ops non ho fatto un bel niente prima di avviare Hijack This
posto il secondo log ma immagino risulti errato come il primo mi sa..
ora vado a dormire :S domani riprenderò da capo tutto..
molte grazie intanto
ComboFix 09-02-05.01 - HP_Proprietario 2009-02-05 22:03:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.184 [GMT 1:00]
Eseguito da: c:\documents and settings\HP_Proprietario\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
c:\documents and settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\wyuys.dat
c:\documents and settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\wyuys.exe
c:\documents and settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\wyuys_nav.dat
c:\documents and settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\wyuys_navps.dat
c:\programmi\webmediaplayer
c:\programmi\webmediaplayer\resources\languages_v2.xml
c:\programmi\webmediaplayer\resources\webmedias
c:\programmi\webmediaplayer\skins\classic.skn
c:\programmi\webmediaplayer\sqlite3.dll
c:\programmi\webmediaplayer\uninst.exe
c:\windows\IE4 Error Log.txt
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Creati Da 2009-01-05 al 2009-02-05 )))))))))))))))))))))))))))))))))))
.
2009-02-05 21:52 . 2009-02-05 21:53 <DIR> d-------- C:\32788R22FWJFW
2009-02-05 21:40 . 2009-02-05 21:40 <DIR> d-------- c:\programmi\Trend Micro
2009-02-05 21:39 . 2009-02-05 21:39 <DIR> d-------- c:\programmi\Nuova cartella
2009-01-31 19:04 . 2009-01-31 19:04 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\CanonIJ
2009-01-31 18:52 . 2009-01-31 18:52 <DIR> d-------- c:\documents and settings\HP_Proprietario\Dati applicazioni\Canon
2009-01-31 18:52 . 2009-01-31 18:52 <DIR> d--h----- c:\documents and settings\All Users\Dati applicazioni\CanonIJScan
2009-01-31 18:51 . 2009-01-31 18:51 <DIR> d--h----- c:\documents and settings\All Users\Dati applicazioni\CanonIJEGV
2009-01-31 18:42 . 2009-01-31 18:42 <DIR> d--h----- c:\documents and settings\All Users\Dati applicazioni\CanonIJSolutionMenu
2009-01-31 18:32 . 2009-01-31 18:32 <DIR> d-------- c:\programmi\File comuni\CANON
2009-01-31 18:28 . 2008-04-07 15:58 1,339,392 --a------ c:\windows\system32\CNQ4807C.DLL
2009-01-31 18:28 . 2008-04-18 14:51 598,016 --a------ c:\windows\system32\CNQ4807L.DLL
2009-01-31 18:28 . 2007-03-15 15:12 188,416 --a------ c:\windows\system32\CNQ4807O.DLL
2009-01-31 18:28 . 2008-04-07 15:58 98,304 --a------ c:\windows\system32\CNQ4807I.DLL
2009-01-21 22:51 . 2009-01-21 22:50 410,984 --a------ c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 21:19 --------- d-----w c:\programmi\eMule
2009-02-01 12:58 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\CanonIJPLM
2009-02-01 08:50 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-02-01 08:49 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-01 08:49 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-31 17:33 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-31 17:33 --------- d-----w c:\programmi\ArcSoft
2009-01-31 17:32 --------- d-----w c:\programmi\Canon
2009-01-31 17:28 --------- d--h--w c:\programmi\CanonBJ
2009-01-21 21:50 --------- d-----w c:\programmi\Java
2009-01-10 14:20 --------- d-----w c:\documents and settings\HP_Proprietario\Dati applicazioni\Skype
2009-01-10 14:01 --------- d-----w c:\documents and settings\HP_Proprietario\Dati applicazioni\skypePM
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 05:52 --------- d-----w c:\programmi\Nokia
2008-12-10 05:52 --------- d-----w c:\programmi\File comuni\PCSuite
2008-12-10 05:52 --------- d-----w c:\programmi\File comuni\Nokia
2008-12-10 05:50 --------- d-----w c:\programmi\PC Connectivity Solution
2008-12-10 05:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Installations
2008-12-05 17:39 --------- d-----w c:\programmi\File comuni\Adobe
2008-05-30 20:06 22,867,848 ----a-w c:\programmi\AVAST.exe
2006-06-06 23:49 59,392 ----a-w c:\documents and settings\HP_Proprietario\NETVISION.exe
2005-09-19 08:14 22 --sha-w c:\windows\SMINST\HPCD.sys
2008-10-25 08:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008102520081026\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0576ce31-08d6-4b30-a46d-a9be320786c1}"= "c:\programmi\ITALIA_version_FM\tbITAL.dll" [2008-01-28 1555480]
[HKEY_CLASSES_ROOT\clsid\{0576ce31-08d6-4b30-a46d-a9be320786c1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0576ce31-08d6-4b30-a46d-a9be320786c1}]
2008-01-28 13:47 1555480 --a------ c:\programmi\ITALIA_version_FM\tbITAL.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0576ce31-08d6-4b30-a46d-a9be320786c1}"= "c:\programmi\ITALIA_version_FM\tbITAL.dll" [2008-01-28 1555480]
[HKEY_CLASSES_ROOT\clsid\{0576ce31-08d6-4b30-a46d-a9be320786c1}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0576CE31-08D6-4B30-A46D-A9BE320786C1}"= "c:\programmi\ITALIA_version_FM\tbITAL.dll" [2008-01-28 1555480]
[HKEY_CLASSES_ROOT\clsid\{0576ce31-08d6-4b30-a46d-a9be320786c1}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-20 68856]
"OM_Monitor"="c:\programmi\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Picasa Media Detector"="c:\documents and settings\HP_Proprietario\Documenti\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-03 344064]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Creative WebCam Tray"="c:\programmi\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 184320]
"SMSTray"="c:\programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"OM_Monitor"="c:\programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-01 1601304]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-02-21 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-02-18 c:\windows\ALCWZRD.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
c:\documents and settings\HP_Proprietario\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-15 113664]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.exe.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-15 113664]
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-15 113664]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-01 09:49 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\WinMX\\WinMX.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\miRc\\mIRC_ECLiPSe_v.2.6\\mirc.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Documents and Settings\\HP_Proprietario\\Documenti\\PRIVATO FAMIGLIA\\MP3\\utorrent.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-30 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-05-30 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 298264]
S3 Flpaervtrcsd;Flpaervtrcsd;c:\windows\system32\drivers\avg7core.sys --> c:\windows\system32\drivers\avg7core.sys [?]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - MSCamSvc
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - ServiceLayer
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-VoipBuster - c:\programmi\voipbuster.com\voipbuster\voipbuster.exe
HKCU-Run-wyuys - c:\documents and settings\hp_proprietario\impostazioni locali\dati applicazioni\wyuys.exe
HKLM-Run-QuickTime Task - c:\programmi\QuickTime\qttask.exe
HKLM-Run-NWEReboot - (no file)
HKU-Default-Run-Nokia.PCSync - c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext =
hxxp://internet.sunrise.ch/uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} -
hxxp://www.facebook.com/controls/contactx.dll.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-05 22:23:19
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Canon\IJPLM\ijplmsvc.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft LifeCam\MSCamS32.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-05 22:28:49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-02-05 21:28:40
Pre-Run: 91'679'576'064 byte disponibili
Post-Run: 91,735,511,040 byte disponibili
246 --- E O F --- 2009-01-14 02:09:11
.: HeLP Me :.