non è un'applicazione win32 valida - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » non è un'applicazione win32 valida

2 pages: [1] 2

non è un'applicazione win32 valida

Opzioni

Topic Precedente · Topic Sucessivo

lauraz

Inviato: Sunday, June 21, 2009 11:37:30 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195

Non riesco piu' a usare Adware, Spybot,HijackThis...non è un'applicazione win32 valida

Aiuto

Torna in alto

Sponsor

Inviato: Sunday, June 21, 2009 11:37:30 PM

Torna in alto

r16

Inviato: Sunday, June 21, 2009 11:41:27 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Beagle.....
Scarica Findykill:
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
installa FindyKill .
chiudi tutte le eventuali applicazioni aperte (antivirus, firewall e programmi "residenti")
disconnettiti da Internet
sconnetti, fisicamente, il modem dal computer.
avvia il tool e digita F per impostare la lingua;
clicca su 2 - Suppression des fichiers infectieux (Eliminazione dei file infetti)
al termine dell'operazione verrà rilasciato un log: salvalo sul Desktop, e postalo qui.
P.S:
Potranno esserci dei riavvii, non preoccuparti, è il programma che stà lavorando.

Torna in alto

lauraz

Inviato: Monday, June 22, 2009 2:55:55 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195

r16 ha scritto:

ecco il log:

############################## | FindyKill V5.002 |

# User : Massimo (Administrators) # TRAVERSA-C9CBCB
# Update on 12/06/09 by Chiquitine29
# Start at: 14.34.55 | 22/06/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Kaspersky Anti-Virus 8.0.0.506 [ (!) Disabled | Updated ]

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 232,88 Go (66,16 Go free) # NTFS
# D:\ # Disco CD-ROM
# E:\ # Disco CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |

################## | C:\WINDOWS |

Supprimé ! C:\WINDOWS\crack
Supprimé ! C:\WINDOWS\exefnd
Supprimé ! C:\WINDOWS\Prefetch\1207890.EXE-152220E2.pf
Supprimé ! C:\WINDOWS\Prefetch\15629328.EXE-1D548BCF.pf
Supprimé ! C:\WINDOWS\Prefetch\15637515.EXE-2DA28C17.pf
Supprimé ! C:\WINDOWS\Prefetch\15675468.EXE-180D0E70.pf
Supprimé ! C:\WINDOWS\Prefetch\15696484.EXE-0741D931.pf
Supprimé ! C:\WINDOWS\Prefetch\15783843.EXE-048EBEBC.pf
Supprimé ! C:\WINDOWS\Prefetch\15791875.EXE-27265F40.pf
Supprimé ! C:\WINDOWS\Prefetch\15842984.EXE-2B70B3EF.pf
Supprimé ! C:\WINDOWS\Prefetch\16072375.EXE-1529C353.pf
Supprimé ! C:\WINDOWS\Prefetch\16090562.EXE-3643C02C.pf
Supprimé ! C:\WINDOWS\Prefetch\219843.EXE-350B41D1.pf
Supprimé ! C:\WINDOWS\Prefetch\236468.EXE-1A896D25.pf
Supprimé ! C:\WINDOWS\Prefetch\281515.EXE-3A0439F5.pf
Supprimé ! C:\WINDOWS\Prefetch\351593.EXE-1A426F71.pf
Supprimé ! C:\WINDOWS\Prefetch\440156.EXE-1222F412.pf
Supprimé ! C:\WINDOWS\Prefetch\449187.EXE-178AC2F2.pf
Supprimé ! C:\WINDOWS\Prefetch\541578.EXE-26D72FBD.pf
Supprimé ! C:\WINDOWS\Prefetch\929843.EXE-0262FA31.pf
Supprimé ! C:\WINDOWS\Prefetch\FLEC006.EXE-017B03E2.pf
Supprimé ! C:\WINDOWS\Prefetch\KEY_GEN.EXE-1E4C91EA.pf
Supprimé ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Supprimé ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf

################## | C:\WINDOWS\system32 |

Supprimé ! C:\WINDOWS\system32\ban_list.txt
Supprimé ! C:\WINDOWS\system32\mdelk.exe
Supprimé ! C:\WINDOWS\system32\wintems.exe

################## | C:\WINDOWS\system32\drivers |

Supprimé ! C:\WINDOWS\system32\drivers\down

################## | C:\Documents and Settings\Massimo\Dati applicazioni |

################## | C:\Documents and Settings\Administrator\Application Data |

################## | C:\Documents and Settings\Utente\Application Data |

Supprimé ! C:\Documents and Settings\Massimo\Dati applicazioni\drivers\srosa2.sys
Supprimé ! C:\Documents and Settings\Massimo\Dati applicazioni\drivers\wfsintwq.sys
Supprimé ! C:\Documents and Settings\Massimo\Dati applicazioni\drivers\winupgro.exe
Supprimé ! C:\Documents and Settings\Massimo\Dati applicazioni\m\data.oct
Supprimé ! C:\Documents and Settings\Massimo\Dati applicazioni\m\flec006.exe
Supprimé ! C:\Documents and Settings\Massimo\Dati applicazioni\m\list.oct
Supprimé ! C:\Documents and Settings\Massimo\Dati applicazioni\m\srvlist.oct
Supprimé ! C:\Documents and Settings\Massimo\Dati applicazioni\drivers\downld
Supprimé ! C:\Documents and Settings\Massimo\Dati applicazioni\drivers
Supprimé ! C:\Documents and Settings\Massimo\Dati applicazioni\m\shared
Supprimé ! C:\Documents and Settings\Massimo\Dati applicazioni\m

################## | Autres ... |

# Références de comparaison Bagle MD5 :

File : C:\Documents and Settings\Massimo\Dati applicazioni\drivers\winupgro.exe
-> Crc32 : 4ca9d3ab | Md5 : 31b7f995bc2a18ebb5df9c74a5e9d85f

################## | Temporary Internet Files |

Supprimé ! C:\Documents and Settings\Massimo\Cookies\massimo@www.inthecrack[1].txt

################## | Registre / Clés infectieuses |

Supprimé ! [HKCU\Software\bisoft]
Supprimé ! [HKCU\Software\DateTime4]
Supprimé ! [HKCU\Software\MuleAppData]
Supprimé ! [HKCU\Software\Microsoft\Windows\UI] "KEY540534"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
Supprimé ! [HKU\S-1-5-21-1202660629-1450960922-725345543-1004\Software\FFC]
Supprimé ! [HKU\S-1-5-21-1202660629-1450960922-725345543-1004\Software\Ubisoft]
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\key_gen]
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Value ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify" -> Reset sucessfully !

################## | Etat / Services / Informations |

# Mode sans echec restauré !

# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH ... |

Corrupted : C:\Documents and Settings\Massimo\Desktop\HiJackThis\HijackThis.exe
[Offset = 000000C4 - Value = 0x0001]

Corrupted : C:\Documents and Settings\Massimo\Documenti\avenger\avenger.exe
[Offset = 00000084 - Value = 0x0001]

Corrupted : C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
[Offset = 000000FC - Value = 0x0001]

Corrupted : C:\Programmi\Mozilla Thunderbird\uninstall\helper.exe
[Offset = 000000DC - Value = 0x0001]

Corrupted : C:\Programmi\Netlog Music Tool\Uninstaller.exe
[Offset = 000000FC - Value = 0x0001]

Corrupted : C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
[Offset = 00000104 - Value = 0x0001]

Corrupted : C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
[Offset = 000000C4 - Value = 0x0001]

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\a3d0999c37473fd86ec0102b2eb2123c\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\a8aa6dad16c992c84081f23e5f1e43f9\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\a920c50166fbf1bbbfd6188627990faa\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\bd9a488f8040c308fb9ee749ed9755dd\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\c71f23dd1fddc05ee83a238eb71b47c6\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\c84243c5aa3d791303c6737e91f61c23\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\cbde20a9f1dec689286859b9f8cb04f9\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\d101face4d5c9707247de6f8abe636d1\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\d1442656644b2e0b011b6ca0cca53f54\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\dbd4b3762f6515a115e065ac3221e0f1\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\df687b6203dcf746123a7953693317bc\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\e660ed22fd990cefd61726372a39330a\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\e707b8d1c965e5592a5e1ee22d466ba8\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\e727e3ae91da0ff4beef60db8a3bc368\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\ea110e2fd24e2b0c1ab4fde8131b5fcb\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\f2a60ccef3d5384152cb152406296fd8\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\fda5fec66de63a15acc20f721b340ab2\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\SoftwareDistribution\Download\fdce2064db66d5fc284e3c1b997a157a\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\system32\Adobe\uninstaller.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : uninstaller.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

Corrupted : C:\WINDOWS\system32\dllcache\register.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : register.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.

################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\Massimo\Desktop\Incoming\MODIFICARE film con 2 AUDIO\Virtualdub Italiano\Virtualdub Italiano\Virtualdub Italiano\Varie\[CODEC] DivX.Pro.5.0.5.+.Keygen.By.HoddiX\"DivXPro505Bundle.exe""
28/04/2003 02.36 |Size 4050944 |Crc32 f75bf56e |Md5 6adbd7c2ef9ca84befdfb9dd4ea8c275

Torna in alto

lauraz

Inviato: Monday, June 22, 2009 3:03:19 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195

Per il momento solo Ccleaner funziona,gli altri no.

Torna in alto

r16

Inviato: Monday, June 22, 2009 3:54:07 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

lauraz ha scritto:

Per il momento solo Ccleaner funziona,gli altri no.

Perchè devi Disistallarli e Reistallarli.
Sono danneggiati:
HiJackThis
avenger
Ad-Aware
Mozilla Thunderbird
Netlog Music Tool
Spybot - Search & Destroy

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema (consigliato)

Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO

Devi eliminare il file in rosso manualmente seguendo il percorso:
C:\Documents and Settings\Massimo\Dati applicazioni\drivers\winupgro.exe
Poi:
Fai questa scansione:
Scarica Elibagla:

http://www.zonavirus.com/datos/descargas/95/elibagla.asp
Clicca in fondo alla pagina "Descargar Elibagla".
clicca sulla icona di Elibagla per avviare il tool
spunta la voce Eliminar ficheros automaticamente
clicca su Explorar
lascia completare la scansione.
al termine dell'operazione verrà rilasciato un log in Disco Locale C: dal nome InfoSat.txt
Postalo qui.

Torna in alto

lauraz

Inviato: Monday, June 22, 2009 6:09:40 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195

r16 ha scritto:

lauraz ha scritto:

Per il momento solo Ccleaner funziona,gli altri no.

fatto

(22-6-2009 16:3:22)
EliBagle v12.70 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 19 de Junio del 2009)

Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%AppData%\Drivers"

(22-6-2009 16:3:46)
EliBagle v12.70 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 19 de Junio del 2009)

Lista de Acciones (por Exploración):
Explorando "C:\"
C:\Documents and Settings\Massimo\Desktop\Incoming\IMVU XBar 1.5\RUN.EXE --> Eliminado Bagle.dldr

Torna in alto

r16

Inviato: Monday, June 22, 2009 6:42:43 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Penso sia inutile dirti di eliminare il crack che hai scaricato, e che ha generato il Beagle.
Spero tu lo abbia fatto, e svuotato il cestino.
Poi fai :
Start\Esegui\ digita: services.msc, Si apre la pagina dei "Servizi"
Controlla se TUTTI questi "Servizi" siano avviati, e siano in Automatico:
Avvisi, Centro sicurezza PC, Aggiornamenti automatici, Connessioni di rete, Zero Configuration reti senza fili e Windows Firewall/ Condivisione connessione Internet (ICS).
Se ne trovi qualcuno in "Manuale, o Disabilitato, lo riporti in Automatico, ricorda di RIAVVIARE il pc.
Per avviare un servizio, clicca con il tasto destro sul servizio, Proprietà >Automatico > Ok > Avvia > Ok.

Poi:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
P.S:
Mi puoi fare la cortesia di non "quotare" le mie risposte? Mi trovo meglio. Drool

(spero non ti arrabbi) Sick

Torna in alto

maopapof

Inviato: Monday, June 22, 2009 6:45:26 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,178

@lauraz .... non me ne volere ...ma dalle persone grandi ...si può solo imparare ... difatti è solo una domanda a R16

@r16 ... con le scuse .... siccome è bagle .... Attraverso la chiave HKEY_CURRENT_USERSoftwareMicrosoft WindowsCurrentVersionRun il file ....... .exe viene attivato ad ogni avvio di Windows se si imposta a 0 oppure lo si disattiva ...e poi si fà una bella scanzzzzionata antivirus .... non si fà lo stesso lavoro per poterlo poi eliminare ?

per quello che sò bagle arriva d'appertutto .... suocere permettendo :O)))))

Torna in alto

maopapof

Inviato: Monday, June 22, 2009 6:48:17 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,178

@r16..... aaaaaa scusa ...avevo prese queste notizie da .... http://sicurezza.html.it/virus/vedi/40/beagleav/

Torna in alto

r16

Inviato: Monday, June 22, 2009 6:58:04 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

maopapof ha scritto:

@

Attraverso la chiave HKEY_CURRENT_USERSoftwareMicrosoft WindowsCurrentVersionRun il file ....... .exe viene attivato ad ogni avvio di Windows se si imposta a 0 oppure lo si disattiva ...e poi si fà una bella
per quello che sò bagle arriva d'appertutto .... suocere permettendo :O)))))

Ciao maopapof :
Se guardi il log di Findykill, nella sezione "Registre / Clés infectieuses " noterai che la chiave da te menzionata, è già stata ripulita, almeno in parte.
Non resta che dargli un'ulteriore "spolverata" con MBAM.
Meglio, se si può, cercare di evitare far mettere le mani, all'utente, nell'Editor del Registro.
Uno sbaglio, e siamo fregati.
Ciao!

Torna in alto

maopapof

Inviato: Monday, June 22, 2009 7:01:22 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,178

.............. :O)))))))))))) ..... K

Torna in alto

lauraz

Inviato: Monday, June 22, 2009 7:42:29 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195

r16 ha scritto:

maopapof ha scritto:

Allora adesso devo usare MBAM ? Dove lo trovo?? Posso riattivare il ripristino???

Torna in alto

r16

Inviato: Monday, June 22, 2009 7:45:14 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Come dove lo trovi...... Whistle

Nel post che ho postato sopra.
MBAM stà per Malwarebyte.
Hai fatto le operazioni Indicate?

Torna in alto

lauraz

Inviato: Monday, June 22, 2009 7:51:15 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195

scusa non avevo visto la risposta sopra, e non mi arrabbio,con tutto quello che sta facendo per me!!!!!

Torna in alto

maopapof

Inviato: Monday, June 22, 2009 7:57:16 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,178

@ lauraz ... non me ne volere ....fai soltanto quello che ti dice r16 ... che poi puoi vendere il pc ...perchè è come nuovo :O)

MBAM = Malwarebytes.org .... SE VUOI ... leggi questo topic nella parte finale http://forum.zeusnews.com/viewtopic.php?t=36390

......... :O) ..... il bello del sapere ...è sapere dove cercare :O) ...e poi farlo diventi impotante sopratutto per te !

Torna in alto

lauraz

Inviato: Monday, June 22, 2009 10:49:32 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195

Ancora scusa....
ecco il log

Malwarebytes' Anti-Malware 1.38
Versione del database: 2323
Windows 5.1.2600 Service Pack 3

22/06/2009 22.46.56
mbam-log-2009-06-22 (22-46-56).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 220368
Tempo trascorso: 1 hour(s), 4 minute(s), 49 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Torna in alto

r16

Inviato: Monday, June 22, 2009 11:51:07 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Ultima scansione:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)

Posta anche un log aggiornato di HiJackThis
Dimmi che problemi riscontri.

Torna in alto

lauraz

Inviato: Tuesday, June 23, 2009 8:11:40 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195

COMBOFIX

ComboFix 09-06-22.0E - Massimo 23/06/2009 19.54.01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1555 [GMT 2:00]
Eseguito da: c:\documents and settings\Massimo\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Massimo\Dati applicazioni\inst.exe
c:\documents and settings\Massimo\Impostazioni locali\Dati applicazioni\akyqi_nav.dat
c:\documents and settings\Massimo\Impostazioni locali\Dati applicazioni\aztnh_nav.dat
c:\documents and settings\Massimo\Impostazioni locali\Dati applicazioni\gffevv_nav.dat
c:\documents and settings\Massimo\Impostazioni locali\Dati applicazioni\iukugwm_nav.dat
c:\documents and settings\Massimo\Impostazioni locali\Dati applicazioni\yakkmoi_nav.dat
c:\documents and settings\Massimo\Impostazioni locali\Dati applicazioni\yeflpse_nav.dat
c:\documents and settings\Massimo\Impostazioni locali\Temporary Internet Files\lsn_6FBA808F-2580-48c3-8C6B-C08BBB800B8E.xml
c:\documents and settings\Massimo\preved.bat
C:\InfoSat.txt
c:\windows\patchw32.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\egononep.ini
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\tmp69.tmp
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_fnhoje
-------\Service_Iprip
-------\Service_retx2

((((((((((((((((((((((((( Files Creati Da 2009-05-23 al 2009-06-23 )))))))))))))))))))))))))))))))))))
.

2009-06-22 21:19 . 2009-06-23 04:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2009-06-22 13:09 . 2009-06-22 14:25 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-22 13:05 . 2009-06-23 17:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\avg8
2009-06-22 12:46 . 2009-06-21 11:36 14848 -c--a-w- c:\windows\system32\dllcache\register.exe.REN
2009-06-22 12:28 . 2009-06-22 21:13 -------- d-----w- C:\FindyKill
2009-06-21 20:42 . 2009-06-21 20:42 152576 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-20 20:59 . 2009-06-20 21:00 -------- d-----w- c:\programmi\IncrediMail
2009-06-20 20:54 . 2009-06-20 20:54 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2009-06-20 20:47 . 2006-03-02 12:00 73216 -c--a-w- c:\windows\system32\dllcache\avwav.dll
2009-06-19 19:29 . 2009-06-20 19:53 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-06-19 08:22 . 2009-06-23 17:57 -------- d-----w- c:\documents and settings\Massimo\Dati applicazioni\IMVU
2009-06-19 08:22 . 2009-06-19 08:22 80967 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\IMVUClient\Uninstall.exe
2009-06-19 08:21 . 2009-06-19 08:22 -------- d-----w- c:\documents and settings\Massimo\Dati applicazioni\IMVUClient
2009-06-14 06:32 . 2009-06-15 16:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\LightScribe
2009-06-14 06:31 . 2009-06-14 06:31 -------- d-----w- c:\documents and settings\Massimo\Dati applicazioni\Droppix
2009-06-14 06:31 . 2005-11-09 07:00 462848 ----a-w- c:\windows\system32\HHActiveX.dll
2009-06-14 06:31 . 2005-11-09 07:00 12800 ----a-w- c:\windows\system32\ogg.dll
2009-06-14 06:31 . 2005-11-09 07:00 1012736 ----a-w- c:\windows\system32\vorbis.dll
2009-06-14 06:31 . 2009-06-14 06:31 -------- d-----w- c:\programmi\illiminable
2009-06-14 06:31 . 2009-06-14 06:31 -------- d-----w- c:\programmi\File comuni\Droppix
2009-06-14 06:31 . 2005-11-09 07:00 487424 --s-a-w- c:\windows\system32\msvcp70.dll
2009-06-14 06:31 . 2009-06-14 06:31 -------- d-----w- c:\programmi\Droppix
2009-06-14 06:31 . 2005-11-09 07:00 89088 ----a-w- c:\windows\system32\atl71.dll
2009-06-14 06:31 . 2005-11-09 07:00 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-06-14 06:30 . 2009-06-14 06:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Droppix
2009-06-13 18:29 . 2009-06-13 18:29 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-06-13 12:17 . 2009-06-13 12:17 -------- d-----w- c:\programmi\GoldEsel
2009-06-13 11:34 . 2009-06-13 12:13 -------- d-----w- C:\Folding@HomeCPU
2009-06-11 12:17 . 2009-06-11 12:17 463360 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\Techno Design IP\LiveSearch Notification.exe
2009-06-11 12:17 . 2009-06-11 12:17 -------- d-----w- c:\documents and settings\Massimo\Dati applicazioni\Techno Design IP
2009-06-10 18:07 . 2009-06-10 18:07 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-06-10 17:56 . 2009-06-10 17:56 -------- d-----w- c:\programmi\Starbreeze Studios
2009-06-10 05:56 . 2009-04-30 21:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 05:56 . 2009-04-30 21:13 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 20:34 . 2009-06-09 20:34 -------- d-----w- c:\documents and settings\Massimo\Impostazioni locali\Dati applicazioni\Gas Powered Games
2009-06-09 20:20 . 2009-06-09 20:20 -------- d-----w- c:\documents and settings\Massimo\Dati applicazioni\Stardock
2009-06-09 20:19 . 2009-06-09 20:19 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9}
2009-06-09 20:19 . 2009-03-12 19:49 2601464 -c--a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9}\Impulse_setup.exe
2009-06-09 20:19 . 2009-06-09 20:19 -------- d-----w- c:\programmi\Stardock
2009-06-09 20:19 . 2009-06-09 20:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Stardock
2009-06-09 20:18 . 2009-06-09 20:18 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{67C33A62-5B1D-43D1-9600-16006F36EB2B}
2009-06-09 20:18 . 2009-04-19 19:27 2965840 -c--a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{67C33A62-5B1D-43D1-9600-16006F36EB2B}\setup.exe
2009-06-09 20:18 . 2009-06-09 20:18 -------- d-----w- c:\programmi\Stardock Games
2009-06-09 11:58 . 2009-06-09 11:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Office Genuine Advantage
2009-06-08 21:30 . 2009-06-08 21:30 -------- d-sh--w- c:\documents and settings\Massimo\IECompatCache
2009-06-08 21:28 . 2009-06-08 21:28 -------- d-sh--w- c:\documents and settings\Massimo\PrivacIE
2009-06-08 21:28 . 2009-06-08 21:28 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2009-06-08 21:25 . 2009-06-08 21:25 -------- d-sh--w- c:\documents and settings\Massimo\IETldCache
2009-06-08 21:23 . 2009-06-08 21:23 -------- d-----w- c:\windows\ie8updates
2009-06-08 21:23 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-08 21:21 . 2009-06-08 21:22 -------- dc-h--w- c:\windows\ie8
2009-06-08 20:44 . 2009-06-08 20:44 -------- d-----w- c:\windows\l2schemas
2009-06-08 20:44 . 2009-06-08 20:44 -------- d-----w- c:\windows\system32\it
2009-06-08 20:44 . 2009-06-08 20:44 -------- d-----w- c:\windows\system32\bits
2009-06-08 20:42 . 2009-06-08 20:42 -------- d-----w- c:\windows\ServicePackFiles
2009-06-08 20:38 . 2009-06-08 20:38 -------- d-----w- c:\windows\EHome
2009-06-08 12:37 . 2009-06-08 14:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Avira
2009-06-07 18:16 . 2009-06-07 18:20 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2009-06-04 12:47 . 2006-03-02 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-03 19:04 . 2004-08-03 20:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-06-03 18:49 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-03 18:49 . 2008-06-14 17:32 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-03 18:48 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-03 18:48 . 2009-03-06 14:19 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-03 18:48 . 2009-02-09 11:23 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-03 18:48 . 2009-02-09 11:22 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-03 18:48 . 2009-02-09 10:51 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-03 18:48 . 2009-02-09 10:51 734720 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-03 18:48 . 2009-02-09 10:51 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-03 18:48 . 2009-02-09 10:51 736256 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-03 18:48 . 2009-02-09 10:51 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-03 18:48 . 2009-02-09 10:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-03 18:48 . 2009-02-09 11:23 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-03 18:48 . 2009-02-09 11:22 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-03 18:46 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-06-03 18:46 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-03 18:45 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-06-03 18:45 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-03 18:43 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-03 18:41 . 2008-04-21 21:14 219136 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2009-06-02 21:09 . 2009-06-02 21:09 95584 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\IMVUClient\IMVUupdater.exe
2009-06-02 21:09 . 2009-06-02 21:09 49920 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\IMVUClient\IMVUClient.exe
2009-06-02 21:09 . 2009-06-02 21:09 18176 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\IMVUClient\imvuqualityagent.exe
2009-06-02 21:05 . 2009-06-02 21:05 14848 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\IMVUClient\MemoryHook.dll
2009-06-02 21:04 . 2009-06-02 21:04 289792 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\IMVUClient\cal3d.dll
2009-06-02 21:04 . 2009-06-02 21:04 25600 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\IMVUClient\CallStack.dll
2009-06-02 21:04 . 2009-06-02 21:04 187392 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\IMVUClient\boost_python.dll
2009-06-02 21:03 . 2009-06-02 21:03 256000 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\IMVUClient\audiere.dll
2009-06-02 07:52 . 2009-06-02 07:52 -------- d-----w- c:\documents and settings\Massimo\Impostazioni locali\Dati applicazioni\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 18:00 . 2008-12-07 20:22 -------- d-----w- c:\programmi\DNA
2009-06-23 18:00 . 2008-12-07 20:22 -------- d-----w- c:\documents and settings\Massimo\Dati applicazioni\DNA
2009-06-23 17:59 . 2008-12-07 20:22 -------- d-----w- c:\documents and settings\Massimo\Dati applicazioni\BitTorrent
2009-06-23 11:56 . 2008-08-23 13:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Google Updater
2009-06-22 21:19 . 2006-12-26 20:51 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-06-22 21:10 . 2008-06-19 13:23 -------- d-----w- c:\programmi\Trend Micro
2009-06-22 20:22 . 2008-12-28 15:03 -------- d-----w- c:\programmi\Panda Security
2009-06-22 14:29 . 2007-07-23 19:38 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-06-22 14:29 . 2007-04-23 13:23 -------- d-----w- c:\programmi\Lavasoft
2009-06-21 21:27 . 2007-04-11 15:07 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-06-21 20:53 . 2008-10-06 19:47 -------- d-----w- c:\programmi\Java
2009-06-21 20:43 . 2006-03-02 12:00 76858 ----a-w- c:\windows\system32\perfc010.dat
2009-06-21 20:43 . 2006-03-02 12:00 453674 ----a-w- c:\windows\system32\perfh010.dat
2009-06-21 18:31 . 2009-01-25 21:15 -------- d-----w- c:\programmi\SystemRequirementsLab
2009-06-14 06:32 . 2007-12-19 21:11 70960 ----a-w- c:\documents and settings\Massimo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-14 06:31 . 2006-08-21 15:16 -------- d-----w- c:\programmi\File comuni\LightScribe
2009-06-13 12:24 . 2006-08-21 15:12 -------- d-----w- c:\programmi\File comuni\Ahead
2009-06-13 12:19 . 2006-08-21 15:12 -------- d-----w- c:\programmi\Ahead
2009-06-13 12:17 . 2006-08-21 15:07 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-08 20:45 . 2007-12-18 16:20 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-08 14:42 . 2007-08-23 12:21 -------- d-----w- c:\programmi\Avira
2009-06-08 13:40 . 2009-03-05 14:27 -------- d-----w- c:\programmi\eMule
2009-06-08 04:48 . 2009-04-29 17:52 -------- d-----w- c:\programmi\EasySearch
2009-06-08 04:45 . 2009-02-24 19:51 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-06-07 19:48 . 2008-01-30 16:28 -------- d-----w- c:\documents and settings\Massimo\Dati applicazioni\Codemasters
2009-06-07 18:21 . 2009-01-24 22:44 -------- d-----w- c:\documents and settings\Massimo\Dati applicazioni\DAEMON Tools Lite
2009-06-07 18:11 . 2008-01-01 13:37 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-07 16:55 . 2008-12-29 21:29 -------- d-----w- c:\programmi\EA GAMES
2009-06-07 07:19 . 2009-06-07 07:19 2232 ----a-w- c:\windows\java\Packages\Data\F13DF5BR.DAT
2009-06-07 07:19 . 2009-06-07 07:19 155995 ----a-w- c:\windows\java\Packages\8VLJ3HJB.ZIP
2009-06-07 07:19 . 2009-06-07 07:19 2678 ----a-w- c:\windows\java\Packages\Data\XZVX379R.DAT
2009-06-07 07:19 . 2009-06-07 07:19 2678 ----a-w- c:\windows\java\Packages\Data\UJDB3B93.DAT
2009-06-07 07:19 . 2009-06-07 07:19 2678 ----a-w- c:\windows\java\Packages\Data\QZ3PZRFZ.DAT
2009-06-07 07:19 . 2009-06-07 07:19 2678 ----a-w- c:\windows\java\Packages\Data\FXFP797P.DAT
2009-06-07 07:19 . 2009-06-07 07:19 2678 ----a-w- c:\windows\java\Packages\Data\CUQOO853.DAT
2009-05-31 14:43 . 2009-05-24 10:45 -------- d-----w- c:\documents and settings\Massimo\Dati applicazioni\SUPERAntiSpyware.com
2009-05-31 14:43 . 2007-08-01 19:41 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-05-24 10:46 . 2009-05-24 10:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\SUPERAntiSpyware.com
2009-05-22 20:52 . 2009-04-27 12:52 -------- d-----w- c:\programmi\Tropico2
2009-05-21 19:51 . 2009-05-21 13:44 -------- d-----w- c:\programmi\Trojan Remover
2009-05-21 13:37 . 2009-05-18 14:10 -------- d-----w- c:\programmi\GridinSoft Trojan Killer
2009-05-21 13:33 . 2009-05-21 13:34 297616 ----a-w- c:\documents and settings\Massimo\Impostazioni locali\Dati applicazioni\kisuu_nav.dat.vir
2009-05-21 13:33 . 2009-05-21 13:33 293376 ----a-w- c:\documents and settings\Massimo\Impostazioni locali\Dati applicazioni\kisuu.exe.vir
2009-05-21 09:33 . 2008-12-15 21:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-20 11:49 . 2009-05-20 11:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Ahead
2009-05-18 10:45 . 2009-05-17 12:20 -------- d-----w- c:\programmi\vghd
2009-05-17 14:30 . 2009-05-17 14:30 1882624 ----a-w- c:\windows\system32\xa27482031.exe
2009-05-17 14:30 . 2009-05-17 14:30 1882624 ----a-w- c:\windows\system32\xa27481765.exe
2009-05-17 12:21 . 2009-05-17 12:20 -------- d-----w- c:\documents and settings\Massimo\Dati applicazioni\vghd
2009-05-17 12:20 . 2009-05-17 12:20 152904 ----a-w- c:\windows\system32\vghd.scr
2009-05-17 12:08 . 2009-05-17 12:08 -------- d-----w- c:\programmi\OfficeRT
2009-05-13 20:47 . 2009-05-13 20:47 -------- d-----w- c:\programmi\Lionhead Studios Ltd
2009-05-13 05:02 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 14:48 . 2009-05-11 14:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\DNGH2 Saves
2009-05-11 14:40 . 2009-05-11 14:40 -------- d-----w- c:\programmi\Activision Value
2009-05-11 14:32 . 2009-05-10 19:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Super X Studios
2009-05-11 13:30 . 2009-05-11 13:30 -------- d-----w- c:\documents and settings\Massimo\Dati applicazioni\SPAMfighter
2009-05-07 15:32 . 2006-03-02 12:00 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 15:33 . 2009-05-05 15:33 -------- d-----w- c:\programmi\Netlog Uploader
2009-05-02 14:54 . 2009-05-02 14:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Bluetooth
2009-05-02 14:51 . 2009-05-02 14:51 -------- d-----w- c:\programmi\IVT Corporation
2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-04-30 20:02 . 2009-04-30 20:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-04-30 20:02 . 2008-05-03 03:46 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-04-30 20:02 . 2007-12-18 16:37 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-04-30 20:02 . 2006-08-11 13:43 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-04-30 20:02 . 2006-08-11 13:42 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-04-30 20:02 . 2006-08-11 13:42 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-30 20:02 . 2006-08-11 13:42 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-04-30 20:02 . 2006-08-11 13:42 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-30 20:02 . 2006-08-11 13:42 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 19:21 . 2009-04-30 19:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Tages
2009-04-30 18:47 . 2008-01-01 14:06 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-04-30 18:47 . 2008-01-01 14:06 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-04-29 17:53 . 2009-04-29 17:53 -------- d-----w- c:\programmi\GooglePlusVideos
2009-04-29 13:55 . 2009-04-29 13:55 -------- d-----w- c:\documents and settings\Massimo\Dati applicazioni\Thunderbird
2009-04-29 13:54 . 2008-02-04 17:13 -------- d-----w- c:\documents and settings\Massimo\Dati applicazioni\Spamihilator
2009-04-29 13:44 . 2009-04-29 13:44 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-04-26 22:42 . 2007-12-18 16:37 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-26 13:17 . 2009-04-26 13:17 -------- d-----w- c:\programmi\Metalslug
2009-04-23 13:15 . 2009-04-23 13:15 1134024 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\Mozilla\Firefox\Profiles\7fc6t24x.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-04-19 19:47 . 2006-03-02 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:52 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 11:47 . 2007-12-23 15:54 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-10 11:47 . 2007-12-23 15:53 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-04-06 19:20 . 2007-12-23 15:53 22328 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\PnkBstrK.sys
2009-04-06 19:20 . 2007-12-23 15:53 22328 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\PnkBstrK.sys
2009-04-06 19:20 . 2008-11-10 08:25 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-04-06 19:20 . 2007-12-23 15:53 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-04-06 16:04 . 2009-04-06 16:04 271929 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\IMVUClient\pixomatic.dll
2009-03-27 11:37 . 2009-03-27 11:37 152576 ----a-w- c:\documents and settings\Massimo\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2008-08-26 11:46 . 2008-08-26 11:46 10 ----a-w- c:\programmi\key
2006-07-18 13:41 . 2006-06-17 17:32 1019094 --sha-r- c:\programmi\serial.tde
2006-05-28 13:45 . 2006-05-28 13:45 115459 --sha-r- c:\programmi\andame.zip
2006-05-28 13:45 . 2006-05-28 13:45 115459 --sha-r- c:\programmi\andame.tde
2008-05-09 19:02 . 2008-02-02 21:07 72 --sh--w- c:\windows\SB2B93619.tmp
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2008-12-19 342848]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2009-06-07 251264]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Massimo\Menu Avvio\Programmi\Esecuzione automatica\
IMVU.lnk - c:\documents and settings\Massimo\Dati applicazioni\IMVUClient\IMVUClient.exe [2009-6-2 49920]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pfdnnt c:\windows\system32\pfdnnt_actions.sys\0OODBS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Midway Games\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"=
"c:\\Programmi\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\Programmi\\File comuni\\LightScribe\\LSSrvc.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Stardock Games\\Demigod\\bin\\Demigod.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3263:TCP"= 3263:TCP:@xpsp2res.dll,-22005
"4042:TCP"= 4042:TCP:@xpsp2res.dll,-22005
"11801:TCP"= 11801:TCP:@xpsp2res.dll,-22005
"23476:TCP"= 23476:TCP:@xpsp2res.dll,-22005
"6881:TCP"= 6881:TCP:torrent
"6889:UDP"= 6889:UDP:tor
"6881:UDP"= 6881:UDP:Port 6881_UDP
"6882:TCP"= 6882:TCP:Port 6882_TCP
"6882:UDP"= 6882:UDP:Port 6882_UDP
"6883:TCP"= 6883:TCP:Port 6883_TCP
"6883:UDP"= 6883:UDP:Port 6883_UDP
"6884:TCP"= 6884:TCP:Port 6884_TCP
"6884:UDP"= 6884:UDP:Port 6884_UDP
"6885:TCP"= 6885:TCP:Port 6885_TCP
"6885:UDP"= 6885:UDP:Port 6885_UDP
"6886:TCP"= 6886:TCP:Port 6886_TCP
"6886:UDP"= 6886:UDP:Port 6886_UDP
"6887:TCP"= 6887:TCP:Port 6887_TCP
"6887:UDP"= 6887:UDP:Port 6887_UDP
"6888:TCP"= 6888:TCP:Port 6888_TCP
"6888:UDP"= 6888:UDP:Port 6888_UDP
"6889:TCP"= 6889:TCP:Port 6889_TCP
"38858:TCP"= 38858:TCP:t
"38858:UDP"= 38858:UDP:r
"53316:TCP"= 53316:TCP:bit
"53316:UDP"= 53316:UDP:bit
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [08/06/2008 14.50.56 8192]
S0 Fje40;Fje40; [x]
S2 uzrwtszxzvjkpro;uzrwtszxzvjkpro;\??\c:\windows\system32\drivers\oizis.sys --> c:\windows\system32\drivers\oizis.sys [?]
S3 Droppix Service;Droppix Service;c:\programmi\File comuni\Droppix\DxService.exe [14/06/2009 8.31.19 221184]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys --> c:\windows\system32\DRIVERS\xpadfl02.sys [?]
S4 BackWeb Client - 7681197;F-Secure BackWeb; [x]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\programmi\NOS\bin\getPlus_HelperSvc.exe [15/12/2008 18.45.18 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-23 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-23 21:45]

2009-06-22 c:\windows\Tasks\User_Feed_Synchronization-{4F382FCE-EA1F-449F-8CEF-8F1AD788300A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Massimo\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
TCP: {96556C9C-1146-4D64-8AD6-498216B42CF8} = 192.168.0.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 20:03
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"0140910900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140B10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140610900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140910900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|þ»Ñw*]
"0140910900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140610900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="327852CFC5A2F9774647F68D643B6D894A88D875AED71752EF223B40752C5998A02F607B0B3DBFEF6335D6A016DB7C56206F1AB138BDAAD2A8A906628398E9B1942C915FB8D9484770B1E414E4E878C7B779B71040775B3023DA817061655538C3F179E046B3FD5BEEDA6AACA60692707F7D4DD59633BD4C5B64404DFE6C36FE55A8C1A65E6DA1115571FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA6A0AC4980AC7933A6171C11EC38DE3D813C239D064735A397921970F5194DE62295BB3ADB0574687A32E700E3DE9E9020A592C24E18F08002BF14B75008EE8A85ACB58953C17BBCEFD899A879FA9DFD8F59EFB1F68123B1C0EF785BBB468EFBBC95597C6A6BC903381B421E22723F51D957E11A146F2D3875632B54724FD5539BEF67F61FB07B8BFD199CC8BE452DB4A05E418F0BCF62B7D39D42FDFA24674E0C9F53BDBFC01DCBFE381AF985F3007714F71C09151509F72464871AB746D7CD8CCBC4F8EED031DE0EA2DE627D84488CFC6C3262C0B5DEE4424479CCDABF30572DE39638A619AC811043C2980480888A36C97C5BEEAC140E208ACA1D6999ED121314D86B31D67B96814CD317C975372E3063A01656F94C28BFCCE27840E581CBF8D34FE72E4A7A236EB4513B5374C0536CCE7E9B009D9E0ABAE05BAF8C36D076AA59F0E793B8FC51FAB230CAFA94037F8365A655C9A01830BD61827650A3B2A40A216988A6EA4670DAC598E76BEE5157A046DE15E40CB9BB07AEDBE5654AF6918C6B97CA042C93EFDBADE79FA62073A78253A08BD8EFF5EDED6A9DF97548DD983A3D11941CCE906759EF2E5F814B23DD7CB29952FD5EB430D77D31917D419ABBB25D1BAFB2A5E01147552F79A416108EF64EAC6482ECD28FC29137F351DD589F25D732C7DE0B19C82B6C65268B29DDEF6BD46CA0683820BABE177F48984AB28C57FE86EF8BDAC39220057BFC89B1A2DB6AB8254A85DCE004EFBF149A4D35BCEEA3E47A9D7A75DF13D3B4D3FDC06269D2962F5209837E4C668D04AB5BBD517959F5E1A5A83EC0DD158754000CAB71317627B2A7E8DEC48EFBE41FB75F8DD8E100CF13D4503F24A50613814B6B16176E0E688188586BD8C804D68E595E3485E3BB48578634380C0FF7DF1D3149A1928684B89D8FAACD690F64D69768757A96E00A8554EDDBBAEA6AA0EC4CE2B2C2A355E80B4D8918802AE6A36DBFECA57F52AC0A47F1732FA8B2F7D9CCF8C31AC291A96EE71BF8BBD0514F6E375327D138FC1202DD5BB2FBBA5FEEA1A3CEECD43DA5466BE9D31316DF19B61463600BC2E8E4CBDA2E81F973FCEA781AAEBF2B1F23ACE15BBF0BC00825408288B6BABB26AED78CA132974DAACED6B288B9027E96BAF8295C2D17A05B688A"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(580)
c:\windows\system32\WININET.dll
c:\programmi\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\IncrediMail\bin\ImApp.exe
c:\programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-06-23 20.07.46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-06-23 18:07

Pre-Run: 105.750.556.672 byte disponibili
Post-Run: 105.744.216.064 byte disponibili

Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
391 --- E O F --- 2009-06-22 21:32

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.10.44, on 23/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\IncrediMail\bin\ImApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Documents and Settings\Massimo\Dati applicazioni\IMVUClient\IMVUClient.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Massimo\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/it/Prg/ESTPTest.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96556C9C-1146-4D64-8AD6-498216B42CF8}: NameServer = 192.168.0.1
O23 - Service: Droppix Service - Droppix - C:\Programmi\File comuni\Droppix\DxService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8834 bytes

Torna in alto

r16

Inviato: Tuesday, June 23, 2009 10:36:24 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Prima di fare una scansione, vorrei sapere cosa ci fanno questi software di difesa, e perchè sono inattivi:
Avira
Trojan Remover
SUPERAntiSpyware
GridinSoft Trojan Killer
Sono "rimasugli" di disistallazioni?

Torna in alto

Utenti presenti in questo topic

Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » non è un'applicazione win32 valida

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded