Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

potete controllarmi un logfile xfavore?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

potete controllarmi un logfile xfavore?

Postdi jaxopo » 25/11/07 21:49

salve a tutti sono nuovo come potete vedere ho un problema... :undecided: e nn so dove sbattere la testa
ho un processo winlog (e te pareva :mmmh: ) che mi occupa il 50 della CPU :eeh:

ho fatto un logfile e volevo chiedervi se me lo potevate esaminare e magari vedere se cè qualcosa che nn va......thx in anticipo

--------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.37.08, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\File comuni\SystemErrorFixer\strpmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\eMule\emule.exe
C:\HiJackThis_v2\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programmi\Internet Download Manager\IDMIECC.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3697376C-E166-4885-A46E-A8ECD08381F6} - c:\windows\system32\dx8vbc.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmi\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F60E2CE0-DFD2-424B-B43B-14CFBECC1BBB} - C:\WINDOWS\system32\cabinetb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Programmi\File comuni\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com; ad=http://systemerrorfixer.com
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Programmi\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Programmi\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Programmi\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with IDM - C:\Programmi\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O20 - Winlogon Notify: axdujdku - C:\WINDOWS\SYSTEM32\dx8vbc.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Programmi\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe

--
End of file - 7817 bytes
jaxopo
Newbie
 
Post: 6
Iscritto il: 25/11/07 21:43

Sponsor
 

Postdi Luke57 » 26/11/07 10:50

Ciao, scarica intanto ATFCleaner da qui:
http://www.atribune.org/ccount/click.php?id=1


Poi avvia ATFCleaner, spunta Select all e clicca Empty Selected. Attendi il messaggio di fine lavoro.

Poi scaricA The Avenger
http://swandog46.geekstogo.com/avenger.zip


Poi avvia il file Avenger.exe. (applicazioni chiuse e antivirus disattivato)
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno dello spazio bianco copia ed incolla questo script:


Files to delete:
C:\WINDOWS\system32\cabinetb.dll
C:\WINDOWS\SYSTEM32\dx8vbc.dll


folders to delete:
C:\Programmi\File comuni\SystemErrorFixer

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Salestart

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3697376C-E166-4885-A46E-A8ECD08381F6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\axdujdku



Clicca sul pulsante Done
Adesso clicca sul semaforo con la luce verde
Rispondi Yes 2 volte
Il pc si dovrebbe riavviare,se non si riavvia,riavvialo manualmente

Al riavvio collegati e allega il file C:\Avenger.txt
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi jaxopo » 26/11/07 15:15

purtroppo l'utilizzo della CPU di winlog nn si è attenuato :mmmh: (ancora il 50 :eeh: )

ecco il risultato di avenger.txt:
--------------------------------------------------------------------------------------
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wsayxrgk

*******************

Script file located at: \??\C:\Program Files\naestykm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\system32\cabinetb.dll for deletion
Deletion of file C:\WINDOWS\system32\cabinetb.dll failed!

Could not process line:
C:\WINDOWS\system32\cabinetb.dll
Status: 0xc0000022



Could not open file C:\WINDOWS\SYSTEM32\dx8vbc.dll for deletion
Deletion of file C:\WINDOWS\SYSTEM32\dx8vbc.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\dx8vbc.dll
Status: 0xc0000022

Folder C:\Programmi\File comuni\SystemErrorFixer deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Salestart deleted successfully.


Could not open registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3697376C-E166-4885-A46E-A8ECD08381F6} for deletion
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3697376C-E166-4885-A46E-A8ECD08381F6} failed!
Status: 0xc0000022



Could not open registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\axdujdku for deletion
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\axdujdku failed!
Status: 0xc0000022


Completed script processing.
jaxopo
Newbie
 
Post: 6
Iscritto il: 25/11/07 21:43

Postdi Luke57 » 26/11/07 16:25

Ciao, scarica COMBOFIX sul desktop http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Una volta scaricato,avvialo con un doppio click.
- Si aprirà una finestra blu , attendi
- Dopo qualche attimo apparirà un avviso che declina l'autore da ogni responsabilità.
- A questo punto seleziona 1 e premi ENTER per lanciare lo scan.
- Attendere.....
Il tool ti avviserà una volta lo scan finito e in qualche attimo visualizzerà il rapporto con i dettagli. (C:\ComboFix.txt)
Inserisci in un post il log (C:\ComboFix.txt)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi jaxopo » 26/11/07 19:31

ecco luke57 (p.s. grazie per il tuo interessamento) purtroppo winlogon mi sfrutta ancora il 50% della cpu e il pc sta morendo

questi sono i risultati con combofix:

ComboFix 07-11-19.4 - Jaxopo 2007-11-26 19.11.02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.567 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Jaxopo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2007-10-26 al 2007-11-26 )))))))))))))))))))))))))))))))))))
.

2007-11-26 15:52 <DIR> d-------- C:\Documents and Settings\Jaxopo\.housecall6.6
2007-11-25 21:36 <DIR> d-------- C:\HiJackThis_v2
2007-11-23 20:25 <DIR> d-------- C:\Programmi\vanBasco's Karaoke Player
2007-11-22 17:41 <DIR> d-------- C:\Programmi\iTunes
2007-11-22 17:41 <DIR> d-------- C:\Programmi\iPod
2007-11-22 17:37 <DIR> d-------- C:\Programmi\QuickTime
2007-11-18 18:54 <DIR> d-------- C:\Programmi\The Game Creators
2007-11-18 18:15 5,524 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-18 14:45 <DIR> d-------- C:\Programmi\File comuni\Bcgsoft
2007-11-17 10:38 <DIR> d-------- C:\Programmi\Riva
2007-11-15 16:00 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-15 15:54 <DIR> d-------- C:\Programmi\WinClamAVShield
2007-11-15 15:51 <DIR> d-------- C:\Programmi\Spyware Terminator
2007-11-15 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2007-11-15 15:29 35,072 --a------ C:\WINDOWS\system32\ekympqnx.dat
2007-11-12 21:12 <DIR> d-------- C:\Programmi\MSXML 4.0
2007-11-12 17:14 <DIR> d-------- C:\Programmi\Babylon
2007-11-12 15:59 <DIR> d-------- C:\Programmi\Electronic Arts
2007-11-12 15:32 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-11-12 15:27 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-11 18:48 <DIR> d-------- C:\Programmi\3DRipperDX
2007-11-10 18:01 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-11-10 18:01 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-11-10 15:37 <DIR> d-------- C:\Programmi\REAPER
2007-11-10 15:37 <DIR> d-------- C:\Documents and Settings\Jaxopo\Dati applicazioni\REAPER
2007-11-09 12:12 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-09 12:12 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-11-09 12:12 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-09 12:12 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-11-09 12:12 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-09 12:12 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-11-09 12:12 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-11-09 12:12 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-11-09 12:12 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-11-09 12:12 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-11-09 12:12 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-11-09 12:12 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-11-07 14:40 <DIR> d-------- C:\Documents and Settings\Jaxopo\Dati applicazioni\Ulead Systems
2007-11-07 10:18 <DIR> d-------- C:\Programmi\SystemErrorFixer
2007-11-07 10:18 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-07 10:12 <DIR> d-------- C:\Programmi\Internet Download Manager
2007-11-07 10:12 <DIR> d-------- C:\Documents and Settings\Jaxopo\Dati applicazioni\IDM
2007-11-07 10:12 741,632 --a------ C:\WINDOWS\system32\wdstlibl.dat
2007-11-07 10:12 120,064 --a------ C:\WINDOWS\system32\fchrxytj.dat
2007-11-07 10:03 <DIR> d-------- C:\WINDOWS\system32\AppCert
2007-11-07 10:03 84,480 --a------ C:\WINDOWS\system32\dx8vbc.dll
2007-11-07 10:02 94,208 --a------ C:\WINDOWS\system32\cabinetb.dll
2007-11-07 10:02 93,696 --a------ C:\WINDOWS\system32\cabinetb.1
2007-11-07 10:02 89,344 --a------ C:\WINDOWS\system32\cabinetb.2
2007-11-07 10:02 51,712 --a------ C:\WINDOWS\system32\commdlgo.dll
2007-11-07 10:02 18,688 C:\WINDOWS\system32\drivers\gontlcin.dat
2007-11-07 09:19 <DIR> d-------- C:\Programmi\IDM Computer Solutions
2007-11-07 09:19 <DIR> d-------- C:\Documents and Settings\Jaxopo\Dati applicazioni\IDMComp
2007-11-02 15:30 <DIR> d-------- C:\Documents and Settings\Jaxopo\Dati applicazioni\Steinberg
2007-11-02 15:26 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-11-02 15:26 85,504 --a------ C:\WINDOWS\system32\encdnet.dll
2007-11-02 15:26 61,952 --a------ C:\WINDOWS\system32\decdnet.dll
2007-11-02 15:24 <DIR> d-------- C:\Programmi\Syncrosoft
2007-11-02 15:24 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2007-11-02 15:24 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2007-11-01 12:56 <DIR> d-------- C:\Programmi\Chaos Group
2007-10-30 19:19 <DIR> d-------- C:\Programmi\Xfire
2007-10-30 19:19 <DIR> d-------- C:\Documents and Settings\Jaxopo\Dati applicazioni\Xfire
2007-10-29 19:01 <DIR> d-------- C:\Downloads
2007-10-29 19:01 <DIR> d-------- C:\Documents and Settings\Jaxopo\Dati applicazioni\Orbit
2007-10-29 19:00 <DIR> d-------- C:\Programmi\Orbitdownloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 18:23 --------- d-----w C:\Documents and Settings\Jaxopo\Dati applicazioni\DMCache
2007-11-26 12:25 --------- d-----w C:\Programmi\eMule
2007-11-22 16:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-11-21 18:39 --------- d-----w C:\Programmi\DriftCity
2007-11-18 17:54 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-11-07 13:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Ulead Systems
2007-11-07 09:12 246,545 ----a-w C:\WINDOWS\system32\libssl32.dll
2007-11-07 09:12 1,188,375 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-11-01 11:56 --------- d-----w C:\Programmi\File comuni\ChaosGroup
2007-10-30 19:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-30 19:16 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-10-28 19:20 --------- d-----w C:\Documents and Settings\Jaxopo\Dati applicazioni\combustion4
2007-10-28 18:51 --------- d-----w C:\Documents and Settings\Jaxopo\Dati applicazioni\Ahead
2007-10-26 18:11 --------- d-----w C:\Programmi\WarRock
2007-10-24 18:24 --------- d-----w C:\Programmi\VirtualDJ
2007-10-21 20:10 --------- d-----w C:\Documents and Settings\Jaxopo\Dati applicazioni\Samsung
2007-10-15 14:26 --------- d-----w C:\Programmi\Rhinoceros 4.0
2007-10-15 14:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\McNeel
2007-10-15 14:20 --------- d-----w C:\Programmi\File comuni\McNeel Shared
2007-10-13 12:59 --------- d-----w C:\Programmi\Windows Live
2007-10-13 12:59 --------- d-----w C:\Programmi\MSN Messenger
2007-10-13 12:59 --------- d-----w C:\Programmi\Messenger Plus! Live
2007-10-10 15:04 --------- d-----w C:\Programmi\File comuni\DirectX
2007-10-10 15:04 --------- d-----w C:\Documents and Settings\Jaxopo\Dati applicazioni\NHN Corporation
2007-10-10 15:03 --------- d--h--w C:\Documents and Settings\Jaxopo\Dati applicazioni\ijjigame
2007-10-10 15:00 --------- d-----w C:\Programmi\NHN USA
2007-10-10 13:51 --------- d-----w C:\Programmi\DAP
2007-10-10 07:57 --------- d-----w C:\Programmi\Games-Masters.com
2007-10-09 13:32 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\discreet
2007-10-09 13:09 --------- d-----w C:\Programmi\backburner 2
2007-10-09 13:08 --------- d-----w C:\Programmi\discreet
2007-10-09 11:54 --------- d-----w C:\Documents and Settings\Jaxopo\Dati applicazioni\InstallShield
2007-10-09 09:44 --------- d-----w C:\Programmi\File comuni\Adobe
2007-10-07 10:20 --------- d-----w C:\Programmi\CamStudio
2007-10-06 17:47 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-06 14:35 --------- d-----w C:\Programmi\Smallvideosoft
2007-10-06 14:05 --------- d-----w C:\Documents and Settings\Jaxopo\Dati applicazioni\Apple Computer
2007-10-06 13:11 --------- d-----w C:\Documents and Settings\Jaxopo\Dati applicazioni\Eltima Software
2007-10-06 13:07 --------- d-----w C:\Programmi\Windows Live Safety Center
2007-10-06 12:07 --------- d-----w C:\Programmi\FLV Player
2007-10-06 12:01 --------- d-----w C:\Programmi\File comuni\SWF Studio
2007-10-05 13:40 --------- d-----w C:\Programmi\DarkSim
2007-10-05 13:18 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2007-10-05 13:18 --------- d-----w C:\Programmi\Autodesk
2007-10-05 13:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2007-10-04 18:06 --------- d-----w C:\Programmi\Google
2007-10-04 17:02 --------- d-----w C:\Documents and Settings\Jaxopo\Dati applicazioni\Screenshot Sender
2007-10-04 13:57 --------- d-----w C:\Programmi\Samsung
2007-10-03 19:35 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2007-10-03 19:35 --------- d-----w C:\Programmi\File comuni\ODBC
2007-10-03 19:29 --------- d-----w C:\Programmi\Ahead
2007-10-03 19:25 --------- d-----w C:\Programmi\Nero
2007-10-03 19:25 --------- d-----w C:\Programmi\File comuni\Ahead
2007-10-03 19:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2007-10-03 19:16 --------- d-----w C:\Programmi\Pixologic
2007-10-03 19:12 --------- d-----w C:\Programmi\VstPlugins
2007-10-03 19:12 --------- d-----w C:\Programmi\Image-Line
2007-10-03 19:11 --------- d-----w C:\Programmi\Simple Star
2007-10-03 19:11 --------- d-----w C:\Documents and Settings\Jaxopo\Dati applicazioni\Audacity
2007-10-03 19:10 --------- d-----w C:\Programmi\CCleaner
2007-10-03 19:10 --------- d-----w C:\Programmi\BitComet
2007-10-03 19:09 --------- d-----w C:\Programmi\Ulead Systems
2007-10-03 19:09 --------- d-----w C:\Programmi\ImTOO
2007-10-03 19:09 --------- d-----w C:\Programmi\File comuni\Elecard
2007-10-03 19:09 --------- d-----w C:\Programmi\Elecard
2007-10-03 19:08 --------- d-----w C:\Programmi\File comuni\InstallShield
2007-10-03 19:07 --------- d-----w C:\Programmi\XviD
2007-10-03 19:07 --------- d-----w C:\Programmi\Game_Maker6
2007-10-03 19:07 --------- d-----w C:\Programmi\DivX
2007-10-03 19:04 --------- d-----w C:\Programmi\Apple Software Update
2007-10-03 19:03 --------- d-----w C:\Programmi\File comuni\Apple
2007-10-03 19:03 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-10-03 19:03 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-10-03 19:00 --------- d-----w C:\Programmi\D-Tools
2007-10-03 18:56 300,048 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-10-03 18:56 245,760 ----a-w C:\WINDOWS\system32\imon.dll
2007-10-03 18:56 114,688 ----a-w C:\WINDOWS\system32\nms32.dll
2007-10-03 18:52 --------- d-----w C:\Documents and Settings\Jaxopo\Dati applicazioni\ATI
2007-10-03 18:50 --------- d-----w C:\Programmi\ATI Technologies
2007-10-03 18:36 --------- d-----w C:\Programmi\ASUS
2007-10-03 18:32 --------- d-----w C:\Programmi\Analog Devices
2007-10-03 18:30 --------- d-----w C:\Programmi\Intel
2007-10-03 18:07 --------- d-----w C:\Programmi\microsoft frontpage
2007-10-03 18:05 --------- d-----w C:\Programmi\Servizi in linea
2007-10-03 18:05 --------- d-----w C:\Programmi\File comuni\MSSoap
2007-09-27 10:08 692,224 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2003-06-03 15:49 448,256 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-06-03 15:48 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-06-03 15:47 147,328 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3697376C-E166-4885-A46E-A8ECD08381F6}]
2007-11-15 15:29 84480 --a------ c:\windows\system32\dx8vbc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F60E2CE0-DFD2-424B-B43B-14CFBECC1BBB}]
2004-08-19 14:39 94208 --a------ C:\WINDOWS\system32\cabinetb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-07 11:21]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-08 10:06]
"IDMan"="C:\Programmi\Internet Download Manager\IDMan.exe" [2007-11-07 10:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28]
"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 08:42]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 08:12]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-10-03 19:56]
"DAEMON Tools-1033"="C:\Programmi\D-Tools\daemon.exe" [2004-08-22 16:05]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2007-11-15 15:53]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-11-15 13:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\axdujdku]
dx8vbc.dll 2007-11-15 15:29 84480 C:\WINDOWS\system32\dx8vbc.dll

R0 cbwwtluu;cbwwtluu;C:\WINDOWS\system32\drivers\gontlcin.dat
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
S2 vvbevqcd; WAN NDIS di accesso remotoController;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vvbevqcd

.
Contenuto della cartella 'Scheduled Tasks'
"2007-11-22 16:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 19:24:15
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2007-11-26 19:29:14 - machine was rebooted
.
--- E O F ---
jaxopo
Newbie
 
Post: 6
Iscritto il: 25/11/07 21:43

Postdi Luke57 » 27/11/07 09:36

Ciao,riprova con avenger inserendo questo script:

Files to delete:
C:\WINDOWS\system32\cabinetb.dll
C:\WINDOWS\SYSTEM32\dx8vbc.dll
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\ekympqnx.dat
C:\WINDOWS\system32\fchrxytj.dat
C:\WINDOWS\system32\wdstlibl.dat
C:\WINDOWS\system32\drivers\gontlcin.dat

folders to delete:
C:\Programmi\File comuni\SystemErrorFixer

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3697376C-E166-4885-A46E-A8ECD08381F6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F60E2CE0-DFD2-424B-B43B-14CFBECC1BBB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\axdujdku
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi jaxopo » 27/11/07 18:32

ecco il risultato con avanger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ojrcxkrb

*******************

Script file located at: \??\C:\WINDOWS\system32\sshtpwrl.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\system32\cabinetb.dll for deletion
Deletion of file C:\WINDOWS\system32\cabinetb.dll failed!

Could not process line:
C:\WINDOWS\system32\cabinetb.dll
Status: 0xc0000022



Could not open file C:\WINDOWS\SYSTEM32\dx8vbc.dll for deletion
Deletion of file C:\WINDOWS\SYSTEM32\dx8vbc.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\dx8vbc.dll
Status: 0xc0000022

File C:\WINDOWS\system32\d3d9caps.dat deleted successfully.
File C:\WINDOWS\system32\ekympqnx.dat deleted successfully.
File C:\WINDOWS\system32\fchrxytj.dat deleted successfully.
File C:\WINDOWS\system32\wdstlibl.dat deleted successfully.


Could not open file C:\WINDOWS\system32\drivers\gontlcin.dat for deletion
Deletion of file C:\WINDOWS\system32\drivers\gontlcin.dat failed!

Could not process line:
C:\WINDOWS\system32\drivers\gontlcin.dat
Status: 0xc0000022



Folder C:\Programmi\File comuni\SystemErrorFixer not found!
Deletion of folder C:\Programmi\File comuni\SystemErrorFixer failed!

Could not process line:
C:\Programmi\File comuni\SystemErrorFixer
Status: 0xc0000034



Could not open registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3697376C-E166-4885-A46E-A8ECD08381F6} for deletion
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3697376C-E166-4885-A46E-A8ECD08381F6} failed!
Status: 0xc0000022



Could not open registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F60E2CE0-DFD2-424B-B43B-14CFBECC1BBB} for deletion
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F60E2CE0-DFD2-424B-B43B-14CFBECC1BBB} failed!
Status: 0xc0000022



Could not open registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\axdujdku for deletion
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\axdujdku failed!
Status: 0xc0000022


Completed script processing.

*******************

Finished! Terminate



e questa è la situazione con HiJackThis_v2:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18.32.12, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\D-Tools\daemon.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Internet Download Manager\IDMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programmi\Internet Download Manager\IDMIECC.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3697376C-E166-4885-A46E-A8ECD08381F6} - c:\windows\system32\dx8vbc.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmi\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F60E2CE0-DFD2-424B-B43B-14CFBECC1BBB} - C:\WINDOWS\system32\cabinetb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Programmi\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Programmi\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Programmi\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with IDM - C:\Programmi\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O20 - Winlogon Notify: axdujdku - C:\WINDOWS\SYSTEM32\dx8vbc.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Programmi\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe

--
End of file - 7795 bytes
jaxopo
Newbie
 
Post: 6
Iscritto il: 25/11/07 21:43

Postdi jaxopo » 27/11/07 18:33

ecco il risultato con avanger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ojrcxkrb

*******************

Script file located at: \??\C:\WINDOWS\system32\sshtpwrl.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\system32\cabinetb.dll for deletion
Deletion of file C:\WINDOWS\system32\cabinetb.dll failed!

Could not process line:
C:\WINDOWS\system32\cabinetb.dll
Status: 0xc0000022



Could not open file C:\WINDOWS\SYSTEM32\dx8vbc.dll for deletion
Deletion of file C:\WINDOWS\SYSTEM32\dx8vbc.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\dx8vbc.dll
Status: 0xc0000022

File C:\WINDOWS\system32\d3d9caps.dat deleted successfully.
File C:\WINDOWS\system32\ekympqnx.dat deleted successfully.
File C:\WINDOWS\system32\fchrxytj.dat deleted successfully.
File C:\WINDOWS\system32\wdstlibl.dat deleted successfully.


Could not open file C:\WINDOWS\system32\drivers\gontlcin.dat for deletion
Deletion of file C:\WINDOWS\system32\drivers\gontlcin.dat failed!

Could not process line:
C:\WINDOWS\system32\drivers\gontlcin.dat
Status: 0xc0000022



Folder C:\Programmi\File comuni\SystemErrorFixer not found!
Deletion of folder C:\Programmi\File comuni\SystemErrorFixer failed!

Could not process line:
C:\Programmi\File comuni\SystemErrorFixer
Status: 0xc0000034



Could not open registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3697376C-E166-4885-A46E-A8ECD08381F6} for deletion
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3697376C-E166-4885-A46E-A8ECD08381F6} failed!
Status: 0xc0000022



Could not open registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F60E2CE0-DFD2-424B-B43B-14CFBECC1BBB} for deletion
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F60E2CE0-DFD2-424B-B43B-14CFBECC1BBB} failed!
Status: 0xc0000022



Could not open registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\axdujdku for deletion
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\axdujdku failed!
Status: 0xc0000022


Completed script processing.

*******************

Finished! Terminate



e questa è la situazione con HiJackThis_v2:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18.32.12, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\D-Tools\daemon.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Internet Download Manager\IDMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programmi\Internet Download Manager\IDMIECC.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3697376C-E166-4885-A46E-A8ECD08381F6} - c:\windows\system32\dx8vbc.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmi\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F60E2CE0-DFD2-424B-B43B-14CFBECC1BBB} - C:\WINDOWS\system32\cabinetb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Programmi\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Programmi\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Programmi\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with IDM - C:\Programmi\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O20 - Winlogon Notify: axdujdku - C:\WINDOWS\SYSTEM32\dx8vbc.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Programmi\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe

--
End of file - 7795 bytes
jaxopo
Newbie
 
Post: 6
Iscritto il: 25/11/07 21:43

Postdi Luke57 » 27/11/07 19:15

Ciao, scarica VundoFix da qui
http://www.atribune.org/content/view/24/2/
Avvia vundofix, seleziona "Scan for Vundo" e poi alla fine clicca su "Remove Vundo".
Alla fine di tutto posta anche il log generato da Vundofix.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi jaxopo » 27/11/07 22:12

ecco i risultati con vundofix:


VundoFix V6.6.2

Checking Java version...

Sun Java not detected
Scan started at 19.30.07 27/11/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...


e questi con HiJackThis_v2:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22.12.30, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programmi\Internet Download Manager\IDMIECC.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3697376C-E166-4885-A46E-A8ECD08381F6} - c:\windows\system32\dx8vbc.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmi\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F60E2CE0-DFD2-424B-B43B-14CFBECC1BBB} - C:\WINDOWS\system32\cabinetb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Programmi\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Programmi\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Programmi\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with IDM - C:\Programmi\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O20 - Winlogon Notify: axdujdku - C:\WINDOWS\SYSTEM32\dx8vbc.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Programmi\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe

--
End of file - 7897 bytes
jaxopo
Newbie
 
Post: 6
Iscritto il: 25/11/07 21:43

Postdi Luke57 » 28/11/07 08:57

Ciao, riavvia Vundofix
Clicca con il destro del mouse nello spazio bianco e seleziona l'opzione "Add more files?"
Ti si apre una nuova finestra
Clicca con il mouse nella prima riga, copia e incolla questo percorso
C:\WINDOWS\SYSTEM32\dx8vbc.dll
Clicca con il mouse sulla seconda riga, copia e incolla questo percorso
C:\WINDOWS\system32\cbv8xd.*
Clicca sul pulsante "Add file(s) poi su "close Windows" e ritornerai nella schermata principale dove vedrai i percorsi dei files(quelli che hai copiato e incollato) adesso clicca sul pulsante "Remove Vundo", poi continua confermando con yes (se vundofix riappareal riavvio con ancora il file da eliminare premi il pulsante Remove vundo per continuare la rimozione).
Posta, come nel caso precedente, il report dello scan.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "potete controllarmi un logfile xfavore?":

Aiuto logfile
Autore: bio952
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti