Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » uffa

uffa Opzioni
Topic Precedente · Topic Sucessivo
65maria
Inviato: Tuesday, September 16, 2008 7:41:12 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
bene sono per l'ennesima volta qui nel forum a disturbarvi, ho un problema quando apro le pagine di internet contemporaneamente si aprono anche altre pagine (di pubblicità...............credo, vengono grandi come lo schermo).

ora..........ho fatto caso da ieri che spybot mi apreogni tanto una finestrina con scritto voce:nffddvvn.........sotto consenti modifica o nega modifica.

PRIMO io nn s'ho cosa sia quello che spybot mi chiede, SECONDO cosa devo fare per eliminare il fastidioso problemino?

grz in anticipo a chi risponderà
Torna in alto
 
Sponsor
Inviato: Tuesday, September 16, 2008 7:41:12 PM

 
Torna in alto
 
Rudewolf
Inviato: Tuesday, September 16, 2008 7:52:37 PM

Rank: AiutAmico

Iscritto dal : 5/2/2006
Posts: 6,184
Come al solito maria devi ricorrere a r16 o pdue con un bel log di Hijack.
Torna in alto
 
65maria
Inviato: Tuesday, September 16, 2008 7:58:07 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
per favore non dirmi che ho di nuovo beccato un virus..............mannaggia
Torna in alto
 
65maria
Inviato: Tuesday, September 16, 2008 7:59:48 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
bene rudewolf...........intanto posto il log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.58.48, on 16/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Mouse Driver\MouseDrv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Ares\Ares.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\OpenOffice.org 2.4\program\soffice.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Programmi\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\eMule\emule.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rossoalice.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [CreativeMouse ] C:\Programmi\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmi\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218565483711
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/it/TSEasyInstallX.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{A51FF135-51E9-4BE9-A2B0-5BC52C8E45CF}: NameServer = 85.37.17.55 85.38.28.93
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 8206 bytes
Torna in alto
 
monsee
Inviato: Tuesday, September 16, 2008 8:52:42 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Hai il Tea Timer attivo. Ti suggerisco di seguitare a utilizzare Spybot, MA di NON usare il Tea Timer.
Per togliere il Tea Timer veramente, il solo modo è disinstallare Spybot, poi riavvviare il computer e, dopo il riavvio, reinstallare Spybot. Durante la reinstallazione è importantissimo togliere la spunta all'opzione "Protezione di sistema (Tea Timer)".
Sul resto del LOG, lascio la palla ad altri, più esperti di me.
Torna in alto
 
pidue
Inviato: Tuesday, September 16, 2008 9:10:33 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Scarica Combofix , salvalo sul desktop, disabilita l'antivirus e chiudi la connessione a internet.
Lancialo in mod normale e segui scrupolosamente le istruzioni a video.
Al termine, verrà creato un log in C:\ComboFix.txt, che tu pubblicherai.
Il log non presenta anomalie.
Torna in alto
 
65maria
Inviato: Wednesday, September 17, 2008 7:27:56 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
scusa pidue ma nn riesco a trovare il combofix mi dice impossibile trovare .................
Torna in alto
 
monsee
Inviato: Wednesday, September 17, 2008 7:40:48 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
65maria ha scritto:
scusa pidue ma nn riesco a trovare il combofix mi dice impossibile trovare .................

Maria, ho appena provato a cliccar sul link che t'ha postato Pidue e funziona tutto alla perfezione. Vien scaricato direttamente Combofix.
Torna in alto
 
65maria
Inviato: Wednesday, September 17, 2008 8:17:48 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
ops monsee fatto ora ............è che ho problemi anche con il mouse adesso e francamente inizio ad irritarmi un pò, faccio subito quello che mi ha detto pidue e che mi hai detto tu per spybot.
Torna in alto
 
65maria
Inviato: Wednesday, September 17, 2008 8:42:40 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
ecco il log:

ComboFix 08-09-16.05 - franco benvenuti 2008-09-17 20.33.23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.186 [GMT 2:00]
Eseguito da: C:\Documents and Settings\franco benvenuti\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\franco benvenuti\Impostazioni locali\Dati applicazioni\nffddvvn.dat
C:\Documents and Settings\franco benvenuti\Impostazioni locali\Dati applicazioni\nffddvvn.exe
C:\Documents and Settings\franco benvenuti\Impostazioni locali\Dati applicazioni\nffddvvn_nav.dat
C:\Documents and Settings\franco benvenuti\Impostazioni locali\Dati applicazioni\nffddvvn_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2008-08-17 al 2008-09-17 )))))))))))))))))))))))))))))))))))
.

2008-09-17 20:28 . 2003-06-20 10:16 77 --a------ C:\WINDOWS\system32\ToggleDesktop.scf
2008-09-15 20:32 . 2005-08-25 19:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-09-10 15:43 . 2004-10-21 11:03 109,056 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-09-10 15:43 . 2004-09-27 10:00 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-09-08 17:54 . 2008-09-08 17:54 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\Sonic
2008-09-08 17:53 . 2008-09-08 17:53 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\Leadertech
2008-09-08 17:51 . 2008-09-08 17:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\InstallShield
2008-09-07 11:01 . 2008-09-17 20:32 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\OpenOffice.org2
2008-09-07 10:55 . 2008-09-07 10:55 <DIR> d-------- C:\Programmi\OpenOffice.org 2.4
2008-09-06 13:40 . 2008-09-06 13:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\TEMP
2008-09-05 16:52 . 2008-09-06 09:41 <DIR> d-------- C:\Programmi\Unlocker
2008-09-05 16:52 . 2008-09-05 20:29 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\Desktopicon
2008-08-31 19:16 . 2008-09-17 20:19 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2008-08-31 19:01 . 2008-08-31 19:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Nero
2008-08-31 18:32 . 2008-08-31 18:32 <DIR> d-------- C:\sound-20080604144322
2008-08-30 16:27 . 2008-08-30 16:25 11,013,874 --a------ C:\sound-20080604144322.zip
2008-08-29 20:32 . 2008-08-29 20:32 268 --ah----- C:\sqmdata05.sqm
2008-08-29 20:32 . 2008-08-29 20:32 244 --ah----- C:\sqmnoopt05.sqm
2008-08-26 20:57 . 2004-12-20 13:25 50,176 --a------ C:\WINDOWS\system32\TvsCtrl.dll
2008-08-26 20:56 . 2008-08-26 20:56 <DIR> d-------- C:\tvs-sm40x-xp-10006-it
2008-08-26 20:55 . 2008-08-26 20:55 1,449,759 --a------ C:\tvs-sm40x-xp-10006-it.zip
2008-08-25 21:19 . 2008-07-04 08:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm
2008-08-25 21:19 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-08-25 21:19 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-08-25 21:19 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-08-25 21:19 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-08-25 21:19 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-08-25 21:19 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-08-25 21:19 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-25 21:19 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-08-25 21:19 . 2008-07-30 21:09 38 --a------ C:\WINDOWS\avisplitter.ini
2008-08-25 21:14 . 2008-08-25 21:19 <DIR> d-------- C:\Programmi\DivX
2008-08-25 20:18 . 2008-08-25 20:20 <DIR> d-------- C:\drivers
2008-08-25 20:16 . 2008-08-25 20:16 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\vlc
2008-08-25 20:11 . 2003-03-19 05:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-25 20:11 . 2004-01-12 00:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-25 20:10 . 2008-08-25 20:11 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\Media Player Classic
2008-08-24 16:25 . 2008-08-24 16:25 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-08-24 16:25 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-24 16:25 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-23 18:55 . 2008-08-23 18:55 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\Malwarebytes
2008-08-23 18:55 . 2008-08-23 18:55 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Malwarebytes
2008-08-23 18:51 . 2008-08-23 19:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Trend Micro
2008-08-23 18:34 . 2008-08-23 18:53 <DIR> d-------- C:\Documents and Settings\franco benvenuti\.housecall6.6
2008-08-22 21:03 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-08-20 18:20 . 2008-08-20 18:35 <DIR> d-------- C:\fixwareout
2008-08-18 20:34 . 2008-09-14 12:44 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-18 20:05 . 2008-09-02 20:49 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\Ahead
2008-08-18 19:33 . 2008-08-18 19:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-08-18 14:49 . 2008-08-18 14:49 <DIR> d-------- C:\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 18:28 --------- d-----w C:\Programmi\Mouse Driver
2008-09-17 18:21 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-09-16 18:18 --------- d-----w C:\Programmi\eMule
2008-09-08 15:51 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-09-08 15:50 --------- d-----w C:\Programmi\Sonic
2008-09-07 08:55 --------- d-----w C:\Programmi\Java
2008-09-06 11:49 --------- d-----w C:\Programmi\PC Tools Firewall Plus
2008-08-31 16:51 --------- d-----w C:\Programmi\WinMX
2008-08-31 16:32 9,179,648 ------w C:\WINDOWS\system32\RTLCPL.exe
2008-08-31 16:32 73,728 ------w C:\WINDOWS\soundman.exe
2008-08-31 16:32 40,448 ------w C:\WINDOWS\system32\ChCfg.exe
2008-08-31 16:32 208,896 ------w C:\WINDOWS\alcupd.exe
2008-08-31 16:32 2,284,864 ----a-w C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-08-31 16:32 176 ------w C:\WINDOWS\system32\drivers\alcxhweq.dat
2008-08-31 16:32 156,672 ----a-w C:\WINDOWS\system32\RTLCPAPI.dll
2008-08-31 16:32 139,264 ------w C:\WINDOWS\alcrmv.exe
2008-08-31 16:32 1,232 ------w C:\WINDOWS\system32\drivers\alcxinit.dat
2008-08-31 09:17 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-30 14:35 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-25 19:19 --------- d-----w C:\Programmi\K-Lite Codec Pack
2008-08-25 18:11 --------- d-----w C:\Programmi\Real Alternative
2008-08-23 17:32 --------- d-----w C:\Programmi\Trend Micro
2008-08-15 19:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\MailFrontier
2008-08-15 18:33 --------- d-----w C:\Programmi\QuickTime Alternative
2008-08-15 16:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Apple Computer
2008-08-15 15:57 --------- d-----w C:\Documents and Settings\franco benvenuti\Dati applicazioni\Motive
2008-08-15 10:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Bluetooth
2008-08-15 08:10 --------- d-----w C:\Programmi\EPSON
2008-08-15 08:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\TomTom
2008-08-15 08:01 --------- d-----w C:\Programmi\TomTom HOME
2008-08-15 08:01 --------- d-----w C:\Documents and Settings\franco benvenuti\Dati applicazioni\InstallShield
2008-08-15 07:50 --------- d-----w C:\Programmi\Lavalys
2008-08-12 19:55 --------- d-----w C:\Programmi\Windows Live
2008-08-12 19:33 --------- d-----w C:\Programmi\Microsoft SQL Server Compact Edition
2008-08-12 19:30 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-08-12 19:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\WLInstaller
2008-08-12 17:32 --------- d-----w C:\Programmi\Alice ti aiuta
2008-08-11 19:21 --------- d-----w C:\Programmi\MSN Messenger
2008-08-11 19:10 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-08-11 19:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Windows Live Toolbar
2008-08-10 19:10 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-10 19:10 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-08-10 19:10 --------- d-----w C:\Documents and Settings\franco benvenuti\Dati applicazioni\AVGTOOLBAR
2008-08-10 19:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\avg8
2008-08-10 18:30 155,995 ----a-w C:\WINDOWS\java\Packages\J9RJTBLR.ZIP
2008-08-10 16:37 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\OpenOffice.org2
2008-08-09 16:28 --------- d-----w C:\Programmi\COMODO
2008-08-08 19:44 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Comodo
2008-08-08 16:22 --------- d-----w C:\Programmi\AskSBar
2008-07-30 15:20 --------- d-----w C:\Programmi\Auslogics
2008-07-30 11:29 --------- d-----w C:\Programmi\Google
2008-07-29 20:02 15,984,024 ----a-w C:\jre-6u7-windows-i586-p-s.exe
2008-07-25 08:34 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-07-22 19:11 --------- d-----w C:\Programmi\CCleaner
2008-07-20 10:44 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\PCToolsFirewallPlus
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:09 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"ares"="C:\Programmi\Ares\Ares.exe" [2008-02-20 963072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-30 1235736]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME\TomTomHOME.exe" [2008-02-14 3977128]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE" [2003-11-25 99840]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"Tvs"="C:\Programmi\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 73728]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CreativeMouse "="C:\Programmi\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

C:\Documents and Settings\franco benvenuti\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.4.lnk - C:\Programmi\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-06-17 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Ares\\Ares.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-10 76040]
R2 Start BT in service;Start BT in service;C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-09-30 51816]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-nffddvvn - c:\documents and settings\franco benvenuti\impostazioni locali\dati applicazioni\nffddvvn.exe
HKLM-Run-UnlockerAssistant - C:\Programmi\Unlocker\UnlockerAssistant.exe
HKLM-Run-ISUSPM Startup - C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://rossoalice.alice.it/
R1 -: HKCU-Internet Settings,ProxyOverride = ;127.0.0.1;<local>

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 20:37:16
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-09-17 20:38:26
ComboFix-quarantined-files.txt 2008-09-17 18:38:21
ComboFix2.txt 2008-08-24 06:55:29

Pre-Run: 10,832,060,416 byte disponibili
Post-Run: 10,894,200,832 byte disponibili

208 --- E O F --- 2008-09-17 12:17:51
ComboFix 08-09-16.05 - franco benvenuti 2008-09-17 20.33.23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.186 [GMT 2:00]
Eseguito da: C:\Documents and Settings\franco benvenuti\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\franco benvenuti\Impostazioni locali\Dati applicazioni\nffddvvn.dat
C:\Documents and Settings\franco benvenuti\Impostazioni locali\Dati applicazioni\nffddvvn.exe
C:\Documents and Settings\franco benvenuti\Impostazioni locali\Dati applicazioni\nffddvvn_nav.dat
C:\Documents and Settings\franco benvenuti\Impostazioni locali\Dati applicazioni\nffddvvn_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2008-08-17 al 2008-09-17 )))))))))))))))))))))))))))))))))))
.

2008-09-17 20:28 . 2003-06-20 10:16 77 --a------ C:\WINDOWS\system32\ToggleDesktop.scf
2008-09-15 20:32 . 2005-08-25 19:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-09-10 15:43 . 2004-10-21 11:03 109,056 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-09-10 15:43 . 2004-09-27 10:00 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-09-08 17:54 . 2008-09-08 17:54 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\Sonic
2008-09-08 17:53 . 2008-09-08 17:53 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\Leadertech
2008-09-08 17:51 . 2008-09-08 17:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\InstallShield
2008-09-07 11:01 . 2008-09-17 20:32 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\OpenOffice.org2
2008-09-07 10:55 . 2008-09-07 10:55 <DIR> d-------- C:\Programmi\OpenOffice.org 2.4
2008-09-06 13:40 . 2008-09-06 13:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\TEMP
2008-09-05 16:52 . 2008-09-06 09:41 <DIR> d-------- C:\Programmi\Unlocker
2008-09-05 16:52 . 2008-09-05 20:29 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\Desktopicon
2008-08-31 19:16 . 2008-09-17 20:19 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2008-08-31 19:01 . 2008-08-31 19:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Nero
2008-08-31 18:32 . 2008-08-31 18:32 <DIR> d-------- C:\sound-20080604144322
2008-08-30 16:27 . 2008-08-30 16:25 11,013,874 --a------ C:\sound-20080604144322.zip
2008-08-29 20:32 . 2008-08-29 20:32 268 --ah----- C:\sqmdata05.sqm
2008-08-29 20:32 . 2008-08-29 20:32 244 --ah----- C:\sqmnoopt05.sqm
2008-08-26 20:57 . 2004-12-20 13:25 50,176 --a------ C:\WINDOWS\system32\TvsCtrl.dll
2008-08-26 20:56 . 2008-08-26 20:56 <DIR> d-------- C:\tvs-sm40x-xp-10006-it
2008-08-26 20:55 . 2008-08-26 20:55 1,449,759 --a------ C:\tvs-sm40x-xp-10006-it.zip
2008-08-25 21:19 . 2008-07-04 08:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm
2008-08-25 21:19 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-08-25 21:19 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-08-25 21:19 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-08-25 21:19 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-08-25 21:19 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-08-25 21:19 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-08-25 21:19 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-25 21:19 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-08-25 21:19 . 2008-07-30 21:09 38 --a------ C:\WINDOWS\avisplitter.ini
2008-08-25 21:14 . 2008-08-25 21:19 <DIR> d-------- C:\Programmi\DivX
2008-08-25 20:18 . 2008-08-25 20:20 <DIR> d-------- C:\drivers
2008-08-25 20:16 . 2008-08-25 20:16 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\vlc
2008-08-25 20:11 . 2003-03-19 05:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-25 20:11 . 2004-01-12 00:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-25 20:10 . 2008-08-25 20:11 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\Media Player Classic
2008-08-24 16:25 . 2008-08-24 16:25 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-08-24 16:25 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-24 16:25 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-23 18:55 . 2008-08-23 18:55 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\Malwarebytes
2008-08-23 18:55 . 2008-08-23 18:55 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Malwarebytes
2008-08-23 18:51 . 2008-08-23 19:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Trend Micro
2008-08-23 18:34 . 2008-08-23 18:53 <DIR> d-------- C:\Documents and Settings\franco benvenuti\.housecall6.6
2008-08-22 21:03 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-08-20 18:20 . 2008-08-20 18:35 <DIR> d-------- C:\fixwareout
2008-08-18 20:34 . 2008-09-14 12:44 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-18 20:05 . 2008-09-02 20:49 <DIR> d-------- C:\Documents and Settings\franco benvenuti\Dati applicazioni\Ahead
2008-08-18 19:33 . 2008-08-18 19:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-08-18 14:49 . 2008-08-18 14:49 <DIR> d-------- C:\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 18:28 --------- d-----w C:\Programmi\Mouse Driver
2008-09-17 18:21 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-09-16 18:18 --------- d-----w C:\Programmi\eMule
2008-09-08 15:51 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-09-08 15:50 --------- d-----w C:\Programmi\Sonic
2008-09-07 08:55 --------- d-----w C:\Programmi\Java
2008-09-06 11:49 --------- d-----w C:\Programmi\PC Tools Firewall Plus
2008-08-31 16:51 --------- d-----w C:\Programmi\WinMX
2008-08-31 16:32 9,179,648 ------w C:\WINDOWS\system32\RTLCPL.exe
2008-08-31 16:32 73,728 ------w C:\WINDOWS\soundman.exe
2008-08-31 16:32 40,448 ------w C:\WINDOWS\system32\ChCfg.exe
2008-08-31 16:32 208,896 ------w C:\WINDOWS\alcupd.exe
2008-08-31 16:32 2,284,864 ----a-w C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-08-31 16:32 176 ------w C:\WINDOWS\system32\drivers\alcxhweq.dat
2008-08-31 16:32 156,672 ----a-w C:\WINDOWS\system32\RTLCPAPI.dll
2008-08-31 16:32 139,264 ------w C:\WINDOWS\alcrmv.exe
2008-08-31 16:32 1,232 ------w C:\WINDOWS\system32\drivers\alcxinit.dat
2008-08-31 09:17 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-30 14:35 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-25 19:19 --------- d-----w C:\Programmi\K-Lite Codec Pack
2008-08-25 18:11 --------- d-----w C:\Programmi\Real Alternative
2008-08-23 17:32 --------- d-----w C:\Programmi\Trend Micro
2008-08-15 19:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\MailFrontier
2008-08-15 18:33 --------- d-----w C:\Programmi\QuickTime Alternative
2008-08-15 16:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Apple Computer
2008-08-15 15:57 --------- d-----w C:\Documents and Settings\franco benvenuti\Dati applicazioni\Motive
2008-08-15 10:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Bluetooth
2008-08-15 08:10 --------- d-----w C:\Programmi\EPSON
2008-08-15 08:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\TomTom
2008-08-15 08:01 --------- d-----w C:\Programmi\TomTom HOME
2008-08-15 08:01 --------- d-----w C:\Documents and Settings\franco benvenuti\Dati applicazioni\InstallShield
2008-08-15 07:50 --------- d-----w C:\Programmi\Lavalys
2008-08-12 19:55 --------- d-----w C:\Programmi\Windows Live
2008-08-12 19:33 --------- d-----w C:\Programmi\Microsoft SQL Server Compact Edition
2008-08-12 19:30 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-08-12 19:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\WLInstaller
2008-08-12 17:32 --------- d-----w C:\Programmi\Alice ti aiuta
2008-08-11 19:21 --------- d-----w C:\Programmi\MSN Messenger
2008-08-11 19:10 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-08-11 19:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Windows Live Toolbar
2008-08-10 19:10 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-10 19:10 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-08-10 19:10 --------- d-----w C:\Documents and Settings\franco benvenuti\Dati applicazioni\AVGTOOLBAR
2008-08-10 19:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\avg8
2008-08-10 18:30 155,995 ----a-w C:\WINDOWS\java\Packages\J9RJTBLR.ZIP
2008-08-10 16:37 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\OpenOffice.org2
2008-08-09 16:28 --------- d-----w C:\Programmi\COMODO
2008-08-08 19:44 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Comodo
2008-08-08 16:22 --------- d-----w C:\Programmi\AskSBar
2008-07-30 15:20 --------- d-----w C:\Programmi\Auslogics
2008-07-30 11:29 --------- d-----w C:\Programmi\Google
2008-07-29 20:02 15,984,024 ----a-w C:\jre-6u7-windows-i586-p-s.exe
2008-07-25 08:34 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-07-22 19:11 --------- d-----w C:\Programmi\CCleaner
2008-07-20 10:44 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\PCToolsFirewallPlus
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:09 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"ares"="C:\Programmi\Ares\Ares.exe" [2008-02-20 963072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-30 1235736]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME\TomTomHOME.exe" [2008-02-14 3977128]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE" [2003-11-25 99840]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"Tvs"="C:\Programmi\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 73728]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CreativeMouse "="C:\Programmi\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

C:\Documents and Settings\franco benvenuti\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.4.lnk - C:\Programmi\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-06-17 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Ares\\Ares.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-10 76040]
R2 Start BT in service;Start BT in service;C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-09-30 51816]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-nffddvvn - c:\documents and settings\franco benvenuti\impostazioni locali\dati applicazioni\nffddvvn.exe
HKLM-Run-UnlockerAssistant - C:\Programmi\Unlocker\UnlockerAssistant.exe
HKLM-Run-ISUSPM Startup - C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://rossoalice.alice.it/
R1 -: HKCU-Internet Settings,ProxyOverride = ;127.0.0.1;<local>

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 20:37:16
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-09-17 20:38:26
ComboFix-quarantined-files.txt 2008-09-17 18:38:21
ComboFix2.txt 2008-08-24 06:55:29

Pre-Run: 10,832,060,416 byte disponibili
Post-Run: 10,894,200,832 byte disponibili

208 --- E O F --- 2008-09-17 12:17:51
Torna in alto
 
pidue
Inviato: Wednesday, September 17, 2008 9:08:28 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ciao,
Combofix qualche porcheria l'ha tolta. Dovresti dirmi se ti compaiono ancora quelle noiose finestre.
Torna in alto
 
65maria
Inviato: Wednesday, September 17, 2008 10:04:15 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
PER MONSEE ho fatto ciò che mi hai detto per spybot, grz monsee


PER PIDUE per adesso le fastidiose finestre nn stanno ricomparendo, ti ringrazio
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » uffa


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.