Condividi:        

Problema con i files nascosti

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Problema con i files nascosti

Postdi bufferover » 27/10/08 21:43

Salve, da alcuni giorni mi sono accorto di non poter più spuntare, nelle opzioni di visualizzazione, la visualizzazione dei files nascosti. Cercando su internet ho trovato alcune soluzioni, però fanno tutte riferimento a dei processi diversi da quelli che ho io.
Credo di avere anche altri virus residui sul computer, anche se spybot e avg ora me lo danno come pulito, ma sono sicuro non essere così. Quindi ora che ho questo problema abbastanza grosso ho deciso di fare un po' di pulizia.
Uno dei virus è un virus di autorun che si propaga anche sulle chiavette legato al file yew.bat . Solo su questo forum ho trovato la soluzione, però era troppo personalizzata per l'utente che l'aveva richiesta, quindi posto qui il risultato di hijackthis sperando che mi possiate aiutare.

Ecco a voi il log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.37.31, on 27/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
D:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\FolderSize\FolderSizeSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Programmi\No-IP\DUC20.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\OO Software\CleverCache\ooccag.exe
C:\Programmi\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\slserv.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
c:\programmi\subversion\bin\svnservice.exe
C:\Programmi\TightVNC\WinVNC.exe
C:\Programmi\Subversion\bin\svnserve.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Programmi\OO Software\CleverCache\ooccctrl.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\windows\hffext\hffsrv.exe
D:\Programmi\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\Program Files\LiveUpdate\LiveUpdate.exe
C:\Programmi\Aqua Dock\Aqua Dock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\bootrandomizer\LogonUIBootRandomizer.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Goheer\Shortcuts\kshortcuts.exe
C:\Programmi\Sandboxie\SbieCtrl.exe
C:\Programmi\101 Clips\101Clips.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Desktop Media\mediadetect.exe
C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
C:\Programmi\Orbitdownloader\orbitdm.exe
C:\Programmi\4t Tray Minimizer\4t-min.exe
C:\Programmi\Hamachi8\hamachi.exe
C:\Programmi\Orbitdownloader\orbitnet.exe
C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 213.92.118.29 portale_vecchio.egamers.it
O1 - Hosts: 213.92.118.29 itarevenge_vecchio.egamers.it
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programmi\Microsoft Office 2007\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AABE4EB3-B55D-4AE7-9A46-F83B5078E66B} - (no file)
O2 - BHO: (no name) - {CDD7CF9E-D4A3-4F32-9372-128170734F5A} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\Orbitdownloader\GrabPro.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Programmi\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RandomBoot] "C:\Programmi\bootrandomizer\RandomScreens.exe" /RandomizeBoot
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmi\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Aqua Dock] C:\Programmi\Aqua Dock\Aqua Dock.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gmote] C:\DOCUME~1\BUFFER~1.000\IMPOST~1\Temp\Rar$EX00.203\gmote.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogonUIBootRandomizer] "C:\Programmi\bootrandomizer\LogonUIBootRandomizer.exe" /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kshortcuts] C:\Programmi\Goheer\Shortcuts\kshortcuts.exe /background
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Programmi\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\Mozilla\Firefox\Profiles\9d7la1j5.Buffer\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\Mozilla\Firefox\Profiles/9d7la1j5.Buffer\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1957994488-630328440-682003330-1003\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-1957994488-630328440-682003330-1003\..\Run: [LogonUIBootRandomizer] "C:\Programmi\bootrandomizer\LogonUIBootRandomizer.exe" /Minimized (User '?')
O4 - HKUS\S-1-5-21-1957994488-630328440-682003330-1003\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1957994488-630328440-682003330-1003\..\Run: [kshortcuts] C:\Programmi\Goheer\Shortcuts\kshortcuts.exe /background (User '?')
O4 - HKUS\S-1-5-21-1957994488-630328440-682003330-1003\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe (User '?')
O4 - HKUS\S-1-5-21-1957994488-630328440-682003330-1003\..\Run: [SandboxieControl] "C:\Programmi\Sandboxie\SbieCtrl.exe" (User '?')
O4 - HKUS\S-1-5-21-1957994488-630328440-682003330-1003\..\RunOnce: [FFTI] C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\Mozilla\Firefox\Profiles\9d7la1j5.Buffer\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\Mozilla\Firefox\Profiles/9d7la1j5.Buffer\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1957994488-630328440-682003330-1003 Startup: 4t Tray Minimizer.lnk = C:\Programmi\4t Tray Minimizer\4t-min.exe (User '?')
O4 - S-1-5-21-1957994488-630328440-682003330-1003 Startup: hamachi.lnk = C:\Programmi\Hamachi8\hamachi.exe (User '?')
O4 - Startup: 4t Tray Minimizer.lnk = C:\Programmi\4t Tray Minimizer\4t-min.exe
O4 - Startup: hamachi.lnk = C:\Programmi\Hamachi8\hamachi.exe
O4 - Global Startup: 101Clips.lnk = C:\Programmi\101 Clips\101Clips.exe
O4 - Global Startup: Desktop Media.lnk = C:\Programmi\Desktop Media\mediadetect.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Orbit.lnk = C:\Programmi\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to &Teleport - C:\Programmi\Teleport Pro\teleport.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2990120937
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/mwmus/tool/syst ... eatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BA47ECA-E7FE-4E28-89A8-B70120F1B9E2}: NameServer = 212.216.112.112,192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programmi\Microsoft Office 2007\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll,C:\WINDOWS\system32\guard32.dll,RemoveFocusRect.dll,avgrsstx.dll
O20 - Winlogon Notify: dbgeng32 - dbgeng32.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - D:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Programmi\FolderSize\FolderSizeSvc.exe
O23 - Service: Hexago Gateway6 Client (gw6c) - Hexago, Inc. - C:\Programmi\Gateway6 Client\gw6c.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Programmi\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Programmi\OO Software\CleverCache\ooccag.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programmi\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Subversion Service - Heavymetal Software - c:\programmi\subversion\bin\svnservice.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programmi\TightVNC\WinVNC.exe

--
End of file - 16714 bytes


Grazie anticipate al genio che saprà aiutarmi.
bufferover
Newbie
 
Post: 3
Iscritto il: 27/10/08 21:02

Sponsor
 

Re: Problema con i files nascosti

Postdi Luke57 » 27/10/08 22:23

Ciao, scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disattiva il tea timer di spybot, poi avvia combofix.exe, parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se dovessero scomparire le icone sul desktop e la barra delle applicazioni, non è nulla di cui preoccuparsi),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , posta il contenuto del file.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Problema con i files nascosti

Postdi bufferover » 28/10/08 01:34

ComboFix 08-10-27.02 - Buffer 2008-10-28 0.47.15.1 - NTFSx86

Eseguito da: C:\Documents and Settings\Buffer.HACKER-ONE.000\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\inst.exe
C:\Programmi\Bifrost
C:\Programmi\desktop media
C:\Programmi\desktop media\junction.exe
C:\Programmi\desktop media\mediadetect.exe
C:\Programmi\desktop media\unins000.dat
C:\Programmi\desktop media\unins000.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini
C:\WINDOWS\system32\RCX79.tmp
C:\WINDOWS\system32\RCXD8.tmp
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Service_NPF
-------\Service_oreans32


((((((((((((((((((((((((( Files Creati Da 2008-09-27 al 2008-10-27 )))))))))))))))))))))))))))))))))))
.

2008-10-27 20:43 . 2008-10-27 20:43 <DIR> d-------- C:\Programmi\Trend Micro
2008-10-27 19:11 . 2008-10-27 19:11 <DIR> d-------- C:\Sandbox
2008-10-27 19:10 . 2008-10-27 21:25 1,666 --a------ C:\WINDOWS\Sandboxie.ini
2008-10-27 19:09 . 2008-10-27 19:09 <DIR> d-------- C:\Programmi\Sandboxie
2008-10-27 14:34 . 2008-10-27 18:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-27 13:00 . 2008-10-27 13:09 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-27 13:00 . 2008-10-27 13:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\avg8
2008-10-27 13:00 . 2008-10-27 13:00 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-27 13:00 . 2008-10-27 13:00 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-24 11:06 . 2008-10-24 11:06 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-24 11:06 . 2008-10-24 11:06 <DIR> d-------- C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\Malwarebytes
2008-10-24 11:06 . 2008-10-24 11:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Malwarebytes
2008-10-24 11:06 . 2008-10-22 15:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-24 11:06 . 2008-10-22 15:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-20 10:20 . 2008-10-27 13:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Avira
2008-10-18 13:19 . 2008-10-18 13:19 <DIR> d-------- C:\Programmi\MKN Software
2008-10-18 11:34 . 2008-10-18 11:35 <DIR> d-------- C:\Programmi\Git
2008-10-18 10:01 . 2008-10-18 10:01 <DIR> d-------- C:\Programmi\File comuni\TortoiseOverlays
2008-10-16 11:45 . 2008-10-16 11:45 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-10-14 19:59 . 2008-10-14 19:59 304,186 --a------ C:\Image.bmp
2008-10-14 19:09 . 2008-10-14 19:09 <DIR> d-------- C:\Programmi\ROUTE 66
2008-10-14 19:09 . 2008-10-14 19:09 <DIR> d-------- C:\Programmi\File comuni\ROUTE 66
2008-10-14 18:06 . 2008-10-14 19:09 <DIR> d-------- C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\ROUTE 66 Sync
2008-10-09 17:02 . 2008-10-09 13:02 50,666 --a------ C:\index.htm
2008-10-09 16:57 . 2008-10-09 16:57 <DIR> d-------- C:\Programmi\Xi
2008-10-08 11:44 . 2008-10-08 11:44 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-10-08 11:40 . 2008-10-08 12:04 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-10-07 00:58 . 2008-10-07 00:58 <DIR> d-------- C:\Programmi\mShell
2008-10-06 20:57 . 2008-10-06 20:58 <DIR> d-------- C:\Programmi\TomTomActivation
2008-10-03 00:33 . 2008-10-16 11:46 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-03 00:30 . 2008-07-18 21:10 29,896 --a------ C:\WINDOWS\system32\wuapi.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 00:02 --------- d-----w C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\Hamachi
2008-10-28 00:01 --------- d-----w C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\Orbit
2008-10-27 23:29 --------- d-----w C:\Programmi\Firefox3
2008-10-27 19:48 --------- d-----w C:\Programmi\Orbitdownloader
2008-10-27 12:51 --------- d-----w C:\Programmi\eMule
2008-10-27 12:08 --------- d-----w C:\Programmi\ExploreAnywhere
2008-10-27 09:15 --------- d-----w C:\Programmi\Songbird
2008-10-25 19:52 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-10-25 16:39 --------- d-----w C:\Programmi\PeerGuardian2
2008-10-25 14:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2008-10-25 09:52 --------- d-----w C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\uTorrent
2008-10-24 14:05 --------- d-----w C:\Programmi\Game_Maker7
2008-10-24 13:09 --------- d-----w C:\Programmi\JackSM3
2008-10-23 10:53 --------- d-----w C:\Programmi\gMote
2008-10-20 09:51 --------- d-----w C:\Programmi\Java
2008-10-20 09:34 --------- d-----w C:\Programmi\Avast4
2008-10-18 12:07 --------- d-----w C:\Programmi\SQLyog Enterprise
2008-10-18 09:01 --------- d-----w C:\Programmi\TortoiseSVN
2008-10-16 10:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Microsoft Help
2008-10-16 10:21 2,206,720 ----a-w C:\WINDOWS\system32\kernel1.exe
2008-10-15 16:57 332,800 ----a-w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-14 19:08 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\PKP_DLdu.DAT
2008-10-14 18:59 304,160 ----a-w C:\StiImg.dat
2008-10-14 18:09 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-10-02 23:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Installations
2008-09-26 15:46 --------- d-----w C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\dvdcss
2008-09-26 13:21 --------- d-----w C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\FileZilla
2008-09-26 10:33 --------- d-----w C:\Programmi\Gateway6 Client
2008-09-23 18:37 --------- d-----w C:\Programmi\Click & Term
2008-09-19 21:11 --------- d-----w C:\Programmi\foxit
2008-09-16 14:33 --------- d-----w C:\Programmi\OpenTarget
2008-09-16 14:19 --------- d-----w C:\Programmi\World of Warcraft2
2008-09-15 15:38 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 15:38 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-09-11 00:07 --------- d-----w C:\Programmi\HandVu_beta3
2008-09-10 09:46 --------- d-----w C:\Programmi\SystemRequirementsLab
2008-09-09 00:43 --------- d-----w C:\Programmi\Paint.NET
2008-09-08 21:41 --------- d-----w C:\Programmi\MosaicCreator
2008-09-03 20:06 --------- d-----w C:\Programmi\Serials 2005
2008-08-29 12:24 --------- d-----w C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\GetRightToGo
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-27 11:36 --------- d-----w C:\Programmi\uTorrent
2008-08-27 10:51 --------- d-----w C:\Programmi\seba14mods
2008-08-19 09:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-08-14 13:42 2,184,064 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 13:42 2,139,648 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:42 2,139,648 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 13:42 2,061,440 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 13:42 2,019,328 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 13:42 2,019,328 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-08-14 11:49 30,807 ----a-w C:\WINDOWS\system32\Focus Rectangle Remover.zip
2008-08-14 09:51 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:30 21,656 ----a-w C:\WINDOWS\system32\dopdfmn6.dll
2008-08-14 09:30 18,072 ----a-w C:\WINDOWS\system32\dopdfmi6.dll
2008-08-08 10:52 144,976 ----a-w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\pswi_pcuui.exe
2008-08-08 10:48 6,266 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-08 10:39 1,402,448 ----a-w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\pswi_preloaded.exe
2008-08-06 15:27 3,520,552 ----a-w C:\WINDOWS\system32\procexp.exe
2008-08-06 15:27 2,608,680 ----a-w C:\WINDOWS\system32\Procmon.exe
2008-08-04 14:12 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL
2008-08-04 14:02 1 ----a-w C:\task.bat
2008-04-18 15:42 47,360 ----a-w C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\pcouffin.sys
2007-09-20 15:58 4 ----a-w C:\Programmi\WQLINGUEtl.txt
2007-06-20 17:32 56 --sh--r C:\WINDOWS\system32\A39EF30058.sys
.

------- Sigcheck -------

2007-02-12 15:15 504832 fd46b348fca32a1987b9a32b6ba81d2e C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ C:\Programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ C:\Programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ C:\Programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ C:\Programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ C:\Programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ C:\Programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ C:\Programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ C:\Programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ C:\Programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay1 {340B93F0-409B-4FE1-A299-E51A9DBC15E8}]
@="{340B93F0-409B-4FE1-A299-E51A9DBC15E8}"
[HKEY_CLASSES_ROOT\CLSID\{340B93F0-409B-4FE1-A299-E51A9DBC15E8}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay10 {6BFB2A00-8527-4BF2-A0E8-CD9050681F04}]
@="{6BFB2A00-8527-4BF2-A0E8-CD9050681F04}"
[HKEY_CLASSES_ROOT\CLSID\{6BFB2A00-8527-4BF2-A0E8-CD9050681F04}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay2 {E3938C98-7DD8-449B-8307-72BFAB5AD177}]
@="{E3938C98-7DD8-449B-8307-72BFAB5AD177}"
[HKEY_CLASSES_ROOT\CLSID\{E3938C98-7DD8-449B-8307-72BFAB5AD177}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay3 {D2871DBF-4514-4F87-982C-33DC93EC49B5}]
@="{D2871DBF-4514-4F87-982C-33DC93EC49B5}"
[HKEY_CLASSES_ROOT\CLSID\{D2871DBF-4514-4F87-982C-33DC93EC49B5}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay4 {6CC026B2-745A-414B-8D1B-31FEE8924274}]
@="{6CC026B2-745A-414B-8D1B-31FEE8924274}"
[HKEY_CLASSES_ROOT\CLSID\{6CC026B2-745A-414B-8D1B-31FEE8924274}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay5 {E871D3F2-4F71-4DC1-AD19-EA1CFD16DAB1}]
@="{E871D3F2-4F71-4DC1-AD19-EA1CFD16DAB1}"
[HKEY_CLASSES_ROOT\CLSID\{E871D3F2-4F71-4DC1-AD19-EA1CFD16DAB1}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay6 {5181ED65-D2CD-4C23-87B1-0EBFA9BD3B72}]
@="{5181ED65-D2CD-4C23-87B1-0EBFA9BD3B72}"
[HKEY_CLASSES_ROOT\CLSID\{5181ED65-D2CD-4C23-87B1-0EBFA9BD3B72}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay7 {663AC8D3-A880-4AB8-8B89-BCEC3A4E51B1}]
@="{663AC8D3-A880-4AB8-8B89-BCEC3A4E51B1}"
[HKEY_CLASSES_ROOT\CLSID\{663AC8D3-A880-4AB8-8B89-BCEC3A4E51B1}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay8 {1C011EDC-054A-485B-B815-EF612433EF7A}]
@="{1C011EDC-054A-485B-B815-EF612433EF7A}"
[HKEY_CLASSES_ROOT\CLSID\{1C011EDC-054A-485B-B815-EF612433EF7A}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay9 {CC1B3A1B-6DBB-43ED-A142-6806736B90E2}]
@="{CC1B3A1B-6DBB-43ED-A142-6806736B90E2}"
[HKEY_CLASSES_ROOT\CLSID\{CC1B3A1B-6DBB-43ED-A142-6806736B90E2}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2008-06-20 08:28 136792 --a------ C:\WINDOWS\system32\pfmshx_178.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2008-03-16 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2006-11-16 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"LogonUIBootRandomizer"="C:\Programmi\bootrandomizer\LogonUIBootRandomizer.exe" [2004-09-01 2060288]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"kshortcuts"="C:\Programmi\Goheer\Shortcuts\kshortcuts.exe" [2005-01-08 69632]
"SandboxieControl"="C:\Programmi\Sandboxie\SbieCtrl.exe" [2008-09-02 716800]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\Mozilla\Firefox\Profiles\9d7la1j5.Buffer\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [2007-03-12 2505888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-17 200704]
"ooccctrl.exe"="C:\Programmi\OO Software\CleverCache\ooccctrl.exe" [2005-11-09 722944]
"UnlockerAssistant"="C:\Programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"RandomBoot"="C:\Programmi\bootrandomizer\RandomScreens.exe" [2004-06-24 249856]
"hffsrv"="c:\windows\hffext\hffsrv.exe" [2006-05-06 82432]
"GrooveMonitor"="D:\Programmi\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 45632]
"COMODO Firewall Pro"="C:\Programmi\COMODO\Firewall\cfp.exe" [2008-06-10 1655552]
"WinVNC"="C:\Programmi\TightVNC\WinVNC.exe" [2007-05-07 589824]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"Aqua Dock"="C:\Programmi\Aqua Dock\Aqua Dock.exe" [2003-11-01 386560]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-27 1234712]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]

C:\Documents and Settings\Buffer\Menu Avvio\Programmi\Esecuzione automatica\
Change Realm 2.0.lnk - C:\Programmi\Italian Revenge Team\Change Realm 2.0\changerealm2.0.exe [2006-03-10 1687552]

C:\Documents and Settings\Buffer.HACKER-ONE.000\Menu Avvio\Programmi\Esecuzione automatica\
4t Tray Minimizer.lnk - C:\Programmi\4t Tray Minimizer\4t-min.exe [2007-06-18 1091584]
hamachi.lnk - C:\Programmi\Hamachi8\hamachi.exe [2007-09-17 625952]

C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
101Clips.lnk - C:\Programmi\101 Clips\101Clips.exe [2007-02-12 723456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.ZDSV"= scrvid.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Launchy.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Launchy.lnk
backup=C:\WINDOWS\pss\Launchy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Post-it® Software Notes Lite.lnk]
backup=C:\WINDOWS\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^µtorrent 1.7.5 Mult10 Seeder.lnk]
backup=C:\WINDOWS\pss\µtorrent 1.7.5 Mult10 Seeder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Buffer.HACKER-ONE.000^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=C:\Documents and Settings\Buffer.HACKER-ONE.000\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Buffer.HACKER-ONE.000^Menu Avvio^Programmi^Esecuzione automatica^HFS PRAGA.lnk]
backup=C:\WINDOWS\pss\HFS PRAGA.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Buffer.HACKER-ONE.000^Menu Avvio^Programmi^Esecuzione automatica^PartMetBackup.lnk]
path=C:\Documents and Settings\Buffer.HACKER-ONE.000\Menu Avvio\Programmi\Esecuzione automatica\PartMetBackup.lnk
backup=C:\WINDOWS\pss\PartMetBackup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 C:\Programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 23:29 165784 C:\Programmi\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 2008-08-01 18:41 5480448 C:\Programmi\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-11-10 15:19 1051648 C:\Programmi\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-16 16:15 221184 C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-02-16 16:15 81920 C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
--a------ 2005-09-18 18:40 1421824 C:\Programmi\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PuppetMaster]
--a------ 2004-10-07 20:56 561152 C:\Programmi\Puppet Master\PuppetMaster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 01:05 200704 C:\Programmi\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 C:\Programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RapidCheck]
--a------ 2006-08-17 20:11 155648 C:\Programmi\RapidCheck\RapidCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Screen Recorder]
--a------ 2007-05-24 18:19 860160 C:\Programmi\ZD Soft\Screen Recorder\srecorder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2003-09-29 16:00 155648 C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysinternals Desktops]
--a------ 2008-08-21 08:30 118824 C:\Programmi\Sysinternals Desktops\Desktops.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TelekomatXP]
--a------ 2004-01-15 23:12 653312 C:\Programmi\UtilKit\DLULMeterFree\UKDUMFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a------ 2005-07-15 22:48 479232 C:\Programmi\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Capture Device Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
"C:\\Programmi\\World of Warcraft\\IRteamwow.exe"=
"C:\\Program Files\\Msn Messenger\\msnmsgr.exe"=
"C:\\Programmi\\uTorrent\\utorrent.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\seba14mods\\µtorrent 1.7.5 Leecher Pack\\utorrent 1.7.5_mult10_seeder.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"C:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"D:\\Programmi\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"D:\\Programmi\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"D:\\Programmi\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Programmi\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Programmi\\eMuleMorphXT\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3569a224-be77-11db-b2ad-0011957d83fa}]
\Shell\AutoRun\command - L:\vva0hc0p.cmd
\Shell\explore\Command - L:\vva0hc0p.cmd
\Shell\open\Command - L:\vva0hc0p.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ea78320-34b8-11dc-8213-0011957d83fa}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc2e5124-5817-11dd-9c97-0011957d83fa}]
\Shell\AutoRun\command - otyh.cmd
\Shell\explore\Command - otyh.cmd
\Shell\open\Command - otyh.cmd

*Newly Created Service* - IP6FW
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{AABE4EB3-B55D-4AE7-9A46-F83B5078E66B} - (no file)
BHO-{CDD7CF9E-D4A3-4F32-9372-128170734F5A} - (no file)
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
HKLM-Run-RegistryMechanic - (no file)
Notify-WB - C:\Programmi\Stardock\Object Desktop\ThemeManager\fastload.dll
Notify-dbgeng32 - dbgeng32.dll
MSConfigStartUp-Adobe Photo Downloader - C:\Programmi\Adobe\Photoshop Elements 5.0\apdproxy.exe
MSConfigStartUp-AntiLostCD - C:\PROGRA~1\ANTI-L~1\antilost.exe
MSConfigStartUp-LowerCaseSwitcher - D:\Programmi\Lower Case Switcher\LowerCaseSW.exe
MSConfigStartUp-Snarl - C:\Programmi\Snarl\snarl.exe
MSConfigStartUp-WinBooter - C:\Documents and Settings\Buffer.HACKER-ONE.000\Desktop\BootTimer.exe


.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Documents and Settings\Buffer.HACKER-ONE.000\Dati applicazioni\Mozilla\Firefox\Profiles\bqjhdny2.Utente predefinito\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.egforum.it
FF -: plugin - C:\Programmi\Firefox3\plugins\np32dsw.dll
FF -: plugin - C:\Programmi\Firefox3\plugins\npLegitCheckPlugin.dll
FF -: plugin - C:\Programmi\Firefox3\plugins\npnul32.dll
FF -: plugin - C:\Programmi\Firefox3\plugins\nppdf32.dll
FF -: plugin - C:\Programmi\Firefox3\plugins\npqtplugin.dll
FF -: plugin - C:\Programmi\Firefox3\plugins\npqtplugin2.dll
FF -: plugin - C:\Programmi\Firefox3\plugins\npqtplugin3.dll
FF -: plugin - C:\Programmi\Firefox3\plugins\npqtplugin4.dll
FF -: plugin - C:\Programmi\Firefox3\plugins\npqtplugin5.dll
FF -: plugin - C:\Programmi\Firefox3\plugins\npqtplugin6.dll
FF -: plugin - C:\Programmi\Firefox3\plugins\npqtplugin7.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 00:58:44
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Programmi\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESSO: C:\WINDOWS\explorer.exe
-> C:\Programmi\Unlocker\UnlockerHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
D:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\FolderSize\FolderSizeSvc.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Orbitdownloader\orbitdm.exe
C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Programmi\No-IP\DUC20.exe
C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Programmi\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-10-28 1:29:19 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-10-28 00:29:08

Pre-Run: 2.143.191.040 byte disponibili
Post-Run: 2,294,206,464 byte disponibili

447 --- E O F --- 2008-10-25 09:26:07
bufferover
Newbie
 
Post: 3
Iscritto il: 27/10/08 21:02

Re: Problema con i files nascosti

Postdi bufferover » 28/10/08 01:37

perdonatemi il doppio post ma non trovo l'edit. Comunque noto che già ora è tornata l'opzione per visualizzare i files nascosti e iol virus di autorun sembra non partire più quando apro i dischi. Però vorrei debellare anche le altre possibili minacce se ossibile con il vostro aiuto.

Per ora grazie! Attendo altre istruzioni.
bufferover
Newbie
 
Post: 3
Iscritto il: 27/10/08 21:02


Torna a Sicurezza e Privacy


Topic correlati a "Problema con i files nascosti":

Problema con il mouse
Autore: crisge73
Forum: Discussioni
Risposte: 9

Chi c’è in linea

Visitano il forum: Nessuno e 83 ospiti

cron