Condividi:        

non è una applicazione win32 valida

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

non è una applicazione win32 valida

Postdi mancar53 » 02/11/08 21:21

dopo uno spegnimento inappropriato del pc ( il video era tutto nero ) alla riaxccensione mi sono accorto che non mi partiva più Norton , cercando di farlo partire manualmente mi compare la scritta "CCapp.exe non è una applicazione win32 valida".
Anche per spybot o ad-aware è lo stesso, inoltre mil pc mi sembra molto lento cosa puù essere successo?

Saluti
mancar53
Utente Junior
 
Post: 58
Iscritto il: 21/02/08 22:32

Sponsor
 

Re: non è una applicazione win32 valida

Postdi SkunkWorks 68 » 02/11/08 23:20

Ti sei preso il "Bagle".
Aspetta che un Moderatore ti sposti il thread in sezione sicurezza.
Ciao
"Quando ti svegli la mattina,pensa quale prezioso privilegio e’ essere vivi:respirare, pensare,provare gioia e amare"(Marco Aurelio).
Avatar utente
SkunkWorks 68
Utente Senior
 
Post: 2336
Iscritto il: 03/03/07 08:55

Re: non è una applicazione win32 valida

Postdi MIKI68 » 03/11/08 15:18

Maledetto Bagle non appena ti spostano in sezione Sicurezza ti diamo le indicazioni per rimuovere questo maledetto virus!
Trucchi e impostazioni per un computer sempre efficiente http://miki68news.blogspot.com/
Avatar utente
MIKI68
Utente Senior
 
Post: 1732
Iscritto il: 17/10/08 15:26
Località: Bari

Re: non è una applicazione win32 valida

Postdi MIKI68 » 03/11/08 16:08

MIKI68 ha scritto:Maledetto Bagle non appena ti spostano in sezione Sicurezza ti diamo le indicazioni per rimuovere questo maledetto virus!

Nel frattempo che vieni spostato dai una occhiata veloce nel task manager e dimmi se per caso vedi qualcuno di questi processi attivi: HLDRRR.EXE - DUMETER.EXE - SROSE.SYS nel caso li vedi terminali.Dai una sbirciatina anche nella system32 ;)
Trucchi e impostazioni per un computer sempre efficiente http://miki68news.blogspot.com/
Avatar utente
MIKI68
Utente Senior
 
Post: 1732
Iscritto il: 17/10/08 15:26
Località: Bari

Re: non è una applicazione win32 valida

Postdi mancar53 » 03/11/08 17:45

non ho trovato traccia di quei files tra i processi attivi.
Vi anticipo se puo' essere utile ol log di Hjt e quello di combofix:
ComboFix 08-10-25.01 - Manlio 2008-11-03 17:05:43.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1603 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Manlio.PC-HOME\Appoggio\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\InfoSat.txt
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS.0\system32\drivers\downld
C:\WINDOWS.0\system32\drivers\downld\338921.exe
C:\WINDOWS.0\system32\drivers\downld\339921.exe
C:\WINDOWS.0\system32\drivers\downld\351000.exe
C:\WINDOWS.0\system32\drivers\downld\352593.exe
C:\WINDOWS.0\system32\drivers\downld\383484.exe
C:\WINDOWS.0\system32\drivers\downld\392562.exe
C:\WINDOWS.0\system32\drivers\downld\397281.exe
C:\WINDOWS.0\system32\drivers\downld\469812.exe
C:\WINDOWS.0\system32\drivers\downld\475765.exe
C:\WINDOWS.0\system32\drivers\downld\479312.exe
C:\WINDOWS.0\system32\drivers\downld\484359.exe
C:\WINDOWS.0\system32\drivers\downld\529890.exe
C:\WINDOWS.0\system32\drivers\downld\543609.exe
C:\WINDOWS.0\system32\drivers\downld\545656.exe
C:\WINDOWS.0\system32\drivers\downld\555484.exe
C:\WINDOWS.0\system32\drivers\downld\8157296.exe
C:\WINDOWS.0\system32\drivers\winfilse.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Creati Da 2008-10-03 al 2008-11-03 )))))))))))))))))))))))))))))))))))
.

2008-11-03 14:47 . 2008-11-03 14:47 <DIR> d-------- C:\Muestras
2008-11-02 16:15 . 2008-11-02 16:18 419 --a------ C:\WINDOWS.0\nwplayer.ini
2008-11-02 15:57 . 2008-11-02 15:57 <DIR> d-------- C:\WINDOWS.0\ACAMPREF
2008-11-02 15:52 . 1994-09-21 00:00 12,800 --a------ C:\WINDOWS.0\system32\wing32.dll
2008-11-02 15:52 . 2008-11-02 16:05 889 --a------ C:\WINDOWS.0\wacam.ini
2008-11-02 15:52 . 2008-11-02 15:52 724 --a------ C:\WINDOWS.TMP
2008-10-25 20:09 . 2008-10-25 23:18 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-25 20:09 . 2008-10-25 20:09 <DIR> d-------- C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\Malwarebytes
2008-10-25 20:09 . 2008-10-25 20:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Malwarebytes
2008-10-25 20:09 . 2008-10-22 15:10 38,496 --a------ C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
2008-10-25 20:09 . 2008-10-22 15:10 15,504 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-10-24 21:13 . 2008-10-15 17:36 337,408 -----c--- C:\WINDOWS.0\system32\dllcache\netapi32.dll
2008-10-18 20:34 . 2008-10-18 20:34 <DIR> d-------- C:\Programmi\VstPlugins
2008-10-16 17:28 . 2008-10-16 17:28 <DIR> d-------- C:\Programmi\Alien Connections
2008-10-16 17:28 . 1997-01-18 10:40 299,520 --a------ C:\WINDOWS.0\uninst.exe
2008-10-16 17:28 . 2008-10-16 17:28 0 --a------ C:\WINDOWS.0\PROTOCOL.INI
2008-10-16 14:07 . 2008-10-16 17:26 <DIR> d-------- C:\Audio
2008-10-16 11:17 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS.0\system32\dllcache\srv.sys
2008-10-16 11:16 . 2008-08-14 14:22 2,192,896 -----c--- C:\WINDOWS.0\system32\dllcache\ntoskrnl.exe
2008-10-16 11:16 . 2008-08-14 14:22 2,148,864 -----c--- C:\WINDOWS.0\system32\dllcache\ntkrnlmp.exe
2008-10-16 11:16 . 2008-08-14 14:22 2,069,760 -----c--- C:\WINDOWS.0\system32\dllcache\ntkrnlpa.exe
2008-10-16 11:16 . 2008-08-14 14:22 2,027,520 -----c--- C:\WINDOWS.0\system32\dllcache\ntkrpamp.exe
2008-10-16 11:16 . 2008-09-15 16:24 1,846,400 -----c--- C:\WINDOWS.0\system32\dllcache\win32k.sys
2008-10-12 17:52 . 2008-10-12 17:52 <DIR> d-------- C:\Documents and Settings\Manlio.PC-HOME\.GalleryRemote
2008-10-11 22:51 . 2008-10-11 22:51 <DIR> d-------- C:\WINDOWS.0\USB Vibration
2008-10-10 20:33 . 2008-10-10 20:33 <DIR> d-------- C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\SlySoft
2008-10-10 19:56 . 2008-10-10 19:56 <DIR> d-------- C:\Programmi\Guitar Pro 5
2008-10-10 18:40 . 2008-10-10 18:40 <DIR> d-------- C:\Guitar Pro 4 full +serial
2008-10-09 20:08 . 2008-10-13 13:40 <DIR> d-------- C:\Programmi\Guitar Calculator Pro
2008-10-09 20:04 . 2008-10-13 13:40 249,856 --------- C:\WINDOWS.0\Setup1.exe
2008-10-09 20:04 . 2008-10-13 13:40 73,216 --a------ C:\WINDOWS.0\ST6UNST.EXE
2008-10-09 17:49 . 2008-11-01 18:15 <DIR> d-------- C:\Gitune
2008-10-04 20:10 . 2008-10-04 20:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 20:28 . 2008-10-03 20:28 <DIR> d-------- C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\Sibelius Software
2008-10-03 20:27 . 2008-10-03 20:27 <DIR> d-------- C:\Programmi\Musicnotes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 15:48 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-11-03 11:48 --------- d-----w C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\stickies
2008-11-03 10:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Google Updater
2008-11-02 23:02 --------- d-----w C:\Programmi\Symantec
2008-11-02 21:11 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-11-02 21:11 --------- d-----w C:\Programmi\eMule
2008-11-02 12:51 --------- d-----w C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\Skype
2008-11-02 12:50 --------- d-----w C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\skypePM
2008-11-01 12:19 --------- d-----w C:\Programmi\FlatOut 2
2008-10-26 17:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Lavasoft
2008-10-25 14:26 --------- d-----w C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\uTorrent
2008-10-22 19:37 --------- d-----w C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\Audacity
2008-10-16 13:07 --------- d-----w C:\Programmi\Steinberg
2008-10-15 17:39 --------- d-----w C:\Programmi\10-Strike SearchMyDiscs
2008-10-11 21:51 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-10-10 19:34 --------- d-----w C:\Programmi\SlySoft
2008-10-10 19:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\SecTaskMan
2008-10-06 21:46 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Spybot - Search & Destroy
2008-10-04 19:10 --------- d-----w C:\Programmi\iTunes
2008-10-04 19:10 --------- d-----w C:\Programmi\iPod
2008-10-04 11:05 --------- d-----w C:\Programmi\Java
2008-10-02 17:17 --------- d-----w C:\Programmi\BitTorrent Fastest Tool
2008-09-27 10:19 --------- d-----w C:\Programmi\MediaCoder
2008-09-23 22:04 --------- d-----w C:\Programmi\DVDx
2008-09-21 17:41 --------- d-----w C:\Programmi\Formosoft
2008-09-20 13:57 --------- d-----w C:\Programmi\LimeWire
2008-09-17 12:55 --------- d-----w C:\Programmi\QuickTime
2008-09-17 12:54 --------- d-----w C:\Programmi\File comuni\Apple
2008-09-17 12:48 --------- d-----w C:\Programmi\Bonjour
2008-09-15 15:24 1,846,400 ----a-w C:\WINDOWS.0\system32\win32k.sys
2008-09-14 14:44 82,380 ----a-w C:\WINDOWS.0\system32\drivers\AFS2K.SYS
2008-09-14 13:49 0 ---ha-w C:\Documents and Settings\LocalService.NT AUTHORITY\hpothb07.dat
2008-09-12 11:48 --------- d-----w C:\Programmi\ffdshow
2008-09-11 09:27 --------- d-----w C:\Programmi\uTorrent
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS.0\system32\drivers\srv.sys
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS.0\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS.0\system32\dnssd.dll
2008-08-26 07:57 826,368 ----a-w C:\WINDOWS.0\system32\wininet.dll
2008-08-14 13:22 2,192,896 ----a-w C:\WINDOWS.0\system32\ntoskrnl.exe
2008-08-14 13:22 2,069,760 ----a-w C:\WINDOWS.0\system32\ntkrnlpa.exe
2008-04-17 10:02 103,776 ----a-w C:\Documents and Settings\Manlio.PC-HOME\System_Restore.exe
2008-02-26 14:48 357,768 ----a-w C:\Documents and Settings\Manlio.PC-HOME\SymXPep2.dll
2008-02-26 14:03 251,216 ----a-w C:\Documents and Settings\Manlio.PC-HOME\IView.exe
2007-12-01 11:56 32 ----a-w C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\ezsid.dat
2007-01-28 17:38 87,608 ----a-w C:\Documents and Settings\Manlio\Dati applicazioni\ezpinst.exe
2007-01-28 17:38 87,608 ----a-w C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\ezpinst.exe
2007-01-28 17:38 47,360 ----a-w C:\Documents and Settings\Manlio\Dati applicazioni\pcouffin.sys
2007-01-28 17:38 47,360 ----a-w C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\pcouffin.sys
2008-03-27 17:15 2 --shatr C:\WINDOWS.0\winstart.bat
2002-09-10 11:00 4,952 --sha-r C:\WINDOWS.0\system32\AsBackup\AllUser\Bootfont.bin
2008-05-11 18:42 32,768 --sha-w C:\WINDOWS.0\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008051120080512\index.dat
.
Codice: Seleziona tutto
<pre>
----a-w           438,359 2006-04-21 13:41:20  C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB .exe
----a-w           936,960 2006-11-21 14:26:22  C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp .exe
----a-w            40,960 2002-03-06 00:31:00  C:\Programmi\Creative\WebCam Monitor\TrayMon .exe
----a-w           153,136 2007-03-01 14:57:24  C:\Programmi\File comuni\Nero\Lib\NeroCheck .exe
----a-w            68,856 2008-04-10 12:34:05  C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w            90,112 2002-10-06 23:23:20  C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
----a-w            69,632 2002-04-17 09:42:56  C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
----a-w            88,024 2007-08-08 13:53:16  C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray .exe
--sha-r         2,097,488 2008-01-28 10:43:40  C:\Programmi\Spybot - Search & Destroy\TeaTimer .exe
----a-w            28,160 2002-12-12 05:45:00  C:\Programmi\Symantec\WinFax\WFXSWTCH .exe
----a-w           307,200 2007-12-11 02:59:40  C:\Programmi\Syncrosoft\POS\H2O\cledx .exe
----a-w            41,984 2000-12-26 13:35:00  C:\WINDOWS.0\CTRegRun .exe
----a-w            15,360 2004-08-19 13:39:36  C:\WINDOWS.0\system32\ctfmon .exe
----a-w           406,016 2004-03-10 23:26:10  C:\WINDOWS.0\system32\PSDrvCheck .exe
----a-w            14,348 2008-03-17 22:35:22  C:\WINDOWS.0\system32\drivers\hldrrr .exe
</pre>



((((((((((((((((((((((((((((( snapshot@2008-10-27_11.38.44,85 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB941693\update\update.exe
+ 2008-11-03 12:18:26 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB941693\update\update.exe
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB943055\update\update.exe
+ 2008-11-03 12:18:30 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB943055\update\update.exe
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB944533-IE7\update\update.exe
+ 2008-11-03 12:18:33 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB944533-IE7\update\update.exe
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB945553\update\update.exe
+ 2008-11-03 12:18:34 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB945553\update\update.exe
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB946026\update\update.exe
+ 2008-11-03 12:18:35 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB946026\update\update.exe
- 2007-11-30 11:19:29 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB946648\update\update.exe
+ 2008-11-03 12:18:35 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB946648\update\update.exe
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB947864-IE7\update\update.exe
+ 2008-11-03 12:18:37 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB947864-IE7\update\update.exe
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB948590\update\update.exe
+ 2008-11-03 12:18:38 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB948590\update\update.exe
- 2007-03-06 01:48:32 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB948881\update\update.exe
+ 2008-11-03 12:18:38 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB948881\update\update.exe
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB950759-IE7\update\update.exe
+ 2008-11-03 12:18:40 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB950759-IE7\update\update.exe
- 2007-11-30 12:39:40 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB950760\update\update.exe
+ 2008-11-03 12:18:41 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB950760\update\update.exe
- 2007-11-30 12:39:40 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB950762\update\update.exe
+ 2008-11-03 12:18:41 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB950762\update\update.exe
- 2007-11-30 12:39:38 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB950974\update\update.exe
+ 2008-11-03 12:18:42 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB950974\update\update.exe
- 2007-12-03 15:25:53 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB951066\update\update.exe
+ 2008-11-03 12:18:43 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB951066\update\update.exe
- 2007-11-30 12:39:40 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB951072-v2\update\update.exe
+ 2008-11-03 12:18:43 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB951072-v2\update\update.exe
- 2007-11-30 11:19:30 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB951376-v2\update\update.exe
+ 2008-11-03 12:18:44 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB951376-v2\update\update.exe
- 2007-11-30 11:19:30 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB951376\update\update.exe
+ 2008-11-03 12:18:44 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB951376\update\update.exe
- 2007-11-30 12:39:40 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB951698\update\update.exe
+ 2008-11-03 12:18:45 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB951698\update\update.exe
- 2007-11-30 12:39:38 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB951748\update\update.exe
+ 2008-11-03 12:18:46 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB951748\update\update.exe
- 2007-11-30 12:39:38 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB951978\update\update.exe
+ 2008-11-03 12:18:46 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB951978\update\update.exe
- 2007-11-30 11:19:30 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB952287\update\update.exe
+ 2008-11-03 12:18:47 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB952287\update\update.exe
- 2007-11-30 12:39:40 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB952954\update\update.exe
+ 2008-11-03 12:18:47 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB952954\update\update.exe
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB953838-IE7\update\update.exe
+ 2008-11-03 12:18:50 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB953838-IE7\update\update.exe
- 2007-11-30 12:39:40 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB953839\update\update.exe
+ 2008-11-03 12:18:50 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB953839\update\update.exe
- 2008-07-09 07:42:38 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB954211\update\update.exe
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS.0\$hf_mig$\KB956390-IE7\update\update.exe
- 2007-11-30 12:39:40 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB956391\update\update.exe
- 2007-11-30 11:19:30 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB956803\update\update.exe
- 2007-11-30 12:39:40 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB956841\update\update.exe
- 2007-11-30 11:19:30 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB957095\update\update.exe
- 2007-11-30 11:19:30 763,768 ----a-w C:\WINDOWS.0\$hf_mig$\KB958644\update\update.exe
+ 2008-11-02 15:05:07 12,500 ----a-w C:\WINDOWS.0\ACAMPREF\Myriad\ALBUM.DAT
+ 2008-11-02 15:05:07 77,471 ----a-w C:\WINDOWS.0\ACAMPREF\Myriad\Pattern.Dat
+ 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS.0\ERDNT\subs\ERDNT.EXE
- 2007-11-30 11:19:29 763,768 ----a-w C:\WINDOWS.0\SoftwareDistribution\Download\6992704de146fd04c2b287b390b5ce62\update\update.exe
- 2007-07-27 06:36:02 763,768 ----a-w C:\WINDOWS.0\SoftwareDistribution\Download\739056e231764a9a08938e9afba00f5f\update\update.exe
- 2007-11-30 11:19:30 763,768 ----a-w C:\WINDOWS.0\SoftwareDistribution\Download\e01610020f827bc60f09563514e31bcd\update\update.exe
- 2008-10-16 12:27:40 208,104 ----a-w C:\WINDOWS.0\system32\FNTCACHE.DAT
+ 2008-11-02 17:52:38 209,696 ----a-w C:\WINDOWS.0\system32\FNTCACHE.DAT
- 2008-10-27 10:02:29 64,200 ----a-w C:\WINDOWS.0\system32\perfc009.dat
+ 2008-10-29 13:20:59 64,200 ----a-w C:\WINDOWS.0\system32\perfc009.dat
- 2008-10-27 10:02:29 77,266 ----a-w C:\WINDOWS.0\system32\perfc010.dat
+ 2008-10-29 13:21:00 77,266 ----a-w C:\WINDOWS.0\system32\perfc010.dat
- 2008-10-27 10:02:29 407,670 ----a-w C:\WINDOWS.0\system32\perfh009.dat
+ 2008-10-29 13:20:59 407,670 ----a-w C:\WINDOWS.0\system32\perfh009.dat
- 2008-10-27 10:02:29 455,008 ----a-w C:\WINDOWS.0\system32\perfh010.dat
+ 2008-10-29 13:21:00 455,008 ----a-w C:\WINDOWS.0\system32\perfh010.dat
+ 2008-11-02 18:29:27 81,064 ----a-w C:\WINDOWS.0\system32\Restore\rstrlog.dat
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [N/A]
"FreeMem Pro"="C:\Programmi\FreeMem Professional\Fmempro.exe" [2000-03-27 428544]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-16 68856]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2008-04-14 15360]
"DriverMax"="C:\Programmi\Innovative Solutions\DriverMax\devices.exe" [2008-07-25 5057368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCam Monitor"="C:\Programmi\Creative\WebCam Monitor\TrayMon.exe" [N/A]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Share-to-Web Namespace Daemon"="C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [N/A]
"CamMonitor"="C:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-06 90112]
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe" [2006-11-21 936960]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2008-11-03 51048]
"osCheck"="C:\Programmi\Norton AntiVirus\osCheck.exe" [2008-11-03 714608]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [N/A]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"PwrUpTweakMe"="C:\WINDOWS.0\system32\PuXpTwks.exe" [N/A]
"AAWTray"="C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe" [N/A]
"PinnacleDriverCheck"="C:\WINDOWS.0\system32\\PSDrvCheck.exe" [N/A]
"CTRegRun"="C:\WINDOWS.0\CTRegRun.EXE" [N/A]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WFXSwtch"="C:\PROGRA~1\Symantec\WinFax\WFXSWTCH.exe" [N/A]
"H2O"="C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2002-12-12 C:\WINDOWS.0\system32\WFXSNT40.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide2"="rundll32 advpack.dll" [N/A]

C:\Documents and Settings\Manlio.PC-HOME\Menu Avvio\Programmi\Esecuzione automatica\
Stickies.lnk - C:\Programmi\stickies\stickies.exe [2006-03-29 348160]

C:\Documents and Settings\All Users.WINDOWS.0\Menu Avvio\Programmi\Inicio\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-04-15 217088]
Controller.LNK - C:\Programmi\Symantec\WinFax\WFXCTL32.EXE [2008-04-28 565760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "C:\PROGRA~1\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.ffds"= C:\Programmi\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\stickies\\stickies.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\WINDOWS.0\\system32\\ftp.exe"=
"C:\\Programmi\\File comuni\\Symantec Shared\\NPC\\npcLUStb.exe"=
"C:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4758:TCP"= 4758:TCP:messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 8192]
R2 wfxsvc;WinFax PRO;C:\WINDOWS.0\system32\WFXSVC.EXE [2000-09-28 129536]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS.0\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS.0\system32\DRIVERS\fetnd5bv.sys [2008-01-02 43520]
R3 PD1030VID;Creative WebCam Pro;C:\WINDOWS.0\system32\DRIVERS\p1030vid.sys [2006-12-18 167661]
S2 LiveUpdate Notice;LiveUpdate Notice;C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe [2008-11-03 149352]
S2 rend32;Microsoft Rendezvous Control;rundll32.exe C:\WINDOWS.0\system32\rend32.dll,ileb [ ]
S3 COH_Mon;COH_Mon;C:\WINDOWS.0\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
.
Contenuto della cartella 'Scheduled Tasks'

2008-09-01 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-10-27 C:\WINDOWS.0\Tasks\Norton AntiVirus - Scansione completa sistema - Manlio.job
- C:\Programmi\Norton AntiVirus\Navw32.exe [2008-11-03 13:11]
.
- - - - ORFÃOS REMOVIDOS - - - -

SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr


.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.alice.it/
R0 -: HKLM-Main,Start Page = about:blank
O17 -: HKLM\CCS\Interface\{5A153652-D550-4603-ACDA-5F9C31C74892}: NameServer = 85.37.17.43 85.38.28.96
.
.
------- Associazioni di file -------
.
txtfile=Notepad.exe "%1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 17:07:59
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************
.
Ora fine scansione: 2008-11-03 17:11:57
ComboFix-quarantined-files.txt 2008-11-03 16:10:52
ComboFix2.txt 2008-10-27 10:40:26

Pre-Run: 25,508,212,736 byte disponibili
Post-Run: 25,482,444,800 byte disponibili

344 --- E O F --- 2008-10-26 22:23:50


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17.23.20, on 03/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\WFXSVC.EXE
C:\Programmi\Symantec\WinFax\WFXMOD32.EXE
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS.0\system32\wfxsnt40.exe
C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\FreeMem Professional\Fmempro.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Programmi\Innovative Solutions\DriverMax\devices.exe
C:\Programmi\Symantec\WinFax\WFXCTL32.EXE
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS.0\explorer.exe
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciBrowser.exe
E:\Shareback\Hijackthis v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WebCam Monitor] C:\Programmi\Creative\WebCam Monitor\TrayMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS.0\system32\PuXpTwks.exe /TWEAK
O4 - HKLM\..\Run: [AAWTray] C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS.0\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS.0\CTRegRun.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\Symantec\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\Programmi\FreeMem Professional\Fmempro.exe" Startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverMax] "C:\Programmi\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Programmi\stickies\stickies.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Controller.LNK = C:\Programmi\Symantec\WinFax\WFXCTL32.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Unknown owner - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Microsoft Rendezvous Control (rend32) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Programmi\File comuni\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS.0\system32\WFXSVC.EXE
O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF

--
End of file - 10542 bytes
mancar53
Utente Junior
 
Post: 58
Iscritto il: 21/02/08 22:32

Re: non è una applicazione win32 valida

Postdi Luke57 » 03/11/08 17:45

@mancar53
Ciao, disistalla la versione di combofix sul computer:
start>esegui>combofix /u (lo digiti nello spazio)>ok
Poi, vai qui per riscaricarlo:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
devi rinominare il file prima di salvarlo sul desktop in abc.exe
(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file" ,basta che cambi il nome che ti appare in abc.exe)
Poi clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:
"%userprofile%\desktop\abc.exe" /killall
Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , riavia in modalità normale e posta il contenuto del file.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: non è una applicazione win32 valida

Postdi MIKI68 » 03/11/08 18:25

Per hijackthis fixia:
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVIZIO DI RETE')
Trucchi e impostazioni per un computer sempre efficiente http://miki68news.blogspot.com/
Avatar utente
MIKI68
Utente Senior
 
Post: 1732
Iscritto il: 17/10/08 15:26
Località: Bari

Re: non è una applicazione win32 valida

Postdi SkunkWorks 68 » 03/11/08 18:29

MIKI68 ha scritto:Maledetto Bagle...

Beh,insomma...l'infezione buona parte delle volte la prendi perchè te la cerchi... :roll: :mmmh:
Comincia a cancellare tutti ma proprio tutti i crack e keygen dal tuo PC,Il bagle si annida sempre lì.
Buon Lavoro.
Ciao
"Quando ti svegli la mattina,pensa quale prezioso privilegio e’ essere vivi:respirare, pensare,provare gioia e amare"(Marco Aurelio).
Avatar utente
SkunkWorks 68
Utente Senior
 
Post: 2336
Iscritto il: 03/03/07 08:55

Re: non è una applicazione win32 valida

Postdi mancar53 » 03/11/08 18:53

ecco il nuovo log di Combofix:


ComboFix 08-11-02.05 - Manlio 2008-11-03 18.28.33.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1682 [GMT 1:00]
Eseguito da: c:\documents and settings\Manlio.PC-HOME\desktop\abc.exe
Interruttori di comando utilizzati :: /killall
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt

.
((((((((((((((((((((((((( Files Creati Da 2008-10-03 al 2008-11-03 )))))))))))))))))))))))))))))))))))
.

2008-11-03 18:25 . 2008-11-03 18:27 <DIR> d-------- C:\ComboFix
2008-11-03 18:17 . 2008-11-03 18:17 <DIR> d-------- c:\programmi\Noteworthy Software
2008-11-03 14:47 . 2008-11-03 14:47 <DIR> d-------- C:\Muestras
2008-11-02 16:15 . 2008-11-02 16:18 419 --a------ c:\windows.0\nwplayer.ini
2008-11-02 15:57 . 2008-11-02 15:57 <DIR> d-------- c:\windows.0\ACAMPREF
2008-11-02 15:52 . 1994-09-21 00:00 12,800 --a------ c:\windows.0\system32\wing32.dll
2008-11-02 15:52 . 2008-11-02 16:05 889 --a------ c:\windows.0\wacam.ini
2008-11-02 15:52 . 2008-11-02 15:52 724 --a------ C:\WINDOWS.TMP
2008-10-25 20:09 . 2008-10-25 23:18 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-10-25 20:09 . 2008-10-25 20:09 <DIR> d-------- c:\documents and settings\Manlio.PC-HOME\Dati applicazioni\Malwarebytes
2008-10-25 20:09 . 2008-10-25 20:09 <DIR> d-------- c:\documents and settings\All Users.WINDOWS.0\Dati applicazioni\Malwarebytes
2008-10-25 20:09 . 2008-10-22 15:10 38,496 --a------ c:\windows.0\system32\drivers\mbamswissarmy.sys
2008-10-25 20:09 . 2008-10-22 15:10 15,504 --a------ c:\windows.0\system32\drivers\mbam.sys
2008-10-24 21:13 . 2008-10-15 17:36 337,408 -----c--- c:\windows.0\system32\dllcache\netapi32.dll
2008-10-18 20:34 . 2008-10-18 20:34 <DIR> d-------- c:\programmi\VstPlugins
2008-10-16 17:28 . 2008-10-16 17:28 <DIR> d-------- c:\programmi\Alien Connections
2008-10-16 17:28 . 1997-01-18 10:40 299,520 --a------ c:\windows.0\uninst.exe
2008-10-16 17:28 . 2008-10-16 17:28 0 --a------ c:\windows.0\PROTOCOL.INI
2008-10-16 14:07 . 2008-10-16 17:26 <DIR> d-------- C:\Audio
2008-10-16 11:17 . 2008-09-08 11:41 333,824 -----c--- c:\windows.0\system32\dllcache\srv.sys
2008-10-16 11:16 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows.0\system32\dllcache\ntoskrnl.exe
2008-10-16 11:16 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows.0\system32\dllcache\ntkrnlmp.exe
2008-10-16 11:16 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows.0\system32\dllcache\ntkrnlpa.exe
2008-10-16 11:16 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows.0\system32\dllcache\ntkrpamp.exe
2008-10-16 11:16 . 2008-09-15 16:24 1,846,400 -----c--- c:\windows.0\system32\dllcache\win32k.sys
2008-10-12 17:52 . 2008-10-12 17:52 <DIR> d-------- c:\documents and settings\Manlio.PC-HOME\.GalleryRemote
2008-10-11 22:51 . 2008-10-11 22:51 <DIR> d-------- c:\windows.0\USB Vibration
2008-10-10 20:33 . 2008-10-10 20:33 <DIR> d-------- c:\documents and settings\Manlio.PC-HOME\Dati applicazioni\SlySoft
2008-10-10 19:56 . 2008-10-10 19:56 <DIR> d-------- c:\programmi\Guitar Pro 5
2008-10-10 18:40 . 2008-10-10 18:40 <DIR> d-------- C:\Guitar Pro 4 full +serial
2008-10-09 20:08 . 2008-10-13 13:40 <DIR> d-------- c:\programmi\Guitar Calculator Pro
2008-10-09 20:04 . 2008-10-13 13:40 249,856 --------- c:\windows.0\Setup1.exe
2008-10-09 20:04 . 2008-10-13 13:40 73,216 --a------ c:\windows.0\ST6UNST.EXE
2008-10-09 17:49 . 2008-11-01 18:15 <DIR> d-------- C:\Gitune
2008-10-04 20:10 . 2008-10-04 20:10 <DIR> d-------- c:\documents and settings\All Users.WINDOWS.0\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 20:28 . 2008-10-03 20:28 <DIR> d-------- c:\documents and settings\Manlio.PC-HOME\Dati applicazioni\Sibelius Software
2008-10-03 20:27 . 2008-10-03 20:27 <DIR> d-------- c:\programmi\Musicnotes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 15:48 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-11-03 11:48 --------- d-----w c:\documents and settings\Manlio.PC-HOME\Dati applicazioni\stickies
2008-11-03 10:58 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Dati applicazioni\Google Updater
2008-11-02 23:02 --------- d-----w c:\programmi\Symantec
2008-11-02 21:11 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-11-02 21:11 --------- d-----w c:\programmi\eMule
2008-11-02 12:51 --------- d-----w c:\documents and settings\Manlio.PC-HOME\Dati applicazioni\Skype
2008-11-02 12:50 --------- d-----w c:\documents and settings\Manlio.PC-HOME\Dati applicazioni\skypePM
2008-11-01 12:19 --------- d-----w c:\programmi\FlatOut 2
2008-10-26 17:33 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Dati applicazioni\Lavasoft
2008-10-25 14:26 --------- d-----w c:\documents and settings\Manlio.PC-HOME\Dati applicazioni\uTorrent
2008-10-22 19:37 --------- d-----w c:\documents and settings\Manlio.PC-HOME\Dati applicazioni\Audacity
2008-10-16 13:07 --------- d-----w c:\programmi\Steinberg
2008-10-15 17:39 --------- d-----w c:\programmi\10-Strike SearchMyDiscs
2008-10-11 21:51 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-10 19:34 --------- d-----w c:\programmi\SlySoft
2008-10-10 19:29 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Dati applicazioni\SecTaskMan
2008-10-06 21:46 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Dati applicazioni\Spybot - Search & Destroy
2008-10-04 19:10 --------- d-----w c:\programmi\iTunes
2008-10-04 19:10 --------- d-----w c:\programmi\iPod
2008-10-04 11:05 --------- d-----w c:\programmi\Java
2008-10-02 17:17 --------- d-----w c:\programmi\BitTorrent Fastest Tool
2008-09-27 10:19 --------- d-----w c:\programmi\MediaCoder
2008-09-23 22:04 --------- d-----w c:\programmi\DVDx
2008-09-21 17:41 --------- d-----w c:\programmi\Formosoft
2008-09-20 13:57 --------- d-----w c:\programmi\LimeWire
2008-09-17 12:55 --------- d-----w c:\programmi\QuickTime
2008-09-17 12:54 --------- d-----w c:\programmi\File comuni\Apple
2008-09-17 12:48 --------- d-----w c:\programmi\Bonjour
2008-09-14 14:44 82,380 ----a-w c:\windows.0\system32\drivers\AFS2K.SYS
2008-09-14 13:49 0 ---ha-w c:\documents and settings\LocalService.NT AUTHORITY\hpothb07.dat
2008-09-12 11:48 --------- d-----w c:\programmi\ffdshow
2008-09-11 09:27 --------- d-----w c:\programmi\uTorrent
2008-09-08 10:41 333,824 ----a-w c:\windows.0\system32\drivers\srv.sys
2008-04-17 10:02 103,776 ----a-w c:\documents and settings\Manlio.PC-HOME\System_Restore.exe
2008-02-26 14:48 357,768 ----a-w c:\documents and settings\Manlio.PC-HOME\SymXPep2.dll
2008-02-26 14:03 251,216 ----a-w c:\documents and settings\Manlio.PC-HOME\IView.exe
2007-12-01 11:56 32 ----a-w c:\documents and settings\All Users.WINDOWS.0\Dati applicazioni\ezsid.dat
2007-01-28 17:38 87,608 ----a-w c:\documents and settings\Manlio\Dati applicazioni\ezpinst.exe
2007-01-28 17:38 87,608 ----a-w c:\documents and settings\Manlio.PC-HOME\Dati applicazioni\ezpinst.exe
2007-01-28 17:38 47,360 ----a-w c:\documents and settings\Manlio\Dati applicazioni\pcouffin.sys
2007-01-28 17:38 47,360 ----a-w c:\documents and settings\Manlio.PC-HOME\Dati applicazioni\pcouffin.sys
2008-03-27 17:15 2 --shatr c:\windows.0\winstart.bat
2002-09-10 11:00 4,952 --sha-r c:\windows.0\system32\AsBackup\AllUser\Bootfont.bin
2008-05-11 18:42 32,768 --sha-w c:\windows.0\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008051120080512\index.dat
.
Codice: Seleziona tutto
<pre>
----a-w           438,359 2006-04-21 13:41:20  c:\programmi\Alice ti aiuta\SmartBridge\MotiveSB .exe
----a-w           936,960 2006-11-21 14:26:22  c:\programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp .exe
----a-w            40,960 2002-03-06 00:31:00  c:\programmi\Creative\WebCam Monitor\TrayMon .exe
----a-w           153,136 2007-03-01 14:57:24  c:\programmi\File comuni\Nero\Lib\NeroCheck .exe
----a-w            68,856 2008-04-10 12:34:05  c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w            90,112 2002-10-06 23:23:20  c:\programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
----a-w            69,632 2002-04-17 09:42:56  c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
----a-w            88,024 2007-08-08 13:53:16  c:\programmi\Lavasoft\Ad-Aware 2007\AAWTray .exe
--sha-r         2,097,488 2008-01-28 10:43:40  c:\programmi\Spybot - Search & Destroy\TeaTimer .exe
----a-w            28,160 2002-12-12 05:45:00  c:\programmi\Symantec\WinFax\WFXSWTCH .exe
----a-w           307,200 2007-12-11 02:59:40  c:\programmi\Syncrosoft\POS\H2O\cledx .exe
----a-w            41,984 2000-12-26 13:35:00  c:\windows.0\CTRegRun .exe
----a-w            15,360 2004-08-19 13:39:36  c:\windows.0\system32\ctfmon .exe
----a-w           406,016 2004-03-10 23:26:10  c:\windows.0\system32\PSDrvCheck .exe
----a-w            14,348 2008-03-17 22:35:22  c:\windows.0\system32\drivers\hldrrr .exe
</pre>



((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [N/A]
"FreeMem Pro"="c:\programmi\FreeMem Professional\Fmempro.exe" [2000-03-27 428544]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-16 68856]
"ctfmon.exe"="c:\windows.0\system32\ctfmon.exe" [2008-04-14 15360]
"DriverMax"="c:\programmi\Innovative Solutions\DriverMax\devices.exe" [2008-07-25 5057368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCam Monitor"="c:\programmi\Creative\WebCam Monitor\TrayMon.exe" [N/A]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Share-to-Web Namespace Daemon"="c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [N/A]
"CamMonitor"="c:\programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-06 90112]
"AliceRE_McciTrayApp"="c:\progra~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe" [2006-11-21 936960]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2008-11-03 51048]
"osCheck"="c:\programmi\Norton AntiVirus\osCheck.exe" [2008-11-03 714608]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [N/A]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"PwrUpTweakMe"="c:\windows.0\system32\PuXpTwks.exe" [N/A]
"AAWTray"="c:\programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe" [N/A]
"PinnacleDriverCheck"="c:\windows.0\system32\\PSDrvCheck.exe" [N/A]
"CTRegRun"="c:\windows.0\CTRegRun.EXE" [N/A]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WFXSwtch"="c:\progra~1\Symantec\WinFax\WFXSWTCH.exe" [N/A]
"H2O"="c:\programmi\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2002-12-12 c:\windows.0\system32\WFXSNT40.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide2"="rundll32 advpack.dll" [N/A]

c:\documents and settings\Manlio.PC-HOME\Menu Avvio\Programmi\Esecuzione automatica\
Stickies.lnk - c:\programmi\stickies\stickies.exe [2006-03-29 348160]

c:\documents and settings\All Users.WINDOWS.0\Menu Avvio\Programmi\Inicio\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-04-15 217088]
Controller.LNK - c:\programmi\Symantec\WinFax\WFXCTL32.EXE [2008-04-28 565760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\progra~1\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.ffds"= c:\programmi\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\stickies\\stickies.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS.0\\system32\\ftp.exe"=
"c:\\Programmi\\File comuni\\Symantec Shared\\NPC\\npcLUStb.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4758:TCP"= 4758:TCP:messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 8192]
R2 wfxsvc;WinFax PRO;c:\windows.0\system32\WFXSVC.EXE [2000-09-28 129536]
R3 CLEDX;Team H2O CLEDX service;c:\windows.0\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;c:\windows.0\system32\DRIVERS\fetnd5bv.sys [2008-01-02 43520]
R3 PD1030VID;Creative WebCam Pro;c:\windows.0\system32\DRIVERS\p1030vid.sys [2006-12-18 167661]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\programmi\File comuni\Symantec Shared\ccSvcHst.exe [2008-11-03 149352]
S2 rend32;Microsoft Rendezvous Control;rundll32.exe c:\windows.0\system32\rend32.dll,ileb [ ]
S3 COH_Mon;COH_Mon;c:\windows.0\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
.
Contenuto della cartella 'Scheduled Tasks'

2008-09-01 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-10-27 c:\windows.0\Tasks\Norton AntiVirus - Scansione completa sistema - Manlio.job
- c:\programmi\Norton AntiVirus\Navw32.exe [2008-11-03 13:11]
.
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.alice.it/
R0 -: HKLM-Main,Start Page = about:blank
.
.
------- Associazioni di file -------
.
txtfile=Notepad.exe "%1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 18:34:47
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Symantec\WinFax\WFXMOD32.EXE
c:\programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciBrowser.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-03 18:46:57 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-03 17:46:52

Pre-Run: 25.598.152.704 byte disponibili
Post-Run: 25,580,826,624 byte disponibili

250 --- E O F --- 2008-10-26 22:23:50
mancar53
Utente Junior
 
Post: 58
Iscritto il: 21/02/08 22:32

Re: non è una applicazione win32 valida

Postdi Luke57 » 03/11/08 19:14

Ciao, nel report non si vede più traccia del bagle, fai una scansione on line con kaspersky e posta il report al termine di essa.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: non è una applicazione win32 valida

Postdi MIKI68 » 03/11/08 19:15

MIKI68 ha scritto:Per hijackthis fixia:
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVIZIO DI RETE')

Hai fixiato queste voci??
Trucchi e impostazioni per un computer sempre efficiente http://miki68news.blogspot.com/
Avatar utente
MIKI68
Utente Senior
 
Post: 1732
Iscritto il: 17/10/08 15:26
Località: Bari

Re: non è una applicazione win32 valida

Postdi mancar53 » 03/11/08 21:46

si l'ho fatto
mancar53
Utente Junior
 
Post: 58
Iscritto il: 21/02/08 22:32

Re: non è una applicazione win32 valida

Postdi mancar53 » 04/11/08 15:01

per Luke57 ecco il log di Kaspersky on line

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, November 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, November 04, 2008 04:33:30
Records in database: 1369345
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\

Scan statistics:
Files scanned: 169163
Threat name: 2
Infected objects: 25
Suspicious objects: 0
Duration of the scan: 04:59:14


File name / Threat name / Threats count
C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe3747087791 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe2817531100 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Comodo\BackUp\wfxsnt40.exe Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Creative\WebCam Monitor\TrayMon.exe1968004174 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Creative\WebCam Monitor\TrayMon.exe3603123047 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe1975429878 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe391248856 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe2049923591 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe2674067072 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe147916954 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe64888529 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe2526351523 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe3724203467 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe4290333143 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe1642574847 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe1756256617 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe2358498681 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe2615733471 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe520703291 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Symantec\WinFax\WFXSWTCH.exe933637446 Infected: Trojan.Win32.Pakes.jyv 1
C:\Programmi\Syncrosoft\POS\H2O\cledx.exe1440519091 Infected: Trojan.Win32.Pakes.jyv 1
C:\WINDOWS.0\CTRegRun.EXE2655353204 Infected: Trojan.Win32.Pakes.jyv 1
C:\WINDOWS.0\system32\drivers\hldrrr .exe Infected: Trojan.Win32.Pakes.jyv 1
C:\WINDOWS.0\system32\PSDrvCheck.exe3656351223 Infected: Trojan.Win32.Pakes.jyv 1
E:\Nuova cartella\freeripmp3.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.br 1

The selected area was scanned.


resto in attesa di ulteriori azioni da fare
mancar53
Utente Junior
 
Post: 58
Iscritto il: 21/02/08 22:32

Re: non è una applicazione win32 valida

Postdi Luke57 » 04/11/08 19:00

Ciao, carica the Avenger
http://swandog46.geekstogo.com/avenger.zip
salvalo in una cartella e scompatta il file .zip.
N.B. Avenger va Scaricato e lanciato dopo aver fatto girare Bagle Remover,se hai già Avenger eliminalo per poi riscaricarlo.

-Individua Avenger.exe e avvialo.
-Inserisci questo script nel box bianco:

Files to delete:
C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe3747087791
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe2817531100
C:\Programmi\Comodo\BackUp\wfxsnt40.exe
C:\Programmi\Creative\WebCam Monitor\TrayMon.exe1968004174 I
C:\Programmi\Creative\WebCam Monitor\TrayMon.exe3603123047 I
C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe1975429878
C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe391248856
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe2049923591
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe2674067072
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe147916954
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe64888529
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe2526351523
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe3724203467
C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe4290333143
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe1642574847
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe1756256617
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe2358498681
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe2615733471
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe520703291
C:\Programmi\Symantec\WinFax\WFXSWTCH.exe933637446
C:\Programmi\Syncrosoft\POS\H2O\cledx.exe1440519091
C:\WINDOWS.0\CTRegRun.EXE2655353204
C:\WINDOWS.0\system32\drivers\hldrrr .exe
C:\WINDOWS.0\system32\PSDrvCheck.exe3656351223


premi il tasto Execute, il computer si riavvierà, posta il report C:\avenger.txt
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: non è una applicazione win32 valida

Postdi mancar53 » 04/11/08 21:22

ecco il log di avenger, il programma lavasoft l'avevo già eliminato io a mano, immagino che adesso i programmi coinvolti non funzioneranno più giusto?
comunque grazie

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe3747087791" deleted successfully.
File "C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe2817531100" deleted successfully.
File "C:\Programmi\Comodo\BackUp\wfxsnt40.exe" deleted successfully.

Error: file "C:\Programmi\Creative\WebCam Monitor\TrayMon.exe1968004174 I" not found!
Deletion of file "C:\Programmi\Creative\WebCam Monitor\TrayMon.exe1968004174 I" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Programmi\Creative\WebCam Monitor\TrayMon.exe3603123047 I" not found!
Deletion of file "C:\Programmi\Creative\WebCam Monitor\TrayMon.exe3603123047 I" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe1975429878" deleted successfully.
File "C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe391248856" deleted successfully.
File "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe2049923591" deleted successfully.
File "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe2674067072" deleted successfully.
File "C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe147916954" deleted successfully.
File "C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe64888529" deleted successfully.
File "C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe2526351523" deleted successfully.
File "C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe3724203467" deleted successfully.

Error: could not open file "C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe4290333143"
Deletion of file "C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe4290333143" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

File "C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe1642574847" deleted successfully.
File "C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe1756256617" deleted successfully.
File "C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe2358498681" deleted successfully.
File "C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe2615733471" deleted successfully.
File "C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe520703291" deleted successfully.
File "C:\Programmi\Symantec\WinFax\WFXSWTCH.exe933637446" deleted successfully.
File "C:\Programmi\Syncrosoft\POS\H2O\cledx.exe1440519091" deleted successfully.
File "C:\WINDOWS.0\CTRegRun.EXE2655353204" deleted successfully.
File "C:\WINDOWS.0\system32\drivers\hldrrr .exe" deleted successfully.
File "C:\WINDOWS.0\system32\PSDrvCheck.exe3656351223" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
mancar53
Utente Junior
 
Post: 58
Iscritto il: 21/02/08 22:32

Re: non è una applicazione win32 valida

Postdi Luke57 » 04/11/08 22:00

Ciao, potrebbero essere copie infette dei file originali.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "non è una applicazione win32 valida":


Chi c’è in linea

Visitano il forum: Nessuno e 12 ospiti

cron