Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log

2 pages: [1] 2
controllo log Opzioni
Topic Precedente · Topic Sucessivo
sarah03
Inviato: Monday, November 21, 2011 3:58:14 PM
Rank: AiutAmico

Iscritto dal : 1/31/2001
Posts: 65
Mi controllate il log per cortesia? Grazie mille.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.54.20, on 21/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programmi\Yuna Software\Messenger Plus!\PlusService.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\APPS\skype\Phone\Skype.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.88.113.254:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\APPS\SKYPE\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PlusService] C:\Programmi\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\APPS\SKYPE\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\APPS\SKYPE\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {2A21D253-56C4-444B-B8E5-CC4922296416} (TSFSCLibInternet.TSFSC) - http://www.amt.genova.it/belt_web/cabs/TSFSCLibInternet.CAB
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab
O16 - DPF: {596B26AA-E941-4FB5-8F91-0762447578F0} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/fr_dream-chronicles/online/dream.1.0.0.17_fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8B74729-45A0-4DDB-85F3-42F75D1A1882}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3C533B-6451-4E04-AE4D-4D9728B51DF4}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FECA4316-6DC3-41D6-93C8-BF7247D7996A}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\APPS\SKYPE\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\PService\Pos.exe
O23 - Service: ServiceUpd (PowerOffer Upd Service) - ServiceUpd - D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\ServiceUpd\ServiceUpd.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13629 bytes
Torna in alto
 
Sponsor
Inviato: Monday, November 21, 2011 3:58:14 PM

 
Torna in alto
 
a.roselli
Inviato: Monday, November 21, 2011 5:03:16 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,044
Disinstalla il programma Messenger Plus! che contiene spyware, poi rimuovi da hijack le seguenti righe

O4 - HKLM\..\Run: [PlusService] C:\Programmi\Yuna Software\Messenger Plus!\PlusService.exe
-
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\PService\Pos.exe
O23 - Service: ServiceUpd (PowerOffer Upd Service) - ServiceUpd - D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\ServiceUpd\ServiceUpd.exe

infine aggiorna Avast all'ultima versione disponibile

http://www.aiutamici.com/software?ID=80367


alfonso_aiutamici@hotmail.it
Torna in alto
 
sarah03
Inviato: Monday, November 21, 2011 5:27:26 PM
Rank: AiutAmico

Iscritto dal : 1/31/2001
Posts: 65
Seguite le tue istruzioni. Grazie Mille. Avast già aggiornato. Ciao
Torna in alto
 
sarah03
Inviato: Thursday, November 24, 2011 4:50:21 PM
Rank: AiutAmico

Iscritto dal : 1/31/2001
Posts: 65
dopo un altro controllo con hijackthis mi sono resa conto che le due righe seguenti non sono state eliminate :
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\PService\Pos.exe
O23 - Service: ServiceUpd (PowerOffer Upd Service) - ServiceUpd - D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\ServiceUpd\ServiceUpd.exe
Torna in alto
 
francescoamato
Inviato: Thursday, November 24, 2011 5:17:45 PM
Rank: AiutAmico

Iscritto dal : 11/19/2011
Posts: 78
Ciao sarah, il PC è infetto da PowerOffer (adware simile ad OfferBox).

disattiva il controllo real time del tuo antivirus,scarica combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe , salvalo sul desktop e disconnettiti dalla rete
Una volta scaricato il programma non devi cliccare sull'icona del programma, clicca il tasto windows(logo bandierina)+R e nello spazio bianco di esegui copia e incolla questo comando, cosi' com'e':

"%userprofile%\desktop\combofix.exe" /killall <==copia e incolla

Premi OK, dovrebbe partire la scansione che puo' durare molto, durante la scansione non fare assolutamente niente con il pc.dopo il riavvio allega il log C:\combofix.txt
Torna in alto
 
sarah03
Inviato: Thursday, November 24, 2011 6:21:49 PM
Rank: AiutAmico

Iscritto dal : 1/31/2001
Posts: 65
fatto scansione, ecco il log :

ComboFix 11-11-23.03 - Utente 24/11/2011 17.43.22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.517 [GMT 1:00]
Eseguito da: d:\documents and settings\Utente\desktop\combofix.exe
Opzioni usate :: /killall
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0410.exe
c:\windows\kb913800.exe
c:\windows\unin0410.exe
d:\documents and settings\All Users\Dati applicazioni\TEMP
d:\documents and settings\Utente\Dati applicazioni\OfferBox
d:\documents and settings\Utente\Dati applicazioni\OfferBox\config.dat
d:\documents and settings\Utente\Dati applicazioni\OfferBox\config.xml
d:\documents and settings\Utente\WINDOWS
.
La copia infetta di c:\windows\system32\scecli.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\ServicePackFiles\i386\scecli.dll
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SROSA
.
.
((((((((((((((((((((((((( Files Creati Da 2011-10-24 al 2011-11-24 )))))))))))))))))))))))))))))))))))
.
.
2011-11-24 17:03 . 2011-11-24 17:03 63115 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-11-24 17:03 . 2011-11-24 17:03 8646 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-11-24 17:03 . 2011-11-24 17:03 6429 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-11-24 17:03 . 2011-11-24 17:03 4599 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-11-24 17:03 . 2011-11-24 17:03 9310 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-11-24 17:03 . 2011-11-24 17:03 5927 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-11-24 17:03 . 2011-11-24 17:03 8613 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-11-24 17:03 . 2011-11-24 17:03 1651 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-11-24 17:03 . 2011-11-24 17:03 6910 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-11-24 17:02 . 2011-11-24 17:02 8288 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-11-24 17:02 . 2011-11-24 17:02 6208 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-11-24 17:02 . 2011-11-24 17:02 18541 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-11-24 17:02 . 2011-11-24 17:02 51852 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-11-24 17:02 . 2011-11-24 17:02 20719 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-11-24 17:02 . 2011-11-24 17:02 8782 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-11-24 17:02 . 2011-11-24 17:02 7271 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-11-24 17:02 . 2011-11-24 17:02 23327 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-11-24 17:01 . 2011-11-24 17:01 56200 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{76B62A87-EE28-4995-89DA-54008BE3942F}\offreg.dll
2011-11-24 16:56 . 2008-04-14 02:13 187904 ----a-w- c:\windows\system32\scecli.dll
2011-11-24 14:15 . 2011-11-24 14:16 -------- d-----w- d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater
2011-11-24 14:15 . 2011-11-24 14:26 -------- d-----w- d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService
2011-11-22 09:24 . 2011-10-07 03:48 6668624 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{76B62A87-EE28-4995-89DA-54008BE3942F}\mpengine.dll
2011-11-19 10:54 . 2007-08-14 07:12 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-11-18 16:03 . 2011-11-18 16:03 -------- d-----w- c:\programmi\iPod
2011-11-17 15:47 . 2011-11-24 14:16 -------- d-----w- d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServiceUpd
2011-11-17 15:46 . 2011-11-17 15:47 -------- d-----w- d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PowerOffer
2011-11-17 15:46 . 2011-11-17 15:46 716318 ----a-w- c:\windows\unins000.exe
2011-11-16 15:58 . 2001-08-30 22:08 99328 ----a-w- c:\windows\system32\srusd.dll
2011-11-16 15:58 . 2001-08-30 22:08 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-11-16 15:58 . 2001-08-30 21:28 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-11-16 15:58 . 2001-08-30 21:28 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys
2011-11-16 15:58 . 2001-08-30 22:07 71680 ----a-w- c:\windows\system32\fnfilter.dll
2011-11-16 15:58 . 2001-08-30 22:07 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 08:58 . 2011-05-15 07:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-10-25 19:07 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2010-03-04 22:54 6668624 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-03 03:06 . 2010-04-25 14:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2011-06-25 19:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-10-25 18:38 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-10-25 18:39 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-10-25 18:39 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 20:45 . 2010-06-29 08:25 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-03-04 23:20 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-28 08:37 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-03-04 23:21 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-03-04 23:21 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-03-04 23:21 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-03-04 23:21 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-03-04 23:21 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-03-04 23:21 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-03-04 23:21 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2004-10-25 18:39 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 15:00 . 2010-08-02 13:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-11-12 10:33 . 2011-10-06 15:15 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\programmi\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-06-07 36864]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2000-06-07 817664]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 196608]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-25 273528]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"PosService"="d:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-11-21 89088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
d:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2011-4-2 142848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 06:53 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\D:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]
path=d:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\Widget vodafone.lnk
backup=c:\windows\pss\Widget vodafone.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\programmi\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OmniPass"=c:\apps\Softex\OmniPass\scureapp.exe
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"d:\\eMule\\emule.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\APPS\\SKYPE\\Phone\\Skype.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12501:TCP"= 12501:TCP:emule in ingresso
"12502:UDP"= 12502:UDP:emule in uscita
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R?2 ServUpdater;Serv Updater;d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [23/11/2011 16.03.06 25600]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [20/05/2008 7.32.40 15328]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/05/2011 9.37.08 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/03/2010 0.21.47 320856]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [19/11/2011 11.54.03 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/03/2010 0.21.48 20568]
R2 PowerOffer Service;Pos Service;d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [23/11/2011 16.03.06 34304]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [06/08/2008 10.34.02 216032]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24/02/2005 11.29.14 162176]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [17/07/2009 16.21.53 7040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [29/01/2010 9.57.53 135664]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [29/01/2010 9.57.53 135664]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5D.tmp --> c:\windows\system32\5D.tmp [?]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [06/04/2004 3.24.00 64088]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [15/12/2005 3.31.00 46848]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [24/10/2004 23.04.00 7796]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25/10/2004 19.39.34 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - SERVUPDATER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-29 08:57]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-29 08:57]
.
2011-11-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-11-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2183865090-2060284026-561532327-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2183865090-2060284026-561532327-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2183865090-2060284026-561532327-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2183865090-2060284026-561532327-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-24 c:\windows\Tasks\User_Feed_Synchronization-{4F08A5AB-931F-4027-811F-2EA20FAD7B6C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2011-11-24 c:\windows\Tasks\User_Feed_Synchronization-{5A89C46A-075B-4F8D-B276-E2F80F16CD28}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyServer = 200.88.113.254:80
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{519146A1-D805-406E-B07C-30A80E690A10}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{555B6C10-012D-4E68-B07B-6B49B0EBA5A5}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{B1B7732B-72AA-4A2C-9B94-602F9CE2D9DE}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C0EBA99C-A0C9-4573-90AB-DFB61B4E3848}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{E8B74729-45A0-4DDB-85F3-42F75D1A1882}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{FA3C533B-6451-4E04-AE4D-4D9728B51DF4}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{FECA4316-6DC3-41D6-93C8-BF7247D7996A}: NameServer = 176.31.229.24,176.31.229.25
DPF: {2A21D253-56C4-444B-B8E5-CC4922296416} - hxxp://www.amt.genova.it/belt_web/cabs/TSFSCLibInternet.CAB
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab
DPF: {596B26AA-E941-4FB5-8F91-0762447578F0} - hxxp://games.bigfishgames.com/fr_dream-chronicles/online/dream.1.0.0.17_fr.cab
FF - ProfilePath - d:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\0c78yy6e.default\
FF - prefs.js: browser.search.selectedEngine - Cerca...
FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com/
FF - prefs.js: network.proxy.ftp - 147.102.82.32
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 147.102.82.32
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 147.102.82.32
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 147.102.82.32
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 147.102.82.32
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-ArcSoft PhotoBase - c:\windows\IsUn0410.exe
AddRemove-ArcSoft PhotoStudio 2000 - c:\windows\IsUn0410.exe
AddRemove-Canon ScanGear Toolbox 3.0 - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-24 18:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5D.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
c:\apps\Softex\OmniPass\opxpgina.dll
.
- - - - - - - > 'explorer.exe'(9568)
c:\windows\system32\WININET.dll
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\SCardSvr.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\apps\Softex\OmniPass\Omniserv.exe
c:\windows\System32\PAStiSvc.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
c:\apps\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\dllhost.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Ora fine scansione: 2011-11-24 18:16:57 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-11-24 17:16
.
Pre-Run: 10.806.013.952 byte disponibili
Post-Run: 10.718.851.072 byte disponibili
.
- - End Of File - - 338E8FF920D4C75A5246C5C5A02692B6
Torna in alto
 
sarah03
Inviato: Friday, November 25, 2011 1:49:54 PM
Rank: AiutAmico

Iscritto dal : 1/31/2001
Posts: 65
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\PService\Pos.exe
O23 - Service: ServiceUpd (PowerOffer Upd Service) - ServiceUpd - D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\ServiceUpd\ServiceUpd.exe

Impossibile cancellare queste due righe.....

Posso cancellare queste cartelle ? : Pos Service, Service Upd et ServUpdater che si trovano in Documents and settins\utente\impostazioni locali\dati applicazioni.
Torna in alto
 
francescoamato
Inviato: Friday, November 25, 2011 1:53:05 PM
Rank: AiutAmico

Iscritto dal : 11/19/2011
Posts: 78
ComboFix ha eliminato il virus, e un driver che fa parte di un pericoloso Trojan rootkit: bagle.

Crea un file di testo .TXT sul desktop con il blocco note, chiamalo CFScript.txt. Salvalo.. trascinalo con il puntatore del mouse sull'icona di combofix situata sul desktop, partirà una nuova scansione; allega il report.

Commenta:

Folder::
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PowerOffer
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater

File::
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
c:\windows\system32\DRIVERS\Lbd.sys
c:\windows\system32\5D.tmp

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

Driver::
ServUpdater
PowerOffer Service
Lbd
MEMSWEEP2

DDS::
uInternet Settings,ProxyServer = 200.88.113.254:80
Torna in alto
 
sarah03
Inviato: Friday, November 25, 2011 2:12:20 PM
Rank: AiutAmico

Iscritto dal : 1/31/2001
Posts: 65
Scusa la mia ignoranza ma non so se ho capito bene. Nel file di testo che devo creare devo incollare quello che hai scritto tu sotto a "commenta" ?
Torna in alto
 
sarah03
Inviato: Friday, November 25, 2011 2:14:29 PM
Rank: AiutAmico

Iscritto dal : 1/31/2001
Posts: 65
e la scanzione la devo fare di nuovo a connessione spenta e con real time di avast disattivato?
Torna in alto
 
francescoamato
Inviato: Friday, November 25, 2011 2:21:15 PM
Rank: AiutAmico

Iscritto dal : 11/19/2011
Posts: 78
Si devi copiare e incollare quello che è scritto sotto commenta.
Si, meglio se la scansione la fai con Avast disattivato e a connessione spenta.

Pensavo di essere stato abbastanza chiaro.. Sick
Torna in alto
 
sarah03
Inviato: Friday, November 25, 2011 8:42:37 PM
Rank: AiutAmico

Iscritto dal : 1/31/2001
Posts: 65
Fatto esattamente quello che mi hai detto, ecco il nuovo log :

ComboFix 11-11-23.03 - Utente 25/11/2011 20.08.50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.334 [GMT 1:00]
Eseguito da: d:\documents and settings\Utente\Desktop\ComboFix.exe
Opzioni usate :: d:\documents and settings\Utente\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
FILE ::
"c:\windows\system32\5D.tmp"
"c:\windows\system32\DRIVERS\Lbd.sys"
"d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.exe"
"d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\7z.dll
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\AppLib.Zip.dll
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.InstallLog
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.InstallState
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\settings.ini
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\settings\settings.ini
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\7z.dll
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\AppLib.Zip.dll
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\InstallHelper.exe
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.InstallLog
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.InstallState
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\settings.ini
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\settings\settings.ini
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\System.Data.SQLite.dll
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\upd.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LBD
-------\Legacy_MEMSWEEP2
-------\Legacy_POWEROFFER_SERVICE
-------\Legacy_SERVUPDATER
-------\Service_Lbd
-------\Service_MEMSWEEP2
-------\Service_PowerOffer Service
-------\Service_ServUpdater
.
.
((((((((((((((((((((((((( Files Creati Da 2011-10-25 al 2011-11-25 )))))))))))))))))))))))))))))))))))
.
.
2011-11-25 19:24 . 2011-11-25 19:24 56200 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{66B46BB9-D64F-47FF-8E6A-ED93B63BCD4D}\offreg.dll
2011-11-25 09:49 . 2011-10-07 03:48 6668624 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{66B46BB9-D64F-47FF-8E6A-ED93B63BCD4D}\mpengine.dll
2011-11-24 16:56 . 2008-04-14 02:13 187904 ----a-w- c:\windows\system32\scecli.dll
2011-11-19 10:54 . 2007-08-14 07:12 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-11-18 16:03 . 2011-11-18 16:03 -------- d-----w- c:\programmi\iPod
2011-11-17 15:47 . 2011-11-24 14:16 -------- d-----w- d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServiceUpd
2011-11-17 15:46 . 2011-11-17 15:46 716318 ----a-w- c:\windows\unins000.exe
2011-11-16 15:58 . 2001-08-30 22:08 99328 ----a-w- c:\windows\system32\srusd.dll
2011-11-16 15:58 . 2001-08-30 22:08 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-11-16 15:58 . 2001-08-30 21:28 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-11-16 15:58 . 2001-08-30 21:28 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys
2011-11-16 15:58 . 2001-08-30 22:07 71680 ----a-w- c:\windows\system32\fnfilter.dll
2011-11-16 15:58 . 2001-08-30 22:07 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 08:58 . 2011-05-15 07:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-10-25 19:07 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2010-03-04 22:54 6668624 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-03 03:06 . 2010-04-25 14:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2011-06-25 19:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-10-25 18:38 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-10-25 18:39 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-10-25 18:39 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 20:45 . 2010-06-29 08:25 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-03-04 23:20 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-28 08:37 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-03-04 23:21 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-03-04 23:21 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-03-04 23:21 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-03-04 23:21 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-03-04 23:21 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-03-04 23:21 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-03-04 23:21 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2004-10-25 18:39 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 15:00 . 2010-08-02 13:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-11-12 10:33 . 2011-10-06 15:15 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-24_17.04.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-25 19:25 . 2011-11-25 19:25 16384 c:\windows\Temp\Perflib_Perfdata_128.dat
+ 2009-07-17 15:45 . 2011-11-25 19:26 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-17 15:45 . 2011-11-24 14:13 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-17 15:45 . 2011-11-24 14:13 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-07-17 15:45 . 2011-11-25 19:26 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2011-11-25 09:10 . 2011-11-25 19:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-07-17 15:45 . 2011-11-24 14:13 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-22 07:49 . 2011-11-25 19:26 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-22 07:49 . 2011-11-24 14:13 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\programmi\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-06-07 36864]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2000-06-07 817664]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 196608]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-25 273528]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"PosService"="d:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-11-25 89088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
d:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2011-4-2 142848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 06:53 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\D:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]
path=d:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\Widget vodafone.lnk
backup=c:\windows\pss\Widget vodafone.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\programmi\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OmniPass"=c:\apps\Softex\OmniPass\scureapp.exe
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"d:\\eMule\\emule.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\APPS\\SKYPE\\Phone\\Skype.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12501:TCP"= 12501:TCP:emule in ingresso
"12502:UDP"= 12502:UDP:emule in uscita
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [20/05/2008 7.32.40 15328]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/05/2011 9.37.08 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/03/2010 0.21.47 320856]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [19/11/2011 11.54.03 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/03/2010 0.21.48 20568]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [06/08/2008 10.34.02 216032]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24/02/2005 11.29.14 162176]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [17/07/2009 16.21.53 7040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [29/01/2010 9.57.53 135664]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [29/01/2010 9.57.53 135664]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [06/04/2004 3.24.00 64088]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [15/12/2005 3.31.00 46848]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [24/10/2004 23.04.00 7796]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25/10/2004 19.39.34 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-29 08:57]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-29 08:57]
.
2011-11-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-11-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2183865090-2060284026-561532327-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2183865090-2060284026-561532327-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2183865090-2060284026-561532327-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2183865090-2060284026-561532327-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-25 c:\windows\Tasks\User_Feed_Synchronization-{4F08A5AB-931F-4027-811F-2EA20FAD7B6C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2011-11-25 c:\windows\Tasks\User_Feed_Synchronization-{5A89C46A-075B-4F8D-B276-E2F80F16CD28}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://search.findeer.com
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{519146A1-D805-406E-B07C-30A80E690A10}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{555B6C10-012D-4E68-B07B-6B49B0EBA5A5}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{B1B7732B-72AA-4A2C-9B94-602F9CE2D9DE}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C0EBA99C-A0C9-4573-90AB-DFB61B4E3848}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{E8B74729-45A0-4DDB-85F3-42F75D1A1882}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{FA3C533B-6451-4E04-AE4D-4D9728B51DF4}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{FECA4316-6DC3-41D6-93C8-BF7247D7996A}: NameServer = 176.31.229.24,176.31.229.25
DPF: {2A21D253-56C4-444B-B8E5-CC4922296416} - hxxp://www.amt.genova.it/belt_web/cabs/TSFSCLibInternet.CAB
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab
DPF: {596B26AA-E941-4FB5-8F91-0762447578F0} - hxxp://games.bigfishgames.com/fr_dream-chronicles/online/dream.1.0.0.17_fr.cab
FF - ProfilePath - d:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\0c78yy6e.default\
FF - prefs.js: browser.search.selectedEngine - Cerca...
FF - prefs.js: browser.startup.homepage - hxxp://offerte.vodafone.it/vetrine/?ecmp=01_SEM_P
FF - prefs.js: network.proxy.ftp - 147.102.82.32
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 147.102.82.32
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 147.102.82.32
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 147.102.82.32
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 147.102.82.32
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-25 20:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
c:\apps\Softex\OmniPass\opxpgina.dll
.
- - - - - - - > 'explorer.exe'(5532)
c:\windows\system32\WININET.dll
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\SCardSvr.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\apps\Softex\OmniPass\Omniserv.exe
c:\windows\System32\PAStiSvc.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\apps\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\dllhost.exe
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Ora fine scansione: 2011-11-25 20:37:39 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-11-25 19:37
ComboFix2.txt 2011-11-24 17:17
.
Pre-Run: 11.005.501.440 byte disponibili
Post-Run: 10.977.083.392 byte disponibili
.
- - End Of File - - ED28990B0E86DCDD832DF0522412A76C
Torna in alto
 
sarah03
Inviato: Friday, November 25, 2011 8:52:58 PM
Rank: AiutAmico

Iscritto dal : 1/31/2001
Posts: 65
Credo proprio che sta volta è stato eliminato del tutto. Vero Francesco? Grazie grazie....mille
Torna in alto
 
francescoamato
Inviato: Saturday, November 26, 2011 2:58:42 PM
Rank: AiutAmico

Iscritto dal : 11/19/2011
Posts: 78
Ciao sara, questa cartella non mi piace, se non sai cosa è eliminala (prima per sicurezza dimmi cosa c'è dentro):
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServiceUpd

Poi, esegui TFC e OTF per pulire il PC e allega un nuovo log di hijackhtis.


Commenta:
Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte
Torna in alto
 
sarah03
Inviato: Saturday, November 26, 2011 3:52:01 PM
Rank: AiutAmico

Iscritto dal : 1/31/2001
Posts: 65
Ti faccio vedere quello che c'è in quella famosa cartella :


Uploaded with ImageShack.us

Che faccio ? Elimino ?
Torna in alto
 
sarah03
Inviato: Saturday, November 26, 2011 4:20:50 PM
Rank: AiutAmico

Iscritto dal : 1/31/2001
Posts: 65
ciao Francesco, ho fatto nuove scansioni con TFC e OTC come suggerito da te. Ti mando il nuovo log di hijackthis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.18.32, on 26/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Alwil Software\Avast5\avastUI.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
D:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PosService] D:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [avast] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {2A21D253-56C4-444B-B8E5-CC4922296416} (TSFSCLibInternet.TSFSC) - http://www.amt.genova.it/belt_web/cabs/TSFSCLibInternet.CAB
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab
O16 - DPF: {596B26AA-E941-4FB5-8F91-0762447578F0} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/fr_dream-chronicles/online/dream.1.0.0.17_fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8B74729-45A0-4DDB-85F3-42F75D1A1882}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3C533B-6451-4E04-AE4D-4D9728B51DF4}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FECA4316-6DC3-41D6-93C8-BF7247D7996A}: NameServer = 176.31.229.24,176.31.229.25
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12309 bytes
Torna in alto
 
francescoamato
Inviato: Sunday, November 27, 2011 10:57:50 AM
Rank: AiutAmico

Iscritto dal : 11/19/2011
Posts: 78
Ciao, elimina la cartella incriminata, poi:
elimina anche questa D:\Documents and Settings\All Users\Documenti\AppData\PoApp
Disinstalla spybot se presente e:

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":

Commenta:
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PosService] D:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe

Infine;
Scarica Security Check: http://screen317.spywareinfoforum.org/SecurityCheck.exe
● salva il tool sul Desktop
● esegui il programma e premi un tasto qualsiasi
● attendi la fine della scansione
● allega il log che si aprirà automaticamente
Torna in alto
 
sarah03
Inviato: Sunday, November 27, 2011 4:55:50 PM
Rank: AiutAmico

Iscritto dal : 1/31/2001
Posts: 65
Ma eliminando tutte questo voci posso stare tranquilla ? Dopo tutto funzionerà come prima ?.....
Torna in alto
 
francescoamato
Inviato: Sunday, November 27, 2011 5:12:39 PM
Rank: AiutAmico

Iscritto dal : 11/19/2011
Posts: 78
Eliminando queste voci il tuo PC sarà più veloce, in avvio e in esecuzione.

Ciao!
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.