Condividi:        

Trojan ecco il report

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Trojan ecco il report

Postdi eleivga » 13/10/09 21:30

Per favore, di seguito il report di Hijachthis, dopo aver trovato un Dropper.gen e Dldr.wimad.V.3 con Avira
(ho fatto ricerca con Google come consigliato ma... non ci capisco un'acca), grazie mille! :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.07.43, on 13/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Search Settings\SearchSettings.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66020
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66020
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\kb128\SearchSettings.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\kb128\SearchSettings.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Programmi\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [SearchSettings] C:\Programmi\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [feedreader.exe] "C:\Programmi\FeedReader30\feedreader.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Programmi\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/go-karts/it/"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D96EFBC-B4CA-439C-8097-F21A4CDE0758}: NameServer = 85.37.17.5 85.38.28.77
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10878 bytes
eleivga
Utente Senior
 
Post: 294
Iscritto il: 07/08/09 12:36

Sponsor
 

Re: Trojan ecco il report

Postdi shel » 13/10/09 21:58

ciao

Scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disconnetiti da internet
Disattiva l'antivirus.
Avvia il file ComboFix.exe
Digita 1 per avviare il tool
Segui le istruzioni (non fare nulla durante la scansione, se spariscono le icone dal desktop è normale) e alla fine verrà generato un log.
Finito, posta il log che trovi in C:\Combofix.txt
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan ecco il report

Postdi eleivga » 13/10/09 22:18

ciao Shel, ho fatto tutto e questo è di seguito il report:
(2 domande:la scansione l'ho fatta senza connessione, ma di solito non è necessaria per esempio con Avira?!?!; mi dice te quando posso riattivare Avira?)
ComboFix 09-10-13.01 - elena 13/10/2009 23.05.53.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.416 [GMT 2:00]
Eseguito da: d:\documents and settings\elena\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
c:\programmi\Search Settings
c:\programmi\Search Settings\kb128\SeARchsettings.dll
c:\programmi\Search Settings\kb128\SearchSettingsRes409.dll
c:\programmi\Search Settings\SearchSettings.exe
c:\recycler\S-1-5-21-1613130643-2853886440-2512024518-500
c:\recycler\S-1-5-21-519248355-1707108783-2238449572-500
c:\windows\Installer\WMEncoder.msi
c:\windows\kb913800.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-09-13 al 2009-10-13 )))))))))))))))))))))))))))))))))))
.

2009-10-04 06:38 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 13:59 . 2009-10-02 13:59 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-10-02 13:59 . 2009-10-02 13:59 -------- d-----w- c:\programmi\File comuni\Nokia
2009-09-15 17:07 . 2007-10-04 15:42 48128 ----a-w- c:\windows\system32\Remove.exe
2009-09-15 17:07 . 2008-02-13 11:17 618112 ----a-w- c:\windows\system32\drivers\PFC027.SYS
2009-09-15 17:07 . 2009-09-15 17:07 -------- d-----w- c:\programmi\Trust
2009-09-15 17:07 . 2006-10-12 09:57 14336 ----a-w- c:\windows\system32\P207USD.dll
2009-09-15 17:07 . 2009-09-15 17:07 -------- d-----w- c:\programmi\File comuni\PAC207
2009-09-15 17:07 . 2009-09-15 17:07 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 16:42 . 2007-07-22 13:17 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-10-10 13:48 . 2007-02-15 15:40 -------- d-----w- c:\programmi\eMule
2009-10-04 07:17 . 2008-11-20 16:59 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\dvdcss
2009-10-02 17:13 . 2009-09-13 19:02 921632 ----a-w- C:\PA207.DAT
2009-10-02 13:58 . 2008-01-15 10:28 -------- d-----w- c:\programmi\Nokia
2009-10-02 13:58 . 2008-01-14 14:09 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Installations
2009-09-15 17:07 . 2006-11-09 20:45 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-09-15 14:40 . 2008-02-26 22:00 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\DivX
2009-09-13 17:36 . 2008-01-29 10:33 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\ArcSoft
2009-09-13 17:32 . 2009-09-13 17:32 -------- d-----w- c:\programmi\File comuni\ArcSoft
2009-09-13 17:31 . 2007-01-23 20:30 -------- d-----w- c:\programmi\ArcSoft
2009-09-11 22:24 . 2008-02-26 19:46 -------- d-----w- c:\programmi\DivX
2009-09-11 22:24 . 2009-08-02 06:58 -------- d-----w- c:\programmi\vso
2009-09-11 22:08 . 2009-09-11 22:08 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\Media Player Classic
2009-09-10 21:59 . 2009-09-10 21:58 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-09-07 07:17 . 2009-03-29 07:09 -------- d-----w- c:\programmi\CDBurnerXP
2009-09-06 12:39 . 2006-11-09 20:45 -------- d-----w- c:\programmi\Sonic
2009-09-06 12:35 . 2009-09-06 12:35 -------- d-----w- c:\programmi\CCleaner
2009-09-05 18:45 . 2009-09-05 18:45 -------- d-----w- c:\programmi\VS Revo Group
2009-09-05 18:33 . 2008-03-16 21:37 -------- d-----w- c:\programmi\Lavasoft
2009-09-01 13:41 . 2009-09-01 13:41 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2009-08-29 12:30 . 2009-08-29 12:30 -------- d-----w- d:\documents and settings\gaia\Dati applicazioni\vlc
2009-08-29 09:16 . 2009-08-29 09:16 -------- d-----w- c:\programmi\Microsoft
2009-08-29 09:09 . 2009-08-29 08:50 133 ----a-w- d:\documents and settings\gaia\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-08-29 08:53 . 2009-08-29 08:53 -------- d-----w- d:\documents and settings\gaia\Dati applicazioni\Search Settings
2009-08-29 08:51 . 2009-08-29 08:51 -------- d-----w- d:\documents and settings\gaia\Dati applicazioni\PC Suite
2009-08-26 13:51 . 2009-08-02 20:59 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-08 14:04 . 2009-08-08 14:04 574 ----a-w- C:\cleanup.bat
2009-08-08 14:04 . 2009-08-08 14:04 135168 ----a-w- C:\zip.exe
2009-08-07 13:14 . 2009-08-07 13:14 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-07 08:22 . 2004-10-25 18:40 84048 ----a-w- c:\windows\system32\perfc010.dat
2009-08-07 08:22 . 2004-10-25 18:40 489396 ----a-w- c:\windows\system32\perfh010.dat
2009-08-05 08:59 . 2004-10-25 18:38 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-08-08 14:13 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-08-08 14:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2004-10-25 18:37 58880 ----a-w- c:\windows\system32\atl.dll
2008-01-17 13:15 . 2008-01-17 10:55 48 --sh--w- c:\windows\S9A0A7A22.tmp
2008-03-29 12:46 . 2008-03-27 16:26 2756640 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-12-08 14:39 . 2005-12-08 14:39 975360 c:\apps\SMP\bak\SmpSys.exe

2006-03-30 15:45 . 2006-03-30 15:45 313472 c:\programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

2007-02-06 11:38 . 2003-10-29 14:11 462848 c:\programmi\digicomt\Michelangelo USB ADSL\bak\CnxDslTb.exe

2008-01-06 18:01 . 2007-11-01 09:30 1201664 c:\programmi\FeedReader30\bak\feedreader.exe

2005-02-16 15:15 . 2005-02-16 15:15 81920 c:\programmi\File comuni\InstallShield\UpdateService\bak\issch.exe

2003-09-29 23:14 . 2003-09-29 23:14 155648 c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe

2006-10-09 10:56 . 2004-10-04 11:03 310272 c:\programmi\Goto Software\Vade Retro\bak\Vaderetro_oe.exe

2007-04-23 20:51 . 2007-12-21 12:21 579072 c:\programmi\Grisoft\AVG7\bak\avgcc.exe

2007-08-01 20:59 . 2007-08-01 20:59 77824 c:\programmi\Java\jre1.6.0\bin\bak\jusched.exe

2007-12-10 09:12 . 2007-12-10 09:12 695808 c:\programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe

2006-10-09 11:02 . 2006-10-09 11:02 98304 c:\programmi\QuickTime\bak\qttask.exe

2007-01-29 17:04 . 2002-02-04 21:32 53248 c:\programmi\REGSHAVE\bak\REGSHAVE.EXE

2006-03-21 12:19 . 2006-03-21 12:19 69632 c:\programmi\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe

2006-11-03 18:20 . 2006-11-03 18:20 866584 c:\programmi\Windows Defender\bak\MSASCui.exe
2006-11-03 18:20 . 2006-11-03 18:20 866584 c:\programmi\Windows Defender\MSASCui.exe

2006-10-09 10:35 . 2005-09-29 12:01 67584 c:\windows\ehome\bak\ehtray.exe
2006-10-09 10:35 . 2005-08-17 20:40 64512 c:\windows\ehome\ehtray.exe

2004-10-25 18:53 . 2004-09-07 12:00 208952 c:\windows\ime\IMJP8_1\bak\IMJPMIG.EXE
2004-10-25 18:53 . 2004-09-07 12:00 208952 c:\windows\ime\IMJP8_1\imjpmig.exe

2004-10-25 18:39 . 2004-09-07 12:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-10-25 18:39 . 2008-04-14 02:14 15360 c:\windows\system32\ctfmon.exe

2004-10-25 18:53 . 2004-09-07 12:00 455168 c:\windows\system32\IME\TINTLGNT\bak\TINTSETP.EXE
2004-10-25 18:53 . 2004-09-07 12:00 455168 c:\windows\system32\IME\TINTLGNT\tintsetp.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"feedreader.exe"="c:\programmi\FeedReader30\feedreader.exe" [N/A]
"Rainlendar2"="c:\programmi\Rainlendar2\Rainlendar2.exe" [N/A]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [N/A]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Nokia FastStart"="c:\programmi\Nokia\Nokia Music\NokiaMusic.exe" [N/A]
"SearchSettings"="c:\programmi\Search Settings\SearchSettings.exe" [N/A]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2004-06-29 569344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4662:TCP"= 4662:TCP:127.0.0.1

R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 20.19.58 13592]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [06/02/2007 13.38.28 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [06/02/2007 13.38.28 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [06/02/2007 13.38.28 108675]
S1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys --> c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [15/09/2009 19.07.49 618112]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-13 c:\windows\Tasks\Configura il mio PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 08:03]

2009-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-22 19:33]

2009-10-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-10-11 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-10-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-10-13 c:\windows\Tasks\User_Feed_Synchronization-{6AFA8E2B-55E2-4B55-BDFE-B9562D22A3B1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = "c:\programmi\Outlook Express\msimn.exe"
IE: Add to AMV Converter... - c:\programmi\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - d:\documents and settings\elena\Dati applicazioni\Mozilla\Firefox\Profiles\2g4m2snj.default\
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\programmi\DivX\DivXWebPlayerUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 23:10
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-10-13 23.13.03
ComboFix-quarantined-files.txt 2009-10-13 21:13

Pre-Run: 12.870.221.824 byte disponibili
Post-Run: 12.838.326.272 byte disponibili

213 --- E O F --- 2009-10-12 15:46
eleivga
Utente Senior
 
Post: 294
Iscritto il: 07/08/09 12:36

Re: Trojan ecco il report

Postdi shel » 14/10/09 10:42

ciao

esegui questa procedura


Scarica Avenger

http://swandog46.geekstogo.com/avenger.zip

Estrailo in una cartella a tua scelta
Esegui il file avenger.exe
Ora incolla queste righe nella box bianca che si è aperta:





files to move:
c:\apps\SMP\bak\SmpSys.exe| c:\apps\SMP\SmpSys.exe
c:\programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe| c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
c:\programmi\digicomt\Michelangelo USB ADSL\bak\CnxDslTb.exe| c:\programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
c:\programmi\FeedReader30\bak\feedreader.exe| c:\programmi\FeedReader30\feedreader.exe
c:\programmi\File comuni\InstallShield\UpdateService\bak\issch.exe| c:\programmi\File comuni\InstallShield\UpdateService\issch.exe
c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe| c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
c:\programmi\Goto Software\Vade Retro\bak\Vaderetro_oe.exe| c:\programmi\Goto Software\Vade Retro\Vaderetro_oe.exe
c:\programmi\Grisoft\AVG7\bak\avgcc.exe| c:\programmi\Grisoft\AVG7\avgcc.exe
c:\programmi\Java\jre1.6.0\bin\bak\jusched.exe| c:\programmi\Java\jre1.6.0\bin\jusched.exe
c:\programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe| c:\programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
c:\programmi\QuickTime\bak\qttask.exe| c:\programmi\QuickTime\qttask.exe
c:\programmi\REGSHAVE\bak\REGSHAVE.EXE| c:\programmi\REGSHAVE\REGSHAVE.EXE
c:\programmi\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe| c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
c:\programmi\Windows Defender\bak\MSASCui.exe| c:\programmi\Windows Defender\MSASCui.exe
c:\windows\ehome\bak\ehtray.exe| c:\windows\ehome\ehtray.exe
c:\windows\ime\IMJP8_1\bak\IMJPMIG.EXE| c:\windows\ime\IMJP8_1\IMJPMIG.EXE
c:\windows\system32\bak\ctfmon.exe| c:\windows\system32\ctfmon.exe
c:\windows\system32\IME\TINTLGNT\bak\TINTSETP.EXE| c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE



Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan ecco il report

Postdi eleivga » 14/10/09 13:42

Ecco Shel, ho eseguito alla lettera:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File move operation "c:\apps\SMP\bak\SmpSys.exe|c:\apps\SMP\SmpSys.exe" completed successfully.
File move operation "c:\programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe|c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" completed successfully.
File move operation "c:\programmi\digicomt\Michelangelo USB ADSL\bak\CnxDslTb.exe|c:\programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" completed successfully.
File move operation "c:\programmi\FeedReader30\bak\feedreader.exe|c:\programmi\FeedReader30\feedreader.exe" completed successfully.
File move operation "c:\programmi\File comuni\InstallShield\UpdateService\bak\issch.exe|c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" completed successfully.
File move operation "c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe|c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" completed successfully.
File move operation "c:\programmi\Goto Software\Vade Retro\bak\Vaderetro_oe.exe|c:\programmi\Goto Software\Vade Retro\Vaderetro_oe.exe" completed successfully.
File move operation "c:\programmi\Grisoft\AVG7\bak\avgcc.exe|c:\programmi\Grisoft\AVG7\avgcc.exe" completed successfully.
File move operation "c:\programmi\Java\jre1.6.0\bin\bak\jusched.exe|c:\programmi\Java\jre1.6.0\bin\jusched.exe" completed successfully.
File move operation "c:\programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe|c:\programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" completed successfully.
File move operation "c:\programmi\QuickTime\bak\qttask.exe|c:\programmi\QuickTime\qttask.exe" completed successfully.
File move operation "c:\programmi\REGSHAVE\bak\REGSHAVE.EXE|c:\programmi\REGSHAVE\REGSHAVE.EXE" completed successfully.
File move operation "c:\programmi\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe|c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" completed successfully.
File move operation "c:\programmi\Windows Defender\bak\MSASCui.exe|c:\programmi\Windows Defender\MSASCui.exe" completed successfully.
File move operation "c:\windows\ehome\bak\ehtray.exe|c:\windows\ehome\ehtray.exe" completed successfully.
File move operation "c:\windows\ime\IMJP8_1\bak\IMJPMIG.EXE|c:\windows\ime\IMJP8_1\IMJPMIG.EXE" completed successfully.
File move operation "c:\windows\system32\bak\ctfmon.exe|c:\windows\system32\ctfmon.exe" completed successfully.
File move operation "c:\windows\system32\IME\TINTLGNT\bak\TINTSETP.EXE|c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" completed successfully.

Completed script processing.

*******************

Finished! Terminate.


PS: quando posso riattivare Avira ?
eleivga
Utente Senior
 
Post: 294
Iscritto il: 07/08/09 12:36

Re: Trojan ecco il report

Postdi shel » 14/10/09 15:33

ciao

ripeti la scansione con combofix e posta il report- appena finita la nuova scansione, riattiva l'antivirus
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan ecco il report

Postdi eleivga » 14/10/09 19:59

ecco:
ComboFix 09-10-13.04 - elena 14/10/2009 20.49.36.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.564 [GMT 2:00]
Eseguito da: d:\documents and settings\elena\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-09-14 al 2009-10-14 )))))))))))))))))))))))))))))))))))
.

2009-10-04 06:38 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 13:59 . 2009-10-02 13:59 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-10-02 13:59 . 2009-10-02 13:59 -------- d-----w- c:\programmi\File comuni\Nokia
2009-09-15 17:07 . 2007-10-04 15:42 48128 ----a-w- c:\windows\system32\Remove.exe
2009-09-15 17:07 . 2008-02-13 11:17 618112 ----a-w- c:\windows\system32\drivers\PFC027.SYS
2009-09-15 17:07 . 2009-09-15 17:07 -------- d-----w- c:\programmi\Trust
2009-09-15 17:07 . 2006-10-12 09:57 14336 ----a-w- c:\windows\system32\P207USD.dll
2009-09-15 17:07 . 2009-09-15 17:07 -------- d-----w- c:\programmi\File comuni\PAC207
2009-09-15 17:07 . 2009-09-15 17:07 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 18:42 . 2007-07-22 13:17 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-10-14 12:36 . 2007-11-30 13:37 -------- d-----w- c:\programmi\Windows Defender
2009-10-14 12:36 . 2007-01-29 17:04 -------- d-----w- c:\programmi\REGSHAVE
2009-10-14 12:36 . 2006-11-09 20:45 -------- d-----w- c:\programmi\QuickTime
2009-10-14 12:36 . 2007-07-15 13:09 -------- d-----w- c:\programmi\FeedReader30
2009-10-14 12:35 . 2009-10-14 12:35 574 ----a-w- C:\cleanup.bat
2009-10-14 12:35 . 2009-10-14 12:35 135168 ----a-w- C:\zip.exe
2009-10-10 13:48 . 2007-02-15 15:40 -------- d-----w- c:\programmi\eMule
2009-10-04 07:17 . 2008-11-20 16:59 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\dvdcss
2009-10-02 17:13 . 2009-09-13 19:02 921632 ----a-w- C:\PA207.DAT
2009-10-02 13:58 . 2008-01-15 10:28 -------- d-----w- c:\programmi\Nokia
2009-10-02 13:58 . 2008-01-14 14:09 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Installations
2009-09-15 17:07 . 2006-11-09 20:45 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-09-15 14:40 . 2008-02-26 22:00 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\DivX
2009-09-13 17:36 . 2008-01-29 10:33 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\ArcSoft
2009-09-13 17:32 . 2009-09-13 17:32 -------- d-----w- c:\programmi\File comuni\ArcSoft
2009-09-13 17:31 . 2007-01-23 20:30 -------- d-----w- c:\programmi\ArcSoft
2009-09-11 22:24 . 2008-02-26 19:46 -------- d-----w- c:\programmi\DivX
2009-09-11 22:24 . 2009-08-02 06:58 -------- d-----w- c:\programmi\vso
2009-09-11 22:08 . 2009-09-11 22:08 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\Media Player Classic
2009-09-10 21:59 . 2009-09-10 21:58 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-09-07 07:17 . 2009-03-29 07:09 -------- d-----w- c:\programmi\CDBurnerXP
2009-09-06 12:39 . 2006-11-09 20:45 -------- d-----w- c:\programmi\Sonic
2009-09-06 12:35 . 2009-09-06 12:35 -------- d-----w- c:\programmi\CCleaner
2009-09-05 18:45 . 2009-09-05 18:45 -------- d-----w- c:\programmi\VS Revo Group
2009-09-05 18:33 . 2008-03-16 21:37 -------- d-----w- c:\programmi\Lavasoft
2009-09-01 13:41 . 2009-09-01 13:41 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2009-08-29 12:30 . 2009-08-29 12:30 -------- d-----w- d:\documents and settings\gaia\Dati applicazioni\vlc
2009-08-29 09:16 . 2009-08-29 09:16 -------- d-----w- c:\programmi\Microsoft
2009-08-29 09:09 . 2009-08-29 08:50 133 ----a-w- d:\documents and settings\gaia\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-08-29 08:53 . 2009-08-29 08:53 -------- d-----w- d:\documents and settings\gaia\Dati applicazioni\Search Settings
2009-08-29 08:51 . 2009-08-29 08:51 -------- d-----w- d:\documents and settings\gaia\Dati applicazioni\PC Suite
2009-08-26 13:51 . 2009-08-02 20:59 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-07 13:14 . 2009-08-07 13:14 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-07 08:22 . 2004-10-25 18:40 84048 ----a-w- c:\windows\system32\perfc010.dat
2009-08-07 08:22 . 2004-10-25 18:40 489396 ----a-w- c:\windows\system32\perfh010.dat
2009-08-05 08:59 . 2004-10-25 18:38 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-08-08 14:13 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-08-08 14:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2004-10-25 18:37 58880 ----a-w- c:\windows\system32\atl.dll
2008-01-17 13:15 . 2008-01-17 10:55 48 --sh--w- c:\windows\S9A0A7A22.tmp
2008-03-29 12:46 . 2008-03-27 16:26 2756640 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-09-07 . 33F14C55448FFA3E9DAE4854CC632D33 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-09-07 . 33F14C55448FFA3E9DAE4854CC632D33 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-13_21.10.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-09 10:35 . 2005-09-29 12:01 67584 c:\windows\ehome\ehtray.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"feedreader.exe"="c:\programmi\FeedReader30\feedreader.exe" [2007-11-01 1201664]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2004-06-29 569344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-07 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4662:TCP"= 4662:TCP:127.0.0.1

R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 20.19.58 13592]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [06/02/2007 13.38.28 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [06/02/2007 13.38.28 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [06/02/2007 13.38.28 108675]
S1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys --> c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [15/09/2009 19.07.49 618112]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-14 c:\windows\Tasks\Configura il mio PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 08:03]

2009-10-14 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-22 19:33]

2009-10-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-10-11 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-10-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-10-14 c:\windows\Tasks\User_Feed_Synchronization-{6AFA8E2B-55E2-4B55-BDFE-B9562D22A3B1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = "c:\programmi\Outlook Express\msimn.exe"
IE: Add to AMV Converter... - c:\programmi\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {5D96EFBC-B4CA-439C-8097-F21A4CDE0758} = 85.37.17.5 85.38.28.77
FF - ProfilePath - d:\documents and settings\elena\Dati applicazioni\Mozilla\Firefox\Profiles\2g4m2snj.default\
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-Rainlendar2 - c:\programmi\Rainlendar2\Rainlendar2.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-Nokia FastStart - c:\programmi\Nokia\Nokia Music\NokiaMusic.exe
HKLM-Run-SearchSettings - c:\programmi\Search Settings\SearchSettings.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 20:53
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-10-14 20.56.08
ComboFix-quarantined-files.txt 2009-10-14 18:56
ComboFix2.txt 2009-10-13 21:13

Pre-Run: 12.837.855.232 byte disponibili
Post-Run: 12.799.049.728 byte disponibili

193 --- E O F --- 2009-10-12 15:46


NB: all'accensione del PC appare una finestra che dice
Error: atom.xsl file not found.

Attendo le tue "dritte" :)
eleivga
Utente Senior
 
Post: 294
Iscritto il: 07/08/09 12:36

Re: Trojan ecco il report

Postdi shel » 14/10/09 20:43

sinceramente quel messaggio non lo conosco, mi informero'

per ora esegui queste operazioni


scarica Ccleaner

http://www.filehippo.com/download_ccleaner/

1) per il download dell'ultima versione clicca a destra in alto sotto la freccia verde
2) installalo
3) clicca su "avvia pulizia", ripeti il procedimento 2 volte

poi

scarica Atfcleaner

http://www.atribune.org/ccount/click.php?id=1

Avvia ATFCleaner.exe con un doppio click

1) seleziona la casella Select All
2) clicca sul pulsante Empty selected
3) aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta) - (se usi opera o firefox,spunta anche le loro sezioni)


scarica Malwarebytes


http://www.malwarebytes.org/mbam/program/mbam-setup.exe



1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare le eventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan ecco il report

Postdi eleivga » 14/10/09 22:37

Fatto tutto: ecco il log:


Malwarebytes' Anti-Malware 1.40
Versione del database: 2719
Windows 5.1.2600 Service Pack 3

14/10/2009 23.35.21
mbam-log-2009-10-14 (23-35-13).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|)
Elementi scansionati: 239290
Tempo trascorso: 53 minute(s), 55 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 3

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
eleivga
Utente Senior
 
Post: 294
Iscritto il: 07/08/09 12:36

Re: Trojan ecco il report

Postdi shel » 15/10/09 08:10

ciao

dovresti postare il log completo, non riesco a legere quali sono i 3 file infetti che malwarebytes ha trovato
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan ecco il report

Postdi eleivga » 15/10/09 20:20

hai ragione Shel, mi erano rimasti fuori proprio questi, eccoli:

File infetti:
C:\Qoobox\Quarantine\C\cleanup.exe.vir (Trojan.Banker) -> No action taken.
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP795\A0114892.exe (Trojan.Banker) -> No action taken.
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP795\A0115079.exe (Trojan.Banker) -> No action taken.
eleivga
Utente Senior
 
Post: 294
Iscritto il: 07/08/09 12:36

Re: Trojan ecco il report

Postdi shel » 15/10/09 20:33

riavvia malwarebytes ed elimina quello che ha trovato

disattiva il ripristino, riavvia il pc- riattivalo e crea un nuovo punto


scarica CCleaner
http://www.ccleaner.com
Importante:
In fase d’installazione levare la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)



disinstalla combofix in questo modo
Clicca su start>esegui
nel box bianco digita questo comando
combofix /u
Clicca su Ok
Quando appare il disclaimer, seleziona l'opzione 2 e verranno rimossi tutti i files e cartelle assocciate a Combofix.
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan ecco il report

Postdi eleivga » 15/10/09 22:44

Shel, non sono riuscita a fare:
disinstalla combofix in questo modo
Clicca su start>esegui
Clicca su Ok
Quando appare il disclaimer, seleziona l'opzione 2 e verranno rimossi tutti i files e cartelle assocciate a Combofix."

cioè mi è partita la scansione di Combo; era così?!?
eleivga
Utente Senior
 
Post: 294
Iscritto il: 07/08/09 12:36

Re: Trojan ecco il report

Postdi shel » 16/10/09 09:28

ciao

prova cosi'-

Start\esegui -



nella casella di dlialogo copia ed incolla questo comando: combofix /u


vai in Disco Locale C: ed elimina la cartella QooBox


elimina l'eventuale cartella che avevi creato sul Desktop in cui avevi posizionato Combofix.
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan ecco il report

Postdi eleivga » 16/10/09 14:17

ho fatto ed ora ? devo ripetere le scansioni ?"?
eleivga
Utente Senior
 
Post: 294
Iscritto il: 07/08/09 12:36

Re: Trojan ecco il report

Postdi shel » 16/10/09 15:52

ciao

se il pc va bene puoi postarmi un log di hijackthis per un controllo finale
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan ecco il report

Postdi eleivga » 16/10/09 21:28

all'accensione del pc appare una finestra con scritto "atom.xls file not found, make sure "style sheet" folder exists.
Poi la chiudo e ne appare un'altra "application cannot start. Library gds.32.dll not found"
- Comunque questo è l'ultimo report di Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.01.39, on 16/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [feedreader.exe] "C:\Programmi\FeedReader30\feedreader.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/go-karts/it/"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9512 bytes
eleivga
Utente Senior
 
Post: 294
Iscritto il: 07/08/09 12:36

Re: Trojan ecco il report

Postdi shel » 16/10/09 21:44

sebra che l'errore e' riferito ad un file di un programma, freedreader

lo hai installato nel pc?

nel log fixa questa voce con hijackthis

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan ecco il report

Postdi eleivga » 17/10/09 07:55

Bgiorno Shel,
sì, forse ma tanto tanto tempo fa...
ehm "nel log fixa questa voce con hijackthis", ho provato ad aprire Hijackthis ma non so dove copiare la frase che mi hai detto.
grazie ancora
eleivga
Utente Senior
 
Post: 294
Iscritto il: 07/08/09 12:36

Re: Trojan ecco il report

Postdi Luke57 » 17/10/09 10:11

Ciao, dopo averlo aperto premi " do a system scan only", cerca e spunta la voce indicata, premi fix checked.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Trojan ecco il report":


Chi c’è in linea

Visitano il forum: Nessuno e 13 ospiti