Topic: [RISOLTO] Problema file avi e scansione

 

Di seguito il log di Gmer:

 

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-22 17:28:48
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: H:\DOCUME~1\USER\IMPOST~1\Temp\fwkiqpod.sys

---- System - GMER 1.0.15 ----

SSDT  BAEBF78E                                                                                                         ZwCreateKey
SSDT  BAEBF784                                                                                                         ZwCreateThread
SSDT  BAEBF793                                                                                                         ZwDeleteKey
SSDT  BAEBF79D                                                                                                         ZwDeleteValueKey
SSDT  BAEBF7A2                                                                                                         ZwLoadKey
SSDT  BAEBF770                                                                                                         ZwOpenProcess
SSDT  BAEBF775                                                                                                         ZwOpenThread
SSDT  BAEBF7AC                                                                                                         ZwReplaceKey
SSDT  BAEBF7A7                                                                                                         ZwRestoreKey
SSDT  BAEBF798                                                                                                         ZwSetValueKey
SSDT  BAEBF77F                                                                                                         ZwTerminateProcess

---- Registry - GMER 1.0.15 ----

Reg   HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0012c8002957                                     
Reg   HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0012c8002957 (not active ControlSet)                 
Reg   HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05A3CFFC-C5D6-ABFE-3C94-42B88E315DD5} 

---- Files - GMER 1.0.15 ----

ADS   H:\Programmi\Retro64 Games\build-a-lot_4:_power_source.exe                                                       97679854 bytes executable
ADS   H:\Programmi\Retro64 Games\build-a-lot_4:_power_source.exe                                                       0 bytes executable
ADS   H:\Programmi\Retro64 Games\build-a-lot_4:_power_source.exe                                                       0 bytes executable
ADS   H:\Programmi\Retro64 Games\build-a-lot_4:_power_source.exe                                                       0 bytes executable
ADS   H:\Programmi\Retro64 Games\build-a-lot_4:_power_source.exe                                                       0 bytes executable

---- EOF - GMER 1.0.15 ----

 

 

Qui invece il log di Hijack:

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.29.39, on 22/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\SYSTEM32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Programmi\Avira\AntiVir Desktop\sched.exe
H:\WINDOWS\Explorer.EXE
H:\Programmi\Avira\AntiVir Desktop\avguard.exe
H:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Programmi\Bonjour\mDNSResponder.exe
H:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
H:\Programmi\Java\jre6\bin\jqs.exe
H:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
H:\Programmi\CDBurnerXP\NMSAccessU.exe
H:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\STacSV.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\sttray.exe
H:\WINDOWS\vsnpstd2.exe
H:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe
H:\Programmi\File comuni\Real\Update_OB\realsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\Calendario2009.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\Documents and Settings\USER\Desktop\gmer\gmer.exe
H:\Programmi\Internet Explorer\iexplore.exe
H:\Programmi\Internet Explorer\iexplore.exe
H:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - H:\Programmi\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - h:\programmi\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - H:\Programmi\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - H:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - H:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - H:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - H:\Programmi\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SNPSTD2] H:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "H:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] H:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "H:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "H:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "H:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [www.sardegnaoggi.it] H:\WINDOWS\Calendario2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = H:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B985EB2-5B60-423E-B28D-27EDE25DCA00}: NameServer = 85.37.17.45 85.38.28.99
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - H:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - H:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Servizio di Google Update (gupdate1c98eebc9484dec) (gupdate1c98eebc9484dec) - Google Inc. - H:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - H:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - H:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - H:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMSAccessU - Unknown owner - H:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - H:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - H:\WINDOWS\system32\STacSV.exe

--
End of file - 9754 bytes

 

Speriamo bene......