Grazie a chiunque voglia darmi una mano.
Registrazione
Moderatori: m.paolo, kadosh, Luke57
di robyfuma » 28/03/10 13:19
di shel » 28/03/10 14:36
di robyfuma » 28/03/10 17:39
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.34.28, on 28/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Orbitdownloader\orbitdm.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/portale/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P30 "EPSON Stylus Photo R320 Series" /M "Stylus Photo R320" /EF "HKCU"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Programmi\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 9780 bytes
di shel » 28/03/10 18:06
di robyfuma » 28/03/10 18:42
ComboFix 10-03-28.01 - Roberta 28/03/2010 19.21.50.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1790.1237 [GMT 2:00]
Eseguito da: c:\documents and settings\Roberta\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Roberta\Dati applicazioni\Desktopicon
c:\documents and settings\Roberta\Dati applicazioni\Desktopicon\eBay.ico
c:\documents and settings\Roberta\Dati applicazioni\Desktopicon\uninst.exe
c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((( Files Creati Da 2010-02-28 al 2010-03-28 )))))))))))))))))))))))))))))))))))
.
2010-03-28 10:37 . 2010-03-28 10:37 -------- d-----w- c:\programmi\FreeTime
2010-03-27 23:37 . 2010-03-27 23:37 -------- d-----w- c:\programmi\File comuni\SWF Studio
2010-03-27 14:08 . 2010-03-28 11:31 -------- d-----w- c:\programmi\Orbitdownloader
2010-03-24 12:37 . 2010-03-24 12:37 -------- d-----w- c:\programmi\ScanSoft
2010-03-19 23:17 . 2010-03-19 23:18 -------- d-----w- c:\programmi\File comuni\Jasc Software Inc
2010-03-19 23:17 . 2010-03-19 23:17 -------- d-----w- c:\programmi\Jasc Software Inc
2010-03-18 21:24 . 2010-03-18 21:34 -------- d-----w- c:\programmi\ABC Amber LIT Converter
2010-03-17 18:13 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-17 14:06 . 2010-03-17 15:22 -------- d-----w- c:\programmi\Yahoo!
2010-03-07 13:03 . 2010-03-07 13:03 -------- d-----w- c:\programmi\ciotoli.it
2010-02-26 18:34 . 2010-02-26 18:36 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-02-26 18:34 . 2010-02-26 18:36 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-02-26 18:34 . 2010-02-26 18:34 -------- d-----w- c:\documents and settings\Roberta\Impostazioni locali\Dati applicazioni\mdnslib
2010-02-26 18:33 . 2010-02-26 18:33 -------- d-----w- c:\windows\Applian Director
2010-02-26 18:32 . 2010-02-26 18:32 -------- d-----w- c:\documents and settings\Roberta\Impostazioni locali\Dati applicazioni\FLVService
2010-02-26 18:32 . 2010-02-26 18:32 -------- d-----w- c:\windows\Replay Media Catcher
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 17:09 . 2010-02-24 16:35 -------- d-----w- c:\documents and settings\Roberta\Dati applicazioni\Orbit
2010-03-28 16:22 . 2010-02-06 09:36 -------- d-----w- c:\documents and settings\Roberta\Dati applicazioni\vlc
2010-03-28 11:33 . 2009-03-11 16:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2010-03-28 10:37 . 2009-08-28 21:04 -------- d-----w- c:\programmi\FormatFactory
2010-03-22 14:36 . 2009-04-04 15:08 -------- d-----w- c:\documents and settings\Roberta\Dati applicazioni\dvdcss
2010-03-22 14:05 . 2009-04-11 08:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2010-03-22 06:30 . 2010-01-19 13:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-17 14:06 . 2009-03-20 15:30 -------- d-----w- c:\programmi\CCleaner
2010-03-13 12:02 . 2009-03-19 08:28 -------- d-----w- c:\programmi\EPSON Print CD
2010-03-11 18:44 . 2009-04-08 15:08 -------- d-----w- c:\documents and settings\Roberta\Dati applicazioni\gtk-2.0
2010-03-11 18:43 . 2009-05-12 14:47 -------- d-----w- c:\programmi\Avidemux 2.4
2010-02-25 19:35 . 2009-03-11 16:37 -------- d-----w- c:\programmi\AVG
2010-02-24 16:35 . 2010-02-24 16:35 -------- d-----w- c:\documents and settings\Roberta\Dati applicazioni\GrabPro
2010-02-21 10:32 . 2010-02-21 10:32 -------- d-----w- c:\programmi\AviSynth 2.5
2010-02-21 10:32 . 2010-02-21 10:32 -------- d-----w- c:\programmi\eRightSoft
2010-02-19 20:19 . 2009-05-23 09:08 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-02-02 11:51 . 2010-02-02 11:50 -------- d-----w- c:\programmi\iTunes
2010-02-02 11:50 . 2010-02-02 11:50 -------- d-----w- c:\programmi\iPod
2010-02-02 11:50 . 2009-04-05 17:19 -------- d-----w- c:\programmi\File comuni\Apple
2010-02-02 11:47 . 2010-02-02 11:46 -------- d-----w- c:\programmi\QuickTime
2010-02-02 11:43 . 2010-02-02 11:43 72488 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-25 13:28 . 2009-10-23 06:34 3777816 ----a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP\AVG\setup.exe
2010-01-18 07:44 . 2010-01-07 21:58 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 10:12 . 2009-10-03 06:40 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 15:07 . 2009-04-23 18:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-23 18:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2008-05-16 22:36 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2006-05-03 10:06 . 2010-02-21 10:32 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-02-21 10:32 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-02-21 10:32 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-18_12.11.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-28 17:20 . 2010-03-28 17:20 16384 c:\windows\Temp\Perflib_Perfdata_fc.dat
+ 2010-02-21 10:32 . 2004-01-24 23:00 70656 c:\windows\system32\yv12vfw.dll
- 2008-05-16 22:36 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2008-05-16 22:36 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2010-02-21 10:32 . 2004-01-24 23:00 70656 c:\windows\system32\i420vfw.dll
+ 2010-03-19 23:18 . 2010-03-19 23:18 25214 c:\windows\Installer\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}\ARPPRODUCTICON.exe
- 2009-07-22 10:33 . 2009-07-22 10:33 25214 c:\windows\Installer\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}\ARPPRODUCTICON.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46 23040 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-03-11 16:00 . 2010-02-10 11:33 23040 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46 61440 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-03-11 16:00 . 2010-02-10 11:33 61440 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-03-11 16:00 . 2010-02-10 11:33 27136 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46 27136 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-03-11 16:00 . 2010-02-10 11:33 11264 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46 11264 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-03-11 16:00 . 2010-02-10 11:33 86016 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46 86016 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-03-11 16:00 . 2010-02-10 11:33 12288 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46 12288 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-03-19 22:31 . 2010-03-19 22:31 49152 c:\windows\Installer\{7C4196CA-CA41-4F34-9C08-7724E7705D52}\NewShortcut1_7C4196CACA414F349C087724E7705D52.exe
+ 2010-03-19 22:31 . 2010-03-19 22:31 10134 c:\windows\Installer\{7C4196CA-CA41-4F34-9C08-7724E7705D52}\ARPPRODUCTICON.exe
+ 2010-02-24 06:52 . 2009-10-28 15:07 46080 c:\windows\$NtUninstallKB979306$\tzchange.exe
+ 2010-02-24 06:52 . 2010-01-23 10:40 16896 c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll
+ 2010-02-24 06:53 . 2008-07-08 13:06 26488 c:\windows\$hf_mig$\KB976662-IE8\update\spcustom.dll
+ 2010-02-24 06:53 . 2008-07-08 13:06 18808 c:\windows\$hf_mig$\KB976662-IE8\spmsg.dll
+ 2009-03-11 16:00 . 2010-03-10 22:46 4096 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-03-11 16:00 . 2010-02-10 11:33 4096 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-05-16 22:36 . 2009-06-22 06:45 726528 c:\windows\system32\jscript.dll
+ 2008-05-16 22:36 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2008-05-16 22:36 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-16 22:36 . 2009-06-22 06:45 726528 c:\windows\system32\dllcache\jscript.dll
+ 2010-02-21 10:32 . 2004-02-22 09:11 719872 c:\windows\system32\devil.dll
+ 2010-02-21 10:32 . 2009-09-27 08:39 369152 c:\windows\system32\avisynth.dll
+ 2010-02-26 18:32 . 2010-02-26 18:32 473600 c:\windows\Replay Media Catcher\uninstall.exe
+ 2010-03-07 13:03 . 2010-03-07 13:03 244736 c:\windows\Installer\e01c34.msi
+ 2010-03-19 22:31 . 2010-03-19 22:31 533504 c:\windows\Installer\371ee0f.msi
- 2009-03-11 16:00 . 2010-02-10 11:33 409600 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46 409600 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-03-11 16:00 . 2010-02-10 11:33 286720 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46 286720 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-03-11 16:00 . 2010-02-10 11:33 249856 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46 249856 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-03-11 16:00 . 2010-02-10 11:33 794624 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46 794624 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-03-11 16:00 . 2010-02-10 11:33 135168 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46 135168 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-03-11 16:00 . 2010-02-10 11:33 593920 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46 593920 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-02-24 06:53 . 2008-07-08 13:06 402296 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-24 06:53 . 2008-07-08 13:06 233848 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-24 06:53 . 2009-06-22 06:45 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-02-26 18:33 . 2010-02-26 18:33 473600 c:\windows\Applian Director\uninstall.exe
+ 2010-02-24 06:52 . 2009-05-26 11:41 402296 c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll
+ 2010-02-24 06:52 . 2009-05-26 11:41 233848 c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
+ 2010-02-24 06:53 . 2008-07-08 13:06 402296 c:\windows\$hf_mig$\KB976662-IE8\update\updspapi.dll
+ 2010-02-24 06:53 . 2008-07-08 13:06 763768 c:\windows\$hf_mig$\KB976662-IE8\update\update.exe
+ 2010-02-24 06:53 . 2008-07-08 13:06 233848 c:\windows\$hf_mig$\KB976662-IE8\spuninst.exe
+ 2010-02-24 06:47 . 2009-12-09 05:51 726528 c:\windows\$hf_mig$\KB976662-IE8\SP3QFE\jscript.dll
- 2008-05-16 22:58 . 2008-04-14 12:00 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2008-05-16 22:58 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-03-19 23:18 . 2010-03-19 23:18 2091008 c:\windows\Installer\3a52804.msi
+ 2010-02-04 17:11 . 2010-02-04 17:11 5526528 c:\windows\Installer\360ace8.msp
+ 2010-01-27 16:53 . 2010-01-27 16:53 6820864 c:\windows\Installer\360acd3.msp
+ 2010-03-24 12:37 . 2010-03-24 12:37 1981952 c:\windows\Installer\1441329.msi
+ 2009-03-14 14:16 . 2010-03-02 05:30 31648712 c:\windows\system32\MRT.exe
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE" [2004-12-16 98304]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-29 205256]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-26 8491008]
"nwiz"="nwiz.exe" [2008-01-26 1626112]
"NvMediaCenter"="NvMCTray.dll" [2008-01-26 81920]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-24 16858112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE" [2004-12-16 98304]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SpybotSnD"="c:\programmi\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-01-22 141608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Orbit.lnk - c:\programmi\Orbitdownloader\orbitdm.exe [2010-3-27 1805584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 08:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/03/2009 18.37.26 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/03/2009 18.37.29 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/03/2009 18.37.23 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/03/2009 18.37.21 297752]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01/06/2009 7.27.13 721904]
.
Contenuto della cartella 'Scheduled Tasks'
2010-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-03-28 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
2010-03-28 c:\windows\Tasks\User_Feed_Synchronization-{B231C5D4-29AB-456F-AE9A-25E1ADE2C378}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.fastweb.it/portale/
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-eBay Icon - c:\documents and settings\Roberta\Dati applicazioni\Desktopicon\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 19:26
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2010-03-28 19:27:45
ComboFix-quarantined-files.txt 2010-03-28 17:27
Pre-Run: 43.898.273.792 byte disponibili
Post-Run: 43.868.532.736 byte disponibili
- - End Of File - - 13AC55FFB919249395892ACE7CFFEBEB
di shel » 28/03/10 19:06
di robyfuma » 28/03/10 19:41
File browserchoice.exe ricevuto il 2010.03.28 14:22:35 (UTC)
Stato corrente: finito
Risultato: 0/42 (0.00%)
Formattato Stampa risultati Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.5.0.50 2010.03.28 -
AhnLab-V3 5.0.0.2 2010.03.27 -
AntiVir 7.10.5.241 2010.03.26 -
Antiy-AVL 2.0.3.7 2010.03.26 -
Authentium 5.2.0.5 2010.03.28 -
Avast 4.8.1351.0 2010.03.28 -
Avast5 5.0.332.0 2010.03.28 -
AVG 9.0.0.787 2010.03.28 -
BitDefender 7.2 2010.03.28 -
CAT-QuickHeal 10.00 2010.03.27 -
ClamAV 0.96.0.0-git 2010.03.28 -
Comodo 4416 2010.03.28 -
DrWeb 5.0.1.12222 2010.03.28 -
eSafe 7.0.17.0 2010.03.28 -
eTrust-Vet 35.2.7391 2010.03.26 -
F-Prot 4.5.1.85 2010.03.27 -
F-Secure 9.0.15370.0 2010.03.28 -
Fortinet 4.0.14.0 2010.03.27 -
GData 19 2010.03.28 -
Ikarus T3.1.1.80.0 2010.03.28 -
Jiangmin 13.0.900 2010.03.28 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.28 -
McAfee 5933 2010.03.27 -
McAfee+Artemis 5933 2010.03.27 -
McAfee-GW-Edition 6.8.5 2010.03.27 -
Microsoft 1.5605 2010.03.28 -
NOD32 4979 2010.03.28 -
Norman 6.04.10 2010.03.28 -
nProtect 2009.1.8.0 2010.03.28 -
Panda 10.0.2.2 2010.03.28 -
PCTools 7.0.3.5 2010.03.28 -
Prevx 3.0 2010.03.28 -
Rising 22.40.06.04 2010.03.28 -
Sophos 4.52.0 2010.03.28 -
Sunbelt 6101 2010.03.26 -
Symantec 20091.2.0.41 2010.03.28 -
TheHacker 6.5.2.0.246 2010.03.28 -
TrendMicro 9.120.0.1004 2010.03.28 -
VBA32 3.12.12.2 2010.03.27 -
ViRobot 2010.3.27.2248 2010.03.27 -
VirusBuster 5.0.27.0 2010.03.27 -
Informazioni addizionali
File size: 293376 bytes
MD5 : da1919d896dbd5895e138932ae9e398b
SHA1 : 361bee6e2535d9fc10a01ac6686be55d854fc5ba
SHA256: 4c5fb3c35ca7c2e10ae2920afd40e854c123219901c15a80941ac9f53eef97d7
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3363
timedatestamp.....: 0x4B737C6F (Thu Feb 11 04:41:35 2010)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x34CA 0x3600 6.18 e0356f94745647bc2bed78b680e83512
.data 0x5000 0x68C 0x400 5.80 28fcfd5ab0eb9c208220c87444240f30
.rsrc 0x6000 0x44000 0x43400 6.41 1370a78bf18215c408206d0638b25934
.reloc 0x4A000 0x648 0x800 2.72 cb9cda0ca1762d2b27ddcf4dd8860ae5
( 10 imports )
> advapi32.dll: RegCloseKey, RegCreateKeyExW, GetTokenInformation, OpenProcessToken, CreateProcessAsUserW, SetTokenInformation, GetLengthSid, ConvertStringSidToSidW, DuplicateTokenEx
> kernel32.dll: GetLastError, VerifyVersionInfoW, VerSetConditionMask, FreeLibrary, GetProcAddress, LoadLibraryW, CloseHandle, GetCurrentProcess, GetUserGeoID, GetExitCodeProcess, WaitForSingleObject, LocalFree, GetModuleHandleW, lstrcmpA, GetModuleFileNameW, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedCompareExchange, Sleep, InterlockedExchange
> msvcrt.dll: _controlfp, _vsnwprintf, memset, __3@YAXPAX@Z, wcschr, _wcsnicmp, _terminate@@YAXXZ, __set_app_type, __p__fmode, __p__commode, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _wtoi, __2@YAPAXI@Z
> ntdll.dll: RtlUnwind
> ole32.dll: CoUninitialize, CoTaskMemFree, CoCreateInstance, CoInitializeEx
> oleaut32.dll: -, -
> shell32.dll: -, SHGetFolderPathW, -, -, ShellExecuteW, SHBindToParent
> shlwapi.dll: PathCombineW, PathAddExtensionW, -, SHRegGetBoolUSValueW, SHRegGetUSValueW, SHDeleteValueW, PathFindFileNameW, -, SHRegSetUSValueW, SHSetValueW
> user32.dll: LoadStringW
> wininet.dll: InternetGetCookieW, InternetSetCookieW
( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 6144:IEesYclzRCayeopvGE0zM6s4D8e8FIBK86dNvMXfAo:IEerclzRCayeopvGNzM6s4D8e8FIBK8f
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Browser Choice
original name: browserchoice.exe
internal name: Browser Choice
file version.: 6.1.7600.16526 (win7_gdr.100210-1504)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
-
ATTENZIONE: VirusTotal è un servizio gratuito offerto da Hispasec Sistemas. Non esiste garanzia circa la disponibilità e la continuità di questo servizio. Nonostante il livello di identificazione conseguito da multipli motori antivirus sia molto superiore a quello offerto dal singolo prodotto, questi risultati NON garantiscono la sicurezza di un file. Attualmente, non esiste soluzione che offra certezza al 100% sull'identificazione di virus e malware
di shel » 28/03/10 20:06
di robyfuma » 28/03/10 20:21
di shel » 28/03/10 21:20
| Trojan individuato ma con problemi di rimozione. Autore: eddiguff |
Forum: Sicurezza e Privacy Risposte: 8 |
| Come eliminare un trojan da "services.exe"? Autore: Clarock100 |
Forum: Sicurezza e Privacy Risposte: 2 |
Visitano il forum: Nessuno e 7 ospiti