Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmi\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\miopc\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
QuickTime Task = "C:\Programmi\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched = C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
POINTER = point32.exe
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Apoint = C:\Programmi\Apoint2K\Apoint.exe
TkBellExe = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
Windows Defender = "C:\Programmi\Windows Defender\MSASCui.exe" -hide
PCSuiteTrayApplication = C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
36751852 = rundll32.exe "C:\WINDOWS\system32\bsxfviif.dll",b
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once
Spybot - Search & Destroy = "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
SpybotDeletingA9019 = command /c del "C:\WINDOWS\system32\cdbrcqac.dllbox"
SpybotDeletingC8420 = cmd /c del "C:\WINDOWS\system32\cdbrcqac.dllbox"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer = C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Task Scheduler jobs:
MP Scheduled Scan.job
--------------------------------------------------
Enumerating Download Program Files:
[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE =
http://office.microsoft.com/templates/ieawsdc.cab
[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE =
http://www.kaspersky.com/kos/eng/par...an_unicode.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE =
http://download.macromedia.com/pub/s...irector/sw.cab
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE =
http://go.microsoft.com/fwlink/?linkid=39204
[InstallerBehaviorFactory Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnInstC.dll
CODEBASE =
https://signup.msn.com/pages/MsnInstC.cab
[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE =
http://download.ewido.net/ewidoOnlineScan.cab
[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE =
http://messenger.zone.msn.com/binary...r.cab56986.cab
[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE =
http://messenger.zone.msn.com/binary...r.cab31267.cab
[Windows Live Safety Center Base Module]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
CODEBASE =
http://scan.safety.live.com/resource...scbase5059.cab
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE =
http://update.microsoft.com/microsof...?1137181591426
[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE =
http://messenger.zone.msn.com/binary...t.cab31267.cab
[InetDownload Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WMDownload.dll
CODEBASE =
https://media.pineconeresearch.com/A...oadcontrol.cab
[Lycos File Upload Component]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\FileUploader.dll
CODEBASE =
http://f012.mail.lycos.it/app/uploader/FileUploader.cab
[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE =
http://messenger.zone.msn.com/binary...t.cab56907.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
CODEBASE =
http://download.macromedia.com/pub/s...sh/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 8.267 bytes
Report generated in 0,240 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
divertito apro lo zippato, fidandomi di lei e mi riporta ad un eseguibile di photobucker o una cosa simile che non riesco ad aprire. La cosa finisce lì. Dopo alcuni minuti msn si blocca per degli istanti rapidissimi delle caselle msn di miei contatti si aprono e chiudono rapidamente. Vengo avvertito che sto mandando l'allegato di prima
capisco che era un virus
VVoVe:
Rispondi quotando