Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Per favore mi controllate e cosingliate cosa fare?

Per favore mi controllate e cosingliate cosa fare? Opzioni
Topic Precedente · Topic Sucessivo
dc881
Inviato: Sunday, October 17, 2010 6:13:21 PM
Rank: AiutAmico

Iscritto dal : 8/2/2009
Posts: 53


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.exe
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\att41.docx
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\hwdkzqts9wc79vawmnuwm0my9ccytu81_NATIONALGEOGRAPHIC.jpg
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\Prima lettera convocazione orientation speciale.pdf
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\scrollbar.css
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\startertemplate1.header.gif
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\unknown(05-07-15-45-10).htm
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\unknown(05-07-15-45-21).htm
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\unknown(05-07-15-45-47).htm
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\unknown(05-07-15-46-00).htm
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\unknown(05-07-15-46-13).htm
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\unknown(05-07-15-46-14).htm
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\unknown(05-07-15-46-19).htm
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\unknown(05-07-15-46-28).htm
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\unknown(05-07-15-46-29).htm
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\unknown(05-07-15-46-34).htm
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\unknown(05-07-15-46-36).htm
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\unknown(05-07-15-46-41).htm
c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\unknown.htm
c:\documents and settings\All Users\Documenti\Server\admin.txt
c:\documents and settings\All Users\Documenti\Server\server.dat
c:\documents and settings\mariella\Impostazioni locali\Temporary Internet Files\unknown.htm
c:\windows\AUTOLNCH.REG

c:\windows\explorer.exe . . . è infetto!!

c:\windows\system32\winlogon.exe . . . è infetto!!

.
((((((((((((((((((((((((( Files Creati Da 2010-09-17 al 2010-10-17 )))))))))))))))))))))))))))))))))))
.

2010-11-12 08:46 . 2010-11-12 08:46 -------- d-----w- c:\documents and settings\dado\Impostazioni locali\Dati applicazioni\Lucasarts
2010-11-12 08:44 . 2006-07-28 08:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-11-12 08:44 . 2006-07-28 08:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2010-11-12 08:38 . 2010-11-12 08:38 -------- d-----w- c:\programmi\LucasArts
2010-11-11 09:27 . 2010-11-11 09:27 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Redlynx
2010-11-11 08:41 . 2010-11-11 08:41 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Ahead
2010-11-11 08:41 . 2010-11-11 08:41 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ArcSoft
2010-11-11 08:41 . 2010-11-11 08:41 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ArcSoft
2010-11-11 08:41 . 2010-11-11 08:41 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ATI
2010-11-11 08:41 . 2010-11-11 08:41 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ATI
2010-11-11 08:41 . 2010-11-11 08:41 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ParentalControl
2010-11-11 08:04 . 2010-11-11 08:05 -------- d-----w- c:\programmi\ophcrack
2010-10-31 08:23 . 2010-10-31 08:23 -------- d-----w- c:\documents and settings\dado\Dati applicazioni\Swarm Racer
2010-10-31 08:19 . 2010-10-31 08:19 -------- d-----w- c:\programmi\Ubisoft
2010-10-31 08:19 . 2005-04-03 22:02 753664 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2010-10-31 08:19 . 2005-04-03 22:02 69714 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2010-10-31 08:19 . 2005-04-03 22:01 274432 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2010-10-31 08:19 . 2005-04-03 22:00 184320 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2010-10-31 08:19 . 2005-04-03 21:59 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2010-10-31 08:19 . 2010-10-31 08:19 200836 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2010-10-31 08:19 . 2010-10-31 08:19 331908 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2010-10-31 07:59 . 2010-10-31 07:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MakeMusic
2010-10-31 07:52 . 2010-10-05 15:29 -------- d-----w- c:\programmi\PogoSticker
2010-10-31 07:51 . 2011-07-08 11:00 -------- d-----w- c:\programmi\Swarm Racer
2010-10-29 14:16 . 2010-10-29 14:16 -------- d-----w- c:\programmi\Canon
2010-10-29 14:16 . 2008-09-29 15:00 385024 ----a-w- c:\windows\system32\CNAC8EMK.DLL
2010-10-29 14:16 . 2008-09-25 15:00 221184 ----a-w- c:\windows\system32\CNAP2LMK.DLL
2010-10-29 14:16 . 2007-12-18 06:18 921600 ----a-w- c:\windows\system32\CNAP1NSK.DLL
2010-10-28 15:02 . 2008-04-13 09:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-10-28 15:02 . 2008-04-13 09:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-10-26 07:48 . 2010-10-26 07:48 -------- d-----w- c:\programmi\EA GAMES
2010-10-24 08:56 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-10-24 08:42 . 2010-12-16 09:10 -------- d-----w- c:\documents and settings\dado\Dati applicazioni\skypePM
2010-10-22 08:46 . 2010-10-22 08:46 -------- d-----w- c:\documents and settings\dado\Impostazioni locali\Dati applicazioni\COMODO
2010-10-21 14:44 . 2010-10-17 10:15 -------- d-----w- c:\documents and settings\mariella\Impostazioni locali\Dati applicazioni\Google
2010-10-20 10:33 . 2010-10-20 10:33 -------- d-----w- c:\programmi\Trials 2 Second Edition
2010-10-19 19:58 . 2010-10-19 19:58 -------- d-----w- c:\documents and settings\mariella\Impostazioni locali\Dati applicazioni\Redlynx
2010-10-17 13:09 . 2010-10-17 13:09 -------- d-----w- c:\documents and settings\mariella\Dati applicazioni\QuickScan
2010-10-17 12:05 . 2010-10-17 12:05 -------- d-----w- c:\programmi\File comuni\xing shared
2010-10-17 11:48 . 2010-10-17 11:48 -------- d-----w- c:\windows\LastGood
2010-10-17 11:48 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-10-17 11:48 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-10-17 11:48 . 2010-10-17 11:48 -------- d-----w- c:\windows\Logs
2010-10-17 10:12 . 2010-10-17 10:15 -------- d-----w- c:\documents and settings\mariella\Impostazioni locali\Dati applicazioni\Temp
2010-10-17 09:34 . 2010-10-17 09:34 -------- d-----w- c:\programmi\CCleaner
2010-10-15 06:54 . 2010-12-16 10:45 -------- d-----w- c:\documents and settings\dado\Dati applicazioni\Skype
2010-10-14 10:40 . 2010-10-14 10:40 -------- d-----w- c:\documents and settings\mariella\Dati applicazioni\skypePM
2010-10-14 10:37 . 2010-10-17 09:59 -------- d-----w- c:\documents and settings\mariella\Dati applicazioni\Skype
2010-10-14 10:36 . 2010-10-14 10:36 -------- d-----w- c:\programmi\File comuni\Skype
2010-10-14 10:36 . 2010-10-14 10:37 -------- d-----r- c:\programmi\Skype
2010-10-14 10:36 . 2010-10-14 10:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-10-13 19:05 . 2010-10-13 19:05 -------- d-----w- c:\programmi\File comuni\Java
2010-10-13 15:40 . 2010-10-13 15:40 -------- d-----w- c:\documents and settings\mariella\Impostazioni locali\Dati applicazioni\Conduit
2010-10-13 15:39 . 2010-10-17 09:49 -------- d-----w- c:\documents and settings\mariella\Impostazioni locali\Dati applicazioni\AskToolbar
2010-10-12 16:47 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-12 16:47 . 2010-10-12 16:47 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-10-12 16:47 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-12 16:45 . 2010-10-12 16:45 -------- d-----w- c:\documents and settings\marghe\Dati applicazioni\Malwarebytes
2010-10-12 16:17 . 2010-10-12 16:17 -------- d-----w- c:\documents and settings\mariella\Dati applicazioni\Malwarebytes
2010-10-12 14:42 . 2010-10-12 14:43 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Adobe
2010-10-12 14:07 . 2010-10-12 14:10 -------- d-----w- c:\programmi\VirtualDJ
2010-10-07 22:06 . 2008-04-13 17:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-07 22:06 . 2010-12-14 13:27 -------- d-----w- c:\documents and settings\dante
2010-10-07 12:39 . 2010-10-07 12:41 -------- d-----w- c:\documents and settings\dado\Dati applicazioni\TS3Client
2010-10-07 12:38 . 2010-10-07 12:38 -------- d-----w- c:\documents and settings\dado\Impostazioni locali\Dati applicazioni\TeamSpeak 3 Client
2010-10-04 15:28 . 2010-10-04 15:28 -------- d-----w- c:\programmi\Mplayer
2010-10-04 15:27 . 2010-10-13 13:16 -------- d-----w- c:\programmi\Quake III Arena
2010-09-28 13:48 . 2010-09-28 13:48 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\PunkBuster
2010-09-25 12:32 . 2010-09-25 12:33 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Teleca
2010-09-25 11:32 . 2010-09-25 11:32 -------- d-----w- c:\programmi\MyPlayCity.com
2010-09-23 12:42 . 2010-09-23 12:42 95672 ----a-w- c:\programmi\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 16:52 . 2010-09-22 16:52 -------- d-----w- c:\documents and settings\mariella\Impostazioni locali\Dati applicazioni\COMODO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\2f751deff4c9646c9a2883fbe2a60450\sp3qfe\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\2f751deff4c9646c9a2883fbe2a60450\sp3gdr\tcpip.sys
[-] 2008-04-27 . 8E036EEC565910417EA020CE0962AA24 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-13 . C9AB1384049F6E58EA1110B80CD3FEB9 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-13 . 70E5CFF0109EC4E3BF3172AFFA9F1368 . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . 65A411D2FDFA4CF5A975930848D4BDE0 . 3191808 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2009-05-02 . D5E120A3BA164D2E7307A6688FEB26B2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2010-11-10 13:38 2734688 ----a-w- c:\programmi\Softonic-IT\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSof0.dll" [2010-11-10 2734688]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E3393495-8103-46A0-8181-270273EDDD60}"= "c:\programmi\Softonic-IT\tbSof0.dll" [2010-11-10 2734688]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Foxmail"="c:\documents and settings\mariella\Desktop\Foxmail\Foxmail.exe" [2010-03-28 7403896]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"CNAP2 Launcher"="c:\windows\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2007-09-05 406944]
"Google Update"="c:\documents and settings\mariella\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-09-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"CAPON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2000-04-20 22528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"ParentalControl"="c:\programmi\Parental Control\ParentalControl.exe" [2008-03-31 6096384]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"Start WingMan Profiler"="c:\programmi\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2010-10-04 2500552]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CNAP2 Launcher"="c:\windows\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2007-09-05 406944]
"Mobile Connectivity Suite"="c:\programmi\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2010-07-12 74752]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-10-17 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-04-27 123904]
"_nltide_3"="advpack.dll" [2008-04-27 123904]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a html2pop3.lnk - c:\documents and settings\mariella\Desktop\html2pop3232win32\html2pop3.exe [2010-5-7 111104]

c:\documents and settings\dado\Menu Avvio\Programmi\Esecuzione automatica\
Quake Live Home Page(F10).url [2010-9-30 190]

c:\documents and settings\mariella\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a html2pop3.lnk - c:\documents and settings\mariella\Desktop\html2pop3232win32\html2pop3.exe [2010-5-7 111104]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Finestra di stato di Canon LBP-800.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2010-4-14 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoMultiIE"= 0 (0x0)
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Parental Control\\ParentalControl.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [01/06/2010 19.00.20 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [04/06/2010 11.55.58 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [01/06/2010 19.00.22 25240]
R1 cp_drv;Crawler Parental Control Driver;c:\documents and settings\All Users\Dati applicazioni\ParentalControl\cp_drv.sys []
R1 cp_tdifw_drv;cp_tdifw_drv;c:\documents and settings\All Users\Dati applicazioni\ParentalControl\cp_tdifw_drv.sys []
R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [07/05/2010 14.59.22 23008]
R3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\drivers\cam1690.sys [20/09/2007 18.03.46 177280]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [15/09/2010 13.13.12 136176]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\Drivers\AsrCDDrv.sys --> c:\windows\system32\Drivers\AsrCDDrv.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2010-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-09-15 11:13]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-682003330-1003Core.job
- c:\documents and settings\mariella\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-10-17 11:13]

2010-10-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1844237615-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1844237615-682003330-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1844237615-682003330-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1844237615-682003330-1007.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1844237615-682003330-500.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1844237615-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-12-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1844237615-682003330-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1844237615-682003330-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1844237615-682003330-1007.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-12-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1844237615-682003330-500.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://trc1.emv2.com/HS?a=DNX7CqNAUOPE8SA9MKIgLMTnGHxKDpac5Awr
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\mariella\Dati applicazioni\Mozilla\Firefox\Profiles\azk728sj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=it
FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\mariella\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-725345543-1844237615-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:53,ee,c4,da,ce,dc,51,23,2f,41,e0,10,97,b0,32,65,87,61,26,41,34,7d,73,
99,06,b7,a3,4c,92,20,2e,87,62,f8,b7,08,70,53,68,b6,87,e0,31,d2,a1,23,d2,ed,\
"??"=hex:44,02,43,81,7b,61,62,b3,72,0d,e6,d1,5e,bd,ba,e6

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2010-10-17 15:41:05
ComboFix-quarantined-files.txt 2010-10-17 13:41

Pre-Run: 146.832.220.160 byte disponibili
Post-Run: 151.871.270.912 byte disponibili

- - End Of File - - 8AE5E74847F8CB4360A8EEF399C68373
Torna in alto
 
Sponsor
Inviato: Sunday, October 17, 2010 6:13:21 PM

 
Torna in alto
 
r16
Inviato: Sunday, October 17, 2010 9:41:47 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Quel S.O non è originale.
Per cui il mio consiglio è formattare, procurarti una licenza valida, e installare il S.O.
Quel pc ha file di sistema fuori uso.
Per ripristinarli, serve il CD d'installazione.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Per favore mi controllate e cosingliate cosa fare?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.