SM56Helper Error Telephone signal not detected, please check

di **ventus85** » 02/10/08 12:37

Buongiorno a tutti.
Oggi mentre navigavo con il mio portatile (un Asus, stavo usando la wireless) mi è comparsa una finestra con scritto:

SM56Helper Error
Telephone signal not detected, please check connection

e un bottone unico di OK.
Che tipo di errore è?

di **ventus85** » 02/10/08 14:08

Mi è comparsa un'icona di connessione chiamata ofhxujua.exe in C:\...\AppData\Local\Temp\ofhxujua.exe Sea con scritto accesso.
Mi sa che è un dialer.

Sono andata nella cartelle e l'ho eliminata, ho fatto bene?
Inoltre guardando la cartella ho visto un altr'altra applicazione sospetta: ose00000.exe

Antivir non me lo ha rilevato (ma ora sto riprovando).

Ho usato HijackThis e ha riportato il seguente log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.50.12, on 02/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vsnp2std.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Matlab7\bin\win32\MATLAB.exe
C:\Windows\System32\notepad.exe
C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Windows\system32\msfeedssync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freemyfunny.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy-auth.unifi.it:8888
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Visolve - {01C692BF-FF95-4583-91B6-23F8568749B7} - C:\Program Files\Visolve\controlbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 7388 bytes

Guardando con l'analisi automatica è stato consigliato di eliminare subito la voce R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freemyfunny.info cosa che ho fatto.

Ho scaricato CCleaner e provo a dare una pulita anche con quello.

grazie!

di **ventus85** » 02/10/08 14:58

Spybot

Hint of the Day: Click the bar at the right of this to see more information! ()

Win32.Dialer.aeh: [SBI $831B13F5] Impostazioni (Valore di registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AccessoD

Win32.Dialer.aeh: [SBI $52D9A8BC] Impostazioni (Valore di registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AccessoM

Win32.Dialer.aeh: [SBI $79F4FB7F] Impostazioni (Valore di registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AccessoN

Win32.Dialer.aeh: [SBI $25C44157] Impostazioni (Valore di registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AccessoNM

WebTrends live: Cookie tracciante (Firefox: default) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-10-02 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-09-02 Includes\Adware.sbi (*)
2008-09-09 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-09-02 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-09-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-09-09 Includes\Malware.sbi (*)
2008-09-30 Includes\MalwareC.sbi (*)
2008-09-02 Includes\PUPS.sbi (*)
2008-09-11 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-09-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-09-09 Includes\Spyware.sbi (*)
2008-09-23 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-09-30 Includes\Trojans.sbi (*)
2008-09-30 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Ho fatto correggi problemi selezionati.

Avira Antivir

Codice: Seleziona tutto: Begin scan in 'C:\' <VistaOS> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Users\Utente\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\3ad4630a-7c161f0b [0] Archive type: ZIP --> javajava/Java.class [DETECTION] Is the TR/Dldr.Java.OpenConnection.AQ Trojan [NOTE] The file was deleted! C:\Users\Utente\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\41ae37cb-374d0dda [0] Archive type: ZIP --> javajava/Java.class [DETECTION] Is the TR/Dldr.Java.OpenConnection.AQ Trojan [NOTE] The file was deleted! C:\Users\Utente\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\5d3eb720-4cddde14 [0] Archive type: ZIP --> javajava/Java.class [DETECTION] Is the TR/Dldr.Java.OpenConnection.AQ Trojan [NOTE] The file was deleted! C:\Users\Utente\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\2b940da5-6e0c610a [0] Archive type: ZIP --> javajava/Java.class [DETECTION] Is the TR/Dldr.Java.OpenConnection.AQ Trojan [NOTE] The file was deleted! C:\Users\Utente\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1a90526a-15af087e [0] Archive type: ZIP --> javajava/Java.class [DETECTION] Is the TR/Dldr.Java.OpenConnection.AQ Trojan [NOTE] The file was deleted! C:\Users\Utente\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7ff07cab-7e2e81f7 [0] Archive type: ZIP --> javajava/Java.class [DETECTION] Is the TR/Dldr.Java.OpenConnection.AQ Trojan [NOTE] The file was moved to '494ad223.qua'! C:\Users\Utente\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6bca3ac6-7aea193f [0] Archive type: ZIP --> javajava/Java.class [DETECTION] Is the TR/Dldr.Java.OpenConnection.AQ Trojan [NOTE] The file was moved to '4947d230.qua'! C:\Users\Utente\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\7757bb86-1a0c3cd0 [0] Archive type: ZIP --> javajava/Java.class [DETECTION] Is the TR/Dldr.Java.OpenConnection.AQ Trojan [NOTE] The file was moved to '4919d209.qua'! C:\Users\Utente\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\88d4abc-619d5546 [0] Archive type: ZIP --> javajava/Java.class [DETECTION] Is the TR/Dldr.Java.OpenConnection.AQ Trojan [NOTE] The file was moved to '4948d20d.qua'!

I primi li ho eliminati, gli ultimi messi in quarantena perchè avevo paura di aver sbagliato.

Inoltre ho eliminato questo file C:\Users\Utente\avgvamxw.exe perchè prima non c'era ed è stato creato oggi.

Mi sa che la discussione è da spostare nella sezione dei virus....

di **ventus85** » 04/10/08 14:53

Ho ripassato antivirus, spybot e ccleaner, non mi hanno rilevato nulla di strano.
Mi devo preoccupare ancora?
Non vorrei che quei file siano nascosti da qualche altra parte...

di **Luke57** » 04/10/08 15:00

Ciao, per sicurezza, s
scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
disattiva il tea timer di spybot che entra in conflitto con combofix
Poi avvia combofix.exe parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se dovessero scomparire le icone sul desktop e la barra delle applicazioni, non è nulla di cui preoccuparsi),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , posta il contenuto del file.

di **ventus85** » 04/10/08 18:26

Scaricato, disattivato il Tea timer, avviato...
in verità mi è scomparso lo sfondo del desktop e le anteprime di tutte le cartelle...
E' comparsa una barra che si è riempita fino in fondo ma poi nulla...

di **ventus85** » 04/10/08 18:40

Boh, prima era "crashiato" senza motivo, ora ho riprovato.
Ecco il report:

ComboFix 08-10-04.01 - Utente 2008-10-04 19:28:32.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1040.18.1348 [GMT 2:00]
Eseguito da: C:\Users\Utente\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\MSINET.oca

.
((((((((((((((((((((((((( Files Creati Da 2008-09-04 al 2008-10-04 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 17:22 49,416 ----a-w C:\Users\Utente\AppData\Roaming\nvModes.dat
2008-10-04 17:21 --------- d-----w C:\Users\Utente\AppData\Roaming\OpenOffice.org2
2008-10-04 13:19 --------- d-----w C:\ProgramData\AntiVir PersonalEdition Classic
2008-10-04 13:17 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-10-03 12:27 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-10-02 14:00 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-10-02 13:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-02 13:01 --------- d-----w C:\Program Files\CCleaner
2008-10-02 13:00 --------- d-----w C:\Program Files\Yahoo!
2008-09-25 12:47 --------- d-----w C:\Users\Utente\AppData\Roaming\vlc
2008-09-25 12:46 --------- d-----w C:\Program Files\VideoLAN
2008-09-10 19:39 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-21 17:26 --------- d-----w C:\Program Files\CDex_170b2
2008-08-13 20:55 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 19:52 --------- d-----w C:\Program Files\myphotobook
2008-08-12 18:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-11 17:27 174 --sha-w C:\Program Files\desktop.ini
2007-12-15 14:55 20 ---h--w C:\ProgramData\PKP_DLec.DAT
2008-01-11 10:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-11 10:03 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-11 10:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-19 07:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008061920080620\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-10 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-10 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-10 81920]
"snp2std"="C:\Windows\vsnp2std.exe" [2006-08-09 675840]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-11 778240]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-22 266497]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 C:\Windows\RtHDVCpl.exe]

C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
Ritaglio schermata e avvio di OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5E21ABF4-A0B0-4C50-9BC8-35C3D308C375}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{92CFFDB5-250E-4CC1-B088-E86B22A60ADC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FE51E697-D3D8-4D90-9F6A-163A0EBB8540}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3D8C679D-AE26-4131-85CB-BE4AEFE00B81}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{19B3C6A8-148A-4211-8BFD-2131DEB0B6CA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{14EBD621-AE1B-4464-834E-1D83DB05B7DE}C:\\windows\\system32\\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{C32C7D43-3754-4141-A72A-429A85BC5439}C:\\windows\\system32\\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{62FCF5F4-2BF7-4100-8A5D-0167F8FD0E5C}C:\\program files\\java\\jre1.5.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.5.0_05\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{C02CDAD8-F385-4726-BDC8-4CC2401EEDE3}C:\\program files\\java\\jre1.5.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.5.0_05\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{CB8AD77E-AC8E-44AD-996A-B86F5FDE5602}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{0EE58A84-4E66-49EF-B8C7-92EEAF0FE50E}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{5AAC4BC0-1C97-4173-BA4A-07AD62B1DE52}C:\\matlab7\\bin\\win32\\matlab.exe"= UDP:C:\matlab7\bin\win32\matlab.exe:MATLAB
"UDP Query User{FFAF174D-1C76-4026-8AD7-1300AA37BCE2}C:\\matlab7\\bin\\win32\\matlab.exe"= TCP:C:\matlab7\bin\win32\matlab.exe:MATLAB
"TCP Query User{66129DD1-4C87-4628-8530-4DE7EEBD8D05}C:\\program files\\cyd\\cyd ftp client xp\\cydftp.exe"= UDP:C:\program files\cyd\cyd ftp client xp\cydftp.exe:CyDFTP
"UDP Query User{91494FB6-96AE-4F82-9D59-9B842D673D4D}C:\\program files\\cyd\\cyd ftp client xp\\cydftp.exe"= TCP:C:\program files\cyd\cyd ftp client xp\cydftp.exe:CyDFTP
"{440BDF8C-5489-4B26-AA20-2E7277E64F10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-09-04 11986304]
R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 11120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae52462c-ad6b-11dc-9889-001a92e41f52}]
\shell\Auto\command - F:\Cn911.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4f6c6e-2c22-11dd-931b-0019d2b7db99}]
\shell\Auto\command - F:\hvNrtID.exe

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-04 C:\Windows\Tasks\User_Feed_Synchronization-{F6B6BE8F-A8C2-4BB4-8587-F4602FEAC8B6}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\yxugc62p.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/ig?hl=it
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 19:33:49
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-10-04 19:37:33
ComboFix-quarantined-files.txt 2008-10-04 17:37:28

Pre-Run: Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
Post-Run: 15,778,512,896 byte disponibili

151 --- E O F --- 2008-09-21 18:59:42

La situazione non mi sembra malaccia...
A proposito quei file che ho messo in quarantina con Antivir li posso eliminare tranquillamente?

di **Luke57** » 04/10/08 21:23

Ciao, ci sono due valori di registro infetti, dal blocco note di windows, apri un file di testo, copia e incolla il seguente script nel file:

Codice: Seleziona tutto: Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae52462c-ad6b-11dc-9889-001a92e41f52}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4f6c6e-2c22-11dd-931b-0019d2b7db99}]

salva il file di testo, chiamandolo obbligatoriamente CFScript.txt nella stessa direzione di combofix, trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione e riavvio del computer. Allega nuovo report se prodotto.

Quel file puoi eliminarlo.

di **ventus85** » 05/10/08 12:47

Codice: Seleziona tutto: ComboFix 08-10-04.07 - Utente 2008-10-05 13.17.10.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1040.18.1298 [GMT 2:00] Eseguito da: C:\Users\Utente\Desktop\ComboFix.exe * Creato nuovo punto di ripristino . ((((((((((((((((((((((((( Files Creati Da 2008-09-05 al 2008-10-05 ))))))))))))))))))))))))))))))))))) . Nessun nuovo file creato in questo arco di tempo . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-05 10:51 49,416 ----a-w C:\Users\Utente\AppData\Roaming\nvModes.dat 2008-10-05 10:51 --------- d-----w C:\Users\Utente\AppData\Roaming\OpenOffice.org2 2008-10-04 13:19 --------- d-----w C:\ProgramData\AntiVir PersonalEdition Classic 2008-10-04 13:17 45,056 ----a-w C:\Windows\System32\acovcnt.exe 2008-10-03 12:27 --------- d-----w C:\ProgramData\Yahoo! Companion 2008-10-02 14:00 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-10-02 13:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-10-02 13:01 --------- d-----w C:\Program Files\CCleaner 2008-10-02 13:00 --------- d-----w C:\Program Files\Yahoo! 2008-09-25 12:47 --------- d-----w C:\Users\Utente\AppData\Roaming\vlc 2008-09-25 12:46 --------- d-----w C:\Program Files\VideoLAN 2008-09-10 19:39 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-21 17:26 --------- d-----w C:\Program Files\CDex_170b2 2008-08-13 20:55 --------- d-----w C:\Program Files\Windows Mail 2008-08-12 19:52 --------- d-----w C:\Program Files\myphotobook 2008-08-12 18:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-11 17:27 174 --sha-w C:\Program Files\desktop.ini 2007-12-15 14:55 20 ---h--w C:\ProgramData\PKP_DLec.DAT 2008-01-11 10:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-11 10:03 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-11 10:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2008-06-19 07:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008061920080620\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-10-04_19.36.26.66 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-04 17:20:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-10-05 10:50:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-10-04 17:20:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-10-05 10:50:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-10-04 17:23:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-10-05 11:16:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-10-05 11:16:19 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-10-04 17:23:45 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-10-05 10:52:45 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-10-05 10:52:45 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-10-04 17:20:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-10-05 10:51:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-10-04 17:20:55 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-10-05 10:51:33 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-10-04 17:20:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-10-05 10:51:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-10-04 17:28:24 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-10-05 11:17:01 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat - 2008-10-04 17:23:29 13,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2494328323-3594618085-657490064-1000_UserData.bin + 2008-10-05 10:53:07 13,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2494328323-3594618085-657490064-1000_UserData.bin - 2008-10-04 17:23:29 65,776 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-10-05 10:53:07 65,878 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-10-04 17:23:24 45,364 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-10-05 10:53:05 45,380 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 11:20 1232896] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 13:43 729088] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-10 08:46 90191] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-10 08:46 7766016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-10 08:46 81920] "snp2std"="C:\Windows\vsnp2std.exe" [2006-08-09 10:18 675840] "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 07:27 815104] "PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-11 02:36 778240] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-22 18:57 266497] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352] "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 07:36 4186112 C:\Windows\RtHDVCpl.exe] C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216] Ritaglio schermata e avvio di OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 20:44:36 101440] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 13:44:06 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{5E21ABF4-A0B0-4C50-9BC8-35C3D308C375}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{92CFFDB5-250E-4CC1-B088-E86B22A60ADC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{FE51E697-D3D8-4D90-9F6A-163A0EBB8540}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{3D8C679D-AE26-4131-85CB-BE4AEFE00B81}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{19B3C6A8-148A-4211-8BFD-2131DEB0B6CA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{14EBD621-AE1B-4464-834E-1D83DB05B7DE}C:\\windows\\system32\\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java(TM) 2 Platform Standard Edition binary "UDP Query User{C32C7D43-3754-4141-A72A-429A85BC5439}C:\\windows\\system32\\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java(TM) 2 Platform Standard Edition binary "TCP Query User{62FCF5F4-2BF7-4100-8A5D-0167F8FD0E5C}C:\\program files\\java\\jre1.5.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.5.0_05\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary "UDP Query User{C02CDAD8-F385-4726-BDC8-4CC2401EEDE3}C:\\program files\\java\\jre1.5.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.5.0_05\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary "TCP Query User{CB8AD77E-AC8E-44AD-996A-B86F5FDE5602}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java(TM) 2 Platform Standard Edition binary "UDP Query User{0EE58A84-4E66-49EF-B8C7-92EEAF0FE50E}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java(TM) 2 Platform Standard Edition binary "TCP Query User{5AAC4BC0-1C97-4173-BA4A-07AD62B1DE52}C:\\matlab7\\bin\\win32\\matlab.exe"= UDP:C:\matlab7\bin\win32\matlab.exe:MATLAB "UDP Query User{FFAF174D-1C76-4026-8AD7-1300AA37BCE2}C:\\matlab7\\bin\\win32\\matlab.exe"= TCP:C:\matlab7\bin\win32\matlab.exe:MATLAB "TCP Query User{66129DD1-4C87-4628-8530-4DE7EEBD8D05}C:\\program files\\cyd\\cyd ftp client xp\\cydftp.exe"= UDP:C:\program files\cyd\cyd ftp client xp\cydftp.exe:CyDFTP "UDP Query User{91494FB6-96AE-4F82-9D59-9B842D673D4D}C:\\program files\\cyd\\cyd ftp client xp\\cydftp.exe"= TCP:C:\program files\cyd\cyd ftp client xp\cydftp.exe:CyDFTP "{440BDF8C-5489-4B26-AA20-2E7277E64F10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42 809296] R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-09-04 11:36 11986304] R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 00:37 11120] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae52462c-ad6b-11dc-9889-001a92e41f52}] \shell\Auto\command - F:\Cn911.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Cn911.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4f6c6e-2c22-11dd-931b-0019d2b7db99}] \shell\Auto\command - F:\hvNrtID.exe . Contenuto della cartella 'Scheduled Tasks' 2008-10-05 C:\Windows\Tasks\User_Feed_Synchronization-{F6B6BE8F-A8C2-4BB4-8587-F4602FEAC8B6}.job - C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45] . . ------- Supplementare di scansione ------- . FireFox -: Profile - C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\yxugc62p.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/ig?hl=it FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-05 13:22:24 Windows 6.0.6000 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** .

Grazie per il tuo aiuto...

di **ventus85** » 08/10/08 20:32

Allora va tutto bene?
Grazie ancora.

di **Luke57** » 08/10/08 21:47

Ciao, i valori ci sono sempre, ripeti l'operazione di trascinamento con il file CFScript.txt

di **ventus85** » 09/10/08 16:13

Probabilmente ho sbagliato nel passaggio

nella stessa direzione di combofix

perchè io l'avevo nel desktop mentre ho visto che in c:\ c'è una cartella combofix, la devo mettere lì allora?
Ora riprovo...ti faccio sapere entro breve...

di **Luke57** » 09/10/08 16:35

Ciao, no devi trascinare il file sull'icona di combofix (combofix.exe)

di **ventus85** » 09/10/08 18:18

Ogni volta che lo avvio mi dà questo errore:

utilità di ricerca stringhe (QGREP) ha smesso di funzionare.

Gli dico ok e poi parte.

Ti posto i due log che ho fatto, il primo in riferimento al file CFScript.txt messo dentro la cartella (ormai l'avevo già fatto quando ho visto la tua risposta), il secondo come hai detto:

Luke57 ha scritto:Ciao, no devi trascinare il file sull'icona di combofix (combofix.exe)

Codice: Seleziona tutto: ComboFix 08-10-04.07 - Utente 2008-10-09 17:44:09.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1040.18.981 [GMT 2:00] Eseguito da: C:\Users\Utente\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Creati Da 2008-09-09 al 2008-10-09 ))))))))))))))))))))))))))))))))))) . Nessun nuovo file creato in questo arco di tempo . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-09 15:06 49,416 ----a-w C:\Users\Utente\AppData\Roaming\nvModes.dat 2008-10-09 15:05 --------- d-----w C:\Users\Utente\AppData\Roaming\OpenOffice.org2 2008-10-08 19:21 --------- d-----w C:\ProgramData\AntiVir PersonalEdition Classic 2008-10-07 12:55 45,056 ----a-w C:\Windows\System32\acovcnt.exe 2008-10-03 12:27 --------- d-----w C:\ProgramData\Yahoo! Companion 2008-10-02 14:00 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-10-02 13:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-10-02 13:01 --------- d-----w C:\Program Files\CCleaner 2008-10-02 13:00 --------- d-----w C:\Program Files\Yahoo! 2008-09-25 12:47 --------- d-----w C:\Users\Utente\AppData\Roaming\vlc 2008-09-25 12:46 --------- d-----w C:\Program Files\VideoLAN 2008-09-10 19:39 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-21 17:26 --------- d-----w C:\Program Files\CDex_170b2 2008-08-13 20:55 --------- d-----w C:\Program Files\Windows Mail 2008-08-12 19:52 --------- d-----w C:\Program Files\myphotobook 2008-08-12 18:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-11 17:27 174 --sha-w C:\Program Files\desktop.ini 2007-12-15 14:55 20 ---h--w C:\ProgramData\PKP_DLec.DAT 2008-01-11 10:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-11 10:03 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-11 10:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2008-06-19 07:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008061920080620\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-10-04_19.36.26.66 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-04 17:20:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-10-09 15:05:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-10-04 17:20:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-10-09 15:05:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-10-04 17:23:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-10-09 15:07:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-10-09 15:07:22 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-10-04 17:23:45 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-10-09 15:07:17 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-10-09 15:07:17 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-10-04 17:20:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-10-09 15:34:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-10-04 17:20:55 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-10-09 15:34:00 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-10-04 17:20:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-10-09 15:34:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-10-04 17:28:24 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-10-05 11:17:01 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat - 2008-09-26 19:07:08 104,768 ----a-w C:\Windows\System32\perfc009.dat + 2008-10-09 08:39:00 104,768 ----a-w C:\Windows\System32\perfc009.dat - 2008-09-26 19:07:08 115,804 ----a-w C:\Windows\System32\perfc010.dat + 2008-10-09 08:39:00 115,804 ----a-w C:\Windows\System32\perfc010.dat - 2008-09-26 19:07:08 613,046 ----a-w C:\Windows\System32\perfh009.dat + 2008-10-09 08:39:00 613,046 ----a-w C:\Windows\System32\perfh009.dat - 2008-09-26 19:07:08 685,278 ----a-w C:\Windows\System32\perfh010.dat + 2008-10-09 08:39:00 685,278 ----a-w C:\Windows\System32\perfh010.dat - 2008-10-04 17:23:29 13,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2494328323-3594618085-657490064-1000_UserData.bin + 2008-10-09 15:07:41 13,400 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2494328323-3594618085-657490064-1000_UserData.bin - 2008-10-04 17:23:29 65,776 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-10-09 15:07:41 66,038 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-10-04 17:23:24 45,364 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-10-09 15:07:37 45,412 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-09-07 18:04:31 185,440 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2008-10-09 14:49:29 186,116 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin . -- Snapshot per reimpostare la data corrente -- . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 1232896] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-10 90191] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-10 7766016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-10 81920] "snp2std"="C:\Windows\vsnp2std.exe" [2006-08-09 675840] "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104] "PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-11 778240] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-22 266497] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352] "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 C:\Windows\RtHDVCpl.exe] C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216] Ritaglio schermata e avvio di OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{5E21ABF4-A0B0-4C50-9BC8-35C3D308C375}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{92CFFDB5-250E-4CC1-B088-E86B22A60ADC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{FE51E697-D3D8-4D90-9F6A-163A0EBB8540}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{3D8C679D-AE26-4131-85CB-BE4AEFE00B81}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{19B3C6A8-148A-4211-8BFD-2131DEB0B6CA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{14EBD621-AE1B-4464-834E-1D83DB05B7DE}C:\\windows\\system32\\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java(TM) 2 Platform Standard Edition binary "UDP Query User{C32C7D43-3754-4141-A72A-429A85BC5439}C:\\windows\\system32\\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java(TM) 2 Platform Standard Edition binary "TCP Query User{62FCF5F4-2BF7-4100-8A5D-0167F8FD0E5C}C:\\program files\\java\\jre1.5.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.5.0_05\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary "UDP Query User{C02CDAD8-F385-4726-BDC8-4CC2401EEDE3}C:\\program files\\java\\jre1.5.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.5.0_05\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary "TCP Query User{CB8AD77E-AC8E-44AD-996A-B86F5FDE5602}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java(TM) 2 Platform Standard Edition binary "UDP Query User{0EE58A84-4E66-49EF-B8C7-92EEAF0FE50E}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java(TM) 2 Platform Standard Edition binary "TCP Query User{5AAC4BC0-1C97-4173-BA4A-07AD62B1DE52}C:\\matlab7\\bin\\win32\\matlab.exe"= UDP:C:\matlab7\bin\win32\matlab.exe:MATLAB "UDP Query User{FFAF174D-1C76-4026-8AD7-1300AA37BCE2}C:\\matlab7\\bin\\win32\\matlab.exe"= TCP:C:\matlab7\bin\win32\matlab.exe:MATLAB "TCP Query User{66129DD1-4C87-4628-8530-4DE7EEBD8D05}C:\\program files\\cyd\\cyd ftp client xp\\cydftp.exe"= UDP:C:\program files\cyd\cyd ftp client xp\cydftp.exe:CyDFTP "UDP Query User{91494FB6-96AE-4F82-9D59-9B842D673D4D}C:\\program files\\cyd\\cyd ftp client xp\\cydftp.exe"= TCP:C:\program files\cyd\cyd ftp client xp\cydftp.exe:CyDFTP "{440BDF8C-5489-4B26-AA20-2E7277E64F10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296] R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-09-04 11986304] R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 11120] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c4a28c0-70c3-11dc-a89d-0019d2b7db99}] \shell\AutoRun\command - .\run\autorun.exe \shell\open\Command - .\run\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae52462c-ad6b-11dc-9889-001a92e41f52}] \shell\Auto\command - F:\Cn911.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Cn911.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4f6c6e-2c22-11dd-931b-0019d2b7db99}] \shell\Auto\command - F:\hvNrtID.exe . Contenuto della cartella 'Scheduled Tasks' 2008-10-09 C:\Windows\Tasks\User_Feed_Synchronization-{F6B6BE8F-A8C2-4BB4-8587-F4602FEAC8B6}.job - C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45] . . ------- Supplementare di scansione ------- . FireFox -: Profile - C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\yxugc62p.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/ig?hl=it FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-09 17:48:28 Windows 6.0.6000 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . Ora fine scansione: 2008-10-09 17:52:40 ComboFix-quarantined-files.txt 2008-10-09 15:51:54 ComboFix2.txt 2008-10-04 17:37:34 Pre-Run: Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application. Post-Run: 14,978,138,112 byte disponibili 189 --- E O F --- 2008-10-07 17:44:00

Codice: Seleziona tutto: ComboFix 08-10-04.07 - Utente 2008-10-09 19.11.09.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1040.18.927 [GMT 2:00] Eseguito da: C:\Users\Utente\Desktop\ComboFix.exe [COLOR=RED][B]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/B][/COLOR] . ((((((((((((((((((((((((( Files Creati Da 2008-09-09 al 2008-10-09 ))))))))))))))))))))))))))))))))))) . Nessun nuovo file creato in questo arco di tempo . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-09 15:06 49,416 ----a-w C:\Users\Utente\AppData\Roaming\nvModes.dat 2008-10-09 15:05 --------- d-----w C:\Users\Utente\AppData\Roaming\OpenOffice.org2 2008-10-08 19:21 --------- d-----w C:\ProgramData\AntiVir PersonalEdition Classic 2008-10-07 12:55 45,056 ----a-w C:\Windows\System32\acovcnt.exe 2008-10-03 12:27 --------- d-----w C:\ProgramData\Yahoo! Companion 2008-10-02 14:00 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-10-02 13:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-10-02 13:01 --------- d-----w C:\Program Files\CCleaner 2008-10-02 13:00 --------- d-----w C:\Program Files\Yahoo! 2008-09-25 12:47 --------- d-----w C:\Users\Utente\AppData\Roaming\vlc 2008-09-25 12:46 --------- d-----w C:\Program Files\VideoLAN 2008-09-10 19:39 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-21 17:26 --------- d-----w C:\Program Files\CDex_170b2 2008-08-13 20:55 --------- d-----w C:\Program Files\Windows Mail 2008-08-12 19:52 --------- d-----w C:\Program Files\myphotobook 2008-08-12 18:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-11 17:27 174 --sha-w C:\Program Files\desktop.ini 2007-12-15 14:55 20 ---h--w C:\ProgramData\PKP_DLec.DAT 2008-01-11 10:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-11 10:03 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-11 10:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2008-06-19 07:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008061920080620\index.dat . ((((((((((((((((((((((((((((( snapshot_2008-10-09_17.51.28.09 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-09 15:07:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-10-09 17:11:05 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-10-09 17:11:05 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 1232896] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-10 90191] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-10 7766016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-10 81920] "snp2std"="C:\Windows\vsnp2std.exe" [2006-08-09 675840] "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104] "PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-11 778240] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-22 266497] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352] "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 C:\Windows\RtHDVCpl.exe] C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216] Ritaglio schermata e avvio di OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2007-12-06 224824] R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 132200] R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys [2006-11-02 56424] R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2006-11-02 13928] R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys [2006-11-02 18536] R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys [2006-11-02 50280] R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys [2006-11-02 290408] R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 74752] R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 16384] R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys [2006-11-02 6144] R1 Smb;Protocollo TCP/IP e TCP/IPv6 orientato ai messaggi (sessione SMB);C:\Windows\system32\DRIVERS\smb.sys [2006-11-02 66048] R1 tdx;Driver di supporto TDI legacy NetIO;C:\Windows\system32\DRIVERS\tdx.sys [2006-11-02 68096] R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys [2007-08-31 61952] R2 AudioEndpointBuilder;Generatore endpoint audio di Windows;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 BFE;BFE (Base Filtering Engine);C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 DPS;Servizio Criteri di diagnostica;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 FDResPub;Pubblicazione risorse per individuazione;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 gpsvc;Client di Criteri di gruppo;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 IKEEXT;Moduli di impostazione chiavi IPSec IKE e Auth-IP;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 iphlpsvc;Helper IP;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 KtmRm;KtmRm per Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 47104] R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys [2006-11-02 83456] R2 MMCSS;Utilità di pianificazione classi multimediali;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 netprofm;Servizio Elenco reti;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 NlaSvc;Riconoscimento presenza in rete;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 nsi;Servizio Interfaccia archivio di rete;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 PcaSvc;Servizio Risoluzione problemi compatibilità programmi;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys [2006-11-02 878080] R2 ProfSvc;Servizio profili utente;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296] R2 slsvc;Gestione licenze software;C:\Windows\system32\SLsvc.exe [2007-08-24 2605568] R2 SysMain;Ottimizzazione avvio;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 TabletInputService;Servizio di input Tablet PC;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys [2006-11-02 27648] R2 UxSms;Gestione sessione di Gestione finestre desktop;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 WerSvc;Servizio Segnalazione errori Windows;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 Wlansvc;Configurazione automatica WLAN;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 WPDBusEnum;Servizio enumeratore dispositivi mobili;C:\Windows\system32\svchost.exe [2006-11-02 22016] R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys [2006-11-02 69632] R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2007-08-31 619008] R3 fdPHost;Host provider di individuazione funzioni;C:\Windows\system32\svchost.exe [2006-11-02 22016] R3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 168552] R3 KeyIso;Isolamento chiavi CNG;C:\Windows\system32\lsass.exe [2006-11-02 7680] R3 monitor;Servizio driver funzioni di classe monitor Microsoft;C:\Windows\system32\DRIVERS\monitor.sys [2007-12-16 41984] R3 mpsdrv;Driver di autorizzazione di Windows Firewall;C:\Windows\system32\drivers\mpsdrv.sys [2007-08-24 63488] R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys [2006-11-02 211456] R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys [2007-12-13 58368] R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2008-01-19 154624] R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-09-04 11986304] R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys [2007-12-13 130048] R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys [2007-12-13 84992] R3 tunnel;Driver scheda Microsoft IPv6 Tunnel Miniport;C:\Windows\system32\DRIVERS\tunnel.sys [2007-08-24 23040] R3 umbus;Driver enumeratore UMBus;C:\Windows\system32\DRIVERS\umbus.sys [2006-11-02 34816] R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 11120] R3 WdiSystemHost;Host sistema di diagnostica;C:\Windows\System32\svchost.exe [2006-11-02 22016] S2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 Appinfo;Informazioni applicazioni;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 13568] S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 5248] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 11904] S3 CertPropSvc;Propagazione certificati;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 DFSR;Replica DFS;C:\Windows\system32\DFSR.exe [2006-11-02 2089984] S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 117760] S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys [2006-11-02 27648] S3 IPBusEnum;Enumeratore bus IP PnP-X;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 lltdsvc;Mapper individuazione topologia livelli di collegamento;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 MSiSCSI;Servizio iniziatore iSCSI Microsoft;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 160872] S3 p2pimsvc;Gestione identità reti peer;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 p2psvc;Gruppi reti peer;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 pla;Avvisi e registri di prestazioni;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 PNRPAutoReg;Servizio di pubblicazione nome computer PNRP;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 PNRPsvc;Protocollo PNRP;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 QWAVE;Servizio audio/video Windows di qualità;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 QWAVEdrv;Driver QWAVE;C:\Windows\system32\drivers\qwavedrv.sys [2006-11-02 31232] S3 SCPolicySvc;Criterio rimozione smart card;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 SessionEnv;Configurazione Servizi terminal;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys [2006-11-02 12800] S3 SLUINotify;Servizio di notifica interfaccia utente SL;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 TBS;Servizi di base TPM;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 THREADORDER;Server di ordinamento thread;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 TrustedInstaller;Programma di installazione dei moduli di Windows;C:\Windows\servicing\TrustedInstaller.exe [2007-12-06 27136] S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys [2006-11-02 23552] S3 UI0Detect;Rilevamento servizi interattivi;C:\Windows\system32\UI0Detect.exe [2006-11-02 35840] S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys [2006-11-02 58472] S3 USBSTOR;Driver archiviazione di massa USB;C:\Windows\system32\DRIVERS\USBSTOR.SYS [2007-08-24 55296] S3 wcncsvc;Windows Connect Now - Registro configurazioni;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 WcsPlugInService;Sistema colori Windows;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 WdiServiceHost;Host servizio di diagnostica;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 Wecsvc;Raccolta eventi Windows;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 wercplsupport;Segnalazioni di problemi e soluzioni nel Pannello di controllo;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 WinRM;Gestione remota Windows (WS-Management);C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 WPCSvc;Controllo genitori;C:\Windows\system32\svchost.exe [2006-11-02 22016] S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys [2006-11-02 420968] S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys [2006-11-02 297576] S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys [2006-11-02 67688] S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 71808] S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 62336] S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 12160] S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys [2006-11-02 35328] S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 38912] S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys [2006-11-02 316520] S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys [2006-11-02 37480] S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 232040] S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys [2006-11-02 65536] S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys [2006-11-02 35944] S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys [2006-11-02 65640] S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys [2006-11-02 65640] S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys [2006-11-02 65640] S4 Mcx2Svc;Servizio Windows Media Center Extender;C:\Windows\system32\svchost.exe [2006-11-02 22016] S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys [2006-11-02 28776] S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 78952] S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys [2006-11-02 23144] S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 80488] S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 45160] S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 20608] S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys [2006-11-02 40040] S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys [2006-11-02 900712] S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 106088] S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys [2006-11-02 71784] S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys [2006-11-02 235112] S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys [2006-11-02 115816] S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys [2006-11-02 68608] S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys [2006-11-02 39424] S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys [2006-11-02 112232] S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys [2006-11-02 20608] S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys [2006-11-02 19560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart WerSvcGroup REG_MULTI_SZ wersvc swprv REG_MULTI_SZ swprv regsvc REG_MULTI_SZ RemoteRegistry wcssvc REG_MULTI_SZ WcsPlugInService DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch wdisvc REG_MULTI_SZ WdiServiceHost sdrsvc REG_MULTI_SZ sdrsvc secsvcs REG_MULTI_SZ WinDefend HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AeLookupSvc wercplsupport Themes CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Nla NWCWorkstation SRService Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS ProfSvc EapHost winmgmt schedule SessionEnv browser hkmsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c4a28c0-70c3-11dc-a89d-0019d2b7db99}] \shell\AutoRun\command - .\run\autorun.exe \shell\open\Command - .\run\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae52462c-ad6b-11dc-9889-001a92e41f52}] \shell\Auto\command - F:\Cn911.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Cn911.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4f6c6e-2c22-11dd-931b-0019d2b7db99}] \shell\Auto\command - F:\hvNrtID.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI . Contenuto della cartella 'Scheduled Tasks' 2008-10-09 C:\Windows\Tasks\User_Feed_Synchronization-{F6B6BE8F-A8C2-4BB4-8587-F4602FEAC8B6}.job - C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45] . . ------- Supplementare di scansione ------- . FireFox -: Profile - C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\yxugc62p.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/ig?hl=it FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-09 19:13:27 Windows 6.0.6000 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . Ora fine scansione: 2008-10-09 19:15:18 ComboFix-quarantined-files.txt 2008-10-09 17:14:53 ComboFix2.txt 2008-10-09 15:52:42 ComboFix3.txt 2008-10-04 17:37:34 Pre-Run: Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application. Post-Run: 15,499,689,984 byte disponibili 341 --- E O F --- 2008-10-07 17:44:00

Grazie.
Comunque provo a dargli un'occhiata per vedere se capisco qualcosa...

di **ventus85** » 09/10/08 22:55

Hai visto i due valori di registro che mi hai detto di cambiare?
Ho guardato a mano ma sotto ...\windows\explorer non li ho trovati.
Inoltre da stasera ho dei problemi con il centro sicurezza pc, è disattivato e non lo riattiva (ho messo una discussione a sè perchè non so se è un problema diverso).

di **Luke57** » 10/10/08 07:39

Ciao, probabilmente sono stati eliminati.

di **ventus85** » 10/10/08 14:34

Beh, da una parte sono contenta se non esistono più (mentre pensavo bisognasse solo cambiargli il valore), da una parte un po' meno per il "probabilmente" e per l'altro problema che è venuto fuori...
Grazie Luke57!

SM56Helper Error Telephone signal not detected, please check

SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Re: SM56Helper Error Telephone signal not detected, please check

Topic correlati a "SM56Helper Error Telephone signal not detected, please check":

Chi c’è in linea