Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log

Controllo Log Opzioni
Topic Precedente · Topic Sucessivo
lauraz
Inviato: Tuesday, June 17, 2008 1:34:30 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195
Mi hanno suggerito un controllo altri amici di Aiutamici

Logfile of HijackThis v1.99.1
Scan saved at 13.33.52, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmi\Vtune\TBPanel.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] C:\Programmi\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S368.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/it/Prg/ESTPTest.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chiaraesara.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45E7E1DC-2B16-4346-B3FA-A523E10025BA}: NameServer = 85.37.17.41 85.38.28.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Torna in alto
 
Sponsor
Inviato: Tuesday, June 17, 2008 1:34:30 PM

 
Torna in alto
 
r16
Inviato: Tuesday, June 17, 2008 10:25:28 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Il log non presenta anomalie.
Problemi?
Torna in alto
 
lauraz
Inviato: Wednesday, June 18, 2008 3:56:17 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195
r16 ha scritto:
Ciao.
Il log non presenta anomalie.
Problemi?


Ti incollo quello che ho scritto nell'altro post dove mi hanno consigliato di far controllare il log e sospettano che il pc sia infetto da Blaster:


Ciao,a volte quando accendo il pc viene la finestra che in seguito all'errore Autority-system il pc verra' riavviato entro 60-59-58.....secondi,quello che non capisco è perchè alcuni giorni c'è poi, senza fare niente di particolare ,per parecchio tempo non lo fa piu',poi un bel giorno si ripresenta,non lascio che si riavvii perche' andrebbe avanti all'infinito ma lo spengo con il bottone un paio di volte e sparisce.
Altro problemino,quando avvio Spybot mi si apre una finestra con "AdAware risulta installato ecc......" ma AdAware è da parecchi tempo che l'ho disinstallato perchè durante la scansione si spegneva il pc,molto probabilmente c'era un conflitto,come mai a Spybot risulta ancora installato? Dove cavolo si è incastrato AdAware? L'ho cercato ovunque ma non trovo piu' niente.
Torna in alto
 
dario-vr
Inviato: Wednesday, June 18, 2008 4:06:02 PM

Rank: AiutAmico

Iscritto dal : 3/28/2007
Posts: 633
Ciao Laura aspetta la risposta di r16 chè molto più preparato di me, ma credo che AdAware segnalato da Spybot non sia Ad-Aware programma della Lavasoft bensì un AdAware da debellare.
Perchè come ti ha suggerito r16 non posti un log di Hjack This?
Vedi la guida:

http://software.aiutamici.com/software?ID=11175
Torna in alto
 
dario-vr
Inviato: Wednesday, June 18, 2008 4:10:03 PM

Rank: AiutAmico

Iscritto dal : 3/28/2007
Posts: 633
Ciao Laura aspetta la risposta di r16 chè molto più preparato di me, ma credo che AdAware segnalato da Spybot non sia Ad-Aware programma della Lavasoft bensì un AdAware da debellare.
Perchè intanto non provi con questo programma finchè aspetti r16?
A-squared free è un anti malaware che uso da un bel po e mi trovo bene, meglio che con Ad-Aware 2008.
Non lo trovi qui in Aiutamici perchè Alfonso non lo ritiene "sicuro" per via di falsi positivi (in special modo per Emule) che una volta dava con frequenza, ma ora non più.

eccoti il link se ti interessa:

http://www.emsisoft.com/en/software/free/

puoi anche leggere in giro nei vari forum cosa ne pensano:

http://www.ilsoftware.it/querydl.asp?ID=780
Torna in alto
 
r16
Inviato: Wednesday, June 18, 2008 9:57:39 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao lauraz
No,non credo che hai il Blaster,avresti il log devastato (oltre il pc).
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti.
Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .
Sempre qui.
ComboFix non funziona in modalità provvisoria
Torna in alto
 
lauraz
Inviato: Wednesday, June 18, 2008 10:42:03 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195
r16 ha scritto:
Ciao lauraz
No,non credo che hai il Blaster,avresti il log devastato (oltre il pc).
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti.
Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .
Sempre qui.
ComboFix non funziona in modalità provvisoria





Ecco il file log di Combofix ( cavolo mi ha eliminato un sacco di cose!!!!!) :

ComboFix 08-06-16.5 - Massimo 2008-06-18 22.27.29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1553 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Massimo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Massimo\Dati applicazioni\addon.dat
C:\Documents and Settings\Massimo\Impostazioni locali\Dati applicazioni\aauoid_nav.dat
C:\Documents and Settings\Massimo\Impostazioni locali\Dati applicazioni\aauoid_navps.dat
C:\Documents and Settings\Utente\Dati applicazioni\AntiSpywareBot
C:\Documents and Settings\Utente\Dati applicazioni\AntiSpywareBot\Log\2007 Nov 08 - 11_22_59 PM_843.log
C:\Documents and Settings\Utente\Dati applicazioni\AntiSpywareBot\Log\2007 Nov 08 - 11_23_04 PM_515.log
C:\Documents and Settings\Utente\Dati applicazioni\AntiSpywareBot\rs.dat
C:\Documents and Settings\Utente\Dati applicazioni\AntiSpywareBot\Settings\CustomScan.stg
C:\Documents and Settings\Utente\Dati applicazioni\AntiSpywareBot\Settings\IgnoreList.stg
C:\Documents and Settings\Utente\Dati applicazioni\AntiSpywareBot\Settings\ScanInfo.stg
C:\Documents and Settings\Utente\Dati applicazioni\AntiSpywareBot\Settings\ScanResults.stg
C:\Documents and Settings\Utente\Dati applicazioni\AntiSpywareBot\Settings\SelectedFolders.stg
C:\Documents and Settings\Utente\Dati applicazioni\AntiSpywareBot\Settings\Settings.stg
C:\Documents and Settings\Utente\Dati applicazioni\m
C:\Documents and Settings\Utente\Dati applicazioni\m\list.oct
C:\Documents and Settings\Utente\Dati applicazioni\m\shared
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\3D Galaxy
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Acceleration Pack 2.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Adwords & Keywords 2.00 [Cracked].zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Aimg2PDF 1.1 [Patch].zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Air Warrior III v3.10 patch.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\All Image 1.3.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Allok MP3 WAV Converter 1.1.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Altdo Convert MP3 Master 2.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Anetto Password Saver 3.1 [KeyGen].zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\AprCalc 4.0 Serial.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\ASP Express Standard 4.1.5 Key+Serial.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\AVI Splitter 1.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\AVS DV to DVD 1.2.1.97 Serial.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\BasinFlow May 2005.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Battlefield 1942 Night of Nights map 2.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\BeamYourScreen 2.0.7.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\BitHack 0.95 Alpha.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\CHAOS Generator 2.4.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Chilibase for Outlook 1.5.4.138.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Coalesys HTTP Client 1.0.93.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Cool EasyCard For Valentine's day 2.55 Patch.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\CrazyWarp 2.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\DactyloMagic Pro 2007 9.0.0 (With Crack).zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\DailyPim 4.06 Patch.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Data Scripter 1.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\DBSmart 1.6.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Dicom 4.0.74.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Direct MP3 Recorder 1.0 [Patch].zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Diskeeper Server Standard Edition 11.0.703t Serial.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Diskimager 1.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\DiskLister 5.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Do Not Call List Solution Safe Caller 1.3 Key+Serial.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\DocClear Pro 3.1.0.0 Crack.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Easy HR Caps Lock 1.28.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\EZ Backup IE and Outlook Express Basic 4.7 (Cracked).zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Fantastic Flame Screensaver 5.15.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\FantasyTV Player Professional 2.70.2.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Flawless Complexion 5.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Funny Faces ScreenSaver 1.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\GetPDF Form Filler 2.00 Key.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\GetRight Pro 6c.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Global Surfari Notifier 1.0.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Globex Pro 3.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\GP 500 demo.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Hangman 1.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Happy Aqua-R Ticker Menu 1.30.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Hide Folder Now 3.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Hitman Codename 47 Patch (UK).zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Homemade Lip Gloss 1.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Hot Jingle Player 1.0 (Patch).zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\InspireModels.com Wallpaper Set 2 2.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Instant Messenger Dating 1.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\IP-Checker 1.21.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\IP2Location IP-COUNTRY-REGION-CITY Database May 2007.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\iZotope Vinyl for Winamp 2 1.0 (Patch).zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\JustCursors 1.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\KABcam 3.0.4.2.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Kaspersky.Antivirus.Personal.v6.0.1.411.Final.con.keyfiles.incluidos.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Kate Moss Sex-E Screensaver 3.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Linear Barcode Console 1.3 [Key+Serial].zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\LingoWare Portuguese (Brazilian).zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Lost Widget 2.2.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\MacBonferroni 1.00.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\MailOMatic 1.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Max Payne 2 The Fall of Max Payne Deep Blue mod 3.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Microsoft Virtual Server 2005 Enterprise R2 SP1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\MirrorJNDI 1.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\MonitorTest 2.2.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\MoodLogic 2.71.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Mp3 Recording Applet SDK 1.2.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\MsgAgent 0.37b.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\MusicWonk 3.2 [Cracked].zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\MySpeed Server Professional 7.2a.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\myTasks 1.5.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\News Central Lite 1.0.17976.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\NiceClock 1.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Nod32_2.51.12_XP-2k3-x64_SLO.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\On-Screen Keyboard Magic 1.0.0.27 (Patch).zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\ParsCafe Radio 1.0.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Photoshop Updater 7.0.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Picture of the Day 1.3.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\PostgreSQL Import Multiple Text Files Software 7.0 [KeyGen].zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Power Launch 2 2.00 [Patch].zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Pumpkin Jack Screensaver 3.11.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Quantrix WinTool 1.11.0114.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Quark ALAP ShadowCaster 3.2.3 [Key].zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\QuickSync 3.0FC2.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Rain Cast 2.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Recite French Words 3.1 (Key+Serial).zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\RememberNotes 1.03.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Robin Hood The Legend of Sherwood patch 1.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\RSI Reminder 1.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\RSS To Speech 1.1 (Key).zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Sophie's Cards for Windows 5.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\SOS Banner 1.1 (Key+Serial).zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Sothink DVD Ripper 1.3 Build 70119 With Crack.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\SourceMonitor 2.3.6.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\SpywareStriker 9.3.0.10 [Patch].zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\SQL Help Builder 2.03 [Cracked].zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\StyleName Widget 1.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\StylePad 1.4.2.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Super MP3 Recorder 3.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Superbowl XLI Countdown 1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\SuperPower 1.30 to 1.40 patch.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\SVGDeveloper 1.0.5.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Tab Transcriber 3.05.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\TExcelDSNCreator 1.002 (Cracked).zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Timer Cafe Lan House Manager 3.9.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\TrayList 2006.04.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Trooper 2.04.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Unreal Tournament 2004 DOM Mayan Ruins Map.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\VirtualCamera 0.8.5 build 1125.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Water Illusion Screensaver 3.60.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\WAV MP3 Converter 1.30.2 [Key+Serial].zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Web ImageGrabber 2.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\WebcastMaker 1.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Word2html Pro 1.7 [With Crack].zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\WorkManager 2.0.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\WorldTime 1.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\Xlight FTP Server 2.24.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\XMPlay 3.4.2.1.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\XT Typing Tutor 1.0.2 With Crack.zip
C:\Documents and Settings\Utente\Dati applicazioni\m\shared\ZipZag 1.80 (KeyGen).zip
C:\Documents and Settings\Utente\Dati applicazioni\m\srvlist.oct
C:\WINDOWS\explorer.exe.tmp
C:\WINDOWS\system32\drivers\retx2.sys
C:\WINDOWS\system32\fnhoje
C:\WINDOWS\system32\Oleopri20051.dll
C:\WINDOWS\system32\sysmwwod.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P
-------\Legacy_RUNTIME
-------\Service_asc3550p
-------\Service_fnhoje
-------\Service_retx2


((((((((((((((((((((((((( Files Creati Da 2008-05-18 al 2008-06-18 )))))))))))))))))))))))))))))))))))
.

2008-06-18 16:51 . 2008-06-18 16:52 <DIR> d-------- C:\Programmi\Netlog Video Tool
2008-06-17 15:42 . 2008-06-17 15:42 <DIR> d-------- C:\Programmi\City Interactive
2008-06-17 15:33 . 2008-06-17 15:33 <DIR> d-------- C:\Converted Videos
2008-06-17 15:33 . 2005-08-27 03:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-06-15 22:21 . 2008-06-15 22:23 <DIR> d-------- C:\WINDOWS\system32\oodag
2008-06-15 22:21 . 2008-06-15 22:21 0 --a------ C:\WINDOWS\oodcnt.INI
2008-06-15 16:02 . 2008-06-15 16:02 <DIR> d-------- C:\Programmi\Microsoft Games
2008-06-14 17:37 . 2008-06-14 17:37 <DIR> d-------- C:\Programmi\Netlog
2008-06-09 21:23 . 2008-06-09 21:23 <DIR> d-------- C:\WINDOWS\speech
2008-06-09 21:23 . 2008-06-15 15:21 <DIR> d-------- C:\Programmi\Acclaim Entertainment
2008-06-09 13:55 . 2008-06-09 13:56 <DIR> d-------- C:\Programmi\Spamihilator
2008-06-08 14:52 . 2008-06-08 14:52 <DIR> d-------- C:\Documents and Settings\Massimo\Dati applicazioni\Motive
2008-06-08 14:50 . 2008-06-08 15:55 <DIR> d-------- C:\WINDOWS\Motive
2008-06-08 14:50 . 2008-06-08 14:50 <DIR> d-------- C:\Programmi\File comuni\Motive
2008-06-08 14:50 . 2008-06-08 14:50 <DIR> d-------- C:\Programmi\Common Files
2008-06-08 14:42 . 2008-06-08 15:56 <DIR> d-------- C:\Programmi\Alice ti aiuta
2008-05-30 22:06 . 2008-05-30 22:06 <DIR> d-------- C:\WINDOWS\system32\Epson
2008-05-26 18:52 . 2008-05-26 18:52 <DIR> d-------- C:\Programmi\JoWood
2008-05-26 18:06 . 2008-05-26 18:06 <DIR> d-------- C:\Programmi\Flagship Studios
2008-05-18 11:28 . 2008-05-18 11:28 <DIR> d-------- C:\Documents and Settings\Massimo\Dati applicazioni\PlayFirst
2008-05-18 11:28 . 2008-05-18 11:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\PlayFirst

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 20:26 --------- d-----w C:\Documents and Settings\Massimo\Dati applicazioni\Spamihilator
2008-06-18 17:57 --------- d-----w C:\Programmi\eMule
2008-06-18 07:24 --------- d-----w C:\Documents and Settings\Massimo\Dati applicazioni\AVG7
2008-06-15 20:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2008-06-15 18:00 --------- d-----w C:\Documents and Settings\Massimo\Dati applicazioni\Microsoft Games
2008-06-15 14:32 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-15 13:02 --------- d-----w C:\Programmi\Eidos
2008-06-08 12:50 --------- d-----w C:\Programmi\Telecom Italia
2008-05-31 06:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\UDL
2008-05-31 06:22 --------- d-----w C:\Programmi\epson
2008-05-28 20:05 --------- d-----w C:\Programmi\SpeedFan
2008-05-26 16:28 --------- d-----w C:\Programmi\Ubisoft
2008-05-19 19:47 --------- d-----w C:\Programmi\MagicISO
2008-05-18 09:09 --------- d-----w C:\Programmi\Electronic Arts
2008-05-18 08:37 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-05-18 08:25 --------- d-----w C:\Programmi\Google
2008-05-17 07:48 --------- d-----w C:\Programmi\GameShadow
2008-05-12 16:01 --------- d-----w C:\Programmi\Ludonic
2008-05-11 21:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\DVD Shrink
2008-05-09 19:08 --------- d-----w C:\Documents and Settings\Massimo\Dati applicazioni\DeepBurner
2008-05-09 19:03 --------- d-----w C:\Programmi\SlySoft
2008-05-02 06:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\avg7
2008-05-01 15:35 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Dati applicazioni\AVG7
2008-05-01 15:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Grisoft
2008-04-25 12:02 --------- d-----w C:\Programmi\THQ
2008-04-19 19:40 --------- d-----w C:\Programmi\Wanadoo Edition
2008-04-19 18:00 --------- d-----w C:\Documents and Settings\Massimo\Dati applicazioni\Ubisoft
2008-04-19 18:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Ubisoft
2008-04-19 16:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\WLInstaller
2008-03-24 13:11 215,144 ----a-w C:\WINDOWS\patchw32.dll
2008-02-04 20:52 176 ----a-w C:\Documents and Settings\Massimo\preved.bat
2008-02-01 22:16 1 ----a-w C:\Documents and Settings\Massimo\SI.bin
2007-12-23 15:53 22,328 ----a-w C:\Documents and Settings\Massimo\Dati applicazioni\PnkBstrK.sys
2007-08-10 21:09 14 ----a-w C:\Documents and Settings\Utente\getfile.dat
2007-07-19 19:50 87,608 ----a-w C:\Documents and Settings\Utente\Dati applicazioni\ezpinst.exe
2007-07-19 19:50 47,360 ----a-w C:\Documents and Settings\Utente\Dati applicazioni\pcouffin.sys
2007-01-03 19:37 1 ----a-w C:\Documents and Settings\Utente\SI.bin
2006-07-18 13:41 1,019,094 --sha-r C:\Programmi\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Programmi\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Programmi\wunauclt.tbe
2006-05-28 13:45 115,459 --sha-r C:\Programmi\andame.zip
2006-05-28 13:45 115,459 --sha-r C:\Programmi\andame.tde
2008-01-30 20:56 0 --sha-w C:\WINDOWS\crack\klog.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"ISUSPM"="C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" [2006-09-10 23:56 218032]
"NBJ"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 17:59 143360]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"Gainward"="C:\Programmi\Vtune\TBPanel.exe" [2006-09-13 11:16 2154496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [2003-01-22 13:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 08:54 16248320 C:\WINDOWS\RTHDCPL.EXE]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40 155648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-02 08:48 579584]
"Spamihilator"="C:\Programmi\Spamihilator\spamihilator.exe" [2008-01-06 13:20 1003520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-05-01 17:35 219136]

C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yie85.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Spamihilator\\dccproc.exe"=
"C:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programmi\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"C:\\Programmi\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3263:TCP"= 3263:TCP:@xpsp2res.dll,-22005
"4042:TCP"= 4042:TCP:@xpsp2res.dll,-22005
"11801:TCP"= 11801:TCP:@xpsp2res.dll,-22005
"23476:TCP"= 23476:TCP:@xpsp2res.dll,-22005

R2 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 18:06]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2002-09-25 08:37]
R3 TaurusUsb;ADSL Modem USB Service 1.09a;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-01-09 16:21]
S1 fak32;fak32;C:\WINDOWS\system32\drivers\fak32.sys []
S1 retx2;retx2;C:\WINDOWS\system32\drivers\retx2.sys []
S2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]
S4 fnhoje;fnhoje;C:\WINDOWS\system32\fnhoje []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a50d4ab7-ae10-11dc-b53e-00138fd227ed}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C5CD9787-54F4-6B5A-7054-5E50F28A8F48}]
C:\WINDOWS\crack\crack.exe s
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 22:31:53
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\btstack]
"ImagePath"="\??\C:\WINDOWS\system32\btstack.ibs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ellowtab]
"ImagePath"="\??\C:\WINDOWS\system32\ellowtab.txt"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\fnhoje]
"ImagePath"="\??\C:\WINDOWS\system32\fnhoje"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-18 22:36:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 20:36:32

22 Directory 134,881,267,712 byte disponibili
26 Directory 135,693,189,120 byte disponibili

337 --- E O F --- 2008-02-13 12:14:35


Ecco il Log di HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 22.41.40, on 18/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmi\Vtune\TBPanel.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] C:\Programmi\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/it/Prg/ESTPTest.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chiaraesara.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45E7E1DC-2B16-4346-B3FA-A523E10025BA}: NameServer = 85.37.17.41 85.38.28.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Torna in alto
 
r16
Inviato: Wednesday, June 18, 2008 10:56:15 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avevi un macello nel pc......(e non è finita)
Scarica Norman Malware Cleaner http://download.norman.no/public/Norman_Malware_Cleaner.exe
Norman Malware Cleaner lo si fà girare in MODALITA PROVVISORIA.

Si avvia
si accetta la licenza
si clicca Start Scan
si attende la fine della scansione
Viene generato un log sul desktop, postalo qui.
In alcuni casi Norman Malware Cleaner potrebbe richiedere il riavvio del computer per rimuovere completamente l'infezione, in
questo caso è raccomandata una seconda esecuzione del programma dopo aver riavviato il PC per garantire la completa rimozione di tutti i files infetti.

Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e lo fai girare in Modalità Provvisoria (è molto importante).
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223

Aggiorna HijackThis
http://www.aiutaamici.com/software?ID=11175
Torna in alto
 
lauraz
Inviato: Thursday, June 19, 2008 3:35:13 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195
r16 ha scritto:
Avevi un macello nel pc......(e non è finita)
Scarica Norman Malware Cleaner http://download.norman.no/public/Norman_Malware_Cleaner.exe
Norman Malware Cleaner lo si fà girare in MODALITA PROVVISORIA.

Si avvia
si accetta la licenza
si clicca Start Scan
si attende la fine della scansione
Viene generato un log sul desktop, postalo qui.
In alcuni casi Norman Malware Cleaner potrebbe richiedere il riavvio del computer per rimuovere completamente l'infezione, in
questo caso è raccomandata una seconda esecuzione del programma dopo aver riavviato il PC per garantire la completa rimozione di tutti i files infetti.

Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e lo fai girare in Modalità Provvisoria (è molto importante).
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223

Aggiorna HijackThis
http://www.aiutaamici.com/software?ID=11175





Ciao,questo è log di Norman,mentre Virit si è interroto con una segnalazioe di errore che ha chiuso l'esecuzione,alla fine del log di Norman ti metto il log di HijackThis

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/06/16 19:12:25

Norman Scanner Engine Version: 5.92.08
Nvcbin.def Version: 5.92.00, Date: 2008/06/16 19:12:25, Variants: 1752355

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode) Service Pack 2
Logged on user: TRAVERSA-C9CBCB\Massimo

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scan started: 19/06/2008 14:23:06


Scanning running processes and process memory...

Number of processes/threads found: 486
Number of processes/threads scanned: 486
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 8s


Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\Massimo\Desktop\Incoming\[PC Game ITA] The Settlers - L'eredità Dei Re - Cd1+Cd2+Crack.zip/[PC Game ITA] The Settlers - L'eredit… Dei Re - Cd 1.rar/CMT (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Desktop\Incoming\[PC Game ITA] The Settlers - L'eredità Dei Re - Cd1+Cd2+Crack.zip/[PC Game ITA] The Settlers - L'eredit… Dei Re - Cd 2.rar/CMT (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Desktop\Incoming\sblocco LG\guida e software - setool free - sblocco_unlock LG 8330\SETool Free.rar/CMT (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Desktop\Incoming\[PcGAME - ITA] MAME 32 tutti i giochi da bar\flyers\FLYERS.ZIP/elevatob.png (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Desktop\Incoming\[PcGAME - ITA] MAME 32 tutti i giochi da bar\flyers\FLYERS.ZIP/irobot.png (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Desktop\Incoming\[PcGAME - ITA] MAME 32 tutti i giochi da bar\flyers\FLYERS.ZIP/xenophob.png (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Desktop\Incoming\[PcGAME - ITA] MAME 32 tutti i giochi da bar\images\IMAGES.ZIP/lizwiz.png (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Desktop\Incoming\[PcGAME - ITA] MAME 32 tutti i giochi da bar\roms\CONTRA.ZIP/g-7.rom (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Desktop\Incoming\[PcGAME - ITA] MAME 32 tutti i giochi da bar\roms\HIIMPACT.ZIP/la1u113.bin (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Desktop\Incoming\[PcGAME - ITA] MAME 32 tutti i giochi da bar\roms\LKAGE.ZIP/lok.a (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Desktop\Incoming\[PcGAME - ITA] MAME 32 tutti i giochi da bar\roms\WARRIOR.ZIP/warrior.r7 (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Documenti\GIOCHI KIARA\Carrie the Caregiver.rar/STM (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Documenti\GIOCHI KIARA\Carrie the Caregiver.rar/ACL (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Documenti\GIOCHI KIARA\Carrie the Caregiver.rar/ACL (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Documenti\GIOCHI KIARA\Carrie the Caregiver.rar/ACL (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Documenti\GIOCHI KIARA\Carrie the Caregiver.rar/AV (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Massimo\Documenti\GIOCHI KIARA\Carrie the Caregiver.rar/RR (Error whilst scanning file: I/O Error)

C:\System Volume Information\_RESTO~1\RP133\A0014725.exe (Infected with Suspicious_M.gen)
Deleted file

C:\System Volume Information\_RESTO~1\RP150\A0016333.exe (Infected with W32/Dialer.CAJO)
Deleted file

C:\System Volume Information\_RESTO~1\RP150\A0016346.exe (Infected with W32/Dialer.CAJO)
Deleted file

C:\System Volume Information\_RESTO~1\RP150\A0017487.exe (Infected with W32/Dialer.CAJO)
Deleted file

C:\System Volume Information\_RESTO~1\RP151\A0017556.dll (Infected with W32/BHO.CJO)
Deleted file

C:\System Volume Information\_RESTO~1\RP151\A0017557.dll (Infected with W32/Adclicker.BXW)
Deleted file

C:\System Volume Information\_RESTO~2\RP112\A0063024.0XE (Infected with Bifrose.gen7)
Deleted file

C:\System Volume Information\_RESTO~2\RP118\A0063198.exe (Infected with Hupigon.gen83)
Deleted file

C:\System Volume Information\_RESTO~2\RP118\A0063206.0YS (Infected with W32/Rootkit.AVX)
Deleted file

C:\System Volume Information\_RESTO~2\RP143\A0093632.exe (Infected with W32/Smalltroj.DGZQ)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139005.exe (Infected with W32/DLoader.FMJA)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139006.exe (Infected with W32/Downloader.IZH)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139007.exe (Infected with W32/DLoader.FMJA)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139008.exe (Infected with W32/DLoader.FMJA)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139009.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139010.exe (Infected with W32/DLoader.FMJA)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139011.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139012.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139013.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139014.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139015.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139016.exe (Infected with W32/Downloader.IZH)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139017.exe (Infected with W32/DLoader.FMJA)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139018.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139019.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139020.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139021.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139022.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139023.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139024.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139025.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139026.exe (Infected with W32/DLoader.FLSO)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139027.exe (Infected with W32/DLoader.FMJA)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139028.dll (Infected with W32/Virtumonde.IJF)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139029.exe (Infected with W32/Smalltroj.CWIM)
Deleted file

C:\System Volume Information\_RESTO~2\RP194\A0139031.exe (Infected with Hupigon.gen83)
Deleted file

C:\WINDOWS\system32\btstack.ibs (Infected with W32/Rootkit.DAZ)
Removed driver: btstack
Deleted file

C:\WINDOWS\system32\ellowtab.txt (Infected with W32/Rootkit.DBX)
Removed driver: ellowtab
Deleted file

Scanning: c:\System Volume Information\*.*


Running post-scan cleanup routine:

Number of files found: 149880
Number of archives unpacked: 1712
Number of files scanned: 149838
Number of files not scanned: 42
Number of files skipped due to exclude list: 0
Number of infected files found: 38
Number of infected files repaired/deleted: 38
Number of infections removed: 38
Total scanning time: 52m 44s



Il log di HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.34.39, on 19/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmi\Vtune\TBPanel.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] C:\Programmi\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/it/Prg/ESTPTest.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chiaraesara.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45E7E1DC-2B16-4346-B3FA-A523E10025BA}: NameServer = 85.37.17.41 85.38.28.83
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7126 bytes
Torna in alto
 
lauraz
Inviato: Thursday, June 19, 2008 3:58:25 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195
Chiedo scusa,ma c'è qualche programma che aiuti a fermare tutta questa spazzatura,visto che l'antivirus non li vede assolutamente?
Secondo voi Messenger e Netlog sono sicuri o sono un bell'aiuto per la spazzatura?
Torna in alto
 
monsee
Inviato: Thursday, June 19, 2008 4:09:54 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Windows Live Messenger è CERTAMENTE "un bell'aiuto per la spazzatura"... Esistono -però- programmi più sicuri ed affidabili, ovviamente.
Ad esempio: aMSN, Pidgin [anche in versione Portable, se preferisci], Coccinella. Miranda (anche in versione Portable, se così preferisci) e Windows Messenger 5.1 (quest'ultimo, solo per XP).
Torna in alto
 
r16
Inviato: Thursday, June 19, 2008 8:27:56 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao .
Il Norman ti ha levato altre 38 infezioni.
Esegui queste operazioni:
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Spegni il pc.
Avvia il pc.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Provvedi a svuotare del suo contenuto la cartella Prefetch :

Start
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate, la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri, ed elimina tutte le voci conservate al suo interno (mi raccomando, non eliminare la cartella)
SVUOTA IL CESTINO.
Poi:
lancia Hijackthis
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
lascia la spunta alla voce Ignore safe system info streams
togli la spunta alla voce Calculate md5 checksum of streams
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Terminata la scansione, devi riavviare il sistema.

Poi :
Scarica VundoFix.exe sul desktop http://www.atribune.org/ccount/click.php?id=4
Doppio click sull'icona per avviare VundoFix.exe
Clicca Scan for Vundo.
Durante le operazioni di scansione, non utilizzare il pc
al termine della scansione, clicca Remove Vundo.

Ti chiede se vuoi eliminare i files infetti, clicca YES
il tuo video diventerà nero durante la rimozione di Vundo.

Al termine ti chiederà di riavviare il pc, clicca OK.
Copia qui il contenuto del log C:\vundofix.txt e un nuovo log di hijackthis
Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.

Scarica VirtuMondeBegone sul desktop http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Avvia il pc in modalità provvisoria. (va usato esclusivamente in questa modalità)
Doppio click sull'icona per avviare il programma

Clicca su Continue
Clicca su Start
Clicca su Si
Al termine riavvia il pc e copia qui il log che verrà creato.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni
Per ultimo,Riprova a fare la scansione con VIRIT.(in modalità Provvisoria)
Torna in alto
 
lauraz
Inviato: Thursday, June 19, 2008 10:06:40 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195
Il link di Vundofix non funziona,questa sera devo lavorare con il pc e non riesco a fare quello che hai scritto,appena posso ti mando quel log comunque gia' cosi' è un'altro lavorare,il pc sembra che abbia raddoppiato la velocita'!!!
Torna in alto
 
r16
Inviato: Thursday, June 19, 2008 10:09:57 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
lauraz ha scritto:
Il link di Vundofix non funziona,questa sera devo lavorare con il pc e non riesco a fare quello che hai scritto,appena posso ti mando quel log comunque gia' cosi' è un'altro lavorare,il pc sembra che abbia raddoppiato la velocita'!!!

Non è abbastanza,hai anche il Vundo,da eliminare.
Hai ragione il link di VundoFix non funziona.
Prosegui con FixVundo:
ESECUZIONE FIXVUNDO :
http://www.symantec.com/content/it/it/global/removal_tool/threat_writeups/FixVundo.exe

lancia FIXVundo
● clicca su Start per avviare la scansione
● il tool se rileverà traccie di vundo, procederà automaticamente .
● finita la scansione, ti apparirà il messaggio se sono state rilevate o meno traccie di vundo.

potrai trovareil log nella stessa cartella in cui il tool è stato eseguito
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.