Possibile trojan wscntfy.exe

**shaska** · 06-12-2009, 17:31

log fatto con winpatrol

Log created by WinPatrol PLUS version 16.0.2009.0:16.0.2009.0
Scan saved at 4:28:55 PM, on 12/06/2009
Platform: Windows XP SP3 Service Pack 3 (Build 2600)
MSIE: Internet Explorer (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\ccSetMgr.exe
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMMI\Bonjour\MDNSRESPONDER.EXE
C:\PROGRAMMI\SYMANTEC ANTIVIRUS\DefWatch.exe
C:\PROGRAMMI\Java\jre6\bin\jqs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSISERVICE.EXE
C:\PROGRAMMI\SYMANTEC ANTIVIRUS\Rtvscan.exe
C:\PROGRAMMI\ANALOG DEVICES\Core\smax4pnp.exe
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\ccApp.exe
C:\Programmi\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAMMI\DAEMON TOOLS LITE\daemon.exe
C:\PROGRAMMI\Google\GOOGLETOOLBARNOTIFIER\GOOGLETO OLBARNOTIFIER.EXE
C:\PROGRAMMI\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAMMI\FILE COMUNI\Ahead\Lib\NMINDEXINGSERVICE.EXE
C:\PROGRAMMI\uTorrent\uTorrent.exe
C:\PROGRAMMI\INTERNET EXPLORER\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAMMI\SPYBOT - SEARCH & DESTROY\SpybotSD.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\v3.0\WINDOWS COMMUNICATION FOUNDATION\infocard.exe
C:\PROGRAMMI\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...5.5&ar=msnhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O1 - Hosts: 93.62.250.3L2authd.lineage2.com#Fields Of Glory V2
O1 - Hosts: 93.62.250.3L2testauthd.lineage2.com#Fields Of Glory V2
O1 - Hosts: 216.107.250.194 protect.lineage2.com
O1 - Hosts: 216.107.250.194 nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 update.nProtect.com
O1 - Hosts: 216.107.250.194 update.nProtect.net
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: - {5C255C8A-E604-49b4-9D64-90988571CECB} -
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525 .1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O2 - BHO: TBSB08993 Class - {FD4E08F0-3DE7-4014-99C9-A84E5A99A2AD} - C:\Programmi\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programmi\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP]C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX]C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AdslTaskBar]stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ccApp]C:\Programmi\File comuni\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [vptray]C:\Programmi\Symantec AntiVirus\VPTray.exe
O4 - HKLM\..\Run: [nwiz]C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter]C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon]C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol PLUS]C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [CTFMON.EXE]C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite]C:\Programmi\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [swg]C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Programmi\Java\jre6\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (http://fpdownload.macromedia.com/get...bear/ultrashim) - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate1c9a98d140e8ab0) - - C:\Programmi\Google\Update\GoogleUpdate.exe /svc
O23 - Service: Google Software Updater - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Accesso periferica Human Interface - - C:\WINDOWS\System32\hidserv.dll
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter - - C:\Programmi\Java\jre6\bin\jqs.exe -service -config C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit - - C:\Programmi\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32serve r.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service - KALiNKOsoft - C:\Programmi\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SavRoam - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: Pagina iniziale corrente - About:Home

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 8.00.6001.18702
MSIE: Internet Explorer (8.00.6001.18702)
4096 IE Cookies in Folder: C:\Documents and Settings\Administrator\Cookies\

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL \DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL \Prefixes: www = http://

WP31 - Scheduled Tasks: [OGALogon.job]C:\WINDOWS\system32\OGAVerify.exe 03/05/2009 8:37 PM
WP31 - Scheduled Tasks: [OGADaily.job]C:\WINDOWS\system32\OGAVerify.exe Mai
WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineUA.job]C:\Programmi\Google\Update\GoogleUpdate.exe 12/06/2009 3:30 PM
WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineCore.job]C:\Programmi\Google\Update\GoogleUpdate.exe 12/06/2009 12:11 PM
WP31 - Scheduled Tasks: [Google Software Updater.job]C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe Mai
WP31 - Scheduled Tasks: [User_Feed_Synchronization-{A3F20CF0-C2CD-4DE6-AE41-D919F7F5C645}.job]C:\WINDOWS\system32\msfeedssync.exe 12/06/2009 4:28 PM

WP16 - ActiveX: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [Google Script Object] C:\PROGRAMMI\Google\GOOGLE TOOLBAR\GOOGLETOOLBAR_32.DLL 6, 3, 1014, 1517
WP16 - ActiveX: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [CDownloadCtrl Object] C:\PROGRAMMI\DOWNLOAD MANAGER\DLMCONTROL.DLL 2.3.9.113
WP16 - ActiveX: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_15] C:\PROGRAMMI\Java\jre6\bin\jp2iexp.dll
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAMMI\FILE COMUNI\Adobe\Acrobat\ActiveX\AcroPDF.dll
WP16 - ActiveX: {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [Deployment Toolkit] C:\WINDOWS\system32\deploytk.dll 6.0.150.3
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx 10,0,32,18
WP16 - ActiveX: {D742F4EC-5D39-4294-8A17-11969A294512} [Google Updater Class] C:\PROGRAMMI\Google\GOOGLE UPDATER\2.4.1536.6592\ci.dll 2.4.1536.6592.beta
WP16 - ActiveX: {261B8CA9-3BAF-4BD0-B0C2-BF04286785C6} [Microsoft Office Outlook View Control] C:\Programmi\Microsoft Office\Office12\OUTLCTL.DLL
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAMMI\FILE COMUNI\Adobe\Acrobat\ActiveX\AcroPDF.dll
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx 10,0,32,18

Discussione: Possibile trojan wscntfy.exe

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio