Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log

controllo log Opzioni
Topic Precedente · Topic Sucessivo
spyker
Inviato: Wednesday, February 03, 2010 1:17:44 PM
Rank: Member

Iscritto dal : 2/2/2010
Posts: 22
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.17.38, on 03/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\IObit\Game Booster\gbtray.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Spyker\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolstreaming.us/blog/diretta-tv/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257343033406
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{457A29CE-55E3-48C3-A83C-8D8488B087FC}: NameServer = 193.70.152.15 193.70.152.25
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\WINDOWS\reset.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 5632 bytes


vorrei sapere se c'è qualcosa che non va...avevo winlogon.exe che occupava 34 mb, poi la connessione internet è un pò rallentata da un pò, magari è un problema di rete, però per sicurezza...
Torna in alto
 
Sponsor
Inviato: Wednesday, February 03, 2010 1:17:44 PM

 
Torna in alto
 
antonpaco
Inviato: Wednesday, February 03, 2010 1:47:40 PM
Rank: AiutAmico

Iscritto dal : 11/7/2006
Posts: 1,180
il log sembra pulito, attendi pero' il giudizio dei nostri amici esperti appena avranno un attimo di tempo x controllare. Prova a fare una scansione completa col malwarebytes, lo puoi scaricare da questo stesso sito.
Torna in alto
 
spyker
Inviato: Wednesday, February 03, 2010 1:49:15 PM
Rank: Member

Iscritto dal : 2/2/2010
Posts: 22
come antivirus utilizzo NOD32 e superantispyware...è abbastanza? o mi consigliate altro, oltre ovviamente a quello che mi hai appena detto
Torna in alto
 
r16
Inviato: Wednesday, February 03, 2010 2:08:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Puoi eliminare questo software: IObit (per quello che serve.....Whistle )
Poi:
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO 1.cab
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

N.B:
Se la voce 023 non si elimina, prova in Modalità provvisoria.

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Riavvia il pc.

Scarica ed installa MalwareBytes (tienilo installato, è un programma valido):
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
Torna in alto
 
spyker
Inviato: Wednesday, February 03, 2010 3:54:12 PM
Rank: Member

Iscritto dal : 2/2/2010
Posts: 22
Malwarebytes' Anti-Malware 1.44
Versione del database: 3682
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/02/2010 15.51.27
mbam-log-2010-02-03 (15-51-17).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 193638
Tempo trascorso: 1 hour(s), 50 minute(s), 7 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
Torna in alto
 
r16
Inviato: Wednesday, February 03, 2010 3:59:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina quello che ha trovato Malwarebytes.

Fai questa scansione:

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
spyker
Inviato: Wednesday, February 03, 2010 5:37:07 PM
Rank: Member

Iscritto dal : 2/2/2010
Posts: 22
ComboFix 10-02-02.08 - Spyker 03/02/2010 16.37.44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1657 [GMT 1:00]
Eseguito da: c:\documents and settings\Spyker\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\grecorder.dll
c:\windows\system32\winlogon.bak

.
((((((((((((((((((((((((( Files Creati Da 2010-01-03 al 2010-02-03 )))))))))))))))))))))))))))))))))))
.

2010-02-03 13:04 . 2010-02-03 13:04 -------- d-----w- c:\programmi\ePSXe
2010-02-03 12:58 . 2010-02-03 12:58 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\Malwarebytes
2010-02-03 12:58 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 12:58 . 2010-02-03 12:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-03 12:58 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 12:58 . 2010-02-03 12:58 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-02 23:42 . 1999-09-10 11:06 5600 ----a-w- c:\windows\system\WINASPI.DLL
2010-02-02 23:42 . 1999-09-10 11:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2010-02-02 23:42 . 1999-09-10 11:06 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-02-02 23:42 . 1999-09-10 11:06 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-02-02 23:25 . 2010-02-02 23:25 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\fltk.org
2010-02-02 23:00 . 2010-02-02 23:01 -------- d-----w- c:\programmi\epsxe-1-6-0-ingles
2010-02-01 17:58 . 2010-02-01 17:58 -------- d-----w- c:\documents and settings\Spyker\Impostazioni locali\Dati applicazioni\Innovative Solutions
2010-02-01 17:58 . 2010-02-01 17:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2010-01-31 16:11 . 2010-01-31 16:11 -------- d-----w- c:\programmi\Pawn
2010-01-29 19:48 . 2010-01-29 19:48 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\TextPad
2010-01-29 19:46 . 2010-01-29 19:46 -------- d-----w- c:\programmi\TextPad 4
2010-01-26 14:26 . 2010-01-26 14:26 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\Screenshot Sender
2010-01-25 17:54 . 2010-01-25 17:54 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\IObit
2010-01-22 23:37 . 2009-12-21 19:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-22 23:37 . 2009-12-21 19:06 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-22 23:37 . 2009-12-21 19:06 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-22 23:37 . 2009-12-21 19:06 184320 -c----w- c:\windows\system32\dllcache\iepeers.dll
2010-01-22 23:37 . 2009-12-21 19:06 25600 -c----w- c:\windows\system32\dllcache\jsproxy.dll
2010-01-22 23:37 . 2009-12-21 19:06 5942784 -c----w- c:\windows\system32\dllcache\mshtml.dll
2010-01-22 23:37 . 2009-12-21 19:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-22 23:37 . 2009-12-21 19:06 916480 -c----w- c:\windows\system32\dllcache\wininet.dll
2010-01-22 23:37 . 2009-12-21 19:06 206848 -c----w- c:\windows\system32\dllcache\occache.dll
2010-01-22 23:37 . 2009-12-21 19:06 1208832 -c----w- c:\windows\system32\dllcache\urlmon.dll
2010-01-22 23:36 . 2009-12-21 19:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-22 23:36 . 2009-12-21 13:20 173056 -c----w- c:\windows\system32\dllcache\ie4uinit.exe
2010-01-22 23:36 . 2009-12-21 19:06 387584 -c----w- c:\windows\system32\dllcache\iedkcs32.dll
2010-01-22 23:36 . 2009-12-21 19:06 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-21 21:43 . 2010-01-21 21:44 -------- d-----w- c:\programmi\snes9k_0.09
2010-01-21 14:37 . 2010-01-30 23:02 -------- d-----w- c:\programmi\epsxe170
2010-01-17 18:16 . 2010-01-17 18:16 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-01-17 18:16 . 2010-01-19 11:52 -------- d-----w- c:\programmi\Google
2010-01-11 14:54 . 2010-01-11 14:54 157733 ----a-r- c:\documents and settings\Spyker\Dati applicazioni\Microsoft\Installer\{6A318655-A128-4B64-954F-6D083EE8FF1E}\SmartFTP.exe
2010-01-11 14:52 . 2010-01-11 14:52 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\SmartFTP
2010-01-11 14:52 . 2010-01-11 14:54 -------- d-----w- c:\programmi\SmartFTP Client
2010-01-11 14:52 . 2010-01-11 14:52 -------- d-----w- c:\programmi\SmartFTP Client 4.0 Setup Files
2010-01-09 10:10 . 2010-01-09 10:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AppSoft
2010-01-05 11:35 . 2010-01-05 11:38 -------- d-----w- c:\programmi\GameKiss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 13:31 . 2009-11-05 18:15 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\vlc
2010-02-03 11:04 . 2009-11-21 20:40 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\foobar2000
2010-02-03 10:31 . 2009-11-09 15:38 -------- d-----w- c:\programmi\Windows Live Safety Center
2010-02-02 15:43 . 2009-11-21 11:33 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\FileZilla
2010-02-01 20:52 . 2009-11-30 17:46 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-02-01 19:49 . 2009-11-04 14:05 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\BitTorrent
2010-02-01 19:30 . 2009-11-04 13:21 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-01-30 20:32 . 2009-11-16 22:55 -------- d-----w- c:\programmi\EA Games
2010-01-29 11:37 . 2009-11-19 15:02 1 ----a-w- c:\documents and settings\Spyker\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-27 15:38 . 2009-11-04 14:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-01-27 15:37 . 2009-11-04 14:28 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-01-25 17:54 . 2009-12-22 23:04 -------- d-----w- c:\programmi\IObit
2010-01-24 21:11 . 2009-11-22 14:15 -------- d-----w- c:\programmi\TeamViewer
2010-01-21 21:24 . 2009-12-21 22:48 -------- d-----w- c:\programmi\Winkawaks
2010-01-17 11:54 . 2009-12-12 18:45 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\dvdcss
2010-01-16 10:47 . 2009-12-20 13:13 -------- d-----w- c:\programmi\FileZilla FTP Client
2010-01-15 15:18 . 2009-11-04 14:06 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-15 15:15 . 2009-11-20 22:13 -------- d-----w- c:\programmi\OGPlanet
2010-01-05 08:06 . 2009-11-04 13:58 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-12-27 09:58 . 2009-12-27 09:58 -------- d-----w- c:\programmi\UlisesSoft
2009-12-27 09:43 . 2009-12-27 09:43 -------- d-----w- c:\programmi\ESET
2009-12-23 13:30 . 2009-12-23 13:27 -------- d-----w- c:\programmi\MTA San Andreas
2009-12-22 16:54 . 2009-12-19 16:29 52224 ----a-w- c:\documents and settings\Spyker\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-22 14:58 . 2009-12-22 14:58 -------- d-----w- c:\programmi\Sun
2009-12-22 14:57 . 2009-11-19 14:54 -------- d-----w- c:\programmi\Java
2009-12-22 11:16 . 2009-12-20 11:01 -------- d-----w- c:\programmi\FileTransfer
2009-12-21 19:06 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 10:14 . 2009-12-19 10:08 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\SecondLife
2009-12-18 00:39 . 2009-11-04 14:04 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\DNA
2009-12-17 13:03 . 2009-12-06 10:20 -------- d-----w- c:\programmi\Steam
2009-12-17 07:58 . 2009-11-04 14:04 -------- d-----w- c:\programmi\DNA
2009-12-14 11:03 . 2009-11-04 14:54 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\teamspeak2
2009-12-12 14:23 . 2009-12-02 22:13 -------- d-----w- c:\programmi\EyeDefender
2009-12-11 20:59 . 2009-12-11 20:59 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\Megaupload
2009-12-11 20:59 . 2009-12-11 20:59 -------- d-----w- c:\programmi\Megaupload
2009-12-11 20:55 . 2009-12-11 20:55 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\InstallShield
2009-12-11 11:50 . 2009-12-11 11:50 -------- d-----w- c:\programmi\Foxit Software
2009-12-11 11:50 . 2009-12-11 11:50 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\Foxit
2009-12-10 10:42 . 2004-08-19 12:00 84242 ----a-w- c:\windows\system32\perfc010.dat
2009-12-10 10:42 . 2004-08-19 12:00 488954 ----a-w- c:\windows\system32\perfh010.dat
2009-12-09 11:12 . 2009-12-09 11:12 -------- d-----w- c:\programmi\File comuni\DirectX
2009-12-06 22:51 . 2009-11-16 13:16 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-12-06 14:39 . 2009-12-05 21:39 -------- d-----w- c:\programmi\File comuni\Akamai
2009-12-06 10:43 . 2009-12-06 10:42 -------- d-----w- c:\programmi\CFToolbox
2009-12-05 21:46 . 2009-12-05 21:46 -------- d-----w- c:\programmi\alaplaya
2009-12-05 16:53 . 2009-12-05 16:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NexonEU
2009-12-05 16:36 . 2009-12-05 16:36 98304 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\nxgameeu.dll
2009-12-05 16:36 . 2009-12-05 16:36 81920 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\npNxGameeu.dll
2009-12-05 16:36 . 2009-12-05 16:36 532480 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\NGMDll.dll
2009-12-05 16:36 . 2009-12-05 16:36 331776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\NGMResource.dll
2009-12-05 16:36 . 2009-12-05 16:36 258352 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\unicows.dll
2009-12-05 16:36 . 2009-12-05 16:36 155648 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\NGM.exe
2009-12-05 16:17 . 2009-12-05 16:17 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-12-02 22:00 . 2009-12-02 22:00 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-30 18:00 . 2009-11-16 13:16 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-30 17:55 . 2009-11-30 17:55 135 ----a-w- c:\documents and settings\Spyker\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-11-29 22:07 . 2009-11-30 22:43 79256 ----a-w- c:\windows\system32\npOGPPlugin.dll
2009-11-26 10:58 . 2009-11-04 13:14 96808 ----a-w- c:\documents and settings\Spyker\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-21 15:54 . 2004-08-19 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 19:31 . 2009-11-20 19:31 152576 ----a-w- c:\documents and settings\Spyker\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-20 19:31 . 2009-11-20 19:31 79488 ----a-w- c:\documents and settings\Spyker\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-20 10:57 . 2009-11-20 10:57 217000 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
.

------- Sigcheck -------

[-] 2009-11-04 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-13 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2010-02-01 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Spyker^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-04 14:05 323392 ----a-w- c:\programmi\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-04 13:34 135664 ----atw- c:\documents and settings\Spyker\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 14:55 1057328 ----a-w- c:\programmi\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-13 18:14 172032 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 14:55 1628208 ----a-w- c:\programmi\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-01 19:37 2002160 ----a-w- c:\programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\Rockstar Games\\GTA San Andreas\\samp.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\NexonEU\\NGM\\NGM.exe"=
"c:\\Programmi\\Steam\\Steam.exe"=
"c:\\Programmi\\Steam\\steamapps\\o_ospykero_o\\counter-strike\\hl.exe"=
"c:\\AeriaGames\\WolfTeam\\Wolfteam.bin"=
"c:\\Programmi\\MTA San Andreas\\server\\MTA Server.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\GameKiss\\ValkyrieSky\\Valkyrie Sky.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Jnes\\Jnes.exe"=
"c:\\Programmi\\snes9k_0.09\\snes9k.exe"=
"c:\\Programmi\\Winkawaks\\WinKawaks.exe"=
"c:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Spyker\\Documenti\\Gta San Andreas File Vari\\Angels City Roleplay\\samp-server.exe"=
"c:\\Programmi\\epsxe170\\ePSXe.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14.24.24 96408]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [15/09/2009 11.42.46 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [15/09/2009 11.42.44 74480]
R2 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14.23.18 108792]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/11/2009 14.33.56 717296]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [13/03/2009 15.06.30 357182]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [15/09/2009 11.42.48 7408]
S4 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [29/09/2009 13.03.46 735960]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-03 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2009-11-26 23:22]

2010-02-03 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-11-04 16:58]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1965331169-1417001333-1004Core.job
- c:\documents and settings\Spyker\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-11-04 13:34]

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1965331169-1417001333-1004UA.job
- c:\documents and settings\Spyker\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-11-04 13:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.coolstreaming.us/blog/diretta-tv/
FF - ProfilePath - c:\documents and settings\Spyker\Dati applicazioni\Mozilla\Firefox\Profiles\txi3y5ld.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.thedarksideofgoogle.com/it/
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\Spyker\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Notify-WgaLogon - (no file)
AddRemove-HijackThis - c:\documents and settings\Spyker\Desktop\HiJackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 16:44
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1965331169-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{81717B4E-52D0-E449-3A18-BCC528D4096D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaapcnnifpmdmeemia"=hex:6b,61,64,6d,65,6a,6b,64,63,66,68,69,68,64,6e,69,6e,6c,
66,67,70,64,00,00
"hagnmhbgfeoeanoi"=hex:6a,61,61,6f,64,65,65,6a,6f,68,63,66,6a,67,6b,67,64,65,
6b,6f,00,ff
"iaeokohiaaoclgogjh"=hex:63,61,6f,6e,6e,63,00,7c
"dbaohdebmgaebaaembakjnlnolklfhjfpcgnkjpl"=hex:68,61,6c,68,70,70,69,67,6b,69,
6f,62,70,69,67,64,00,01
"jbaohdebmgaebaaembakiohkdpdhjjnnoaglmcobebcfdhgmaike"=hex:68,61,6c,68,70,70,
69,67,6b,69,6f,62,70,69,67,64,00,01
"dbaohdebmgaebaaembakgoenmnegdiocmcfbnchb"=hex:62,61,67,6c,00,0f
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Spyker\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Spyker\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\windows\system32\Ati2evxx.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Ora fine scansione: 2010-02-03 16:47:23
ComboFix-quarantined-files.txt 2010-02-03 15:47

Pre-Run: 33.390.100.480 byte disponibili
Post-Run: 40.151.736.320 byte disponibili

- - End Of File - - CD6D73ED1130CC8FCAFB95E33D975DEE



in hijackthis cmq non sono riuscito a eliminare la numero 23, nemmeno in modalità provvisoria
Torna in alto
 
r16
Inviato: Wednesday, February 03, 2010 5:56:27 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
La sistemiamo dopo, quella voce.

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
File::
c:\windows\system32\GameMon.des -service
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1965331169-1417001333-1004UA.job

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

Driver::
npggsvc

RegNull::
[HKEY_USERS\S-1-5-21-1060284298-1965331169-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{81717B4E-52D0-E449-3A18-BCC528D4096D}*]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
spyker
Inviato: Wednesday, February 03, 2010 7:33:03 PM
Rank: Member

Iscritto dal : 2/2/2010
Posts: 22
ComboFix 10-02-02.08 - Spyker 03/02/2010 19.19.43.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1629 [GMT 1:00]
Eseguito da: c:\documents and settings\Spyker\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Spyker\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\GameMon.des -service"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1965331169-1417001333-1004UA.job"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1965331169-1417001333-1004UA.job

.
((((((((((((((((((((((((( Files Creati Da 2010-01-03 al 2010-02-03 )))))))))))))))))))))))))))))))))))
.

2010-02-03 13:04 . 2010-02-03 13:04 -------- d-----w- c:\programmi\ePSXe
2010-02-03 12:58 . 2010-02-03 12:58 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\Malwarebytes
2010-02-03 12:58 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 12:58 . 2010-02-03 12:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-03 12:58 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 12:58 . 2010-02-03 12:58 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-02 23:42 . 1999-09-10 11:06 5600 ----a-w- c:\windows\system\WINASPI.DLL
2010-02-02 23:42 . 1999-09-10 11:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2010-02-02 23:42 . 1999-09-10 11:06 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-02-02 23:42 . 1999-09-10 11:06 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-02-02 23:25 . 2010-02-02 23:25 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\fltk.org
2010-02-02 23:00 . 2010-02-02 23:01 -------- d-----w- c:\programmi\epsxe-1-6-0-ingles
2010-02-01 17:58 . 2010-02-01 17:58 -------- d-----w- c:\documents and settings\Spyker\Impostazioni locali\Dati applicazioni\Innovative Solutions
2010-02-01 17:58 . 2010-02-01 17:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2010-01-31 16:11 . 2010-01-31 16:11 -------- d-----w- c:\programmi\Pawn
2010-01-29 19:48 . 2010-01-29 19:48 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\TextPad
2010-01-29 19:46 . 2010-01-29 19:46 -------- d-----w- c:\programmi\TextPad 4
2010-01-26 14:26 . 2010-01-26 14:26 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\Screenshot Sender
2010-01-25 17:54 . 2010-01-25 17:54 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\IObit
2010-01-22 23:37 . 2009-12-21 19:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-22 23:37 . 2009-12-21 19:06 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-22 23:37 . 2009-12-21 19:06 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-22 23:37 . 2009-12-21 19:06 184320 -c----w- c:\windows\system32\dllcache\iepeers.dll
2010-01-22 23:37 . 2009-12-21 19:06 25600 -c----w- c:\windows\system32\dllcache\jsproxy.dll
2010-01-22 23:37 . 2009-12-21 19:06 5942784 -c----w- c:\windows\system32\dllcache\mshtml.dll
2010-01-22 23:37 . 2009-12-21 19:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-22 23:37 . 2009-12-21 19:06 916480 -c----w- c:\windows\system32\dllcache\wininet.dll
2010-01-22 23:37 . 2009-12-21 19:06 206848 -c----w- c:\windows\system32\dllcache\occache.dll
2010-01-22 23:37 . 2009-12-21 19:06 1208832 -c----w- c:\windows\system32\dllcache\urlmon.dll
2010-01-22 23:36 . 2009-12-21 19:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-22 23:36 . 2009-12-21 13:20 173056 -c----w- c:\windows\system32\dllcache\ie4uinit.exe
2010-01-22 23:36 . 2009-12-21 19:06 387584 -c----w- c:\windows\system32\dllcache\iedkcs32.dll
2010-01-22 23:36 . 2009-12-21 19:06 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-21 21:43 . 2010-01-21 21:44 -------- d-----w- c:\programmi\snes9k_0.09
2010-01-21 14:37 . 2010-01-30 23:02 -------- d-----w- c:\programmi\epsxe170
2010-01-17 18:16 . 2010-01-17 18:16 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-01-17 18:16 . 2010-01-19 11:52 -------- d-----w- c:\programmi\Google
2010-01-11 14:54 . 2010-01-11 14:54 157733 ----a-r- c:\documents and settings\Spyker\Dati applicazioni\Microsoft\Installer\{6A318655-A128-4B64-954F-6D083EE8FF1E}\SmartFTP.exe
2010-01-11 14:52 . 2010-01-11 14:52 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\SmartFTP
2010-01-11 14:52 . 2010-01-11 14:54 -------- d-----w- c:\programmi\SmartFTP Client
2010-01-11 14:52 . 2010-01-11 14:52 -------- d-----w- c:\programmi\SmartFTP Client 4.0 Setup Files
2010-01-09 10:10 . 2010-01-09 10:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AppSoft
2010-01-05 11:35 . 2010-01-05 11:38 -------- d-----w- c:\programmi\GameKiss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 18:04 . 2009-11-21 20:40 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\foobar2000
2010-02-03 18:00 . 2009-11-09 15:38 -------- d-----w- c:\programmi\Windows Live Safety Center
2010-02-03 13:31 . 2009-11-05 18:15 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\vlc
2010-02-02 15:43 . 2009-11-21 11:33 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\FileZilla
2010-02-01 20:52 . 2009-11-30 17:46 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-02-01 19:49 . 2009-11-04 14:05 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\BitTorrent
2010-02-01 19:30 . 2009-11-04 13:21 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-01-30 20:32 . 2009-11-16 22:55 -------- d-----w- c:\programmi\EA Games
2010-01-29 11:37 . 2009-11-19 15:02 1 ----a-w- c:\documents and settings\Spyker\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-27 15:38 . 2009-11-04 14:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-01-27 15:37 . 2009-11-04 14:28 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-01-25 17:54 . 2009-12-22 23:04 -------- d-----w- c:\programmi\IObit
2010-01-24 21:11 . 2009-11-22 14:15 -------- d-----w- c:\programmi\TeamViewer
2010-01-21 21:24 . 2009-12-21 22:48 -------- d-----w- c:\programmi\Winkawaks
2010-01-17 11:54 . 2009-12-12 18:45 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\dvdcss
2010-01-16 10:47 . 2009-12-20 13:13 -------- d-----w- c:\programmi\FileZilla FTP Client
2010-01-15 15:18 . 2009-11-04 14:06 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-15 15:15 . 2009-11-20 22:13 -------- d-----w- c:\programmi\OGPlanet
2010-01-05 08:06 . 2009-11-04 13:58 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-12-27 09:58 . 2009-12-27 09:58 -------- d-----w- c:\programmi\UlisesSoft
2009-12-27 09:43 . 2009-12-27 09:43 -------- d-----w- c:\programmi\ESET
2009-12-23 13:30 . 2009-12-23 13:27 -------- d-----w- c:\programmi\MTA San Andreas
2009-12-22 16:54 . 2009-12-19 16:29 52224 ----a-w- c:\documents and settings\Spyker\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-22 14:58 . 2009-12-22 14:58 -------- d-----w- c:\programmi\Sun
2009-12-22 14:57 . 2009-11-19 14:54 -------- d-----w- c:\programmi\Java
2009-12-22 11:16 . 2009-12-20 11:01 -------- d-----w- c:\programmi\FileTransfer
2009-12-21 19:06 . 2004-08-19 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-19 10:14 . 2009-12-19 10:08 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\SecondLife
2009-12-18 00:39 . 2009-11-04 14:04 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\DNA
2009-12-17 13:03 . 2009-12-06 10:20 -------- d-----w- c:\programmi\Steam
2009-12-17 07:58 . 2009-11-04 14:04 -------- d-----w- c:\programmi\DNA
2009-12-14 11:03 . 2009-11-04 14:54 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\teamspeak2
2009-12-12 14:23 . 2009-12-02 22:13 -------- d-----w- c:\programmi\EyeDefender
2009-12-11 20:59 . 2009-12-11 20:59 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\Megaupload
2009-12-11 20:59 . 2009-12-11 20:59 -------- d-----w- c:\programmi\Megaupload
2009-12-11 20:55 . 2009-12-11 20:55 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\InstallShield
2009-12-11 11:50 . 2009-12-11 11:50 -------- d-----w- c:\programmi\Foxit Software
2009-12-11 11:50 . 2009-12-11 11:50 -------- d-----w- c:\documents and settings\Spyker\Dati applicazioni\Foxit
2009-12-10 10:42 . 2004-08-19 12:00 84242 ----a-w- c:\windows\system32\perfc010.dat
2009-12-10 10:42 . 2004-08-19 12:00 488954 ----a-w- c:\windows\system32\perfh010.dat
2009-12-09 11:12 . 2009-12-09 11:12 -------- d-----w- c:\programmi\File comuni\DirectX
2009-12-06 22:51 . 2009-11-16 13:16 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-12-06 14:39 . 2009-12-05 21:39 -------- d-----w- c:\programmi\File comuni\Akamai
2009-12-06 10:43 . 2009-12-06 10:42 -------- d-----w- c:\programmi\CFToolbox
2009-12-05 21:46 . 2009-12-05 21:46 -------- d-----w- c:\programmi\alaplaya
2009-12-05 16:36 . 2009-12-05 16:36 98304 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\nxgameeu.dll
2009-12-05 16:36 . 2009-12-05 16:36 81920 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\npNxGameeu.dll
2009-12-05 16:36 . 2009-12-05 16:36 532480 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\NGMDll.dll
2009-12-05 16:36 . 2009-12-05 16:36 331776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\NGMResource.dll
2009-12-05 16:36 . 2009-12-05 16:36 258352 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\unicows.dll
2009-12-05 16:36 . 2009-12-05 16:36 155648 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\NGM.exe
2009-12-05 16:17 . 2009-12-05 16:17 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-12-02 22:00 . 2009-12-02 22:00 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-30 18:00 . 2009-11-16 13:16 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-30 17:55 . 2009-11-30 17:55 135 ----a-w- c:\documents and settings\Spyker\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-11-29 22:07 . 2009-11-30 22:43 79256 ----a-w- c:\windows\system32\npOGPPlugin.dll
2009-11-26 10:58 . 2009-11-04 13:14 96808 ----a-w- c:\documents and settings\Spyker\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-21 15:54 . 2004-08-19 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 19:31 . 2009-11-20 19:31 152576 ----a-w- c:\documents and settings\Spyker\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-20 19:31 . 2009-11-20 19:31 79488 ----a-w- c:\documents and settings\Spyker\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-20 10:57 . 2009-11-20 10:57 217000 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
.

------- Sigcheck -------

[-] 2009-11-04 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-13 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-02-03_15.44.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-03 18:17 . 2010-02-03 18:17 16384 c:\windows\Temp\Perflib_Perfdata_7e0.dat
+ 2009-02-06 13:24 . 2009-02-06 13:24 93336 c:\windows\system32\drivers\epfwtdir.sys
+ 2010-02-03 16:01 . 2010-02-03 16:01 10134 c:\windows\Installer\{CDF97135-7FD2-4289-96B8-DD4505267ACD}\callmsi.exe
+ 2009-02-06 13:23 . 2009-02-06 13:23 106208 c:\windows\system32\drivers\ehdrv.sys
+ 2009-02-06 13:19 . 2009-02-06 13:19 113448 c:\windows\system32\drivers\eamon.sys
+ 2009-03-13 14:06 . 2009-03-13 17:28 357101 c:\windows\reset.exe
+ 2010-02-03 16:01 . 2010-02-03 16:01 101480 c:\windows\Installer\{CDF97135-7FD2-4289-96B8-DD4505267ACD}\egui.exe
+ 2010-02-03 16:01 . 2010-02-03 16:01 1116672 c:\windows\Installer\3b0b6.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2010-02-01 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Spyker^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-04 14:05 323392 ----a-w- c:\programmi\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-04 13:34 135664 ----atw- c:\documents and settings\Spyker\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 14:55 1057328 ----a-w- c:\programmi\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-13 18:14 172032 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 14:55 1628208 ----a-w- c:\programmi\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-01 19:37 2002160 ----a-w- c:\programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\Rockstar Games\\GTA San Andreas\\samp.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\NexonEU\\NGM\\NGM.exe"=
"c:\\Programmi\\Steam\\Steam.exe"=
"c:\\Programmi\\Steam\\steamapps\\o_ospykero_o\\counter-strike\\hl.exe"=
"c:\\AeriaGames\\WolfTeam\\Wolfteam.bin"=
"c:\\Programmi\\MTA San Andreas\\server\\MTA Server.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\GameKiss\\ValkyrieSky\\Valkyrie Sky.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Jnes\\Jnes.exe"=
"c:\\Programmi\\snes9k_0.09\\snes9k.exe"=
"c:\\Programmi\\Winkawaks\\WinKawaks.exe"=
"c:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Spyker\\Documenti\\Gta San Andreas File Vari\\Angels City Roleplay\\samp-server.exe"=
"c:\\Programmi\\epsxe170\\ePSXe.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R?2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14.23.36 727720]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14.23.18 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14.24.24 93336]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [15/09/2009 11.42.46 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [15/09/2009 11.42.44 74480]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/11/2009 14.33.56 717296]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [19/08/2004 13.00.00 3584]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [15/09/2009 11.42.48 7408]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-03 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2009-11-26 23:22]

2010-02-03 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-11-04 16:58]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1965331169-1417001333-1004Core.job
- c:\documents and settings\Spyker\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-11-04 13:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.coolstreaming.us/blog/diretta-tv/
FF - ProfilePath - c:\documents and settings\Spyker\Dati applicazioni\Mozilla\Firefox\Profiles\txi3y5ld.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.thedarksideofgoogle.com/it/
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\Spyker\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 19:27
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Spyker\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Spyker\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\windows\system32\Ati2evxx.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Ora fine scansione: 2010-02-03 19:29:51
ComboFix-quarantined-files.txt 2010-02-03 18:29

Pre-Run: 40.037.961.728 byte disponibili
Post-Run: 40.019.402.752 byte disponibili

- - End Of File - - 319F7C444D1B4DAF348B8BD4F8848FAD


quando stava verso stage 45, mi ha dato un errore riguardante un applicazione chiamata PEV.exe, l'errore che si presenta di solito quando le applicazioni crashano o cose così..però cmq la scansione è andata avanti ed è finita, e quello è il log
Torna in alto
 
spyker
Inviato: Wednesday, February 03, 2010 9:13:47 PM
Rank: Member

Iscritto dal : 2/2/2010
Posts: 22
quando uso combofix poi mi incasina l'antivirus, cioè io disattivo sia antivirus ke firewall però mi incasina nod32 e devo sempre reinstallarlo daccapo
Torna in alto
 
r16
Inviato: Wednesday, February 03, 2010 9:15:03 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Per eliminare Combofix:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.
Poi elimina OTC by OldTimer

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected
Fai una deframmentazione del HD.
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Riscontri problemi?
Torna in alto
 
spyker
Inviato: Wednesday, February 03, 2010 9:55:00 PM
Rank: Member

Iscritto dal : 2/2/2010
Posts: 22
tutto fatto, l'unico problema riscontrato è che non mi ha fatto cancellare i file nella cartella temp, mi dice accesso negato, file in uso, una cosa simile. nella cartella ci sono tre file

-Perflib_Perfdata_480.dat
-Perflib_Perfdata_b50.dat
-Perflib_Perfdata_b58.dat


Edit: Ah nn ho ancora riattivato il ripristino xkè volevo prima sapere da te se quei file potevano creare problemi o no
Torna in alto
 
r16
Inviato: Wednesday, February 03, 2010 10:29:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
Edit: Ah nn ho ancora riattivato il ripristino xkè volevo prima sapere da te se quei file potevano creare problemi o no

No, quei file, non sono una minaccia.
Riattiva il ripristino.
Se tutto funziona bene, direi che sei a posto.
Torna in alto
 
spyker
Inviato: Wednesday, February 03, 2010 10:31:50 PM
Rank: Member

Iscritto dal : 2/2/2010
Posts: 22
ok grazie milleee ^^
Torna in alto
 
r16
Inviato: Wednesday, February 03, 2010 10:36:42 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Dimenticavo la voce 023:

Fai cosi:
Scarica e installa Pserv sul desktop:
http://www.p-nand-q.com/download/pserv_cpl/pserv-2.7.exe
Lo lanci da "Tutti programmi" cliccando : "Services & Devices"
Nella schermata che apparirà, cerca e trova il servizio incriminato.
Clicca con il tasto destro sopra il servizio, e scegli : Delete.
Chiudi Pserv.
Riavvia il pc.
Posta un log di HJT.
Torna in alto
 
spyker
Inviato: Wednesday, February 03, 2010 10:38:44 PM
Rank: Member

Iscritto dal : 2/2/2010
Posts: 22
ma sinceramente quella voce non me la da più...forse quando l'ho cancellata dalla modalità provvisoria, al riavvio si è tolta
Torna in alto
 
r16
Inviato: Wednesday, February 03, 2010 10:41:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Più probabile, che l'abbia eliminata lo script di Combofix.
Volevo esserne certo.
Ciao.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.