C:\WINDOWS\system32\xxyyvUoM.dll
2008-06-22 17:30 . 2008-06-22 17:30 <DIR> d-------- C:\Programmi\IrfanView
2008-06-22 17:28 . 2008-06-22 17:29 <DIR> d-------- C:\Programmi\Plugins
2008-06-22 16:11 . 2008-06-22 16:11 24,576 --a------ C:\WINDOWS\system32\vtUkjKbb.dll
2008-06-22 15:58 . 2008-06-22 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet
2008-06-19 13:42 . 2008-06-19 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ultima_T15
2008-06-19 13:42 . 2008-06-19 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\EnterNHelp
2008-06-19 13:42 . 2008-06-22 17:14 0 ---h----- C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLbz.DAT
2008-06-11 18:52 . 2008-06-14 19:59 272,768 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 18:52 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 17:36 . 2008-06-10 17:36 <DIR> d-------- C:\Documents and Settings\Enzo\Dati applicazioni\PPMate
2008-06-10 10:16 . 2008-06-10 10:16 <DIR> d-------- C:\Programmi\Mediacenter 1.0a
2008-06-08 23:09 . 2008-06-08 23:09 <DIR> d-------- C:\WINDOWS\EHome
2008-06-08 11:21 . 2008-06-08 11:21 <DIR> d-------- C:\Documents and Settings\Enzo\Dati applicazioni\J River
2008-06-06 23:34 . 2008-03-13 08:58 585,728 --a------ C:\WINDOWS\system32\AReadyLB.dll
2008-06-06 23:34 . 2008-03-13 08:58 229,376 --a------ C:\WINDOWS\system32\AudDevicePlugin.dll
2008-06-06 23:34 . 2008-03-13 08:58 183,129 --a------ C:\WINDOWS\system32\AM Install1.INF
2008-06-06 23:34 . 2008-06-06 23:34 38 --a------ C:\WINDOWS\system32\aaisolv.dll
2008-06-06 11:45 . 2008-05-23 00:22 43,528 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-06-06 11:45 . 2008-05-23 00:22 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-05 14:23 . 2008-06-05 14:24 <DIR> d-------- C:\Programmi\HAM
2008-06-05 14:23 . 2008-06-26 19:38 156,087 --a------ C:\WINDOWS\HAM Uninstaller.exe
2008-06-02 16:08 . 2008-06-02 16:08 32 --a------ C:\WINDOWS\CD_Start.INI
2008-06-02 15:52 . 2008-06-02 15:52 <DIR> d-------- C:\Programmi\NeroInstall.bak
2008-06-02 15:32 . 2008-06-02 15:32 <DIR> d-------- C:\Programmi\Nero
2008-06-01 00:39 . 2008-06-25 09:48 <DIR> d-------- C:\Documents and Settings\Enzo\Dati applicazioni\BitTorrent
2008-06-01 00:38 . 2008-06-01 00:38 <DIR> d-------- C:\Programmi\DNA
2008-06-01 00:38 . 2008-06-01 00:39 <DIR> d-------- C:\Programmi\BitTorrent
2008-06-01 00:38 . 2008-06-27 12:43 <DIR> d-------- C:\Documents and Settings\Enzo\Dati applicazioni\DNA
2008-05-30 11:15 . 2008-06-27 02:19 <DIR> d-------- C:\Documents and Settings\Enzo\Dati applicazioni\gtk-2.0
2008-05-30 11:15 . 2008-06-26 11:53 <DIR> d-------- C:\Documents and Settings\Enzo\.thumbnails
2008-05-30 11:02 . 2008-06-27 02:46 <DIR> d-------- C:\Documents and Settings\Enzo\.gimp-2.4
2008-05-30 10:50 . 2008-05-30 10:50 <DIR> d-------- C:\Programmi\GIMP-2.0
2008-05-29 17:14 . 2008-05-29 17:14 <DIR> d-------- C:\Programmi\ffdshow
2008-05-29 17:14 . 2007-01-01 00:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-29 17:14 . 2007-10-04 20:39 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-29 17:14 . 2007-01-01 00:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-28 10:44 . 2008-05-28 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Trend Micro
2008-05-28 10:44 . 2008-05-28 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-05-28 10:44 . 2008-06-26 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-28 10:44 . 2008-05-28 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft
2008-05-28 10:44 . 2008-06-26 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-05-28 10:44 . 2008-05-28 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-05-28 10:44 . 2008-05-28 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-05-28 01:47 . 2008-05-28 21:56 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 10:49 44,570,656 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-27 10:44 2,030,880 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-27 10:43 601,244 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-27 10:43 194,552 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-27 08:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-06-26 00:18 --------- d-----w C:\Programmi\File comuni\Softwin
2008-06-26 00:12 --------- d-----w C:\Programmi\File comuni\Adobe
2008-06-22 19:33 --------- d-----w C:\Programmi\CCleaner
2008-06-19 11:42 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-06 09:54 --------- d-----w C:\Documents and Settings\Enzo\Dati applicazioni\DivX
2008-06-06 09:45 --------- d-----w C:\Programmi\DivX
2008-06-02 13:36 --------- d-----w C:\Programmi\File comuni\Nero
2008-06-02 13:32 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-06-02 13:08 --------- d-----w C:\Programmi\File comuni\Ahead
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-29 18:10 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-28 16:00 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 13:33 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-24 11:24 --------- d-----w C:\Documents and Settings\Enzo\Dati applicazioni\SogouPY
2008-05-22 22:22 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:22 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:22 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:22 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-22 12:18 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-21 10:01 --------- d-----w C:\Documents and Settings\Enzo\Dati applicazioni\OTVREG
2008-05-15 21:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-13 00:20 --------- d-----w C:\Documents and Settings\Enzo\Dati applicazioni\WebCompiler3
2008-05-09 07:37 --------- d-----w C:\Documents and Settings\Enzo\Dati applicazioni\OfficeUpdate12
2008-05-09 07:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 13:37 --------- d-----w C:\Programmi\Pegasys Inc
2008-05-07 12:45 --------- d-----w C:\Programmi\VideoLAN
2008-05-07 12:20 --------- d-----w C:\Documents and Settings\Enzo\Dati applicazioni\vlc
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 11:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TVU Networks
2008-04-25 01:04 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-25 01:04 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-14 02:14 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2007-01-09 02:58 96,374 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\firstlsp.reg.dat
2004-03-11 12:27 40,960 ----a-w C:\Programmi\Uninstall_CDS.exe
.

------- Sigcheck -------

2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-19 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\tcpip.sys
2008-05-25 02:58 360064 01307b76a916a8f6d1f1452744ba7ad6 C:\WINDOWS\system32\backup\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{291f05dc-055d-443b-89cd-ada6badc405f}]
2008-06-25 18:22 106496 --a------ C:\WINDOWS\system32\qxgtrcft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{335441DE-CC7F-467F-BC49-B7C76D10AF73}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B31E99F6-924B-4ADC-B59A-F224C2CA143A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F86B11F3-0CE1-475F-9541-5329BF7B3597}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"H/PC Connection Agent"="C:\Programmi\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:38 1289000]
"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2008-06-01 00:38 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]
"IntelliPoint"="C:\Programmi\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 18:09 842584]
"pdfFactory Pro Dispatcher v1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" [2003-07-22 23:03 380928]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-25 03:04 185896]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 19:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 14:00 44544]

C:\Documents and Settings\Enzo\Menu Avvio\Programmi\Esecuzione automatica\
html2pop3.exe [2006-11-09 03:00:20 74752]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
hpoddt01.exe.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
Logitech SetPoint.lnk - C:\Programmi\Logitech\SetPoint\SetPoint.exe [2008-03-20 22:34:01 692224]
officejet 6100.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-04-06 00:37:38 147456]
U.S.Robotics WLAN Adapter Configuration Utility.lnk - C:\Programmi\USR WLAN\USR 22Mbps WLAN Adapter\USRWLAN.exe [2006-11-05 22:17:54 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUopPhg]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Programmi\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"C:\Programmi\Microsoft ActiveSync\rapimgr.exe"= C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programmi\Microsoft ActiveSync\wcescomm.exe"= C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"= C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Italian\\setup.exe"=
"C:\\Programmi\\JLC's Software\\Internet TV\\Internet TV.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2386:UDP"= 2386:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"4662:TCP"= 4662:TCP:eMule
"4672:UDP"= 4672:UDP:eMule

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2004-11-03 15:14]
R3 USRLN;U.S. Robotics 22Mbps Wireless Lan Adapter;C:\WINDOWS\system32\DRIVERS\usrwlan.sys [2003-02-25 15:59]
S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2007-12-26 21:28]

.
Contenuto della cartella 'Scheduled Tasks'
"2007-07-12 16:19:29 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1176134880.job"
- C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2008-06-26 21:26:06 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1184102639.job"
- C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2006-12-28 01:13:11 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Programmi\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 12:45:48
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Enzo\Menu Avvio\Programmi\Esecuzione automatica\html2pop3.exe
C:\Programmi\File comuni\Logitech\KhalShared\KHALMNPR.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-27 12:56:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-27 10:56:22

11 Directory 89,445,208,064 byte disponibili
14 Directory 89,376,153,600 byte disponibili

261 --- E O F --- 2008-06-24 19:17:15
boxerdog
Utente Junior
 
Post: 15
Iscritto il: 22/08/06 15:32
Località: Lombardia

Re: ...securitycenter\antivirus0verrride (is not)dword:0

Postdi Luke57 » 27/06/08 14:33

Ciao, copia questo codice:

Codice: Seleziona tutto
File::
C:\WINDOWS\system32\qxgtrcft.dll
C:\WINDOWS\system32\vdnowdej.dll
C:\WINDOWS\system32\xxyyvUoM.dll
C:\WINDOWS\system32\vtUkjKbb.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{291f05dc-055d-443b-89cd-ada6badc405f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{335441DE-CC7F-467F-BC49-B7C76D10AF73}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B31E99F6-924B-4ADC-B59A-F224C2CA143A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F86B11F3-0CE1-475F-9541-5329BF7B3597}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUopPhg]


incollalo in un file di testo (dal blocco note di windows), salva il file di testo nella stessa posizione di combofix con il nome obbligatorio di CFScript.txt trascinalo sull'icona di combofix per una nuova scansione.
Allega l'eventuale nuovo report prodotto.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: ...securitycenter\antivirus0verrride (is not)dword:0

Postdi boxerdog » 27/06/08 16:28

Ciao Luke,
ho fatto come hai detto, durante la scansione ha cancellato da c:\windows\system32 i seguenti files: qxgtrcft.dll; vdnowdej.dll; aaisolv.dll; deposit.dll.
Questo è il nuovo report ottenuto:
ComboFix 08-06-20.4 - Enzo 2008-06-27 16.57.09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.173 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Enzo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Enzo\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\qxgtrcft.dll
C:\WINDOWS\system32\vdnowdej.dll
C:\WINDOWS\system32\vtUkjKbb.dll
C:\WINDOWS\system32\xxyyvUoM.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\aaisolv.dll
C:\WINDOWS\system32\deposit.dll
C:\WINDOWS\system32\qxgtrcft.dll
C:\WINDOWS\system32\vdnowdej.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-05-27 al 2008-06-27 )))))))))))))))))))))))))))))))))))
.

2008-06-26 12:55 . 2008-06-26 12:56 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-26 09:45 . 2008-06-26 09:45 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-06-23 19:10 . 2008-06-23 19:10 50 --a------ C:\WINDOWS\cdplayer.ini
2008-06-22 17:30 . 2008-06-22 17:30 <DIR> d-------- C:\Programmi\IrfanView
2008-06-22 17:28 . 2008-06-22 17:29 <DIR> d-------- C:\Programmi\Plugins
2008-06-22 15:58 . 2008-06-22 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet
2008-06-19 13:42 . 2008-06-19 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ultima_T15
2008-06-19 13:42 . 2008-06-19 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\EnterNHelp
2008-06-19 13:42 . 2008-06-22 17:14 0 ---h----- C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLbz.DAT
2008-06-11 18:52 . 2008-06-14 19:59 272,768 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 18:52 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 17:36 . 2008-06-10 17:36 <DIR> d-------- C:\Documents and Settings\Enzo\Dati applicazioni\PPMate
2008-06-10 10:16 . 2008-06-10 10:16 <DIR> d-------- C:\Programmi\Mediacenter 1.0a
2008-06-08 23:09 . 2008-06-08 23:09 <DIR> d-------- C:\WINDOWS\EHome
2008-06-08 11:21 . 2008-06-08 11:21 <DIR> d-------- C:\Documents and Settings\Enzo\Dati applicazioni\J River
2008-06-06 23:34 . 2008-03-13 08:58 585,728 --a------ C:\WINDOWS\system32\AReadyLB.dll
2008-06-06 23:34 . 2008-03-13 08:58 229,376 --a------ C:\WINDOWS\system32\AudDevicePlugin.dll
2008-06-06 23:34 . 2008-03-13 08:58 183,129 --a------ C:\WINDOWS\system32\AM Install1.INF
2008-06-06 11:45 . 2008-05-23 00:22 43,528 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-06-06 11:45 . 2008-05-23 00:22 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-05 14:23 . 2008-06-05 14:24 <DIR> d-------- C:\Programmi\HAM
2008-06-05 14:23 . 2008-06-26 19:38 156,087 --a------ C:\WINDOWS\HAM Uninstaller.exe
2008-06-02 16:08 . 2008-06-02 16:08 32 --a------ C:\WINDOWS\CD_Start.INI
2008-06-02 15:52 . 2008-06-02 15:52 <DIR> d-------- C:\Programmi\NeroInstall.bak
2008-06-02 15:32 . 2008-06-02 15:32 <DIR> d-------- C:\Programmi\Nero
2008-06-01 00:39 . 2008-06-25 09:48 <DIR> d-------- C:\Documents and Settings\Enzo\Dati applicazioni\BitTorrent
2008-06-01 00:38 . 2008-06-01 00:38 <DIR> d-------- C:\Programmi\DNA
2008-06-01 00:38 . 2008-06-01 00:39 <DIR> d-------- C:\Programmi\BitTorrent
2008-06-01 00:38 . 2008-06-27 17:10 <DIR> d-------- C:\Documents and Settings\Enzo\Dati applicazioni\DNA
2008-05-30 11:15 . 2008-06-27 02:19 <DIR> d-------- C:\Documents and Settings\Enzo\Dati applicazioni\gtk-2.0
2008-05-30 11:15 . 2008-06-26 11:53 <DIR> d-------- C:\Documents and Settings\Enzo\.thumbnails
2008-05-30 11:02 . 2008-06-27 02:46 <DIR> d-------- C:\Documents and Settings\Enzo\.gimp-2.4
2008-05-30 10:50 . 2008-05-30 10:50 <DIR> d-------- C:\Programmi\GIMP-2.0
2008-05-29 17:14 . 2008-05-29 17:14 <DIR> d-------- C:\Programmi\ffdshow
2008-05-29 17:14 . 2007-01-01 00:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-29 17:14 . 2007-10-04 20:39 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-29 17:14 . 2007-01-01 00:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-28 10:44 . 2008-05-28 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Trend Micro
2008-05-28 10:44 . 2008-05-28 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-05-28 10:44 . 2008-06-26 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-28 10:44 . 2008-05-28 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft
2008-05-28 10:44 . 2008-06-26 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-05-28 10:44 . 2008-05-28 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-05-28 10:44 . 2008-05-28 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-05-28 01:47 . 2008-05-28 21:56 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 15:15 44,726,560 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-27 15:14 2,038,048 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-27 11:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-06-27 11:29 602,564 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-27 11:29 194,744 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-26 00:18 --------- d-----w C:\Programmi\File comuni\Softwin
2008-06-26 00:12 --------- d-----w C:\Programmi\File comuni\Adobe
2008-06-22 19:33 --------- d-----w C:\Programmi\CCleaner
2008-06-19 11:42 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-06 09:54 --------- d-----w C:\Documents and Settings\Enzo\Dati applicazioni\DivX
2008-06-06 09:45 --------- d-----w C:\Programmi\DivX
2008-06-02 13:36 --------- d-----w C:\Programmi\File comuni\Nero
2008-06-02 13:32 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-06-02 13:08 --------- d-----w C:\Programmi\File comuni\Ahead
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-29 18:10 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-28 16:00 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 13:33 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-24 11:24 --------- d-----w C:\Documents and Settings\Enzo\Dati applicazioni\SogouPY
2008-05-22 22:22 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:22 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:22 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:22 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-22 12:18 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-21 10:01 --------- d-----w C:\Documents and Settings\Enzo\Dati applicazioni\OTVREG
2008-05-15 21:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-13 00:20 --------- d-----w C:\Documents and Settings\Enzo\Dati applicazioni\WebCompiler3
2008-05-09 07:37 --------- d-----w C:\Documents and Settings\Enzo\Dati applicazioni\OfficeUpdate12
2008-05-09 07:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 13:37 --------- d-----w C:\Programmi\Pegasys Inc
2008-05-07 12:45 --------- d-----w C:\Programmi\VideoLAN
2008-05-07 12:20 --------- d-----w C:\Documents and Settings\Enzo\Dati applicazioni\vlc
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 11:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TVU Networks
2008-04-25 01:04 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-25 01:04 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-14 02:14 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2007-01-09 02:58 96,374 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\firstlsp.reg.dat
2004-03-11 12:27 40,960 ----a-w C:\Programmi\Uninstall_CDS.exe
.

------- Sigcheck -------

2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-19 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\tcpip.sys
2008-05-25 02:58 360064 01307b76a916a8f6d1f1452744ba7ad6 C:\WINDOWS\system32\backup\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-27_12.51.09.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 10:44:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-27 11:29:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"H/PC Connection Agent"="C:\Programmi\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:38 1289000]
"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2008-06-01 00:38 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]
"IntelliPoint"="C:\Programmi\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 18:09 842584]
"pdfFactory Pro Dispatcher v1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" [2003-07-22 23:03 380928]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-25 03:04 185896]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 14:00 44544]

C:\Documents and Settings\Enzo\Menu Avvio\Programmi\Esecuzione automatica\
html2pop3.exe [2006-11-09 03:00:20 74752]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
hpoddt01.exe.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
Logitech SetPoint.lnk - C:\Programmi\Logitech\SetPoint\SetPoint.exe [2008-03-20 22:34:01 692224]
officejet 6100.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-04-06 00:37:38 147456]
U.S.Robotics WLAN Adapter Configuration Utility.lnk - C:\Programmi\USR WLAN\USR 22Mbps WLAN Adapter\USRWLAN.exe [2006-11-05 22:17:54 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Programmi\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"C:\Programmi\Microsoft ActiveSync\rapimgr.exe"= C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programmi\Microsoft ActiveSync\wcescomm.exe"= C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"= C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Italian\\setup.exe"=
"C:\\Programmi\\JLC's Software\\Internet TV\\Internet TV.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2386:UDP"= 2386:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"4662:TCP"= 4662:TCP:eMule
"4672:UDP"= 4672:UDP:eMule

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2004-11-03 15:14]
R3 USRLN;U.S. Robotics 22Mbps Wireless Lan Adapter;C:\WINDOWS\system32\DRIVERS\usrwlan.sys [2003-02-25 15:59]
S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2007-12-26 21:28]

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2007-07-12 16:19:29 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1176134880.job"
- C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2008-06-26 21:26:06 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1184102639.job"
- C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2006-12-28 01:13:11 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Programmi\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 17:14:06
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-06-27 17.21.10
ComboFix-quarantined-files.txt 2008-06-27 15:20:50

11 Directory 89,283,227,648 byte disponibili
14 Directory 89,305,161,728 byte disponibili

236 --- E O F --- 2008-06-24 19:17:15
boxerdog
Utente Junior
 
Post: 15
Iscritto il: 22/08/06 15:32
Località: Lombardia

Re: ...securitycenter\antivirus0verrride (is not)dword:0

Postdi boxerdog » 27/06/08 17:50

Ciao Luke,
sembra che tutto sia tornato alla normalità - spero che sia così!
Ho ripetuto Hijackthis e, così ad occhio, non ho più visto quei tre "BHO: (no name)" che erano presenti prima e di cui si legge nella vostra guida, quindi credo che tu abbia fatto un eccellente lavoro.
Nel caso fammi sapere se è come penso.
Sei stato molto gentile e bravo e di questo te ne sono grato!
Ciao
boxerdog
Utente Junior
 
Post: 15
Iscritto il: 22/08/06 15:32
Località: Lombardia


Torna a Sicurezza e Privacy


Topic correlati a "...securitycenter\antivirus0verrride (is not)dword:0":

Dword
Autore: zuddasma
Forum: Software Windows
Risposte: 2

Chi c’è in linea

Visitano il forum: Nessuno e 100 ospiti