Condividi:        

troian agent.

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

troian agent.

Postdi paolo1970 » 13/11/09 22:32

se gentilmente mi date un consiglio ad eliminare il virus in oggetto definitivamente in quanto avg me lo sposta circa ogni 15 minuti in quarantena. o letto i consigli e gli altri topic o scaricato e istallato sp ybot ma non ho risolto nulla.
grazie.
paolo1970
Utente Junior
 
Post: 11
Iscritto il: 08/11/09 10:35

Sponsor
 

Re: troian agent.

Postdi shel » 13/11/09 22:37

ciao

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.


N.B.- Se il tuo S.O. e' vista , devi eseguirlo col tasto destro e come amministratore
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: troian agent.

Postdi paolo1970 » 13/11/09 22:56

ComboFix 09-11-13.06 - Administrator 13/11/2009 22.47.58.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1014.483 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Documenti\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Dati applicazioni\ShoppingReport
c:\documents and settings\Administrator\Dati applicazioni\ShoppingReport\cs\Config.xml
c:\documents and settings\Administrator\Dati applicazioni\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Administrator\Dati applicazioni\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Administrator\Dati applicazioni\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Administrator\Dati applicazioni\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Administrator\Dati applicazioni\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Administrator\Dati applicazioni\ShoppingReport\cs\res1\WhiteList.dbs
c:\programmi\ShoppingReport
c:\programmi\ShoppingReport\Bin\2.6.58\ShoppingReport.dll
c:\programmi\ShoppingReport\Uninst.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-10-13 al 2009-11-13 )))))))))))))))))))))))))))))))))))
.

2009-11-13 20:49 . 2009-11-13 21:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-13 20:49 . 2009-11-13 20:49 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-13 07:59 . 2009-11-10 07:35 4026136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgui.exe
2009-11-13 07:59 . 2009-11-10 07:35 2016536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtray.exe
2009-11-13 07:59 . 2009-11-10 07:35 1257240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2009-11-13 07:59 . 2009-11-10 07:34 3963672 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2009-11-13 07:59 . 2009-10-27 18:18 496920 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchjwx.dll
2009-11-13 07:59 . 2009-10-27 18:18 600344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgnsx.exe
2009-11-12 21:02 . 2009-11-12 21:02 -------- d-----w- c:\programmi\Ask Search Assistant
2009-11-12 21:01 . 2009-11-13 21:29 -------- d-----w- c:\programmi\P2Pcontrol
2009-11-12 21:01 . 2009-11-12 21:04 -------- d-----w- c:\programmi\DivoCodec
2009-11-10 21:43 . 2009-11-10 21:43 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2009-11-10 21:38 . 2009-11-10 21:38 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2009-11-10 21:38 . 2009-11-10 21:39 -------- d-----w- c:\programmi\Google
2009-11-10 07:35 . 2009-10-27 18:19 360584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2009-11-10 07:34 . 2009-10-27 18:18 610072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2009-11-10 07:34 . 2009-10-27 18:18 1657112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2009-11-06 22:38 . 2004-08-04 13:19 2031616 ------w- c:\windows\UNNeroBurnRights.exe
2009-11-06 22:20 . 2009-11-06 22:20 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Uniblue
2009-11-06 22:12 . 2009-11-06 22:12 -------- d-----w- c:\documents and settings\Default User\Impostazioni locali\Dati applicazioni\Microsoft Help
2009-11-04 00:17 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-04 00:17 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-03 23:14 . 2009-11-13 20:59 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-11-03 23:05 . 2009-11-03 23:05 -------- d-----w- c:\programmi\Microsoft
2009-11-03 23:05 . 2009-11-03 23:05 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-11-03 23:05 . 2009-11-03 23:05 -------- d-----w- c:\programmi\Windows Live
2009-11-03 23:00 . 2009-11-03 23:00 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-11-03 22:47 . 2009-11-12 19:01 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Temp
2009-11-03 22:47 . 2009-11-10 21:40 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google
2009-11-03 22:46 . 2009-11-03 22:47 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Deployment
2009-11-01 16:32 . 2009-11-01 16:32 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
2009-11-01 16:25 . 2009-11-01 16:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Windows Search
2009-11-01 16:25 . 2009-11-01 16:25 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Identities
2009-11-01 16:25 . 2009-11-01 16:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Windows Desktop Search
2009-11-01 16:24 . 2009-11-02 14:31 -------- d-----w- c:\programmi\Windows Desktop Search
2009-11-01 16:24 . 2009-11-01 16:24 -------- d-----w- c:\windows\system32\GroupPolicy
2009-11-01 16:23 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-11-01 16:23 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-11-01 16:23 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-10-30 16:36 . 2009-10-30 16:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2009-10-30 16:34 . 2009-10-30 16:34 -------- d-----w- c:\programmi\VideoLAN
2009-10-30 08:24 . 2009-11-12 21:04 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2009-10-29 15:58 . 2008-04-13 18:13 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-10-29 11:50 . 2009-10-29 11:50 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\DivX
2009-10-29 08:32 . 2009-10-30 12:01 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Adobe
2009-10-28 22:23 . 2009-10-28 22:23 -------- d-----w- c:\programmi\MSXML 4.0
2009-10-28 21:15 . 2009-10-28 21:15 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Ahead
2009-10-28 18:08 . 2008-04-13 18:13 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-10-28 18:08 . 2008-04-13 18:13 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-10-28 18:06 . 2007-03-24 00:50 106557 ----a-w- c:\windows\system32\btw_ci.dll
2009-10-28 18:06 . 2007-04-01 03:02 55352 ----a-w- c:\windows\system32\drivers\btwhid.sys
2009-10-28 18:06 . 2007-04-01 03:02 876384 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2009-10-28 18:06 . 2007-03-24 00:50 149123 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2009-10-28 18:06 . 2007-03-24 00:50 37424 ----a-w- c:\windows\system32\drivers\btport.sys
2009-10-28 18:06 . 2007-03-24 00:49 539072 ----a-w- c:\windows\system32\drivers\btaudio.sys
2009-10-28 18:06 . 2009-10-28 18:06 -------- d-----w- c:\programmi\WIDCOMM
2009-10-28 16:53 . 2009-10-28 16:53 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Nero
2009-10-28 16:50 . 2009-10-28 16:52 -------- d-----w- c:\programmi\File comuni\Nero
2009-10-28 16:50 . 2009-10-28 16:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-10-28 16:50 . 2009-10-28 16:50 -------- d-----w- c:\programmi\Nero
2009-10-28 12:03 . 2009-10-28 12:03 -------- d-----w- c:\programmi\File comuni\CyberLink
2009-10-28 12:02 . 2009-10-28 12:03 -------- d-----w- c:\programmi\CyberLink
2009-10-28 12:02 . 2009-10-28 12:02 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-28 12:02 . 2009-10-28 12:02 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-28 12:02 . 2009-10-28 12:02 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-10-28 12:01 . 2009-10-28 12:02 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
2009-10-28 12:01 . 2009-10-28 12:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Temp
2009-10-28 12:00 . 2009-10-28 12:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2009-10-28 12:00 . 2009-10-28 12:00 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\CyberLink
2009-10-28 11:48 . 2009-10-28 11:48 142 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-10-28 11:48 . 2009-10-28 16:43 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ApplicationHistory
2009-10-28 11:44 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-10-28 11:42 . 2009-08-29 07:26 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-28 11:42 . 2009-08-29 07:26 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-28 11:42 . 2009-08-29 07:26 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-28 11:42 . 2009-08-29 07:26 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-28 11:42 . 2009-08-29 07:26 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-10-28 11:42 . 2009-08-29 07:26 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-10-28 11:42 . 2009-08-28 10:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 11:42 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-10-28 11:28 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-28 11:27 . 2009-10-28 11:27 -------- d-----w- c:\programmi\Microsoft Works
2009-10-28 11:26 . 2009-10-28 11:26 -------- d-----w- c:\programmi\Microsoft.NET
2009-10-28 11:24 . 2009-10-28 11:24 -------- d-----w- c:\programmi\Microsoft Visual Studio 8
2009-10-28 11:22 . 2009-10-28 11:26 -------- d-----w- c:\windows\SHELLNEW
2009-10-28 11:22 . 2009-10-28 11:22 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft Help
2009-10-28 11:22 . 2009-11-12 21:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-10-28 11:22 . 2009-10-28 11:22 -------- d-----r- C:\MSOCache
2009-10-28 11:21 . 2009-10-29 11:09 -------- d-----w- c:\programmi\eMule
2009-10-28 11:19 . 2009-10-28 11:19 -------- d-----w- c:\programmi\CCleaner
2009-10-28 11:04 . 2009-10-28 11:04 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-28 10:41 . 2001-08-30 19:41 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-10-28 10:41 . 2001-08-30 19:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-28 10:41 . 2008-04-13 10:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-10-28 10:41 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-28 09:00 . 2009-10-28 09:00 -------- d-----w- c:\programmi\Intel Corporation
2009-10-28 08:33 . 2009-10-28 16:37 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-28 08:33 . 2009-10-28 11:27 -------- d-----w- c:\programmi\MSBuild
2009-10-28 08:33 . 2009-10-28 08:33 -------- d-----w- c:\programmi\Reference Assemblies
2009-10-28 08:32 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 08:32 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-28 08:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-28 08:32 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-28 08:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-28 08:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-28 08:32 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 08:32 . 2009-10-28 08:33 -------- d-----w- C:\8ccd0863657a64a6861e039a4d
2009-10-27 22:52 . 2009-10-27 22:52 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-10-27 22:51 . 2009-10-27 22:51 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-27 22:51 . 2009-10-27 22:51 -------- d-----w- c:\windows\system32\LogFiles
2009-10-27 22:49 . 2009-10-27 22:50 -------- d-----w- c:\windows\system32\URTTemp
2009-10-27 22:32 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-27 22:19 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-27 21:29 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-27 21:29 . 2009-08-04 21:56 2192896 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-27 21:29 . 2009-03-06 14:19 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-27 21:29 . 2009-02-09 11:22 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-27 21:29 . 2009-02-09 10:51 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-27 21:29 . 2009-02-09 10:51 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-27 21:29 . 2009-06-25 08:25 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-27 21:29 . 2009-02-09 10:51 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-27 21:29 . 2009-02-09 10:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-27 21:29 . 2009-08-04 17:26 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-27 21:29 . 2009-02-09 10:51 736256 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-27 21:29 . 2009-08-04 17:26 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 21:01 . 2004-08-19 12:00 93612 ----a-w- c:\windows\system32\perfc010.dat
2009-11-13 21:01 . 2004-08-19 12:00 515386 ----a-w- c:\windows\system32\perfh010.dat
2009-10-28 11:20 . 2009-10-28 11:20 -------- d-----w- c:\programmi\DivX
2009-10-28 11:20 . 2009-10-28 11:20 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-10-27 11:06 . 2009-10-26 20:09 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-26 20:10 . 2009-10-26 20:10 -------- d-----w- c:\programmi\microsoft frontpage
2009-10-26 20:09 . 2009-10-26 20:09 -------- d-----w- c:\programmi\Servizi in linea
2009-10-26 20:07 . 2009-10-26 20:07 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-08 13:57 . 2008-07-29 18:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2004-08-19 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2004-08-19 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-09-11 14:17 . 2004-08-19 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:26 . 2004-08-19 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:26 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:26 . 2004-08-19 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-19 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-19 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"Google Update"="c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-11-03 135664]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]
"AzMixerSel"="c:\programmi\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-18 150040]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl8"="c:\programmi\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\programmi\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\programmi\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"P2Pcontrol"="c:\programmi\P2Pcontrol\p2control.exe" [2009-09-14 241664]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-01-08 16859136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-27 18:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\P2Pcontrol\\p2control.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27/10/2009 19.12.54 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27/10/2009 19.12.59 360584]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/10/28 13:03];c:\programmi\CyberLink\PowerDVD8\000.fcl [28/08/2009 18.36.24 87536]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [27/10/2009 19.18.39 906520]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [27/10/2009 19.18.38 285392]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [10/11/2009 22.38.32 135664]
S3 PCIUtil;PCI Utility;\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\PCIUtil.sys --> c:\docume~1\ADMINI~1\IMPOST~1\Temp\PCIUtil.sys [?]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-11-10 21:38]

2009-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-11-10 21:38]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-329068152-725345543-500Core.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-11-03 22:47]

2009-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-329068152-725345543-500UA.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-11-03 22:47]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 22:51
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD8\000.fcl"
.
Ora fine scansione: 2009-11-13 22:53
ComboFix-quarantined-files.txt 2009-11-13 21:53

Pre-Run: 86.356.783.104 byte disponibili
Post-Run: 86.318.944.256 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 40BBD9111264501C6B6383860BDADDDC
paolo1970
Utente Junior
 
Post: 11
Iscritto il: 08/11/09 10:35

Re: troian agent.

Postdi shel » 13/11/09 23:10

analizza su virus total il file segnalato e posta il rapporto - controlla i virus che lo riconoscono

c:\windows\system32\dllcache\ieudinit.exe
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: troian agent.

Postdi paolo1970 » 13/11/09 23:36

File analizza_su_virus_total_il_file_s ricevuto il 2009.11.13 22:33:20 (UTC)
Stato corrente: finito
Risultato: 0/40 (0%)
Formattato
Stampa risultati
Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.5.0.41 2009.11.13 -
AhnLab-V3 5.0.0.2 2009.11.13 -
AntiVir 7.9.1.65 2009.11.13 -
Antiy-AVL 2.0.3.7 2009.11.13 -
Authentium 5.2.0.5 2009.11.13 -
Avast 4.8.1351.0 2009.11.13 -
AVG 8.5.0.425 2009.11.13 -
BitDefender 7.2 2009.11.13 -
CAT-QuickHeal 10.00 2009.11.13 -
Comodo 2944 2009.11.13 -
DrWeb 5.0.0.12182 2009.11.13 -
eSafe 7.0.17.0 2009.11.12 -
eTrust-Vet 35.1.7120 2009.11.13 -
F-Prot 4.5.1.85 2009.11.13 -
F-Secure 9.0.15370.0 2009.11.11 -
Fortinet 3.120.0.0 2009.11.13 -
GData 19 2009.11.13 -
Ikarus T3.1.1.74.0 2009.11.13 -
Jiangmin 11.0.800 2009.11.12 -
K7AntiVirus 7.10.896 2009.11.13 -
Kaspersky 7.0.0.125 2009.11.13 -
McAfee 5801 2009.11.13 -
McAfee+Artemis 5801 2009.11.13 -
McAfee-GW-Edition 6.8.5 2009.11.13 -
Microsoft 1.5202 2009.11.13 -
NOD32 4605 2009.11.13 -
Norman 6.03.02 2009.11.13 -
nProtect 2009.1.8.0 2009.11.13 -
Panda 10.0.2.2 2009.11.13 -
PCTools 7.0.3.5 2009.11.13 -
Prevx 3.0 2009.11.13 -
Rising 22.21.04.09 2009.11.13 -
Sophos 4.47.0 2009.11.13 -
Sunbelt 3.2.1858.2 2009.11.12 -
Symantec 1.4.4.12 2009.11.13 -
TheHacker 6.5.0.2.069 2009.11.13 -
TrendMicro 9.0.0.1003 2009.11.13 -
VBA32 3.12.10.11 2009.11.13 -
ViRobot 2009.11.13.2035 2009.11.13 -
VirusBuster 4.6.5.0 2009.11.13 -
Informazioni addizionali
File size: 10194 bytes
MD5...: 29393cf3c23fce451e55cf8141253353
SHA1..: 9aed4e7900833c73b0322331622d0ad00909bee7
SHA256: c87123d3b5935a2696a07de226fb0571f3f893734eda4a1070527652a7286116
ssdeep: 192:ScIMmtPxjo7+fhBO21t2DQA2viMl+4aGT6k+VcHeTqbbMMwfmuxf4:SPXi+Z
BO68DQOMYYuR+vMM+mi4
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Word Microsoft Office Open XML Format document (92.9%)
ZIP compressed archive (7.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
paolo1970
Utente Junior
 
Post: 11
Iscritto il: 08/11/09 10:35

Re: troian agent.

Postdi paolo1970 » 14/11/09 09:09

grazie "shel" grazie mille problema risolto :lol:
paolo1970
Utente Junior
 
Post: 11
Iscritto il: 08/11/09 10:35

Re: troian agent.

Postdi shel » 14/11/09 13:38

ciao

felice che tu abbia risolto

elimina la cartella qoobox da C:\

disinstalla ComboFix in questa maniera:

Start\esegui - nella casella di dlialogo copia ed incolla questo comando: combofix /u

elimina l'eventuale cartella che avevi creato sul Desktop in cui avevi posizionato Combofix.
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: troian agent.

Postdi paolo1970 » 14/11/09 19:14

ancora meglio adesso e' tornato come nuovo grazie veramente.
paolo1970
Utente Junior
 
Post: 11
Iscritto il: 08/11/09 10:35


Torna a Sicurezza e Privacy


Topic correlati a "troian agent.":

Trojan Agent e Zbot
Autore: polly76
Forum: Sicurezza e Privacy
Risposte: 39
Trojan agent.CK
Autore: nikita75
Forum: Sicurezza e Privacy
Risposte: 21

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti