(Logfile hijack) problema con win32 tenga

**FourYearStrong** · 21-03-2010, 10:21

ecco qua il report di Combofix.txt, diviso in due parti per motivi di spazio

ComboFix 10-03-20.01 - Utente 21/03/2010 9.11.39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1350 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100320-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\windows\system32\oem12.inf

.
((((((((((((((((((((((((( Files Creati Da 2010-02-21 al 2010-03-21 )))))))))))))))))))))))))))))))))))
.

2010-03-20 19:07 . 2010-03-20 19:08 -------- d-----w- C:\HiJackthis
2010-03-20 16:44 . 2010-03-20 20:58 -------- d-----w- C:\Tony Sly - 12 Song Program (FLAC)
2010-03-04 19:37 . 2010-03-20 21:53 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\foobar2000
2010-03-04 19:37 . 2010-03-04 19:56 -------- d-----w- c:\programmi\foobar2000
2010-03-04 17:50 . 2010-03-04 17:50 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\DFX
2010-03-04 17:49 . 2010-03-04 17:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DFX
2010-03-04 17:49 . 2010-03-04 17:49 -------- d-----w- c:\programmi\File comuni\DFX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-03-21 08:07 . 2006-03-02 12:00 84354 ----a-w- c:\windows\system32\perfc010.dat
2010-03-21 08:07 . 2006-03-02 12:00 489648 ----a-w- c:\windows\system32\perfh010.dat
2010-03-21 07:56 . 2009-02-08 09:19 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\uTorrent
2010-03-20 22:16 . 2009-08-30 09:22 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\vlc
2010-03-20 20:15 . 2009-01-30 09:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2010-03-20 19:33 . 2010-02-04 12:57 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Facebook
2010-03-20 19:32 . 2009-03-28 08:22 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-03-20 19:03 . 2010-02-10 17:34 70656 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-17 12:15 . 2009-06-03 11:37 -------- d-----w- c:\programmi\Safari
2010-03-14 21:37 . 2009-10-15 20:48 -------- d-----w- c:\programmi\mIRC
2010-03-13 08:35 . 2009-06-20 07:28 25440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\savapibridge.dll
2010-03-13 08:35 . 2009-06-20 07:28 173408 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-03-13 08:35 . 2009-06-20 07:28 350544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-03-13 08:35 . 2009-06-20 07:28 303456 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-03-13 08:35 . 2009-06-08 07:33 89952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-03-13 08:35 . 2009-06-20 07:28 1630560 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-13 08:35 . 2009-06-08 07:31 254832 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-03-13 08:35 . 2009-06-08 07:30 45408 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-03-13 08:35 . 2009-06-20 07:28 671592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-03-12 17:36 . 2009-02-08 09:19 -------- d-----w- c:\programmi\uTorrent
2010-03-08 15:13 . 2009-11-10 07:00 -------- d-----w- c:\programmi\TuneUp Utilities 2010
2010-03-05 13:45 . 2009-05-07 18:32 -------- d-----w- c:\programmi\Google
2010-02-27 17:01 . 2009-01-30 09:54 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-02-23 12:48 . 2009-01-29 15:34 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-19 07:03 . 2009-08-23 19:03 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-02-10 17:43 . 2009-02-14 09:08 -------- d-----w- c:\programmi\iTunes
2010-02-10 17:42 . 2010-02-10 17:42 -------- d-----w- c:\programmi\iPod
2010-02-10 17:42 . 2009-02-14 09:08 -------- d-----w- c:\programmi\File comuni\Apple
2010-02-10 17:39 . 2010-02-10 17:39 -------- d-----w- c:\programmi\QuickTime
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Facebook\npfbplugin_1_0_1.dll
2010-01-13 10:02 . 2010-01-13 10:02 152576 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-13 10:02 . 2010-01-13 10:02 79488 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2005-03-10 01:05 . 2009-09-19 21:27 53323 ----a-w- c:\programmi\opera\program\plugins\PlugDef.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Google Update"="c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-05-09 133104]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-05-22 137752]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh. exe" [2008-03-27 1040384]
"hpWirelessAssistant"="c:\programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-11-24 81000]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-13 524632]
"RemoteControl8"="c:\programmi\CyberLink\PowerDVD8 \PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\programmi\CyberLink\Po werDVD8\Language\Language.exe" [2007-12-14 50472]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\programmi\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\j usched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-11-10 417792]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-7-30 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30 72208 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.e xe"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\File comuni\\AOL\\Loader\\aolload.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\BitTornado\\btdownloadgui.exe" =
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\SoulseekNS\\slsk.exe"=
"c:\\Programmi\\AIM\\aim.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD8\\PowerDVD8.ex e"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28/03/2009 9.28.05 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/01/2009 10.11.06 114768]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\programmi\CyberLink\PowerDVD8\000 .fcl [15/05/2008 12.07.00 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [30/01/2009 10.11.07 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22.34.37 1029456]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\T omTom HOME 2\TomTomHOMEService.exe [13/11/2009 12.31.14 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 15.05.48 1021256]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\programmi\Viewpoint\Common\ViewpointSer vice.exe [01/06/2009 7.26.23 24652]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi \TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 7.24.44 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/03/2009 21.47.16 721904]
S2 gupdate1c9e1c0badbf9de;Google Update Service (gupdate1c9e1c0badbf9de);c:\programmi\Google\Updat e\GoogleUpdate.exe [31/05/2009 8.23.43 133104]
S3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [30/01/2009 12.20.29 193840]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 08:34]

2010-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-31 07:23]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-31 07:23]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1647877149-1417001333-1003Core.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-05-09 07:59]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1647877149-1417001333-1003UA.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-05-09 07:59]
.
.

Discussione: (Logfile hijack) problema con win32 tenga

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio