Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » cosa faccio sono disperato

3 pages: [1] 2 3
cosa faccio sono disperato Opzioni
Topic Precedente · Topic Sucessivo
maxdance
Inviato: Wednesday, February 03, 2010 5:50:31 PM
Rank: AiutAmico

Iscritto dal : 2/3/2010
Posts: 31
questo è il risultato della scansione dopo 5 ore malwarebites aiutatemi vi prego

duarnte la scansione appariva una maledetta finestra del nod 32 con scritto :
C\WINDOWS\system32\dsuiext32.dll e sotto

virus : variante modifivata da win32\kryptik.CDS cavallo di troia e sotto

Commento: evento accorso su un nuovo file creato da un applicazione \??\C\WINDOWS\system32\winlogon.exe il file è stato inserito nella quarantena . puoi chiudere questa finestra

La chiudo dopo 3 secondi si riapre ragazzi voi espserti che faccio ??
rimango in attesa

risultato scansione
Malwarebytes' Anti-Malware 1.44
Versione del database: 3682
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/02/2010 17.43.28
mbam-log-2010-02-03 (17-43-22).txt

Tipo di scansione: Scansione completa (C:\|E:\|)
Elementi scansionati: 454958
Tempo trascorso: 6 hour(s), 0 minute(s), 20 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 2
Chiavi di registro infette: 11
Valori di registro infetti: 0
Elementi dato del registro infetti: 2
Cartelle infette: 3
File infetti: 45

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\WINDOWS\system32\dsuiext32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\d3dx9_3132.dll (Trojan.Tracur) -> No action taken.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1553b746-8547-4d5a-8e5a-d22c44476d05} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1553b746-8547-4d5a-8e5a-d22c44476d05} (Trojan.BHO.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\d4a05702741 (Trojan.Tracur) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1553b746-8547-4d5a-8e5a-d22c44476d05} (Trojan.Tracur) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db893839-10f0-4af9-92fa-b23528f530af} (Trojan.Dialer) -> No action taken.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dsuiext32.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dsuiext32.dll -> No action taken.

Cartelle infette:
C:\Programmi\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> No action taken.
C:\Programmi\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> No action taken.
C:\Programmi\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> No action taken.

File infetti:
C:\WINDOWS\system32\d3dx9_3132.dll (Trojan.BHO.H) -> No action taken.
C:\WINDOWS\system32\dsuiext32.dll (Trojan.Tracur) -> No action taken.
C:\Programmi\FotoTaxi3\MSVCP60.dll (Malware.Packer.Gen) -> No action taken.
C:\Programmi\FotoTaxi3\SHLWAPI.DLL (Malware.Packer.Gen) -> No action taken.
C:\Programmi\FotoTaxi3-Full\MSVCP60.dll (Malware.Packer.Gen) -> No action taken.
C:\Programmi\FotoTaxi3-Full\SHLWAPI.DLL (Malware.Packer.Gen) -> No action taken.
C:\Programmi\WebSite X5 v8 - Evolution\GDIPLUS.DLL (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Photo 2000\Dati applicazioni\SystemProc\lsass.exe (Trojan.Inject) -> No action taken.
C:\Documents and Settings\Photo 2000\Documenti\Immagini\web\Incomedia_WebSite_X5_v8.0.0.9\Incomedia_WebSite_X5_v8.0.0.9\Keymaker\keygen.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\dnssd32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\EBPMON232.dll (Trojan.Xulcache) -> No action taken.
E:\prog\installer-70232-34it-CCleaner-Italian.exe (AdWare.FakeInstaller) -> No action taken.
E:\varie\garmin\Alcohol\Alcohol\crack\Alcohol.exe (Trojan.Agent) -> No action taken.
C:\Programmi\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> No action taken.
C:\Programmi\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> No action taken.
C:\Programmi\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> No action taken.
C:\Programmi\hhrashlp.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\HHWMPrxy.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\libpng.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\MDLL32.DLL (Spyware.OnlineGames) -> No action taken.
C:\Programmi\MumaIpl.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\MumaIplA6.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\MumaIplM6.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\MumaIplP6.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\MumaIplPX.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\MumaIplW7.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\optgraph.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\palng.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\PlayRIpl.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\PlayRIplPX.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\ps8bf.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\qtmlClient.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\SAMSIG.DLL (Spyware.OnlineGames) -> No action taken.
C:\Programmi\samsigA6.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\samsigM5.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\samsigM6.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\samsigP5.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\samsigP6.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\samsigPX.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\stlpmt45.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\thunk16.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\thunk3216.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\zlib.dll (Spyware.OnlineGames) -> No action taken.
C:\patch.cmd (Trojan.Agent) -> No action taken.
C:\confin.sys (Malware.Trace) -> No action taken.
Torna in alto
 
Sponsor
Inviato: Wednesday, February 03, 2010 5:50:31 PM

 
Torna in alto
 
r16
Inviato: Wednesday, February 03, 2010 6:04:12 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina quello che ha trovato Malwarebytes.

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)
Riavvia il pc

Poi fai questa scansione:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
maxdance
Inviato: Wednesday, February 03, 2010 6:05:30 PM
Rank: AiutAmico

Iscritto dal : 2/3/2010
Posts: 31
faccio immediatemente quello che mi hai suggerito ti faccio sapere

MILLE grazie intatnto
Torna in alto
 
shapiro
Inviato: Wednesday, February 03, 2010 6:14:28 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
maxdance avevi una discussione aperta

http://forum.aiutamici.com/yaf_postst66954_nuovo-utente-salve-a-tutti-controllo-log.aspx

perche' ne hai aperta una nuova sullo stesso problema....

va beh.....
Torna in alto
 
r16
Inviato: Wednesday, February 03, 2010 6:16:42 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
shapiro ha scritto:
maxdance avevi una discussione aperta
http://forum.aiutamici.com/yaf_postst66954_nuovo-utente-salve-a-tutti-controllo-log.aspx
perche' ne hai aperta una nuova sullo stesso problema....
va beh.....

Non me ne ero accorto.
Vai avanti tu.
Torna in alto
 
maxdance
Inviato: Wednesday, February 03, 2010 6:29:02 PM
Rank: AiutAmico

Iscritto dal : 2/3/2010
Posts: 31
vi chiedo umilmente scusa a tutti avevo bisogno di un urgenza e pensavo di aprire un altra discussione per fare piu' veloce mi sono reso conto che non bisogna farlo pardon

ho installato combofix si è spento il pc è comparsa una finestra blu che dice:
attendere prego
combofix è pronto per lavorare.

impossibile trovare il file CPUversioonOld.

tentativo di creazione di un nuovo punto di ripristino

Si apre una finestra con scritto:
Combofix ha rilevato che questa macchina non ha la " console di ripristino di emergenza"
sarebbe nel tuo interesse installarla vuoi farlo ora ?
cio richide una connessione ad internet.


ma io la connessione la ho interotta prima che faccio si o no?
Torna in alto
 
fdaccc
Inviato: Wednesday, February 03, 2010 6:36:35 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
a quella richiesta fai no.
Torna in alto
 
maxdance
Inviato: Wednesday, February 03, 2010 6:43:05 PM
Rank: AiutAmico

Iscritto dal : 2/3/2010
Posts: 31
ok ora stà facendo la scansione appena finisce spedisco il log

intanto voglio ringraziare tutti la realizzazione di questo forum interessantissimo
Torna in alto
 
fdaccc
Inviato: Wednesday, February 03, 2010 7:00:33 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
ringrazia A.Roselli =)
Torna in alto
 
maxdance
Inviato: Wednesday, February 03, 2010 7:01:15 PM
Rank: AiutAmico

Iscritto dal : 2/3/2010
Posts: 31
ecco il tutto cosa faccio?

ComboFix 10-02-03.01 - Photo 2000 03/02/2010 18.36.14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.679 [GMT 1:00]
Eseguito da: c:\documents and settings\Photo 2000\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Dati applicazioni\02000000e8643934741C.manifest
c:\documents and settings\Administrator\Dati applicazioni\02000000e8643934741O.manifest
c:\documents and settings\Administrator\Dati applicazioni\02000000e8643934741P.manifest
c:\documents and settings\Administrator\Dati applicazioni\02000000e8643934741S.manifest
c:\documents and settings\Photo 2000\Dati applicazioni\02000000e8643934741C.manifest
c:\documents and settings\Photo 2000\Dati applicazioni\02000000e8643934741O.manifest
c:\documents and settings\Photo 2000\Dati applicazioni\02000000e8643934741P.manifest
c:\documents and settings\Photo 2000\Dati applicazioni\02000000e8643934741S.manifest
c:\documents and settings\Photo 2000\Dati applicazioni\inst.exe
c:\documents and settings\Photo 2000\Dati applicazioni\SystemProc
c:\documents and settings\Photo 2000\Documenti\ZbThumbnail.info
c:\programmi\INSTALL.LOG
c:\programmi\temp
c:\programmi\ZIPDLL.DLL
c:\recycler\S-1-5-21-3360056521-2804242644-906674106-1003
C:\Thumbs.db
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\PCLECoInst.dll
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\twain_32.dll
c:\windows\system32\zip32.dll
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-01-03 al 2010-02-03 )))))))))))))))))))))))))))))))))))
.

2010-02-03 10:40 . 2010-02-03 10:40 -------- d-----w- c:\documents and settings\Photo 2000\Dati applicazioni\Malwarebytes
2010-02-03 10:40 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 10:40 . 2010-02-03 10:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-03 10:40 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 10:40 . 2010-02-03 16:43 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-03 09:03 . 2010-02-03 09:03 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-02 17:00 . 2010-02-02 17:00 -------- d-----w- c:\programmi\Trend Micro
2010-01-26 18:00 . 2010-01-26 18:00 -------- d-----w- c:\documents and settings\Photo 2000\Incomplete
2010-01-26 17:59 . 2010-01-26 18:39 -------- d-----w- c:\documents and settings\Photo 2000\Dati applicazioni\LimeWire
2010-01-26 17:59 . 2010-01-26 17:59 -------- d-----w- c:\programmi\360Share Pro
2010-01-23 10:42 . 1998-08-04 21:00 43520 ----a-w- c:\windows\system32\FLXGDIT.DLL
2010-01-22 12:13 . 2005-09-20 09:36 151552 ----a-w- c:\windows\system32\igfxres.dll
2010-01-22 10:03 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-22 09:28 . 2010-01-22 09:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2010-01-22 09:05 . 2010-01-22 09:05 -------- d-----w- c:\windows\nvidia icons
2010-01-22 09:05 . 2010-01-22 09:05 -------- d-----w- c:\windows\nview
2010-01-22 09:05 . 2008-05-03 04:46 442368 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-22 09:04 . 2008-04-30 16:27 442368 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-22 09:04 . 2010-01-22 09:04 -------- d-----w- C:\NVIDIA
2010-01-22 08:53 . 2004-02-17 02:51 1458176 ----a-r- c:\windows\system\SmWizard.exe
2010-01-22 08:53 . 2004-08-26 10:25 163840 ----a-r- c:\windows\system32\cmuda.dll
2010-01-22 08:53 . 2004-04-23 07:02 233472 ----a-r- c:\windows\system32\cmirmdrv.exe
2010-01-22 08:53 . 2003-04-24 05:29 32768 ----a-r- c:\windows\system32\udaprop.dll
2010-01-22 08:53 . 2003-02-18 10:26 28672 ----a-r- c:\windows\system32\cmirmdrv.dll
2010-01-22 08:53 . 2002-04-29 07:04 917504 ----a-r- c:\windows\system\cmids3d.dll
2010-01-22 08:53 . 2004-08-23 08:21 821760 ----a-r- c:\windows\system32\drivers\cmuda.sys
2010-01-22 02:37 . 2008-04-14 02:52 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2010-01-22 02:37 . 2008-04-14 02:52 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-01-22 01:40 . 2008-04-13 19:45 20608 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys
2010-01-22 01:40 . 2008-04-13 19:45 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-01-21 18:56 . 2010-01-21 18:56 -------- d-----w- c:\programmi\Intel
2010-01-21 18:56 . 2009-08-18 12:44 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-01-21 18:54 . 2010-01-21 18:54 -------- d-----w- C:\Intel
2010-01-21 18:48 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 17:23 . 2004-02-01 21:50 85626 ----a-w- c:\windows\system32\perfc010.dat
2010-02-03 17:23 . 2004-02-01 21:50 493144 ----a-w- c:\windows\system32\perfh010.dat
2010-02-03 09:07 . 2005-03-11 09:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-26 09:24 . 2005-03-12 15:37 180136 ----a-w- c:\documents and settings\Photo 2000\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-25 18:04 . 2007-04-05 08:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-01-25 18:02 . 2004-03-16 06:43 -------- d-----w- c:\programmi\Microsoft Works
2010-01-25 16:22 . 2009-01-03 17:11 -------- d-----w- c:\programmi\AutoFX Suites
2010-01-25 16:18 . 2008-01-26 15:28 -------- d-----w- c:\programmi\Leonardo Beta3
2010-01-23 10:41 . 2005-04-04 14:32 -------- d-----w- c:\programmi\Photosi
2010-01-22 08:52 . 2010-01-22 08:52 -------- d-----w- c:\programmi\C-Media 3D Audio
2010-01-22 08:52 . 2004-04-08 12:57 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-21 18:53 . 2005-03-11 13:34 -------- d-----w- c:\programmi\Yahoo!
2009-12-31 08:03 . 2005-03-22 16:53 -------- d-----w- c:\programmi\Your Uninstaller 2004
2009-12-29 15:46 . 2009-09-25 08:34 -------- d-----w- c:\programmi\Calendars Professional
2009-12-21 19:06 . 2004-12-07 18:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 15:50 . 2006-05-10 16:41 -------- d-----w- c:\programmi\FotoTaxi3
2009-11-21 15:54 . 2004-02-01 21:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-11 08:53 . 2009-11-11 08:53 152576 ----a-w- c:\documents and settings\Photo 2000\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-11 08:51 . 2009-11-11 08:51 79488 ----a-w- c:\documents and settings\Photo 2000\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-09-15 13:57 . 2008-06-03 15:50 344 ----a-w- c:\programmi\dvdmaker.ini
2009-09-15 13:57 . 2008-06-03 15:35 527 ----a-w- c:\programmi\crm.dat
2009-09-15 13:57 . 2008-06-03 15:34 3261 ----a-w- c:\programmi\homeDVD-Foto4.ini
2009-09-15 13:55 . 2008-06-03 15:35 339 ----a-w- c:\programmi\dbk.log
2009-09-15 13:55 . 2008-06-03 15:35 0 ----a-w- c:\programmi\DLLAV32.LOG
2009-09-15 13:52 . 2009-09-15 13:52 31466 ---ha-w- c:\programmi\pa.GID
2009-09-15 13:52 . 2008-11-24 15:28 1226 ----a-w- c:\programmi\FotoClinic.INI
2008-06-03 15:34 . 2008-06-03 15:34 2674 ----a-w- c:\programmi\INSTALL1.LOG
2008-06-03 15:34 . 2008-06-03 15:34 343 ----a-w- c:\programmi\Install.cfg
2008-06-03 15:28 . 2008-06-03 15:28 147 ----a-w- c:\programmi\Validation.ini
2005-03-09 11:58 . 2008-06-03 15:26 3984166 ----a-w- c:\programmi\manual.pdf
2005-03-09 08:41 . 2008-06-03 15:26 1142784 ----a-w- c:\programmi\DVDMaker.dll
2005-03-04 08:17 . 2008-06-03 15:28 81920 ----a-w- c:\programmi\MagixOFA-ita.dll
2005-03-04 08:16 . 2008-06-03 15:28 593920 ----a-w- c:\programmi\MagixOFA.dll
2005-02-22 08:26 . 2008-06-03 15:26 180224 ----a-w- c:\programmi\instslct.exe
2005-02-10 16:30 . 2008-06-03 15:26 212992 ----a-w- c:\programmi\softupdate.exe
2005-02-09 17:52 . 2008-06-03 15:28 8773 ----a-w- c:\programmi\order.rtf
2005-01-26 07:52 . 2008-06-03 15:26 192512 ----a-w- c:\programmi\StdPropPage.dll
2004-12-14 12:52 . 2008-06-03 15:28 16242 ----a-w- c:\programmi\support.rtf
2004-12-13 14:54 . 2008-06-03 15:28 8780 ----a-w- c:\programmi\license.txt
2004-11-25 16:22 . 2008-06-03 15:28 2117120 ----a-w- c:\programmi\FotoClinic.exe
2004-11-25 16:19 . 2008-06-03 15:28 253952 ----a-w- c:\programmi\pcomponents.bpl
2004-11-22 16:00 . 2008-06-03 15:28 5553 ----a-w- c:\programmi\pa.cnt
2004-11-22 15:48 . 2008-06-03 15:28 320746 ----a-w- c:\programmi\pa.hlp
2004-11-10 14:40 . 2008-06-03 15:25 233472 ----a-w- c:\programmi\MXTLC.dll
2004-10-18 14:15 . 2008-06-03 15:28 212992 ----a-w- c:\programmi\eModeUpgradeDlg.dll
2004-10-01 15:42 . 2008-06-03 15:26 231936 ----a-w- c:\programmi\mdabase.dll
2004-08-17 13:11 . 2008-06-03 15:26 460800 ----a-w- c:\programmi\DynDVDMenu.dll
2004-07-13 12:05 . 2008-06-03 15:28 159727 ----a-w- c:\programmi\mxcdr.hlp
2004-05-18 08:48 . 2008-06-03 15:26 139264 ----a-w- c:\programmi\unwise.exe
2004-04-15 12:48 . 2008-06-03 15:28 32768 ----a-w- c:\programmi\MagixUpdater.exe
2004-03-18 12:33 . 2008-06-03 15:26 286792 ----a-w- c:\programmi\mpeg.hlp
2004-03-18 12:32 . 2008-06-03 15:26 950 ----a-w- c:\programmi\mpeg.cnt
2004-03-17 12:34 . 2008-06-03 15:25 1736704 ----a-w- c:\programmi\GMEdit.dll
2003-10-27 08:21 . 2008-06-03 15:25 315392 ----a-w- c:\programmi\GoMotion.dll
2003-10-20 08:25 . 2008-06-03 15:26 53248 ----a-w- c:\programmi\unwise.adf
2003-07-07 08:58 . 2008-06-03 15:25 700416 ----a-w- c:\programmi\GoMoK7.dll
2003-07-07 08:56 . 2008-06-03 15:25 798720 ----a-w- c:\programmi\GoMoP3.dll
2003-07-07 08:54 . 2008-06-03 15:25 671744 ----a-w- c:\programmi\GoMoP2.dll
2003-07-07 08:52 . 2008-06-03 15:25 671744 ----a-w- c:\programmi\GoMoP2x.dll
2003-07-07 08:51 . 2008-06-03 15:25 700416 ----a-w- c:\programmi\GoMoK7x.dll
2003-07-07 08:48 . 2008-06-03 15:25 798720 ----a-w- c:\programmi\GoMoP3x.dll
2003-07-07 08:46 . 2008-06-03 15:25 811008 ----a-w- c:\programmi\GoMoP4.dll
2003-07-07 08:41 . 2008-06-03 15:25 700416 ----a-w- c:\programmi\GmProK7.dll
2003-07-07 08:40 . 2008-06-03 15:25 798720 ----a-w- c:\programmi\GmProP3.dll
2003-07-07 08:38 . 2008-06-03 15:25 811008 ----a-w- c:\programmi\GmProP4.dll
2003-05-21 14:22 . 2008-06-03 15:28 28672 ----a-w- c:\programmi\Validation.exe
2003-04-03 08:09 . 2008-06-03 15:25 49152 ----a-w- c:\programmi\CPUINF32.DLL
2003-03-17 03:04 . 2008-06-03 15:28 685056 ----a-w- c:\programmi\rtl60.bpl
2003-03-17 03:04 . 2008-06-03 15:28 1500160 ----a-w- c:\programmi\cc3260mt.dll
2003-02-12 08:20 . 2008-06-03 15:26 28672 ----a-w- c:\programmi\explore.exe
2002-12-30 09:10 . 2008-06-03 15:25 184320 ----a-w- c:\programmi\GmDvsd.dll
2002-09-12 06:40 . 2008-06-03 15:25 181248 ----a-w- c:\programmi\Lfpng13n.dll
2002-09-12 06:39 . 2008-06-03 15:25 392704 ----a-w- c:\programmi\LFCMP13n.DLL
2002-09-12 06:39 . 2008-06-03 15:25 126464 ----a-w- c:\programmi\LFTIF13N.DLL
2002-09-12 06:37 . 2008-06-03 15:25 24576 ----a-w- c:\programmi\LFTGA13N.DLL
2002-09-12 06:37 . 2008-06-03 15:25 20480 ----a-w- c:\programmi\LFRAS13N.DLL
2002-09-12 06:37 . 2008-06-03 15:25 55296 ----a-w- c:\programmi\LFPSD13N.DLL
2002-09-12 06:37 . 2008-06-03 15:25 31232 ----a-w- c:\programmi\LFPNM13n.dll
2002-09-12 06:36 . 2008-06-03 15:25 26112 ----a-w- c:\programmi\LFPCX13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 19968 ----a-w- c:\programmi\LFPCD13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 18944 ----a-w- c:\programmi\LFMSP13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 30208 ----a-w- c:\programmi\LFBMP13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 73216 ----a-w- c:\programmi\LFFAX13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 445952 ----a-w- c:\programmi\LTIMG13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 205312 ----a-w- c:\programmi\LTEFX13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 139264 ----a-w- c:\programmi\LTFIL13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 265728 ----a-w- c:\programmi\LTDIS13n.dll
2002-09-12 06:35 . 2008-06-03 15:25 445440 ----a-w- c:\programmi\LTKRN13N.DLL
2002-09-11 08:26 . 2008-06-03 15:25 1684992 ----a-w- c:\programmi\LTCLR13n.dll
2002-08-20 08:36 . 2008-06-03 15:25 1667072 ----a-w- c:\programmi\GoMo4E.dll
2002-03-26 14:24 . 2008-06-03 15:25 1024 ----a-w- c:\programmi\AV32UID.DAT
2002-03-07 05:59 . 2008-06-03 15:25 139264 ----a-w- c:\programmi\GmVfwCap.dll
2002-02-18 08:06 . 2008-06-03 15:26 5762 ----a-w- c:\programmi\uninstall.ini
2002-02-13 05:00 . 2008-06-03 15:28 1326080 ----a-w- c:\programmi\vcl60.bpl
2002-02-13 05:00 . 2008-06-03 15:28 22016 ----a-w- c:\programmi\borlndmm.dll
2001-11-16 15:50 . 2008-06-03 15:25 35840 ----a-w- c:\programmi\lfgif13n.dll
2001-09-05 13:23 . 2008-06-03 15:25 55808 ----a-w- c:\programmi\MP3UTIL.DLL
2001-06-22 13:31 . 2008-06-03 15:25 278528 ----a-w- c:\programmi\pncrt.dll
2000-09-15 12:51 . 2008-06-03 15:25 372736 ----a-w- c:\programmi\ijl15.dll
2000-09-12 13:11 . 2008-06-03 15:28 73728 ----a-w- c:\programmi\start.exe
2005-06-29 13:48 . 2005-06-29 13:48 32 --sha-w- c:\windows\{D9111D79-D625-4AB7-AAB3-59B0986A41C7}.dat
2005-06-29 13:48 . 2005-06-29 13:48 32 --sha-w- c:\windows\system32\{4B194C06-9D65-470B-9845-F6E686DFE498}.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\system32\ieframe.dll" [2009-12-21 11070464]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\programmi\free-downloads.net\tbfre0.dll" [2009-11-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}"= "c:\programmi\Canon\Easy-WebPrint\Toolband.dll" [2006-04-18 552960]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\programmi\free-downloads.net\tbfre0.dll" [2009-11-03 2166296]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"= "c:\programmi\Google\Google Toolbar\GoogleToolbar_32.dll" [2009-12-02 263280]

[HKEY_CLASSES_ROOT\clsid\{327c2873-e90d-4c37-aa9d-10ac9baba46c}]
[HKEY_CLASSES_ROOT\Toolband.TBToolband.1]
[HKEY_CLASSES_ROOT\TypeLib\{B78567DB-F146-4E82-A538-39A4820D0261}]
[HKEY_CLASSES_ROOT\Toolband.TBToolband]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{2318c2b1-4965-11d4-9b18-009027a5cd4f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"= "c:\windows\System32\browseui.dll" [2008-04-14 1025024]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"= "c:\windows\system32\SHELL32.dll" [2008-06-17 8490496]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"= "c:\programmi\Google\Google Toolbar\GoogleToolbar_32.dll" [2009-12-02 263280]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\programmi\free-downloads.net\tbfre0.dll" [2009-11-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{01e04581-4eee-11d0-bfe9-00aa005b4383}]

[HKEY_CLASSES_ROOT\clsid\{0e5cbf21-d15f-11d0-8301-00aa005b4383}]

[HKEY_CLASSES_ROOT\clsid\{2318c2b1-4965-11d4-9b18-009027a5cd4f}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ISUSPM"="c:\documents and settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2009-12-21 1803064]
"Philips Intelligent Agent"="c:\programmi\Philips Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 65536]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-11-10 406016]
"PE2CKFNT SE"="c:\programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
"PinnacleRemote"="c:\programmi\Pinnacle\Shared Files\remoterm.exe" [2002-01-28 61440]
"ccRegVfy"="c:\programmi\File comuni\Symantec Shared\ccRegVfy.exe" [2002-08-24 34512]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HPHUPD06"="c:\programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"PDUiP6700DMon"="c:\programmi\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-03-16 61440]
"Easy-PrintToolBox"="c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-28 185896]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2009-03-31 949376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Cmaudio"="cmicnfg.cpl" [2004-08-12 2568192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Photo 2000\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido di HP Image Zone.lnk - c:\programmi\HP\digital imaging\bin\hpqthb08.exe [2004-5-28 53248]
Belkin Wireless USB Utility.lnk - c:\programmi\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
GARO Status Monitor.lnk - c:\programmi\Canon\GAROStatusMonitor\cnwism.exe [2003-10-20 319488]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]
Logo Calibration Loader.lnk - c:\programmi\Pantone\Eye-One Match\CalibrationLoader\CalibrationLoader.exe [2007-6-19 708608]
Photo Express Calendar Checker SE.lnk - c:\programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2004-10-30 55296]
ProfileReminder.lnk - c:\programmi\Pantone\Eye-One Match\ProfileReminder.exe [2007-6-19 1150976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2008-12-02 21:35 3882312 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-06-21 17:14 35328 ----a-w- c:\programmi\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Programmi\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programmi\\File comuni\\Synacast\\SynaLive\\PE.exe"=
"c:\\Programmi\\Real\\RealPlayer\\trueplay.exe"=
"c:\\Programmi\\ORL\\VNC\\WinVNC.exe"=
"c:\\Programmi\\ORL\\VNC\\vncviewer.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Philips Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\Programmi\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4113:TCP"= 4113:TCP:ppLive
"8021:UDP"= 8021:UDP:ppLive
"6685:TCP"= 6685:TCP:ppLive
"5555:UDP"= 5555:UDP:ppLive
"9500:TCP"= 9500:TCP:porta
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [01/08/2003 14.47.24 29239]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [28/05/2008 9.00.45 15424]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [20/02/2004 12.03.18 187392]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [19/06/2007 8.24.02 14416]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [01/02/2004 22.52.13 556416]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [03/02/2004 16.04.08 62976]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/03/2008 17.56.07 716272]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [12/05/2009 16.47.27 8192]
S3 eyeonedp;eye-one display;c:\windows\system32\drivers\EyeOneDp.sys [19/10/2006 19.51.58 44344]
S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [02/08/2004 9.47.11 26045]
S3 RTL8187B;TG123g USB Wireless Adapter;c:\windows\system32\drivers\RTL8187B.sys [12/05/2009 16.48.18 290816]
S3 ulusba;NEC 616 Command Port Driver;c:\windows\system32\drivers\ulusba.sys [02/03/2005 16.56.19 25856]
S3 ulusbc;NEC 616 CONTROL Driver;c:\windows\system32\drivers\ulusbc.sys [02/03/2005 16.55.51 43264]
S3 ulusbe;NEC 616 ENUMERATION Driver;c:\windows\system32\drivers\ulusbe.sys [02/03/2005 16.55.51 12928]
S3 ulusbm;NEC 616 Modem Driver;c:\windows\system32\drivers\ulusbm.sys [02/03/2005 16.56.00 36352]
S3 ulusbo;NEC 616 OBEX Port Driver;c:\windows\system32\drivers\ulusbo.sys [02/03/2005 16.56.11 33920]
S3 Usb42pcw;Usb42pcw;c:\windows\system32\drivers\avc.sys [14/05/2004 10.41.31 38912]
.
Contenuto della cartella 'Scheduled Tasks'

2008-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2005-07-01 c:\windows\Tasks\Symantec NetDetect.job
- c:\programmi\Symantec\LiveUpdate\NDETECT.EXE [2005-03-11 10:48]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {9D7E45D1-686D-48C2-829A-F6E7646D4CC4} = 151.99.125.1,151.99.0.100
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
WebBrowser-{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
HKCU-Run-AlcoholAutomount - c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe
HKLM-Run-Wizard - (no file)
HKLM-Run-FirstSteps - (no file)
HKLM-Run-NWEReboot - (no file)
HKLM-Run-RegistryMechanic - (no file)
HKLM-Run-PCLEUSBTip - c:\programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
HKLM-Run-USB2Check - c:\windows\system32\PCLECoInst.dll
HKU-Default-Run-winservit - cassl.exe
HKU-Default-Run-MS windows Data list process - MSDATLST.exe
HKU-Default-Run-Windows Update Server - winn.exe
HKU-Default-Run-Sygate Personal Firewall - systems.exe
HKU-Default-RunOnce-Windows Update Server - winn.exe
Notify-d4a05702741 - (no file)
AddRemove-Spybot - Search & Destroy_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 18:49
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1887342293-4022341911-4172746439-1006\Software\SecuROM\License information*]
"datasecu"=hex:c0,8e,d1,54,c1,28,6e,0c,dc,54,cc,7e,cb,3e,8e,55,71,65,c5,bb,23,
d0,07,b7,8d,7e,b2,d0,3b,b4,4f,f4,8c,8c,c6,a5,37,18,c5,99,ea,95,ac,d0,fe,09,\
"rkeysecu"=hex:43,b6,f5,65,be,2a,2d,39,06,3d,72,3b,d4,99,4c,1c
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2010-02-03 18:57:43
ComboFix-quarantined-files.txt 2010-02-03 17:57

Pre-Run: 68.190.511.104 byte disponibili
Post-Run: 68.177.162.240 byte disponibili

- - End Of File - - FE713B2F515B402C292280869AB70C19
Torna in alto
 
fdaccc
Inviato: Wednesday, February 03, 2010 7:02:51 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
aspetta r16, avevi un po di fetecchie che ha eliminato ComboFix:
c:\documents and settings\Administrator\Dati applicazioni\02000000e8643934741C.manifest
c:\documents and settings\Administrator\Dati applicazioni\02000000e8643934741O.manifest
c:\documents and settings\Administrator\Dati applicazioni\02000000e8643934741P.manifest
c:\documents and settings\Administrator\Dati applicazioni\02000000e8643934741S.manifest
c:\documents and settings\Photo 2000\Dati applicazioni\02000000e8643934741C.manifest
c:\documents and settings\Photo 2000\Dati applicazioni\02000000e8643934741O.manifest
c:\documents and settings\Photo 2000\Dati applicazioni\02000000e8643934741P.manifest
c:\documents and settings\Photo 2000\Dati applicazioni\02000000e8643934741S.manifest
c:\documents and settings\Photo 2000\Dati applicazioni\inst.exe
c:\documents and settings\Photo 2000\Dati applicazioni\SystemProc
c:\documents and settings\Photo 2000\Documenti\ZbThumbnail.info
c:\programmi\INSTALL.LOG
c:\programmi\temp
c:\programmi\ZIPDLL.DLL
c:\recycler\S-1-5-21-3360056521-2804242644-906674106-1003
C:\Thumbs.db
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\PCLECoInst.dll
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\twain_32.dll
c:\windows\system32\zip32.dll
c:\windows\unins000.dat
c:\windows\unins000.exe
Torna in alto
 
maxdance
Inviato: Wednesday, February 03, 2010 7:51:30 PM
Rank: AiutAmico

Iscritto dal : 2/3/2010
Posts: 31
ora che faccio?
Torna in alto
 
fdaccc
Inviato: Wednesday, February 03, 2010 8:04:23 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
devi attendere r16
Torna in alto
 
paolopa
Inviato: Wednesday, February 03, 2010 8:43:12 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
intanto che aspetti posta un log di hijack,credo che potra' servire a chi ti dara' aiuto.
Torna in alto
 
r16
Inviato: Wednesday, February 03, 2010 9:37:39 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Vai in "Installazione Applicazioni, e rimuovi tutte le Toolbar che trovi.
Fai una pulizia (registro compreso con CCleaner.
Disistalla SpyBot. (compreso il Tea Timer)

Poi:
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
File::
c:\windows\Tasks\Symantec NetDetect.job
c:\programmi\Symantec\LiveUpdate\NDETECT.EXE

Folder::
c:\programmi\Symantec\LiveUpdate
c:\programmi\Symantec

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccRegVfy"=-


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

Finite queste operazioni posta un log di HijackThis
Torna in alto
 
maxdance
Inviato: Thursday, February 04, 2010 9:11:34 AM
Rank: AiutAmico

Iscritto dal : 2/3/2010
Posts: 31
procedo con le operazioni di r16
Torna in alto
 
maxdance
Inviato: Thursday, February 04, 2010 10:40:38 AM
Rank: AiutAmico

Iscritto dal : 2/3/2010
Posts: 31
ecco i risultati di combofix
ComboFix 10-02-03.01 - Photo 2000 04/02/2010 10.07.24.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.682 [GMT 1:00]
Eseguito da: c:\documents and settings\Photo 2000\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Photo 2000\Desktop\CFScript.txt
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\programmi\Symantec\LiveUpdate\NDETECT.EXE"
"c:\windows\Tasks\Symantec NetDetect.job"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\Symantec
c:\programmi\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
c:\programmi\Symantec\LiveUpdate\ALUNOTIFY.EXE
c:\programmi\Symantec\LiveUpdate\AUPDATE.EXE
c:\programmi\Symantec\LiveUpdate\DISreboot.exe
c:\programmi\Symantec\LiveUpdate\LEGGIMI.TXT
c:\programmi\Symantec\LiveUpdate\LSETUP.EXE
c:\programmi\Symantec\LiveUpdate\LUALL.EXE
c:\programmi\Symantec\LiveUpdate\LuComServer_2_6.EXE
c:\programmi\Symantec\LiveUpdate\LuComServerPS_2_6.DLL
c:\programmi\Symantec\LiveUpdate\ludirloc.dat
c:\programmi\Symantec\LiveUpdate\LUINFO.INF
c:\programmi\Symantec\LiveUpdate\LUInit.exe
c:\programmi\Symantec\LiveUpdate\LUInit.ini
c:\programmi\Symantec\LiveUpdate\LUINSDLL.DLL
c:\programmi\Symantec\LiveUpdate\LuPreCon.DLL
c:\programmi\Symantec\LiveUpdate\LuResult.txt
c:\programmi\Symantec\LiveUpdate\Lusetup-lt.exe
c:\programmi\Symantec\LiveUpdate\Luupdate.exe
c:\programmi\Symantec\LiveUpdate\NDETECT.EXE
c:\programmi\Symantec\LiveUpdate\NetDetectController_2_6.DLL
c:\programmi\Symantec\LiveUpdate\ProductRegCom_2_6.DLL
c:\programmi\Symantec\LiveUpdate\ProductRegComPS_2_6.DLL
c:\programmi\Symantec\LiveUpdate\S32LIVE1.DLL
c:\programmi\Symantec\LiveUpdate\S32LUCP1.CPL
c:\programmi\Symantec\LiveUpdate\S32LUIS1.DLL
c:\programmi\Symantec\LiveUpdate\S32LUWI1.DLL
c:\programmi\Symantec\LiveUpdate\Settings.Default.LiveUpdate
c:\programmi\Symantec\LiveUpdate\SymantecRootInstaller.exe
c:\programmi\Symantec\LiveUpdate\SymantecRootInstaller.log
c:\programmi\Symantec\LiveUpdate\UNRAR.DLL
c:\programmi\Symantec\WinFax\Copertine\photo 2M.bmp
c:\programmi\Symantec\WinFax\Copertine\photo 2m.cvp
c:\windows\Tasks\Symantec NetDetect.job

.
((((((((((((((((((((((((( Files Creati Da 2010-01-04 al 2010-02-04 )))))))))))))))))))))))))))))))))))
.

2010-02-03 10:40 . 2010-02-03 10:40 -------- d-----w- c:\documents and settings\Photo 2000\Dati applicazioni\Malwarebytes
2010-02-03 10:40 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 10:40 . 2010-02-03 10:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-03 10:40 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 10:40 . 2010-02-03 16:43 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-03 09:03 . 2010-02-03 09:03 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-02 17:00 . 2010-02-02 17:00 -------- d-----w- c:\programmi\Trend Micro
2010-01-26 18:00 . 2010-01-26 18:00 -------- d-----w- c:\documents and settings\Photo 2000\Incomplete
2010-01-26 17:59 . 2010-01-26 18:39 -------- d-----w- c:\documents and settings\Photo 2000\Dati applicazioni\LimeWire
2010-01-26 17:59 . 2010-01-26 17:59 -------- d-----w- c:\programmi\360Share Pro
2010-01-23 10:42 . 1998-08-04 21:00 43520 ----a-w- c:\windows\system32\FLXGDIT.DLL
2010-01-22 12:13 . 2005-09-20 09:36 151552 ----a-w- c:\windows\system32\igfxres.dll
2010-01-22 10:03 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-22 09:28 . 2010-01-22 09:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2010-01-22 09:05 . 2010-01-22 09:05 -------- d-----w- c:\windows\nvidia icons
2010-01-22 09:05 . 2010-01-22 09:05 -------- d-----w- c:\windows\nview
2010-01-22 09:05 . 2008-05-03 04:46 442368 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-22 09:04 . 2008-04-30 16:27 442368 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-22 09:04 . 2010-01-22 09:04 -------- d-----w- C:\NVIDIA
2010-01-22 08:53 . 2004-02-17 02:51 1458176 ----a-r- c:\windows\system\SmWizard.exe
2010-01-22 08:53 . 2004-08-26 10:25 163840 ----a-r- c:\windows\system32\cmuda.dll
2010-01-22 08:53 . 2004-04-23 07:02 233472 ----a-r- c:\windows\system32\cmirmdrv.exe
2010-01-22 08:53 . 2003-04-24 05:29 32768 ----a-r- c:\windows\system32\udaprop.dll
2010-01-22 08:53 . 2003-02-18 10:26 28672 ----a-r- c:\windows\system32\cmirmdrv.dll
2010-01-22 08:53 . 2002-04-29 07:04 917504 ----a-r- c:\windows\system\cmids3d.dll
2010-01-22 08:53 . 2004-08-23 08:21 821760 ----a-r- c:\windows\system32\drivers\cmuda.sys
2010-01-22 02:37 . 2008-04-14 02:52 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2010-01-22 02:37 . 2008-04-14 02:52 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-01-22 01:40 . 2008-04-13 19:45 20608 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys
2010-01-22 01:40 . 2008-04-13 19:45 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-01-21 18:56 . 2010-01-21 18:56 -------- d-----w- c:\programmi\Intel
2010-01-21 18:56 . 2009-08-18 12:44 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-01-21 18:54 . 2010-01-21 18:54 -------- d-----w- C:\Intel
2010-01-21 18:48 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 09:08 . 2004-02-01 21:50 85626 ----a-w- c:\windows\system32\perfc010.dat
2010-02-04 09:08 . 2004-02-01 21:50 493144 ----a-w- c:\windows\system32\perfh010.dat
2010-02-04 08:33 . 2005-03-11 09:02 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-02-04 08:33 . 2005-03-11 09:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-02-04 08:24 . 2008-05-31 17:20 -------- d-----w- c:\programmi\Conduit
2010-01-26 09:24 . 2005-03-12 15:37 180136 ----a-w- c:\documents and settings\Photo 2000\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-25 18:04 . 2007-04-05 08:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-01-25 18:02 . 2004-03-16 06:43 -------- d-----w- c:\programmi\Microsoft Works
2010-01-25 16:22 . 2009-01-03 17:11 -------- d-----w- c:\programmi\AutoFX Suites
2010-01-25 16:18 . 2008-01-26 15:28 -------- d-----w- c:\programmi\Leonardo Beta3
2010-01-23 10:41 . 2005-04-04 14:32 -------- d-----w- c:\programmi\Photosi
2010-01-22 08:52 . 2010-01-22 08:52 -------- d-----w- c:\programmi\C-Media 3D Audio
2010-01-22 08:52 . 2004-04-08 12:57 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-21 18:53 . 2005-03-11 13:34 -------- d-----w- c:\programmi\Yahoo!
2009-12-31 08:03 . 2005-03-22 16:53 -------- d-----w- c:\programmi\Your Uninstaller 2004
2009-12-29 15:46 . 2009-09-25 08:34 -------- d-----w- c:\programmi\Calendars Professional
2009-12-21 19:06 . 2004-12-07 18:18 916480 ------w- c:\windows\system32\wininet.dll
2009-12-14 15:50 . 2006-05-10 16:41 -------- d-----w- c:\programmi\FotoTaxi3
2009-11-21 15:54 . 2004-02-01 21:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-11 08:53 . 2009-11-11 08:53 152576 ----a-w- c:\documents and settings\Photo 2000\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-11 08:51 . 2009-11-11 08:51 79488 ----a-w- c:\documents and settings\Photo 2000\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-09-15 13:57 . 2008-06-03 15:50 344 ----a-w- c:\programmi\dvdmaker.ini
2009-09-15 13:57 . 2008-06-03 15:35 527 ----a-w- c:\programmi\crm.dat
2009-09-15 13:57 . 2008-06-03 15:34 3261 ----a-w- c:\programmi\homeDVD-Foto4.ini
2009-09-15 13:55 . 2008-06-03 15:35 339 ----a-w- c:\programmi\dbk.log
2009-09-15 13:55 . 2008-06-03 15:35 0 ----a-w- c:\programmi\DLLAV32.LOG
2009-09-15 13:52 . 2009-09-15 13:52 31466 ---ha-w- c:\programmi\pa.GID
2009-09-15 13:52 . 2008-11-24 15:28 1226 ----a-w- c:\programmi\FotoClinic.INI
2008-06-03 15:34 . 2008-06-03 15:34 2674 ----a-w- c:\programmi\INSTALL1.LOG
2008-06-03 15:34 . 2008-06-03 15:34 343 ----a-w- c:\programmi\Install.cfg
2008-06-03 15:28 . 2008-06-03 15:28 147 ----a-w- c:\programmi\Validation.ini
2005-03-09 11:58 . 2008-06-03 15:26 3984166 ----a-w- c:\programmi\manual.pdf
2005-03-09 08:41 . 2008-06-03 15:26 1142784 ----a-w- c:\programmi\DVDMaker.dll
2005-03-04 08:17 . 2008-06-03 15:28 81920 ----a-w- c:\programmi\MagixOFA-ita.dll
2005-03-04 08:16 . 2008-06-03 15:28 593920 ----a-w- c:\programmi\MagixOFA.dll
2005-02-22 08:26 . 2008-06-03 15:26 180224 ----a-w- c:\programmi\instslct.exe
2005-02-10 16:30 . 2008-06-03 15:26 212992 ----a-w- c:\programmi\softupdate.exe
2005-02-09 17:52 . 2008-06-03 15:28 8773 ----a-w- c:\programmi\order.rtf
2005-01-26 07:52 . 2008-06-03 15:26 192512 ----a-w- c:\programmi\StdPropPage.dll
2004-12-14 12:52 . 2008-06-03 15:28 16242 ----a-w- c:\programmi\support.rtf
2004-12-13 14:54 . 2008-06-03 15:28 8780 ----a-w- c:\programmi\license.txt
2004-11-25 16:22 . 2008-06-03 15:28 2117120 ----a-w- c:\programmi\FotoClinic.exe
2004-11-25 16:19 . 2008-06-03 15:28 253952 ----a-w- c:\programmi\pcomponents.bpl
2004-11-22 16:00 . 2008-06-03 15:28 5553 ----a-w- c:\programmi\pa.cnt
2004-11-22 15:48 . 2008-06-03 15:28 320746 ----a-w- c:\programmi\pa.hlp
2004-11-10 14:40 . 2008-06-03 15:25 233472 ----a-w- c:\programmi\MXTLC.dll
2004-10-18 14:15 . 2008-06-03 15:28 212992 ----a-w- c:\programmi\eModeUpgradeDlg.dll
2004-10-01 15:42 . 2008-06-03 15:26 231936 ----a-w- c:\programmi\mdabase.dll
2004-08-17 13:11 . 2008-06-03 15:26 460800 ----a-w- c:\programmi\DynDVDMenu.dll
2004-07-13 12:05 . 2008-06-03 15:28 159727 ----a-w- c:\programmi\mxcdr.hlp
2004-05-18 08:48 . 2008-06-03 15:26 139264 ----a-w- c:\programmi\unwise.exe
2004-04-15 12:48 . 2008-06-03 15:28 32768 ----a-w- c:\programmi\MagixUpdater.exe
2004-03-18 12:33 . 2008-06-03 15:26 286792 ----a-w- c:\programmi\mpeg.hlp
2004-03-18 12:32 . 2008-06-03 15:26 950 ----a-w- c:\programmi\mpeg.cnt
2004-03-17 12:34 . 2008-06-03 15:25 1736704 ----a-w- c:\programmi\GMEdit.dll
2003-10-27 08:21 . 2008-06-03 15:25 315392 ----a-w- c:\programmi\GoMotion.dll
2003-10-20 08:25 . 2008-06-03 15:26 53248 ----a-w- c:\programmi\unwise.adf
2003-07-07 08:58 . 2008-06-03 15:25 700416 ----a-w- c:\programmi\GoMoK7.dll
2003-07-07 08:56 . 2008-06-03 15:25 798720 ----a-w- c:\programmi\GoMoP3.dll
2003-07-07 08:54 . 2008-06-03 15:25 671744 ----a-w- c:\programmi\GoMoP2.dll
2003-07-07 08:52 . 2008-06-03 15:25 671744 ----a-w- c:\programmi\GoMoP2x.dll
2003-07-07 08:51 . 2008-06-03 15:25 700416 ----a-w- c:\programmi\GoMoK7x.dll
2003-07-07 08:48 . 2008-06-03 15:25 798720 ----a-w- c:\programmi\GoMoP3x.dll
2003-07-07 08:46 . 2008-06-03 15:25 811008 ----a-w- c:\programmi\GoMoP4.dll
2003-07-07 08:41 . 2008-06-03 15:25 700416 ----a-w- c:\programmi\GmProK7.dll
2003-07-07 08:40 . 2008-06-03 15:25 798720 ----a-w- c:\programmi\GmProP3.dll
2003-07-07 08:38 . 2008-06-03 15:25 811008 ----a-w- c:\programmi\GmProP4.dll
2003-05-21 14:22 . 2008-06-03 15:28 28672 ----a-w- c:\programmi\Validation.exe
2003-04-03 08:09 . 2008-06-03 15:25 49152 ----a-w- c:\programmi\CPUINF32.DLL
2003-03-17 03:04 . 2008-06-03 15:28 685056 ----a-w- c:\programmi\rtl60.bpl
2003-03-17 03:04 . 2008-06-03 15:28 1500160 ----a-w- c:\programmi\cc3260mt.dll
2003-02-12 08:20 . 2008-06-03 15:26 28672 ----a-w- c:\programmi\explore.exe
2002-12-30 09:10 . 2008-06-03 15:25 184320 ----a-w- c:\programmi\GmDvsd.dll
2002-09-12 06:40 . 2008-06-03 15:25 181248 ----a-w- c:\programmi\Lfpng13n.dll
2002-09-12 06:39 . 2008-06-03 15:25 392704 ----a-w- c:\programmi\LFCMP13n.DLL
2002-09-12 06:39 . 2008-06-03 15:25 126464 ----a-w- c:\programmi\LFTIF13N.DLL
2002-09-12 06:37 . 2008-06-03 15:25 24576 ----a-w- c:\programmi\LFTGA13N.DLL
2002-09-12 06:37 . 2008-06-03 15:25 20480 ----a-w- c:\programmi\LFRAS13N.DLL
2002-09-12 06:37 . 2008-06-03 15:25 55296 ----a-w- c:\programmi\LFPSD13N.DLL
2002-09-12 06:37 . 2008-06-03 15:25 31232 ----a-w- c:\programmi\LFPNM13n.dll
2002-09-12 06:36 . 2008-06-03 15:25 26112 ----a-w- c:\programmi\LFPCX13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 19968 ----a-w- c:\programmi\LFPCD13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 18944 ----a-w- c:\programmi\LFMSP13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 30208 ----a-w- c:\programmi\LFBMP13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 73216 ----a-w- c:\programmi\LFFAX13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 445952 ----a-w- c:\programmi\LTIMG13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 205312 ----a-w- c:\programmi\LTEFX13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 139264 ----a-w- c:\programmi\LTFIL13N.DLL
2002-09-12 06:36 . 2008-06-03 15:25 265728 ----a-w- c:\programmi\LTDIS13n.dll
2002-09-12 06:35 . 2008-06-03 15:25 445440 ----a-w- c:\programmi\LTKRN13N.DLL
2002-09-11 08:26 . 2008-06-03 15:25 1684992 ----a-w- c:\programmi\LTCLR13n.dll
2002-08-20 08:36 . 2008-06-03 15:25 1667072 ----a-w- c:\programmi\GoMo4E.dll
2002-03-26 14:24 . 2008-06-03 15:25 1024 ----a-w- c:\programmi\AV32UID.DAT
2002-03-07 05:59 . 2008-06-03 15:25 139264 ----a-w- c:\programmi\GmVfwCap.dll
2002-02-18 08:06 . 2008-06-03 15:26 5762 ----a-w- c:\programmi\uninstall.ini
2002-02-13 05:00 . 2008-06-03 15:28 1326080 ----a-w- c:\programmi\vcl60.bpl
2002-02-13 05:00 . 2008-06-03 15:28 22016 ----a-w- c:\programmi\borlndmm.dll
2001-11-16 15:50 . 2008-06-03 15:25 35840 ----a-w- c:\programmi\lfgif13n.dll
2001-09-05 13:23 . 2008-06-03 15:25 55808 ----a-w- c:\programmi\MP3UTIL.DLL
2001-06-22 13:31 . 2008-06-03 15:25 278528 ----a-w- c:\programmi\pncrt.dll
2005-06-29 13:48 . 2005-06-29 13:48 32 --sha-w- c:\windows\{D9111D79-D625-4AB7-AAB3-59B0986A41C7}.dat
2005-06-29 13:48 . 2005-06-29 13:48 32 --sha-w- c:\windows\system32\{4B194C06-9D65-470B-9845-F6E686DFE498}.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-02-03_17.50.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-04 09:04 . 2010-02-04 09:04 16384 c:\windows\Temp\Perflib_Perfdata_e0.dat
+ 2004-02-01 21:50 . 2010-02-04 09:08 72576 c:\windows\system32\perfc009.dat
- 2004-02-01 21:50 . 2010-02-03 17:23 72576 c:\windows\system32\perfc009.dat
+ 2004-02-01 21:50 . 2010-02-04 09:08 445370 c:\windows\system32\perfh009.dat
- 2004-02-01 21:50 . 2010-02-03 17:23 445370 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"ISUSPM"="c:\documents and settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2009-12-21 1803064]
"Philips Intelligent Agent"="c:\programmi\Philips Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 65536]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-11-10 406016]
"PE2CKFNT SE"="c:\programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
"PinnacleRemote"="c:\programmi\Pinnacle\Shared Files\remoterm.exe" [2002-01-28 61440]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HPHUPD06"="c:\programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"PDUiP6700DMon"="c:\programmi\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-03-16 61440]
"Easy-PrintToolBox"="c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-28 185896]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2009-03-31 949376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Cmaudio"="cmicnfg.cpl" [2004-08-12 2568192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Photo 2000\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido di HP Image Zone.lnk - c:\programmi\HP\digital imaging\bin\hpqthb08.exe [2004-5-28 53248]
Belkin Wireless USB Utility.lnk - c:\programmi\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
GARO Status Monitor.lnk - c:\programmi\Canon\GAROStatusMonitor\cnwism.exe [2003-10-20 319488]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]
Logo Calibration Loader.lnk - c:\programmi\Pantone\Eye-One Match\CalibrationLoader\CalibrationLoader.exe [2007-6-19 708608]
Photo Express Calendar Checker SE.lnk - c:\programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2004-10-30 55296]
ProfileReminder.lnk - c:\programmi\Pantone\Eye-One Match\ProfileReminder.exe [2007-6-19 1150976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\d4a05702741]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2008-12-02 21:35 3882312 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-06-21 17:14 35328 ----a-w- c:\programmi\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Programmi\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programmi\\File comuni\\Synacast\\SynaLive\\PE.exe"=
"c:\\Programmi\\Real\\RealPlayer\\trueplay.exe"=
"c:\\Programmi\\ORL\\VNC\\WinVNC.exe"=
"c:\\Programmi\\ORL\\VNC\\vncviewer.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Philips Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\Programmi\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4113:TCP"= 4113:TCP:ppLive
"8021:UDP"= 8021:UDP:ppLive
"6685:TCP"= 6685:TCP:ppLive
"5555:UDP"= 5555:UDP:ppLive
"9500:TCP"= 9500:TCP:porta
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [01/08/2003 14.47.24 29239]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [28/05/2008 9.00.45 15424]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [20/02/2004 12.03.18 187392]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [19/06/2007 8.24.02 14416]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [01/02/2004 22.52.13 556416]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [03/02/2004 16.04.08 62976]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/03/2008 17.56.07 716272]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [12/05/2009 16.47.27 8192]
S3 eyeonedp;eye-one display;c:\windows\system32\drivers\EyeOneDp.sys [19/10/2006 19.51.58 44344]
S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [02/08/2004 9.47.11 26045]
S3 RTL8187B;TG123g USB Wireless Adapter;c:\windows\system32\drivers\RTL8187B.sys [12/05/2009 16.48.18 290816]
S3 ulusba;NEC 616 Command Port Driver;c:\windows\system32\drivers\ulusba.sys [02/03/2005 16.56.19 25856]
S3 ulusbc;NEC 616 CONTROL Driver;c:\windows\system32\drivers\ulusbc.sys [02/03/2005 16.55.51 43264]
S3 ulusbe;NEC 616 ENUMERATION Driver;c:\windows\system32\drivers\ulusbe.sys [02/03/2005 16.55.51 12928]
S3 ulusbm;NEC 616 Modem Driver;c:\windows\system32\drivers\ulusbm.sys [02/03/2005 16.56.00 36352]
S3 ulusbo;NEC 616 OBEX Port Driver;c:\windows\system32\drivers\ulusbo.sys [02/03/2005 16.56.11 33920]
S3 Usb42pcw;Usb42pcw;c:\windows\system32\drivers\avc.sys [14/05/2004 10.41.31 38912]
.
Contenuto della cartella 'Scheduled Tasks'

2008-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.yahoo.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {9D7E45D1-686D-48C2-829A-F6E7646D4CC4} = 151.99.125.1,151.99.0.100
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.albumepoca.com/it/components/com_epoca/lib/imageUploader/ImageUploader6.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
AddRemove-LiveUpdate - c:\programmi\Symantec\LiveUpdate\LSETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 10:20
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1887342293-4022341911-4172746439-1006\Software\SecuROM\License information*]
"datasecu"=hex:c0,8e,d1,54,c1,28,6e,0c,dc,54,cc,7e,cb,3e,8e,55,71,65,c5,bb,23,
d0,07,b7,8d,7e,b2,d0,3b,b4,4f,f4,8c,8c,c6,a5,37,18,c5,99,ea,95,ac,d0,fe,09,\
"rkeysecu"=hex:43,b6,f5,65,be,2a,2d,39,06,3d,72,3b,d4,99,4c,1c
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2010-02-04 10:26:03
ComboFix-quarantined-files.txt 2010-02-04 09:26
ComboFix2.txt 2010-02-03 17:57

Pre-Run: 69.545.365.504 byte disponibili
Post-Run: 69.487.767.552 byte disponibili

- - End Of File - - B914FDD8C622C09E20D8AF03E4BD1135





e HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.36.14, on 04/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [PinnacleRemote] C:\Programmi\Pinnacle\Shared Files\remoterm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Programmi\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Programmi\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Programmi\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: GARO Status Monitor.lnk = C:\Programmi\Canon\GAROStatusMonitor\cnwism.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Programmi\Pantone\Eye-One Match\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Programmi\Pantone\Eye-One Match\ProfileReminder.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.albumepoca.com/it/components/com_epoca/lib/imageUploader/ImageUploader6.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D7E45D1-686D-48C2-829A-F6E7646D4CC4}: NameServer = 151.99.125.1,151.99.0.100
O20 - Winlogon Notify: d4a05702741 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10732 bytes
Torna in alto
 
maxdance
Inviato: Thursday, February 04, 2010 12:06:56 PM
Rank: AiutAmico

Iscritto dal : 2/3/2010
Posts: 31
ho fatto tutto quello che mi avete detto ora che faccio ?
se cortesemente qualcuno mi aiuta è tutto ok?
Torna in alto
 
r16
Inviato: Thursday, February 04, 2010 1:51:08 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Per eliminare i vari Tooll scaricati: (combofix)
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.
Poi, puoi eliminarlo.

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [PinnacleRemote] C:\Programmi\Pinnacle\Shared Files\remoterm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Programmi\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Programmi\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: GARO Status Monitor.lnk = C:\Programmi\Canon\GAROStatusMonitor\cnwism.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Programmi\Pantone\Eye-One Match\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Programmi\Pantone\Eye-One Match\ProfileReminder.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.albumepoca.com/it/components/com_epoca/lib/imageUploader/ImageUploade r6.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Riavvia il pc.
Posta un nuovo log di HJT.
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: [1] 2 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » cosa faccio sono disperato


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.