Benvenuto Ospite

Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Aiuto Log

7 pages: 1 [2] 3 4 5 6 7

Aiuto Log

Opzioni

Topic Precedente · Topic Sucessivo

monsee

Inviato: Monday, January 18, 2010 12:20:02 AM

Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971

Attenzione, Silvietta!
Ad-Aware (anche nella versione FREE) conserva una parte "residente" che rischia di crear conflitti col tuo Spyware Terminator (che è, di norma, un antispyware "residente" pure lui)...
Sicché -fatto salvo che c'è prima da seguire a puntino tutte le istruzioni del bravo r16- ti suggerirei (se mi è concesso) di disinstallare Ad-Aware...
Diversa è la storia se il tuo Ad-Aware fosse quello a pagamento (non mi pare): in questo caso, ti suggerirei di disinstallare Spyware Terminator.

silvietta87

Inviato: Monday, January 18, 2010 5:02:38 PM

Rank: AiutAmico

Iscritto dal : 4/10/2009
Posts: 53

Ok, ora comincio seriamente a preoccuparmi. Ho provato a installare quell' anti-malware ma quando clicco 2 volte sopra l'icona non parte. Ho provato a scaricarmene altri due e anche se riesco a installarli quando li avvio non partono. Quello che sto usando ora (spyware terminator) non mi trova più quel coso anche se c'è ancora, e la sua funzione di protezione in tempo reale non funziona più. Dal log non si capisce cosa c'è di sbagliato da togliere? Io non so più cosa fare....

edit* Ho disinstallato ad come mi hai detto Monsee. Ora c'è solo spyware T.

r16

Inviato: Monday, January 18, 2010 5:15:14 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Commenta:

Ok, ora comincio seriamente a preoccuparmi.

E fai bene, in quanto dovrai fare un controllo sull'Editor del Registro.

Fai attenzione a eseguire queste indicazioni:
Start\Esegui|digita:regedit\ok.
Clicca sul + di HKEY_LOCAL_MACHINE
Clicca sul + di SOFTWARE
Clicca sul + di Microsoft
Clicca sul + di Windows NT
Clicca sul + di CurrentVersion
Scorri finchè trovi la cartellina Winlogon.
Clicca una volta, sopra la cartellina Winlogon.
Nella pagina a destra, (quasi a fondo pagina) troverai:
Userinit.
Fai Doppio click su Userinit.
Si apre una finestrella, con scritto: C:\windows\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
Devi eliminare SOLO la parte in rosso: C:\WINDOWS\system32\sdra64.exe,
Il risultato finale deve essere: C:\windows\system32\userinit.exe, (virgola finale compresa)
Confema tutto.
RIAVVIA il pc.
Ricontrolla se la modifica, è stata eseguita correttamente.
Attenzione, se commetti un errore, potresti NON accedere più a Windows.

silvietta87

Inviato: Monday, January 18, 2010 5:20:26 PM

Rank: AiutAmico

Iscritto dal : 4/10/2009
Posts: 53

.....ok..... ora ci provo.....

Pregate per me

edit* problema: quando digito :regedit\ok. mi dice "impossibile trovare file, controllare che il nome sia corretto e riprovare".

r16

Inviato: Monday, January 18, 2010 5:28:15 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Scusa, Non devi digitare i due punti :
Ma solo regedit e poi clicca OK

silvietta87

Inviato: Monday, January 18, 2010 5:32:25 PM

Rank: AiutAmico

Iscritto dal : 4/10/2009
Posts: 53

r16 ha scritto:

Il risultato finale deve essere: C:\windows\system32\userinit.exe, (virgola finale compresa)

Il fatto è che era già scritto così senza che modificassi qualcosa....non c'era la parte in più da togliere... è un bene no?

r16

Inviato: Monday, January 18, 2010 5:38:13 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Và benissimo.
Il fatto è che sul primo log di HJT, quella infezione è stata rilevata.
E non è stata eliminata.
Nel secondo log NON è rilevata, ma volevo essere sicuro.

paolopa

Inviato: Monday, January 18, 2010 5:39:11 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777

@r16:i log di hijack sono due,nel secondo non è presente l'f2 a cui ti riferivi,ma non è chiaro cosa abbia fatto tra i due log.
ops,stavo scrivendo,non potevo leggerti.

silvietta87

Inviato: Monday, January 18, 2010 5:43:16 PM

Rank: AiutAmico

Iscritto dal : 4/10/2009
Posts: 53

Come mai ora non riesco a installare quell'anti-malware? è possibile che sia proprio quel programma (quello che non riesco a eliminare e che mi fa comparire dei pop-up di internet verso siti di wallpaper o che mi fa partire DAL NULLA delle musiche di sottofondo) la causa??

edit* Vi ricopio il log che ho fatto ora.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.45.59, on 18/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\PC Tools AntiVirus\PCTAVSvc.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [PCTAVApp] "C:\Programmi\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A2E44D5-8D73-4606-BD12-6474B49FB4DC}: NameServer = 85.37.17.8 85.38.28.73
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Programmi\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Programmi\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 9048 bytes

r16

Inviato: Monday, January 18, 2010 8:42:43 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Fai attenzione: in fase di scaricamento, RINOMINALO in TOMBO-FIX.EXE

Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

silvietta87

Inviato: Monday, January 18, 2010 11:09:09 PM

Rank: AiutAmico

Iscritto dal : 4/10/2009
Posts: 53

fatto! Ecco il log.
(Ma come vi raccapezzate in questo casino?????) d'oh!

d'oh!

ComboFix 09-06-28.02 - Silvia 18/01/2010 23.02.40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.767.377 [GMT 1:00]
Eseguito da: c:\documents and settings\Silvia\Desktop\TOMBO-FIX.EXE
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Digital Patrol *On-access scanning enabled* (Updated) {35237DD9-776F-4485-A7AF-729074E24B96}
AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning enabled* (Outdated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((( Files Creati Da 2009-12-18 al 2010-01-18 )))))))))))))))))))))))))))))))))))
.

2010-01-18 15:52 . 2010-01-18 15:59 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-01-18 14:21 . 2010-01-18 14:21 -------- d-----w- c:\programmi\Crawler
2010-01-18 14:20 . 2010-01-18 14:24 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\Spyware Terminator
2010-01-18 14:20 . 2010-01-18 14:20 6144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2010-01-18 14:20 . 2010-01-18 14:20 5632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2010-01-18 14:20 . 2010-01-18 14:20 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-18 14:20 . 2010-01-18 14:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2010-01-18 14:20 . 2010-01-18 16:39 -------- d-----w- c:\programmi\Spyware Terminator
2010-01-15 12:15 . 2010-01-15 12:15 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\URSoft
2010-01-15 12:15 . 2010-01-15 12:15 -------- d-----w- c:\programmi\Your Uninstaller 2010
2010-01-15 11:48 . 2010-01-15 11:44 185344 ----a-w- c:\windows\system32\framedyn.dll
2010-01-15 11:46 . 2010-01-15 11:44 5415 ----a-w- c:\windows\system32\Choice.com
2010-01-14 19:33 . 2010-01-14 19:33 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\PC Tools
2010-01-14 19:32 . 2009-08-24 13:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-14 19:32 . 2009-08-19 10:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-14 19:32 . 2010-01-14 19:32 -------- d-----w- c:\programmi\File comuni\PC Tools
2010-01-14 19:32 . 2009-02-10 09:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2010-01-14 19:32 . 2009-02-10 09:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2010-01-14 19:32 . 2009-02-10 09:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2010-01-14 19:31 . 2010-01-18 21:57 -------- d-----w- c:\programmi\PC Tools AntiVirus
2010-01-14 19:31 . 2010-01-14 19:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2010-01-14 16:41 . 2010-01-14 18:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-12-21 00:00 . 2009-12-21 00:00 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\.clamwin
2009-12-20 23:59 . 2009-12-20 23:59 -------- d-----w- c:\programmi\ClamWin
2009-12-20 23:59 . 2009-12-20 23:59 -------- d-----w- c:\documents and settings\All Users\.clamwin
2009-12-20 18:07 . 2010-01-18 16:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-12-19 23:29 . 2009-12-19 23:29 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\Malwarebytes
2009-12-19 23:29 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 23:29 . 2009-12-19 23:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-19 23:29 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 21:58 . 2008-01-21 10:46 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-18 15:59 . 2007-10-06 16:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-18 11:27 . 2008-04-21 18:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 13:03 . 2007-10-07 08:22 -------- d-----w- c:\programmi\File comuni\eMule
2010-01-15 10:25 . 2007-10-07 08:30 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\Azureus
2009-12-20 16:41 . 2009-02-06 21:07 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\Desktopicon
2009-12-18 08:12 . 2007-10-07 08:37 -------- d-----w- c:\programmi\Azureus
2009-12-11 10:06 . 2004-08-30 20:00 99302 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 10:06 . 2004-08-30 20:00 524698 ----a-w- c:\windows\system32\perfh010.dat
2009-12-06 10:49 . 2009-12-06 10:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\F-Secure
2009-11-20 13:35 . 2009-11-20 13:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-20 13:34 . 2007-10-07 08:28 -------- d-----w- c:\programmi\Java
2009-11-20 13:34 . 2009-11-20 13:34 152576 ----a-w- c:\documents and settings\Silvia\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-29 07:40 . 2004-08-30 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2004-08-30 20:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-30 20:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2004-07-22 09:51 . 2004-07-22 09:51 3432656 ----a-w- c:\programmi\ManagedDX.CAB
2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\programmi\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\programmi\BDAXP.cab
2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\programmi\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\programmi\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\programmi\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\programmi\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\programmi\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\programmi\DSETUP.dll
2009-03-05 16:08 . 2009-04-10 20:24 61440 ----a-w- c:\programmi\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

[-] 2008-04-14 02:14 14336 BB8363ABEC09AA2F9B363484E282117C c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\svchost.exe
[-] 2004-08-30 20:00 14336 73955B04F209D8A1C633867841267A96 c:\windows\system32\svchost.exe
[-] 2004-08-30 20:00 14336 73955B04F209D8A1C633867841267A96 c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 02:13 82432 D34F635FF28F2AABEDC95BFEB891864C c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ws2_32.dll
[-] 2004-08-30 20:00 82944 12EAD983C875ED9BCC8B90E3F77F2E4A c:\windows\system32\ws2_32.dll
[-] 2004-08-30 20:00 82944 12EAD983C875ED9BCC8B90E3F77F2E4A c:\windows\system32\dllcache\ws2_32.dll

[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2004-08-30 20:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 02:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\winlogon.exe
[-] 2004-08-30 20:00 544256 E6F62282EBAA63BA07FA2DC7198B8D0D c:\windows\system32\winlogon.exe
[-] 2004-08-30 20:00 544256 E6F62282EBAA63BA07FA2DC7198B8D0D c:\windows\system32\dllcache\winlogon.exe
[-] 2004-08-30 20:00 504832 4166454E2BCFCC20D1B8A5AC9FEAB243 c:\windows\VistaMizer\old\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ndis.sys
[-] 2004-08-30 20:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-30 20:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ip6fw.sys
[-] 2004-08-30 20:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-30 20:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2007-06-13 13:22 1554432 21B69AA06FCE941009A3C58DC8E94A5E c:\windows\explorer.exe
[7] 2007-06-13 13:10 1035776 B4E85805BE6D23DE697F7B3BA7492D0B c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-30 20:00 1034752 178D42BD8FC34A9837417A6CE1D6BB7B c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 02:14 1036288 70D7F99D95615C3C278367756287DB71 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\explorer.exe
[-] 2007-06-13 13:22 1554432 21B69AA06FCE941009A3C58DC8E94A5E c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 13:22 1035776 7E2817A623E16F830B660F81C0FD63DA c:\windows\VistaMizer\old\explorer.exe

[-] 2009-02-09 09:50 111104 BCF1770A35BDA3BD13A9E2054F15F37E c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2009-02-09 11:22 111104 26845F272435302E0F3322E660A24F7D c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 11:14 111104 C79FEAE2F68982259907AB52B0F2676F c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-30 20:00 108544 E77F6FA2A15390F1727F4C1C55B69DA6 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 02:14 109056 DAC0440C89B1EA4E35684896D5BF856E c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\services.exe
[-] 2009-02-09 10:05 111104 AA6602EA22899E57D4661DDA87C3EE21 c:\windows\system32\services.exe
[-] 2009-02-09 10:05 111104 AA6602EA22899E57D4661DDA87C3EE21 c:\windows\system32\dllcache\services.exe

[-] 2008-04-14 02:14 13312 0FBA335727905DE8E4CB5A2CF438ABF5 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\lsass.exe
[-] 2004-08-30 20:00 13312 0815E8DA286775FA432C7C9EE5E10BA1 c:\windows\system32\lsass.exe
[-] 2004-08-30 20:00 13312 0815E8DA286775FA432C7C9EE5E10BA1 c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 02:14 15360 F53CDDEF33A4C41336A782BE3D170158 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ctfmon.exe
[-] 2004-08-30 20:00 25088 40DE117B6CCFC031D2DC8B73D82020CF c:\windows\system32\ctfmon.exe
[-] 2004-08-30 20:00 25088 40DE117B6CCFC031D2DC8B73D82020CF c:\windows\system32\dllcache\ctfmon.exe
[-] 2004-08-30 20:00 15360 5B33B4265966EE063C7FBEA28958D9C2 c:\windows\VistaMizer\old\ctfmon.exe

[-] 2008-04-14 02:14 26624 DF69726907357C3ADD243F48902B0331 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\userinit.exe
[-] 2004-08-30 20:00 25088 C1E7FE19F98A877BF8F941BF48148695 c:\windows\system32\userinit.exe
[-] 2004-08-30 20:00 25088 C1E7FE19F98A877BF8F941BF48148695 c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 02:13 296960 FE5A5329CCFC33D645C33077FF04F052 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\termsrv.dll
[-] 2004-08-30 20:00 296960 C06CD1890279603E15020757E02DE56B c:\windows\system32\termsrv.dll
[-] 2004-08-30 20:00 296960 C06CD1890279603E15020757E02DE56B c:\windows\system32\dllcache\termsrv.dll

[7] 2007-04-16 16:09 1030144 6D9421A648F26B8640C63D0F8F2B7D48 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 13:54 1033216 98993B11907E932A7ED121AAEEC2F3E0 c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2009-03-21 14:06 1033728 5576C1D7AF026D18240ED6A624FD01A2 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 13:59 1035776 A3A365C46057532F6638D57E4C0B66B8 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2004-08-30 20:00 1027584 FEB3CC200749FF119BB8B08224A1A594 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2007-04-16 15:54 1028608 EB1428078E1D10FDEC060857AA526A9F c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 02:13 1033728 06157539EBB8B87D47B9B6C5DA44B62F c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\kernel32.dll
[-] 2009-03-21 14:18 1030144 C71A4010BBA2B2998FDF28130E8A0173 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:18 1030144 C71A4010BBA2B2998FDF28130E8A0173 c:\windows\system32\dllcache\kernel32.dll

[-] 2008-04-14 02:13 17408 2F331374433E3FE176BEE155D9BE83E1 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\powrprof.dll
[-] 2004-08-30 20:00 17408 41FF9D663219A1DD0397FE2C5B09436C c:\windows\system32\powrprof.dll
[-] 2004-08-30 20:00 17408 41FF9D663219A1DD0397FE2C5B09436C c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 02:13 110080 3F970150C170A38FCE423994341205B4 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\imm32.dll
[-] 2004-08-30 20:00 110080 CA38A6091ECAC2668EC99AFD4B6C0615 c:\windows\system32\imm32.dll
[-] 2004-08-30 20:00 110080 CA38A6091ECAC2668EC99AFD4B6C0615 c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 02:13 1571840 CE7DB8EE1C9BD8A40F84529DDC28B0D8 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\sfcfiles.dll
[-] 2004-08-30 20:00 1548288 0F9AAB130D89786A59F8F93A9E23C658 c:\windows\system32\sfcfiles.dll
[-] 2004-08-30 20:00 1548288 0F9AAB130D89786A59F8F93A9E23C658 c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 02:13 175104 9062ED05B7519324FD7F0D6AFB9D1147 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\appmgmts.dll
[-] 2004-08-30 20:00 175104 00E50CD4D9247CB56EFC1360C32AB755 c:\windows\system32\appmgmts.dll
[-] 2004-08-30 20:00 175104 00E50CD4D9247CB56EFC1360C32AB755 c:\windows\system32\dllcache\appmgmts.dll

[-] 2008-04-14 01:53 25088 28B6EACE513CA7EABA3B809AD4BC274D c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\kbdclass.sys
[-] 2004-08-30 20:00 25088 E883AE6EA0B313E659225AA32E449CE9 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-30 25088]
"msnmsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"SpywareTerminatorUpdate"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-18 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2009-11-03 86016]
"PCTAVApp"="c:\programmi\PC Tools AntiVirus\PCTAV.exe" [2009-04-16 1505168]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-18 2166784]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ICO.EXE [2004-07-14 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 25088]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Azureus\\Azureus.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\File comuni\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [14/01/2010 20.32.19 206256]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [26/05/2009 16.01.37 16512]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBlf.SYS [26/05/2009 16.01.37 13824]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\programmi\Anti Trojan Elite\ATEPMon.sys --> c:\programmi\Anti Trojan Elite\ATEPMon.sys [?]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [27/06/2009 17.55.17 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [27/06/2009 17.55.17 105216]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a1a7c2-aff4-11dc-b4b9-00115b33e8b4}]
\Shell\AutoRun\command - G:\AutoTransfer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-18 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{D69F225C-ECC7-421E-836B-8FD887739AF2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2010-01-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-27 21:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\programmi\File comuni\PC Tools\LSP\PCTLsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 23:04
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

c:\windows\system32\drivers\H8SRTovmpfaklln.sys 40448 bytes executable
c:\docume~1\Silvia\IMPOST~1\Temp\H8SRTabc.tmp 343040 bytes executable
c:\docume~1\Silvia\IMPOST~1\Temp\h8srtmainqt.dll 16717 bytes
c:\windows\TEMP\H8SRTb01c.tmp 238 bytes
c:\windows\system32\H8SRTiplhtkolar.dll 16896 bytes executable
c:\windows\system32\h8srtkrl32mainweq.dll 1147 bytes
c:\windows\system32\H8SRTmjvfwbocym.dll 40960 bytes executable
c:\windows\system32\h8srtshsyst.dll 2096 bytes
c:\windows\system32\H8SRTsrujoyxtuw.dll 23040 bytes executable
c:\windows\system32\H8SRTupqnxltrri.dat 238 bytes
c:\windows\system32\H8SRTvalqgixcqg.dll 40960 bytes executable

Scansione completata con successo
Files nascosti: 11

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\H8SRTd.sys]
"imagepath"="\systemroot\system32\drivers\H8SRTovmpfaklln.sys"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1957994488-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4415D963-3D04-669B-4D7F-50EE11EE85C3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahnedjpjanjgnigoo"=hex:6a,61,64,63,6e,6e,63,6c,62,70,63,64,64,6a,69,63,69,6d,
62,6c,00,00
"habokakacebocfha"=hex:6a,61,64,63,6e,6e,63,6c,62,70,63,64,64,6a,69,63,69,6d,
62,6c,00,1d

[HKEY_USERS\S-1-5-21-1957994488-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7127CE64-3431-1278-36C9-13A37988AD45}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabdkcippialciboip"=hex:6b,61,6c,6c,61,6b,64,6f,63,6c,68,68,62,69,6b,61,64,66,
63,70,6a,67,00,00
"hahdfbfnhilehjhg"=hex:6b,61,6c,6c,61,6b,64,6f,63,6c,68,68,62,69,6b,61,64,66,
63,70,6a,67,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,23,4d,0d,1d,49,
ea,88,06,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,43,58,0b,47,e2,
29,45,62,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,8c,47,bb,22,5e,
d6,d0,d9,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,4d,87,8a,88,66,
d1,e3,97,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,4c,f2,49,91,35,
45,ec,88,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,42,4a,53,d9,a5,
04,dd,8e,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,6d,c0,74,de,1d,
9b,59,61,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,4d,e7,65,4e,cd,
e8,db,78,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,93,6c,f1,b2,e0,
68,1d,0c,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e3,c2,29,b3,dc,
21,f8,a5,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,7d,75,74,b5,0f,
e3,16,62,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a5,9e,03,85,c4,
60,97,52,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\H8SRTd.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=expand:"\\systemroot\\system32\\drivers\\H8SRTovmpfaklln.sys"
"group"="file system"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WININET.dll
H8SRTiplhtkolar.dll 10000000 40960 \\?\globalroot\systemroot\system32\H8SRTiplhtkolar.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(636)
c:\windows\system32\WININET.dll
c:\windows\system32\SETUPAPI.dll
c:\programmi\File comuni\PC Tools\LSP\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3112)
c:\windows\system32\WININET.dll
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
Ora fine scansione: 2010-01-18 23.08.00
ComboFix-quarantined-files.txt 2010-01-18 22:07

Pre-Run: 3.818.061.824 byte disponibili
Post-Run: 4.212.314.112 byte disponibili

406 --- E O F --- 2010-01-18 10:04

r16

Inviato: Monday, January 18, 2010 11:41:21 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Apri un file di testo sul Desktop (start\esegui\digita notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:

File::
c:\windows\system32\drivers\H8SRTovmpfaklln.sys
c:\docume~1\Silvia\IMPOST~1\Temp\H8SRTabc.tmp
c:\docume~1\Silvia\IMPOST~1\Temp\h8srtmainqt.dll
c:\windows\TEMP\H8SRTb01c.tmp
c:\windows\system32\H8SRTiplhtkolar.dll
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTmjvfwbocym.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTsrujoyxtuw.dll
c:\windows\system32\H8SRTupqnxltrri.dat
c:\windows\system32\H8SRTvalqgixcqg.dll

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\H8SRTd.sys]

RegNull::
[HKEY_USERS\S-1-5-21-1957994488-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4415D963-3D04-669B-4D7F-50EE11EE85C3}*]
[HKEY_USERS\S-1-5-21-1957994488-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7127CE64-3431-1278-36C9-13A37988AD45}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

Driver::
H8SRTd

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

paolopa

Inviato: Tuesday, January 19, 2010 2:49:55 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777

r16,levami una curiosita' visto che per ora silvietta non c è:C:\windows\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
se questa voce fosse stata fixata con hijack,quando era presente nel primo log,il pc avrebbe avuto dei problemi?te lo chiedo unicamente perchè sto cercando di imparare qualcosina,anche se la vedo dura.grazie e buona giornata.

r16

Inviato: Tuesday, January 19, 2010 2:55:57 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

paolopa ha scritto:

r16,levami una curiosita' visto che per ora silvietta non c è:C:\windows\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
se questa voce fosse stata fixata con hijack,quando era presente nel primo log,il pc avrebbe avuto dei problemi?te lo chiedo unicamente perchè sto cercando di imparare qualcosina,anche se la vedo dura.grazie e buona giornata.

Sì.
A me è successo. Brick wall

Brick wall

HJT invece di eliminare solo la parte infetta, ha eliminato tutta la stringa.
Compreso l'Userinit.
Da quella volta, o me la elimina Malwarebytes, o lo faccio fare manualmente, attraverso l'Editor del Registro.

paolopa

Inviato: Tuesday, January 19, 2010 3:00:54 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777

l avevo immaginato quando ho visto la tua procedura.il controllo online del log consiglia di eliminarla,a questi punti credo sia meglio consigliare di evitare il "fai da te"a chi legge.grazie infinite.

r16

Inviato: Tuesday, January 19, 2010 3:10:11 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Tengo a precisare, che ho visto gente (anche brava) che indicava di fixarla con HJT.
E l'eliminazione, non ha presentato problemi.
Ma io, da quella volta, non voglio rischiare più.
Mi è bastata una volta...... Drool

Drool

Ciao!

monsee

Inviato: Tuesday, January 19, 2010 3:29:11 PM

Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971

Non si finisce mai d'imparare! Applause

Applause

Applause

Applause

silvietta87

Inviato: Tuesday, January 19, 2010 3:46:38 PM

Rank: AiutAmico

Iscritto dal : 4/10/2009
Posts: 53

R16, non ci crederai, ma ha funzionato!!!!!!!!!!!!!!!!! Dancing

Dancing

Dancing

Dancing

Ora non mi compaiono più pagine internet sconosciute; sono riuscita a scaricarmi quell'anti-malware e a creare un punto di ripristino!!!!!!!! Boo hoo!

Boo hoo!

Grazieeeeeeeeeeeeeeeeeeeeeeeeeeeeeee!!!!!!!!
(E grazie anche a tutto lo staff Applause

Applause

)

Certo che però è brutto così! Mi hai risolto un problema enorme e io non posso fare nulla in cambio!! >_< Come posso sdebitarmi????????

r16

Inviato: Tuesday, January 19, 2010 3:51:01 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Eh no.....
Non pensare di cavartela così.... Drool

Drool

Vorrei vedere quel log per favore.

silvietta87

Inviato: Tuesday, January 19, 2010 5:35:50 PM

Rank: AiutAmico

Iscritto dal : 4/10/2009
Posts: 53

Ah ok!!!

Dancing

Ecco il log!!! XD

ComboFix 09-06-28.02 - Silvia 19/01/2010 11.06.51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.767.450 [GMT 1:00]
Eseguito da: c:\documents and settings\Silvia\Desktop\COMBO-FIX.EXE
Opzioni usate :: c:\documents and settings\Silvia\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Digital Patrol *On-access scanning enabled* (Updated) {35237DD9-776F-4485-A7AF-729074E24B96}
AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -

FILE ::
"c:\docume~1\Silvia\IMPOST~1\Temp\H8SRTabc.tmp"
"c:\docume~1\Silvia\IMPOST~1\Temp\h8srtmainqt.dll"
"c:\windows\system32\drivers\H8SRTovmpfaklln.sys"
"c:\windows\system32\H8SRTiplhtkolar.dll"
"c:\windows\system32\h8srtkrl32mainweq.dll"
"c:\windows\system32\H8SRTmjvfwbocym.dll"
"c:\windows\system32\h8srtshsyst.dll"
"c:\windows\system32\H8SRTsrujoyxtuw.dll"
"c:\windows\system32\H8SRTupqnxltrri.dat"
"c:\windows\system32\H8SRTvalqgixcqg.dll"
"c:\windows\TEMP\H8SRTb01c.tmp"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Silvia\IMPOST~1\Temp\H8SRTabc.tmp
c:\docume~1\Silvia\IMPOST~1\Temp\h8srtmainqt.dll
c:\windows\system32\drivers\H8SRTovmpfaklln.sys
c:\windows\system32\H8SRTiplhtkolar.dll
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTmjvfwbocym.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTsrujoyxtuw.dll
c:\windows\system32\H8SRTupqnxltrri.dat
c:\windows\system32\H8SRTvalqgixcqg.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-12-19 al 2010-01-19 )))))))))))))))))))))))))))))))))))
.

2010-01-18 22:04 . 2010-01-18 22:04 -------- dc----w- c:\windows\system32\dllcache\cache
2010-01-18 21:58 . 2010-01-18 22:08 -------- d-s---w- C:\TOMBO-FIX
2010-01-18 15:52 . 2010-01-18 15:59 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-01-18 14:21 . 2010-01-18 14:21 -------- d-----w- c:\programmi\Crawler
2010-01-18 14:20 . 2010-01-18 14:24 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\Spyware Terminator
2010-01-18 14:20 . 2010-01-18 14:20 6144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2010-01-18 14:20 . 2010-01-18 14:20 5632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2010-01-18 14:20 . 2010-01-18 14:20 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-18 14:20 . 2010-01-18 16:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2010-01-18 14:20 . 2010-01-18 16:39 -------- d-----w- c:\programmi\Spyware Terminator
2010-01-15 12:15 . 2010-01-15 12:15 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\URSoft
2010-01-15 12:15 . 2010-01-15 12:15 -------- d-----w- c:\programmi\Your Uninstaller 2010
2010-01-15 11:48 . 2010-01-15 11:44 185344 ----a-w- c:\windows\system32\framedyn.dll
2010-01-15 11:46 . 2010-01-15 11:44 5415 ----a-w- c:\windows\system32\Choice.com
2010-01-14 19:33 . 2010-01-14 19:33 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\PC Tools
2010-01-14 19:32 . 2009-08-24 13:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-14 19:32 . 2009-08-19 10:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-14 19:32 . 2010-01-14 19:32 -------- d-----w- c:\programmi\File comuni\PC Tools
2010-01-14 19:32 . 2009-02-10 09:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2010-01-14 19:32 . 2009-02-10 09:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2010-01-14 19:32 . 2009-02-10 09:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2010-01-14 19:31 . 2010-01-19 10:04 -------- d-----w- c:\programmi\PC Tools AntiVirus
2010-01-14 19:31 . 2010-01-14 19:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2010-01-14 16:41 . 2010-01-14 18:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-12-21 00:00 . 2009-12-21 00:00 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\.clamwin
2009-12-20 23:59 . 2009-12-20 23:59 -------- d-----w- c:\programmi\ClamWin
2009-12-20 23:59 . 2009-12-20 23:59 -------- d-----w- c:\documents and settings\All Users\.clamwin
2009-12-20 18:07 . 2010-01-18 16:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 10:04 . 2008-01-21 10:46 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-18 15:59 . 2007-10-06 16:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-18 11:27 . 2008-04-21 18:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 13:03 . 2007-10-07 08:22 -------- d-----w- c:\programmi\File comuni\eMule
2010-01-15 10:25 . 2007-10-07 08:30 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\Azureus
2009-12-20 16:41 . 2009-02-06 21:07 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\Desktopicon
2009-12-19 23:29 . 2009-12-19 23:29 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\Malwarebytes
2009-12-19 23:29 . 2009-12-19 23:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-18 08:12 . 2007-10-07 08:37 -------- d-----w- c:\programmi\Azureus
2009-12-11 10:06 . 2004-08-30 20:00 99302 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 10:06 . 2004-08-30 20:00 524698 ----a-w- c:\windows\system32\perfh010.dat
2009-12-06 10:49 . 2009-12-06 10:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\F-Secure
2009-12-03 15:14 . 2009-12-19 23:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-12-19 23:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 13:35 . 2009-11-20 13:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-20 13:34 . 2007-10-07 08:28 -------- d-----w- c:\programmi\Java
2009-11-20 13:34 . 2009-11-20 13:34 152576 ----a-w- c:\documents and settings\Silvia\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-29 07:40 . 2004-08-30 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2004-07-22 09:51 . 2004-07-22 09:51 3432656 ----a-w- c:\programmi\ManagedDX.CAB
2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\programmi\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\programmi\BDAXP.cab
2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\programmi\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\programmi\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\programmi\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\programmi\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\programmi\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\programmi\DSETUP.dll
2009-03-05 16:08 . 2009-04-10 20:24 61440 ----a-w- c:\programmi\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

[-] 2008-04-14 02:14 14336 BB8363ABEC09AA2F9B363484E282117C c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\svchost.exe
[-] 2004-08-30 20:00 14336 73955B04F209D8A1C633867841267A96 c:\windows\system32\svchost.exe
[-] 2004-08-30 20:00 14336 73955B04F209D8A1C633867841267A96 c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 02:13 82432 D34F635FF28F2AABEDC95BFEB891864C c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ws2_32.dll
[-] 2004-08-30 20:00 82944 12EAD983C875ED9BCC8B90E3F77F2E4A c:\windows\system32\ws2_32.dll
[-] 2004-08-30 20:00 82944 12EAD983C875ED9BCC8B90E3F77F2E4A c:\windows\system32\dllcache\ws2_32.dll

[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2004-08-30 20:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 02:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\winlogon.exe
[-] 2004-08-30 20:00 544256 E6F62282EBAA63BA07FA2DC7198B8D0D c:\windows\system32\winlogon.exe
[-] 2004-08-30 20:00 544256 E6F62282EBAA63BA07FA2DC7198B8D0D c:\windows\system32\dllcache\winlogon.exe
[-] 2004-08-30 20:00 504832 4166454E2BCFCC20D1B8A5AC9FEAB243 c:\windows\VistaMizer\old\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ndis.sys
[-] 2004-08-30 20:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-30 20:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ip6fw.sys
[-] 2004-08-30 20:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-30 20:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2007-06-13 13:22 1554432 21B69AA06FCE941009A3C58DC8E94A5E c:\windows\explorer.exe
[7] 2007-06-13 13:10 1035776 B4E85805BE6D23DE697F7B3BA7492D0B c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-30 20:00 1034752 178D42BD8FC34A9837417A6CE1D6BB7B c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 02:14 1036288 70D7F99D95615C3C278367756287DB71 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\explorer.exe
[-] 2007-06-13 13:22 1554432 21B69AA06FCE941009A3C58DC8E94A5E c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 13:22 1035776 7E2817A623E16F830B660F81C0FD63DA c:\windows\VistaMizer\old\explorer.exe

[-] 2009-02-09 09:50 111104 BCF1770A35BDA3BD13A9E2054F15F37E c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2009-02-09 11:22 111104 26845F272435302E0F3322E660A24F7D c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 11:14 111104 C79FEAE2F68982259907AB52B0F2676F c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-30 20:00 108544 E77F6FA2A15390F1727F4C1C55B69DA6 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 02:14 109056 DAC0440C89B1EA4E35684896D5BF856E c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\services.exe
[-] 2009-02-09 10:05 111104 AA6602EA22899E57D4661DDA87C3EE21 c:\windows\system32\services.exe
[-] 2009-02-09 10:05 111104 AA6602EA22899E57D4661DDA87C3EE21 c:\windows\system32\dllcache\services.exe

[-] 2008-04-14 02:14 13312 0FBA335727905DE8E4CB5A2CF438ABF5 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\lsass.exe
[-] 2004-08-30 20:00 13312 0815E8DA286775FA432C7C9EE5E10BA1 c:\windows\system32\lsass.exe
[-] 2004-08-30 20:00 13312 0815E8DA286775FA432C7C9EE5E10BA1 c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 02:14 15360 F53CDDEF33A4C41336A782BE3D170158 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ctfmon.exe
[-] 2004-08-30 20:00 25088 40DE117B6CCFC031D2DC8B73D82020CF c:\windows\system32\ctfmon.exe
[-] 2004-08-30 20:00 25088 40DE117B6CCFC031D2DC8B73D82020CF c:\windows\system32\dllcache\ctfmon.exe
[-] 2004-08-30 20:00 15360 5B33B4265966EE063C7FBEA28958D9C2 c:\windows\VistaMizer\old\ctfmon.exe

[-] 2008-04-14 02:14 26624 DF69726907357C3ADD243F48902B0331 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\userinit.exe
[-] 2004-08-30 20:00 25088 C1E7FE19F98A877BF8F941BF48148695 c:\windows\system32\userinit.exe
[-] 2004-08-30 20:00 25088 C1E7FE19F98A877BF8F941BF48148695 c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 02:13 296960 FE5A5329CCFC33D645C33077FF04F052 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\termsrv.dll
[-] 2004-08-30 20:00 296960 C06CD1890279603E15020757E02DE56B c:\windows\system32\termsrv.dll
[-] 2004-08-30 20:00 296960 C06CD1890279603E15020757E02DE56B c:\windows\system32\dllcache\termsrv.dll

[7] 2007-04-16 16:09 1030144 6D9421A648F26B8640C63D0F8F2B7D48 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 13:54 1033216 98993B11907E932A7ED121AAEEC2F3E0 c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2009-03-21 14:06 1033728 5576C1D7AF026D18240ED6A624FD01A2 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 13:59 1035776 A3A365C46057532F6638D57E4C0B66B8 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2004-08-30 20:00 1027584 FEB3CC200749FF119BB8B08224A1A594 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2007-04-16 15:54 1028608 EB1428078E1D10FDEC060857AA526A9F c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 02:13 1033728 06157539EBB8B87D47B9B6C5DA44B62F c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\kernel32.dll
[-] 2009-03-21 14:18 1030144 C71A4010BBA2B2998FDF28130E8A0173 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:18 1030144 C71A4010BBA2B2998FDF28130E8A0173 c:\windows\system32\dllcache\kernel32.dll

[-] 2008-04-14 02:13 17408 2F331374433E3FE176BEE155D9BE83E1 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\powrprof.dll
[-] 2004-08-30 20:00 17408 41FF9D663219A1DD0397FE2C5B09436C c:\windows\system32\powrprof.dll
[-] 2004-08-30 20:00 17408 41FF9D663219A1DD0397FE2C5B09436C c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 02:13 110080 3F970150C170A38FCE423994341205B4 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\imm32.dll
[-] 2004-08-30 20:00 110080 CA38A6091ECAC2668EC99AFD4B6C0615 c:\windows\system32\imm32.dll
[-] 2004-08-30 20:00 110080 CA38A6091ECAC2668EC99AFD4B6C0615 c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 02:13 1571840 CE7DB8EE1C9BD8A40F84529DDC28B0D8 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\sfcfiles.dll
[-] 2004-08-30 20:00 1548288 0F9AAB130D89786A59F8F93A9E23C658 c:\windows\system32\sfcfiles.dll
[-] 2004-08-30 20:00 1548288 0F9AAB130D89786A59F8F93A9E23C658 c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 02:13 175104 9062ED05B7519324FD7F0D6AFB9D1147 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\appmgmts.dll
[-] 2004-08-30 20:00 175104 00E50CD4D9247CB56EFC1360C32AB755 c:\windows\system32\appmgmts.dll
[-] 2004-08-30 20:00 175104 00E50CD4D9247CB56EFC1360C32AB755 c:\windows\system32\dllcache\appmgmts.dll

[-] 2008-04-14 01:53 25088 28B6EACE513CA7EABA3B809AD4BC274D c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\kbdclass.sys
[-] 2004-08-30 20:00 25088 E883AE6EA0B313E659225AA32E449CE9 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-18_22.04.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-19 09:57 . 2010-01-19 09:57 16384 c:\windows\Temp\Perflib_Perfdata_694.dat
+ 2010-01-18 22:04 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2010-01-18 22:04 . 2005-06-10 23:53 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
- 2007-10-06 15:36 . 2010-01-18 16:07 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-06 15:36 . 2010-01-19 09:57 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-06 15:36 . 2010-01-18 16:07 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2007-10-06 15:36 . 2010-01-19 09:57 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2007-10-06 15:36 . 2010-01-18 16:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-10-06 15:36 . 2010-01-19 09:57 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-18 22:04 . 2009-10-29 07:40 916480 c:\windows\system32\dllcache\cache\wininet.dll
+ 2010-01-18 22:04 . 2007-03-08 15:37 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-11-19 16:48 . 2010-01-19 09:57 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-11-19 16:48 . 2010-01-18 16:07 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-01-18 22:04 . 2009-08-04 17:03 2184064 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2010-01-18 22:04 . 2009-08-04 17:03 2061440 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-30 25088]
"msnmsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"SpywareTerminatorUpdate"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-18 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2009-11-03 86016]
"PCTAVApp"="c:\programmi\PC Tools AntiVirus\PCTAV.exe" [2009-04-16 1505168]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-18 2166784]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ICO.EXE [2004-07-14 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 25088]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Azureus\\Azureus.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\File comuni\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [14/01/2010 20.32.19 206256]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [26/05/2009 16.01.37 16512]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBlf.SYS [26/05/2009 16.01.37 13824]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\programmi\Anti Trojan Elite\ATEPMon.sys --> c:\programmi\Anti Trojan Elite\ATEPMon.sys [?]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [27/06/2009 17.55.17 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [27/06/2009 17.55.17 105216]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a1a7c2-aff4-11dc-b4b9-00115b33e8b4}]
\Shell\AutoRun\command - G:\AutoTransfer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-18 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-19 c:\windows\Tasks\User_Feed_Synchronization-{D69F225C-ECC7-421E-836B-8FD887739AF2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2010-01-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-27 21:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\programmi\File comuni\PC Tools\LSP\PCTLsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 11:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

c:\windows\TEMP\H8SRTbee6.tmp 238 bytes

Scansione completata con successo
Files nascosti: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\H8SRTd.sys]
"imagepath"="\systemroot\system32\drivers\H8SRTovmpfaklln.sys"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,23,4d,0d,1d,49,
ea,88,06,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,43,58,0b,47,e2,
29,45,62,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,8c,47,bb,22,5e,
d6,d0,d9,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,4d,87,8a,88,66,
d1,e3,97,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,4c,f2,49,91,35,
45,ec,88,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,42,4a,53,d9,a5,
04,dd,8e,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,6d,c0,74,de,1d,
9b,59,61,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,4d,e7,65,4e,cd,
e8,db,78,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,93,6c,f1,b2,e0,
68,1d,0c,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e3,c2,29,b3,dc,
21,f8,a5,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,7d,75,74,b5,0f,
e3,16,62,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a5,9e,03,85,c4,
60,97,52,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\H8SRTd.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=expand:"\\systemroot\\system32\\drivers\\H8SRTovmpfaklln.sys"
"group"="file system"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WININET.dll
H8SRTiplhtkolar.dll 10000000 40960 \\?\globalroot\systemroot\system32\H8SRTiplhtkolar.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\WININET.dll
c:\windows\system32\setupapi.dll
c:\programmi\File comuni\PC Tools\LSP\PCTLsp.dll
.
Ora fine scansione: 2010-01-19 11.10.07
ComboFix-quarantined-files.txt 2010-01-19 10:09
ComboFix2.txt 2010-01-18 22:08

Pre-Run: 4.209.246.208 byte disponibili
Post-Run: 4.209.500.160 byte disponibili

387 --- E O F --- 2010-01-18 10:04

Utenti presenti in questo topic

7 pages: 1 [2] 3 4 5 6 7

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Aiuto Log

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS :

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded