Moderatori: m.paolo, kadosh, Luke57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.50.52, on 09/02/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programmi\Winamp\winampa.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Java\jre1.5.0_04\bin\jucheck.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dwwin.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://liberomail.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Save Flash - res://C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Google Update Service (gupdate1c9bac9b1d2c2b0) (gupdate1c9bac9b1d2c2b0) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 7486 bytes
ComboFix 10-02-08.09 - Roberto 09/02/2010 15.52.46.4.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.39.1040.18.495.249 [GMT 1:00]
Eseguito da: c:\documents and settings\Roberto\desktop\abc.exe
Opzioni usate :: /killall
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dati applicazioni\sysReserve.ini
c:\windows\934fdfg34fgjf23
c:\windows\system32\drivers\H8SRTptbbownkvd.sys
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\H8SRTbitlwarbrm.dat
c:\windows\system32\H8SRTlxvrxomqrs.dll
c:\windows\system32\H8SRTxrnxumpdwq.dll
c:\windows\system32\H8SRTyiuwqpulsj.dll
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
((((((((((((((((((((((((( Files Creati Da 2010-01-09 al 2010-02-09 )))))))))))))))))))))))))))))))))))
.
2010-02-09 14:50 . 2010-02-09 14:50 -------- d-----w- C:\FOUND.001
2010-02-09 11:49 . 2010-02-09 11:49 388096 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-09 11:49 . 2010-02-09 11:49 -------- d-----w- c:\programmi\TrendMicro
2010-01-31 23:15 . 2010-01-06 11:08 57856 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-31 23:15 . 2010-01-06 11:08 545280 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-31 23:15 . 2010-01-06 11:08 4726272 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-31 23:15 . 2010-01-06 11:08 4725760 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-31 23:15 . 2010-01-06 11:08 344064 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-31 23:15 . 2010-01-06 11:08 153600 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-31 23:15 . 2010-01-06 11:08 103424 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-16 13:42 . 2009-12-23 19:42 872960 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 13:42 . 2009-12-23 19:42 43008 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 13:42 . 2009-12-23 19:42 340480 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 13:41 . 2009-12-23 19:42 346624 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2003-10-27 19:08 . 2003-10-27 19:08 770048 ----a-w- c:\programmi\winmx331.exe
2003-10-27 19:03 . 2003-10-27 19:03 3468472 ----a-w- c:\programmi\winamp3_0-full.exe
.
------- Sigcheck -------
[-] 2004-08-19 . A49C11376727F7ADC7E206E4C89B24E1 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\59c09c8627b551c5be08ab5777d2dca8\wscntfy.exe
[-] 2004-08-19 . 3208BAD59EFA3F4FCCCFBF1317F2A1C1 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\59c09c8627b551c5be08ab5777d2dca8\xmlprov.dll
c:\windows\System32\wscntfy.exe ... è mancante !!
c:\windows\System32\xmlprov.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-11-15 1670144]
"Packard Bell Data Secure"="c:\programmi\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 2361856]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-06-23 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-06-23 114688]
"SoundMan"="SOUNDMAN.EXE" [2003-06-20 55296]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 88267]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2002-07-25 151552]
"LManager"="c:\progra~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 155648]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2008-01-15 37376]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2005-11-05 77824]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2007-11-11 185632]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-04-08 13312]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2003-11-28 106560]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-5-12 581693]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-10-18 10:58 278528 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [29/04/2009 11.46.44 22360]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.SYS [06/09/2006 15.06.28 41728]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [29/04/2009 11.46.44 45416]
R2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [21/02/2008 20.43.26 245248]
R2 viritsvclite;Virit eXplorer Lite;c:\vexplite\VIRITSVC.EXE [04/09/2009 23.41.15 65536]
S2 gupdate1c9bac9b1d2c2b0;Google Update Service (gupdate1c9bac9b1d2c2b0);c:\programmi\Google\Update\GoogleUpdate.exe [11/04/2009 19.19.26 133104]
.
Contenuto della cartella 'Scheduled Tasks'
2003-10-25 c:\windows\Tasks\Symantec NetDetect.job
- c:\programmi\Symantec\LiveUpdate\NDETECT.EXE [2003-10-19 09:27]
2010-02-09 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 20:57]
2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-11 18:19]
2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-11 18:19]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://liberomail.libero.it/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Save Flash - c:\programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 15:59
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1685927933-2690133624-1694720459-1005\Identities\{F717E46F-20F7-4DB9-BA46-92292829952B}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
@DACL=(02 0000)
@SACL=
"File0"="Cielo blu.htm"
"File1"="Natura.htm"
"File2"="Giallo.htm"
"File3"="Girasole.htm"
"File4"="Agrumi.htm"
"File5"="Quadretti bianchi.htm"
"File6"="Foglie.htm"
[HKEY_USERS\S-1-5-21-1685927933-2690133624-1694720459-1005\Identities\{F717E46F-20F7-4DB9-BA46-92292829952B}\Software\Microsoft\Outlook Express\5.0\Shared Settings]
@DACL=(02 0000)
@SACL=
[HKEY_USERS\S-1-5-21-1685927933-2690133624-1694720459-1005\Software\Local AppWizard-Generated Applications\Launch Tool]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0386D421-98BD-0323-3FA8-ED1C427590DC}]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0386D421-98BD-0323-3FA8-ED1C427590DC}\Data\MD]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"Data04"=dword:0000349c
"Data05"=dword:00000000
"Data0C"=dword:00000bb8
"Data0E"=dword:00000708
"Data0F"=dword:00000384
"Data10"=dword:00000003
"Data11"=dword:00000001
"Data12"=dword:000003e8
"Data13"=dword:00000014
"Data14"=dword:00000258
"Data15"=dword:00002a30
"Data16"=dword:00000005
"Data0D"=dword:00000960
"Data17"=dword:00000000
"Data18"=dword:0000000f
"Data19"=dword:0000000f
"Data1A"=dword:00000002
"Data21"=dword:00000001
"Data22"=dword:00000001
"Data23"=dword:00000005
"Data24"=dword:000004b0
"Data00"=dword:00000000
"Data01"=dword:00000000
"Data02"=dword:0000349c
"Data09"=dword:00000000
"Data80"="($\14ÿ˜\1f\0fG ¢‡tñÝÄÁì\12\0eû."
"Data85"="XTD¯iN>åÞƲ4Ü\02ýl\1e"
"Data86"="HD³ŸY>®ÛÈÅ(\1d\06ñdaSü¡‹="
"Data87"="8³£I®žÂ·.\1d\06ñgd@ü¡‹="
"Data82"="\08\04Ò`\1aþn–‚{îãÇ}\"\1e\0c½fR\0d?¦ž"
"Data83"="÷ÒdP\0an^–†öÅ» \"\07ùh]\0d=£¢MuáœÎ¶."
"Data84"="ÆdT@y^N†òÔ¾-\13Ìñn\\\0eF±\\Žvî"
"Data88"="§£“¹žŽÆ+\1e\16¼mTSýµš‡|éœÎ¶."
"Data89"="—“ƒï©Ž~6\1b\0e\06-]DCm¥ŠwìÙŒ¾&\1e"
"Data8A"="‡ƒóß™~í&\0býv\1dM4²]•z°œÎ¶."
"Data8B"="wóãωíÝ\01\02dRQ4²\\ŒsòÀÁë\1e\06ý"
"Data8C"="çãÓ¿øÝÍ\06rTB>¬’LqíÛ±-\1b\0bül\1dR3ª‰nñÒ‹½%\1d"
"Data8D"="×ÓÃ/èͽrW@3¢L|ãâÁ&Û\0eõn"
"Data8E"="´\0aüíåM"
"Data8F"="·3#\0fÈ.\1eAB£‘sòœÌ³2Ü\11ù,^F>"
"Data91"="\17\13\03o)\0eý¥‘Š}òÖŒ±-\1bÌóe\1cN6"
"Data92"="\07\03s_\19ým¥Š}õœÌ³2Ü\01ük[M<l•†{ñÌÇÀê\1d\05ü"
"Data1B"=dword:00000000
"Data1D"=dword:00000000
"Data25"=dword:00000000
"Data1C"=dword:00000000
"Data1E"=dword:00000000
"Data26"=dword:00000001
"Data0A"=dword:0000349c
"Data0B"=dword:0000003a
"Data20"=dword:0023826d
"Data90"="1\14\15÷dfRú¥—zäàdz,\12\11¹qcA9¦›„9áÜÔ»)\1cýð)d>?¬X"
"Data2B"=dword:00000000
"Data2C"=dword:00000000
"Data2D"=dword:00000000
"Data2E"=dword:00000000
"Data27"=dword:00000003
"Data28"=dword:00000003
"Data29"=dword:00000003
"Data2A"=dword:00000003
[HKEY_LOCAL_MACHINE\software\CyberLink\PowerDVD\BuildInfo]
@DACL=(02 0000)
@SACL=
"SR_No"="DVD030423-04"
"Skin"="2420"
"iPower"="030407"
"UG"="1510"
"Setup"="030421"
"Help"="2416"
"RC"="030414"
"Readme"="2416"
"Kernel"="v2834_DS(Acer)"
"UI"="v2824_DDVS_DS(Acer)"
"Filter"="v2834_DS(Acer)"
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{13A7995E-7D8F-45B4-9C77-819265225763}]
@DACL=(02 0000)
"Priority"=dword:00000001
"AutoInsert"=dword:00000001
"Name"="WMPlayer Spectrum Analyzer DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{95037DA1-6ED9-4B27-8CFF-9AD3DFB0B2F2}]
@DACL=(02 0000)
"Priority"=dword:fffffffb
"AutoInsert"=dword:00000001
"Name"="WMPlayer SRSWow DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{974BF3BF-C9AE-4476-8003-5FE544DF458C}]
@DACL=(02 0000)
"Priority"=dword:fffffffe
"AutoInsert"=dword:00000001
"Name"="WMPlayer Video Processing DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{B2DBA270-9F49-4513-AC13-76496D6EBA3A}]
@DACL=(02 0000)
"Priority"=dword:00000002
"AutoInsert"=dword:00000000
"Name"="Speaker Enhancement DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D01BC8E2-70AD-4976-9612-21B37ED5C8E8}]
@DACL=(02 0000)
"Priority"=dword:00000003
"AutoInsert"=dword:00000001
"Name"="WMPlayer Equalizer DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Publish\{1AC8AC62-67E9-4676-BA08-194A6916B145}]
@DACL=(02 0000)
@="WMPlayer CD Burn Publish Provider"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Publish\{F6402585-08FB-498E-877D-2D8EDF05219F}]
@DACL=(02 0000)
@="WMPlayer WMDM Publish Provider"
[HKEY_LOCAL_MACHINE\software\NewTech Infosystems\NTI CD-Maker\6]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\NewTech Infosystems\NTI CD-Maker\OEMUrl]
@DACL=(02 0000)
@SACL=
"Home"="http://global.acer.com"
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek AC'97 Audio]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(740)
c:\windows\System32\ODBC32.dll
- - - - - - - > 'lsass.exe'(796)
c:\windows\System32\dssenh.dll
- - - - - - - > 'explorer.exe'(3220)
c:\programmi\Unlocker\UnlockerHook.dll
c:\windows\System32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\windows\System32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\programmi\Apoint2K\Apntex.exe
c:\programmi\Java\jre1.5.0_04\bin\jucheck.exe
c:\progra~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
.
**************************************************************************
.
Ora fine scansione: 2010-02-09 16:02:39 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-09 15:02
Pre-Run: 2.351.874.048 byte disponibili
Post-Run: 2.342.699.008 byte disponibili
- - End Of File - - A6A4850A98C611D49A7549380840287C
Malwarebytes' Anti-Malware 1.44
Versione del database: 3714
Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106
09/02/2010 18.25.19
mbam-log-2010-02-09 (18-25-02).txt
Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 176828
Tempo trascorso: 30 minute(s), 44 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 4
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntiVirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntiVirus) -> No action taken.
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTlxvrxomqrs.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTxrnxumpdwq.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTyiuwqpulsj.dll.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTptbbownkvd.sys.vir (Malware.Packer) -> No action taken.
Concatenamento apertura files che non funziona Autore: systemcrack |
Forum: Applicazioni Office Windows Risposte: 3 |
Visitano il forum: Nessuno e 5 ospiti