(Logfile hijack) problema con win32 tenga

**FourYearStrong** · 20-03-2010, 21:09

sono infettato dal virus wn32 tenga

posto il log di hijackthis. qualcuno sa aiutarmi e dirmi cosa fare? GRAZIE!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.08.35, on 20/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Programmi\Google\Gmail Notifier\gnotify.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\GoogleCrashH andler.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Google\Update\1.2.183.23\GoogleCrashH andler.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Programmi\Viewpoint\Common\ViewpointService.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Hewlett-Packard\Shared\HpqToaster.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://h20000.www2.hp.com/bizsupport...OID=1093#11395
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Programmi\AIM Toolbar\aimtb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Programmi\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Programmi\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [RemoteControl8] C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programmi\CyberLink\PowerDVD8\Language\Language .exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1233307466312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1233307671984
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05E805EA-13FC-49F8-BB20-89FF1B5E41EF}: NameServer = 151.99.0.100,152.99.125.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{C83630A2-24E5-461F-B081-EF60F91C4F14}: NameServer = 151.99.0.100,151.99.125.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{05E805EA-13FC-49F8-BB20-89FF1B5E41EF}: NameServer = 151.99.0.100,152.99.125.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{05E805EA-13FC-49F8-BB20-89FF1B5E41EF}: NameServer = 151.99.0.100,152.99.125.3
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9e1c0badbf9de) (gupdate1c9e1c0badbf9de) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Programmi\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programmi\Viewpoint\Common\ViewpointService.exe

--
End of file - 10994 bytes

**menatwork** · 20-03-2010, 23:37

Buonasera

il log non presenta anomalie

prova a fare una scansione con combofix

scaricalo sul desktop ed eseguilo

(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

**FourYearStrong** · 21-03-2010, 10:08

adesso provo, grazie

intanto ho fatto una scansione con avast ma il fatto è che ho visto che ci sono infettati alcuni file in C:\system volume information\_restore e avast non ci può accedere e cancellare i file infetti.

**FourYearStrong** · 21-03-2010, 10:21

ecco qua il report di Combofix.txt, diviso in due parti per motivi di spazio

ComboFix 10-03-20.01 - Utente 21/03/2010 9.11.39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1350 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100320-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\windows\system32\oem12.inf

.
((((((((((((((((((((((((( Files Creati Da 2010-02-21 al 2010-03-21 )))))))))))))))))))))))))))))))))))
.

2010-03-20 19:07 . 2010-03-20 19:08 -------- d-----w- C:\HiJackthis
2010-03-20 16:44 . 2010-03-20 20:58 -------- d-----w- C:\Tony Sly - 12 Song Program (FLAC)
2010-03-04 19:37 . 2010-03-20 21:53 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\foobar2000
2010-03-04 19:37 . 2010-03-04 19:56 -------- d-----w- c:\programmi\foobar2000
2010-03-04 17:50 . 2010-03-04 17:50 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\DFX
2010-03-04 17:49 . 2010-03-04 17:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DFX
2010-03-04 17:49 . 2010-03-04 17:49 -------- d-----w- c:\programmi\File comuni\DFX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-03-21 08:07 . 2006-03-02 12:00 84354 ----a-w- c:\windows\system32\perfc010.dat
2010-03-21 08:07 . 2006-03-02 12:00 489648 ----a-w- c:\windows\system32\perfh010.dat
2010-03-21 07:56 . 2009-02-08 09:19 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\uTorrent
2010-03-20 22:16 . 2009-08-30 09:22 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\vlc
2010-03-20 20:15 . 2009-01-30 09:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2010-03-20 19:33 . 2010-02-04 12:57 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Facebook
2010-03-20 19:32 . 2009-03-28 08:22 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-03-20 19:03 . 2010-02-10 17:34 70656 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-17 12:15 . 2009-06-03 11:37 -------- d-----w- c:\programmi\Safari
2010-03-14 21:37 . 2009-10-15 20:48 -------- d-----w- c:\programmi\mIRC
2010-03-13 08:35 . 2009-06-20 07:28 25440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\savapibridge.dll
2010-03-13 08:35 . 2009-06-20 07:28 173408 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-03-13 08:35 . 2009-06-20 07:28 350544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-03-13 08:35 . 2009-06-20 07:28 303456 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-03-13 08:35 . 2009-06-08 07:33 89952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-03-13 08:35 . 2009-06-20 07:28 1630560 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-13 08:35 . 2009-06-08 07:31 254832 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-03-13 08:35 . 2009-06-08 07:30 45408 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-03-13 08:35 . 2009-06-20 07:28 671592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-03-12 17:36 . 2009-02-08 09:19 -------- d-----w- c:\programmi\uTorrent
2010-03-08 15:13 . 2009-11-10 07:00 -------- d-----w- c:\programmi\TuneUp Utilities 2010
2010-03-05 13:45 . 2009-05-07 18:32 -------- d-----w- c:\programmi\Google
2010-02-27 17:01 . 2009-01-30 09:54 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-02-23 12:48 . 2009-01-29 15:34 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-19 07:03 . 2009-08-23 19:03 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-02-10 17:43 . 2009-02-14 09:08 -------- d-----w- c:\programmi\iTunes
2010-02-10 17:42 . 2010-02-10 17:42 -------- d-----w- c:\programmi\iPod
2010-02-10 17:42 . 2009-02-14 09:08 -------- d-----w- c:\programmi\File comuni\Apple
2010-02-10 17:39 . 2010-02-10 17:39 -------- d-----w- c:\programmi\QuickTime
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Facebook\npfbplugin_1_0_1.dll
2010-01-13 10:02 . 2010-01-13 10:02 152576 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-13 10:02 . 2010-01-13 10:02 79488 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2005-03-10 01:05 . 2009-09-19 21:27 53323 ----a-w- c:\programmi\opera\program\plugins\PlugDef.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Google Update"="c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-05-09 133104]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-05-22 137752]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh. exe" [2008-03-27 1040384]
"hpWirelessAssistant"="c:\programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-11-24 81000]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-13 524632]
"RemoteControl8"="c:\programmi\CyberLink\PowerDVD8 \PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\programmi\CyberLink\Po werDVD8\Language\Language.exe" [2007-12-14 50472]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\programmi\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\j usched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-11-10 417792]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-7-30 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30 72208 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.e xe"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\File comuni\\AOL\\Loader\\aolload.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\BitTornado\\btdownloadgui.exe" =
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\SoulseekNS\\slsk.exe"=
"c:\\Programmi\\AIM\\aim.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD8\\PowerDVD8.ex e"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28/03/2009 9.28.05 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/01/2009 10.11.06 114768]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\programmi\CyberLink\PowerDVD8\000 .fcl [15/05/2008 12.07.00 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [30/01/2009 10.11.07 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22.34.37 1029456]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\T omTom HOME 2\TomTomHOMEService.exe [13/11/2009 12.31.14 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 15.05.48 1021256]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\programmi\Viewpoint\Common\ViewpointSer vice.exe [01/06/2009 7.26.23 24652]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi \TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 7.24.44 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/03/2009 21.47.16 721904]
S2 gupdate1c9e1c0badbf9de;Google Update Service (gupdate1c9e1c0badbf9de);c:\programmi\Google\Updat e\GoogleUpdate.exe [31/05/2009 8.23.43 133104]
S3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [30/01/2009 12.20.29 193840]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 08:34]

2010-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-31 07:23]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-31 07:23]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1647877149-1417001333-1003Core.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-05-09 07:59]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1647877149-1417001333-1003UA.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-05-09 07:59]
.
.

**FourYearStrong** · 21-03-2010, 10:22

------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=it&cc=it&prodNameId=3765010 &prodTypeId=321957&prodSeriesId=3764998&swLang=24& taskId=135&swEnvOID=1093#11395
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {05E805EA-13FC-49F8-BB20-89FF1B5E41EF} = 151.99.0.100,152.99.125.3
TCP: {C83630A2-24E5-461F-B081-EF60F91C4F14} = 151.99.0.100,151.99.125.3
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\obafzlrx.Car lo\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\Utente\Dati applicazioni\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneC lick8.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneC lick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\programmi\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-Ad-Aware - c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
AddRemove-Facebook Plug-In - c:\documents and settings\Utente\Dati applicazioni\Facebook\uninstall.exe

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 09:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe? ?????????????????????????|?M?|?????M?|??@

Scansione files nascosti ...

c:\docume~1\Utente\IMPOST~1\Temp\catchme.dll 53248 bytes executable

Scansione completata con successo
Files nascosti: 1

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD8\ 000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTServ.dll
.
Ora fine scansione: 2010-03-21 09:20:02
ComboFix-quarantined-files.txt 2010-03-21 08:19

Pre-Run: 55.554.248.704 byte disponibili
Post-Run: 56.290.873.344 byte disponibili

- - End Of File - - EFE67B624392273B87588A650AB27628

Discussione: (Logfile hijack) problema con win32 tenga

Strumenti discussione

Ricerca discussione

Visualizza

(Logfile hijack) problema con win32 tenga

Permessi di invio