Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Trojan.win32.Buzus.bnkh

Trojan.win32.Buzus.bnkh Opzioni
Topic Precedente · Topic Sucessivo
patton
Inviato: Sunday, July 12, 2009 5:10:28 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Non riesco ad eliminare questo trojan.Credo di essere stato contagiato da un contatto di Messenger.Il Pc ha rallentato tutte le funzioni.Inoltre segnalo che ho la connessione sempre attiva in quanto avast mail scanner protegge da un file "sub.exe "mail-pz0-f7.

SO win XP Pro, antivirus Avast, ie 8.
Suggerimenti
Grazie
Allego Longfile di Hijachthis per un controllo.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.50.20, on 12/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bcmwltry.exe
C:\Programmi\Iomega HotBurn Pro\Autolaunch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\sub.exe
C:\WINDOWS\winmgrs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\dfsinstall.exe
C:\WINDOWS\qwtxdtkruu.exe
C:\WINDOWS\system32\uiywlybpdd.exe
C:\RECYCLER\nxbzubsvqq.exe
C:\Programmi\InstantTimeZone\InstantTimeZone.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\InstantTimeZone\InstantTimeZone.exe
C:\Programmi\Windows Live\Toolbar\wltuser.exe
c:\windows\explorer.exe
C:\WINDOWS\dllcache.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Programmi\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [googletalk] C:\Programmi\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Dynamic Library Cache] dllcache.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winmgrs.exe
O4 - HKLM\..\Run: [PromoReg] C:\sub.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gennaro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [dfsinstall.exe] C:\dfsinstall.exe
O4 - HKCU\..\Run: [qwtxdtkruu.exe] C:\WINDOWS\qwtxdtkruu.exe
O4 - HKCU\..\Run: [uiywlybpdd.exe] C:\WINDOWS\system32\uiywlybpdd.exe
O4 - HKCU\..\Run: [nxbzubsvqq.exe] C:\RECYCLER\nxbzubsvqq.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: InstantTimeZone.lnk = C:\Programmi\InstantTimeZone\InstantTimeZone.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c986c4f9c55060) (gupdate1c986c4f9c55060) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe

--
End of file - 12410 bytes
Torna in alto
 
Sponsor
Inviato: Sunday, July 12, 2009 5:10:28 PM

 
Torna in alto
 
r16
Inviato: Sunday, July 12, 2009 5:23:16 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Ne hai più di uno.
Fai queste 2 scansioni:
MALWAREBYTES:

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.

------------------------------------------------------------------------------------------------------
COMBOFIX
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)

Riposta un log aggiornato di HJT.
Torna in alto
 
patton
Inviato: Sunday, July 12, 2009 6:16:00 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
in questo momento Spybot ha trovato questo:Win32.iksmas.ai.Devo completare la scansione con Spybot o iniziare subito la tua cura.
ciao
Torna in alto
 
r16
Inviato: Sunday, July 12, 2009 6:26:31 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ormai finisci la scansione con SpyBot.
Elimina quello che trova, fai una pulizia con CCleaner, e poi fai la cura che ti ho descritto.
Torna in alto
 
patton
Inviato: Monday, July 13, 2009 8:33:36 AM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Ciao r16,
Ho eseguito la cura:
Ti invio il mbam-log:

Malwarebytes' Anti-Malware 1.38
Versione del database: 2406
Windows 5.1.2600 Service Pack 3

13/07/2009 6.35.55
mbam-log-2009-07-13 (06-35-55).txt

Tipo di scansione: Scansione completa (C:\|E:\|F:\|G:\|I:\|)
Elementi scansionati: 188601
Tempo trascorso: 9 hour(s), 15 minute(s), 50 second(s)

Processi delle memoria infetti: 3
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 4
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 5

Processi delle memoria infetti:
C:\sub.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\dllcache.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\RECYCLER\nxbzubsvqq.exe (Heuristics.Malware) -> Unloaded process successfully.

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nxbzubsvqq.exe (Heuristics.Malware) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Dynamic Library Cache (Backdoor.Bot) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\sub.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Gennaro\impostazioni locali\temporary internet files\Content.IE5\GKSZKNZO\ub[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1553a12d-0911-4977-b722-8e7956260fe8}\rp178\A0066495.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\dllcache.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\RECYCLER\nxbzubsvqq.exe (Heuristics.Malware) -> Delete on reboot.

Ti invio il ComboFix Test:
ComboFix 09-07-12.03 - Gennaro 13/07/2009 7.19.53.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.367.139 [GMT 2:00]
Eseguito da: c:\documents and settings\Gennaro\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090712-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\WinPCap
c:\programmi\WinPCap\rpcapd.exe
c:\windows\Installer\6499a3.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hjgruiixfmqpcw.dat
c:\windows\system32\hjgruiuxqcdcaq.dat
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HJGRUIOBLXEPTT
-------\Legacy_NPF
-------\Service_hjgruioblxeptt
-------\Service_npf


((((((((((((((((((((((((( Files Creati Da 2009-06-13 al 2009-07-13 )))))))))))))))))))))))))))))))))))
.

2009-07-12 11:34 . 2009-07-12 11:34 45618 ----a-w- c:\windows\depatchh.exe
2009-07-04 15:28 . 2009-07-04 15:28 -------- d-----w- c:\documents and settings\Gennaro\Dati applicazioni\FileZilla
2009-07-02 14:47 . 2009-07-02 14:50 -------- d-----w- c:\documents and settings\Gennaro\Impostazioni locali\Dati applicazioni\Temp
2009-07-01 13:16 . 2009-07-01 13:16 -------- d-----w- c:\programmi\File comuni\Skype
2009-07-01 13:16 . 2009-07-01 13:17 -------- d-----r- c:\programmi\Skype
2009-06-29 06:59 . 2002-01-21 20:10 122880 ----a-w- c:\windows\system32\TWNLIB3.DLL
2009-06-29 06:59 . 2001-11-27 17:27 210200 ----a-w- c:\windows\system32\TWNPRO3.DLL
2009-06-29 06:59 . 2009-06-29 07:12 -------- d-----w- c:\programmi\Photocopier
2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\Gennaro\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
2009-06-18 15:46 . 2009-06-18 15:48 -------- d-----w- c:\documents and settings\Gennaro\Dati applicazioni\XnView
2009-06-17 20:34 . 2009-06-17 20:41 152576 ----a-w- c:\documents and settings\Gennaro\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 05:39 . 2009-01-23 20:35 -------- d-----w- c:\documents and settings\Gennaro\Dati applicazioni\Skype
2009-07-13 05:39 . 2009-01-23 20:37 -------- d-----w- c:\documents and settings\Gennaro\Dati applicazioni\skypePM
2009-07-13 04:55 . 2009-01-24 09:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-07-12 07:10 . 2009-02-13 21:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-07-11 15:21 . 2009-01-24 09:52 -------- d-----w- c:\programmi\Lavasoft
2009-07-11 15:21 . 2009-01-24 09:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-07-11 07:38 . 2009-05-08 20:22 -------- d-----w- c:\programmi\a-squared Free
2009-07-11 06:52 . 2009-05-08 19:23 117760 ----a-w- c:\documents and settings\Gennaro\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-10 06:22 . 2009-01-25 07:36 -------- d-----w- c:\documents and settings\Gennaro\Dati applicazioni\Image Zone Express
2009-07-06 16:30 . 2009-03-09 19:20 -------- d-----w- c:\programmi\CDBurnerXP
2009-07-04 15:25 . 2009-01-23 21:50 -------- d-----w- c:\programmi\Glary Utilities
2009-07-01 13:15 . 2009-01-23 20:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-06-29 07:48 . 2009-01-23 20:14 71560 ----a-w- c:\documents and settings\Gennaro\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-21 15:16 . 2009-01-23 20:53 1480 ----a-w- c:\windows\AUTOLNCH.REG
2009-06-17 21:00 . 2009-01-21 17:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 20:22 . 2009-01-26 18:42 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-06-17 20:21 . 2009-02-12 05:45 3561743 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 09:27 . 2009-01-26 18:42 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-01-26 18:42 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 10:53 . 2009-06-12 10:53 -------- d-----w- c:\programmi\MSECache
2009-06-10 05:07 . 2009-01-21 20:04 -------- d-----w- c:\programmi\Windows Desktop Search
2009-06-09 11:31 . 2009-06-09 11:30 -------- d-----w- c:\documents and settings\Gennaro\Dati applicazioni\Media Player Classic
2009-06-09 11:31 . 2009-06-09 11:31 -------- d-----w- c:\documents and settings\Gennaro\Dati applicazioni\DivX
2009-06-03 06:39 . 2009-06-03 06:38 -------- d-----w- c:\programmi\iTunes
2009-06-03 06:39 . 2009-06-03 06:39 -------- d-----w- c:\programmi\iPod
2009-06-03 06:38 . 2009-03-12 16:37 -------- d-----w- c:\programmi\File comuni\Apple
2009-06-03 06:33 . 2009-06-03 06:32 -------- d-----w- c:\programmi\QuickTime
2009-06-01 21:12 . 2009-05-08 13:24 -------- d-----w- c:\programmi\Ashampoo
2009-06-01 21:10 . 2009-04-13 11:13 -------- d-----w- c:\documents and settings\Gennaro\Dati applicazioni\Ashampoo
2009-05-30 10:50 . 2009-05-30 10:50 75048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-24 22:24 . 2008-05-26 21:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-21 05:03 . 2009-01-23 20:34 -------- d-----w- c:\programmi\Google
2009-05-19 20:18 . 2009-05-19 20:18 -------- d-----w- c:\documents and settings\Gennaro\Dati applicazioni\JAM Software
2009-05-19 20:17 . 2009-05-19 20:17 -------- d-----w- c:\programmi\JAM Software
2009-05-19 13:17 . 2009-05-19 13:15 -------- d-----w- c:\programmi\DivX
2009-05-19 13:16 . 2009-05-19 13:15 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-05-19 13:06 . 2009-01-21 18:09 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-05-18 20:07 . 2009-02-19 18:57 -------- d-----w- c:\programmi\IObit
2009-05-18 12:35 . 2009-01-24 09:49 -------- d-----w- c:\documents and settings\Gennaro\Dati applicazioni\IObit
2009-05-17 20:25 . 2009-05-17 20:25 0 ----a-w- c:\windows\nsreg.dat
2009-05-15 12:09 . 2009-05-15 11:52 -------- d-----w- c:\programmi\InstantTimeZone
2009-05-15 12:03 . 2009-01-26 18:04 -------- d-----w- c:\documents and settings\Gennaro\Dati applicazioni\Qlock
2009-05-15 12:02 . 2009-01-26 18:03 -------- d-----w- c:\programmi\Qlock
2009-05-15 07:09 . 2009-05-15 07:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Anuko
2009-05-13 05:02 . 2008-05-14 12:55 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 13:12 . 2009-01-21 16:56 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-12 11:40 . 2009-05-12 11:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-07 15:32 . 2008-04-13 17:13 347648 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 19:47 . 2008-04-13 16:50 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 18:18 . 2001-08-31 12:00 93206 ----a-w- c:\windows\system32\perfc010.dat
2009-04-16 18:18 . 2001-08-31 12:00 513234 ----a-w- c:\windows\system32\perfh010.dat
2009-04-15 20:25 . 2009-05-19 13:17 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-04-15 20:25 . 2009-05-19 13:17 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-15 20:25 . 2009-05-19 13:17 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-04-15 20:25 . 2009-05-19 13:17 129784 ------w- c:\windows\system32\pxafs.dll
2009-04-15 20:25 . 2009-05-19 13:17 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2009-05-19 13:17 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-15 14:52 . 2008-04-13 17:13 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-13 18:14 14336 BB8363ABEC09AA2F9B363484E282117C c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-13 17:14 14336 BB8363ABEC09AA2F9B363484E282117C c:\windows\system32\svchost.exe
[-] 2008-04-13 17:14 14336 BB8363ABEC09AA2F9B363484E282117C c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-13 18:13 579584 FA94696C0727BD59E517C674CD6E7C72 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-13 17:13 579584 FA94696C0727BD59E517C674CD6E7C72 c:\windows\system32\user32.dll
[-] 2008-04-13 17:13 579584 FA94696C0727BD59E517C674CD6E7C72 c:\windows\system32\dllcache\user32.dll

[-] 2008-04-13 18:13 82432 D34F635FF28F2AABEDC95BFEB891864C c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-13 17:13 82432 D34F635FF28F2AABEDC95BFEB891864C c:\windows\system32\ws2_32.dll
[-] 2008-04-13 17:13 82432 D34F635FF28F2AABEDC95BFEB891864C c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-04-13 11:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 11:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-13 18:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-13 17:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\system32\winlogon.exe
[-] 2008-04-13 17:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-13 11:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 10:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 10:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 10:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 09:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 09:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2009-02-09 11:14 2069888 FF69166080436A31A3EAC9CC7C3F1847 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 18:25 2069760 C812D8551FD3B6ACDBF7EB6B18B1B992 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 13:22 2069760 93FB9D817B37DF1191B73DB7BC2F4006 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 17:25 2069632 5E95F445B70ADCF8876D1203852262A1 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-13 17:55 2069632 5E95F445B70ADCF8876D1203852262A1 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2009-02-10 17:14 2192896 3B5928FCD0DD3E10DEB1C13CA35201F6 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 18:25 2192896 0EE73494680235D59F4E57301D7AD580 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 13:22 2192896 0F93D9366B222D63F9402F7ED45CF2A4 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 16:55 2192768 7D804C28404E94F57967DE3394201D55 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-13 17:55 2192768 7D804C28404E94F57967DE3394201D55 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2008-04-13 17:14 1036288 70D7F99D95615C3C278367756287DB71 c:\windows\explorer.exe
[-] 2008-04-13 18:14 1036288 70D7F99D95615C3C278367756287DB71 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-13 17:14 1036288 70D7F99D95615C3C278367756287DB71 c:\windows\system32\dllcache\explorer.exe

[-] 2009-02-09 11:14 111104 C79FEAE2F68982259907AB52B0F2676F c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-13 17:14 109056 DAC0440C89B1EA4E35684896D5BF856E c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-13 18:14 109056 DAC0440C89B1EA4E35684896D5BF856E c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-09 11:22 111104 26845F272435302E0F3322E660A24F7D c:\windows\system32\services.exe
[-] 2009-02-09 11:22 111104 26845F272435302E0F3322E660A24F7D c:\windows\system32\dllcache\services.exe

[-] 2008-04-13 18:14 13312 0FBA335727905DE8E4CB5A2CF438ABF5 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-13 17:14 13312 0FBA335727905DE8E4CB5A2CF438ABF5 c:\windows\system32\lsass.exe
[-] 2008-04-13 17:14 13312 0FBA335727905DE8E4CB5A2CF438ABF5 c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-13 18:14 15360 F53CDDEF33A4C41336A782BE3D170158 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-13 17:14 15360 F53CDDEF33A4C41336A782BE3D170158 c:\windows\system32\ctfmon.exe
[-] 2008-04-13 17:14 15360 F53CDDEF33A4C41336A782BE3D170158 c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-13 18:14 57856 60977C9BAE8F86F9075829325303D0C9 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-13 17:14 57856 60977C9BAE8F86F9075829325303D0C9 c:\windows\system32\spoolsv.exe
[-] 2008-04-13 17:14 57856 60977C9BAE8F86F9075829325303D0C9 c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-13 18:14 26624 DF69726907357C3ADD243F48902B0331 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-13 17:14 26624 DF69726907357C3ADD243F48902B0331 c:\windows\system32\userinit.exe
[-] 2008-04-13 17:14 26624 DF69726907357C3ADD243F48902B0331 c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-13 18:13 296960 FE5A5329CCFC33D645C33077FF04F052 c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-13 17:13 296960 FE5A5329CCFC33D645C33077FF04F052 c:\windows\system32\termsrv.dll
[-] 2008-04-13 17:13 296960 FE5A5329CCFC33D645C33077FF04F052 c:\windows\system32\dllcache\termsrv.dll

[-] 2009-03-21 13:59 1035776 A3A365C46057532F6638D57E4C0B66B8 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-13 17:13 1033728 06157539EBB8B87D47B9B6C5DA44B62F c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-13 18:13 1033728 06157539EBB8B87D47B9B6C5DA44B62F c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:06 1033728 5576C1D7AF026D18240ED6A624FD01A2 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:06 1033728 5576C1D7AF026D18240ED6A624FD01A2 c:\windows\system32\dllcache\kernel32.dll

[-] 2008-04-13 18:13 17408 2F331374433E3FE176BEE155D9BE83E1 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-13 17:13 17408 2F331374433E3FE176BEE155D9BE83E1 c:\windows\system32\powrprof.dll
[-] 2008-04-13 17:13 17408 2F331374433E3FE176BEE155D9BE83E1 c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-13 18:13 110080 3F970150C170A38FCE423994341205B4 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-13 17:13 110080 3F970150C170A38FCE423994341205B4 c:\windows\system32\imm32.dll
[-] 2008-04-13 17:13 110080 3F970150C170A38FCE423994341205B4 c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-13 18:13 1571840 CE7DB8EE1C9BD8A40F84529DDC28B0D8 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-13 18:13 1571840 CE7DB8EE1C9BD8A40F84529DDC28B0D8 c:\windows\system32\sfcfiles.dll

[-] 2008-04-13 18:13 175104 9062ED05B7519324FD7F0D6AFB9D1147 c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-13 17:13 175104 9062ED05B7519324FD7F0D6AFB9D1147 c:\windows\system32\appmgmts.dll
[-] 2008-04-13 17:13 175104 9062ED05B7519324FD7F0D6AFB9D1147 c:\windows\system32\dllcache\appmgmts.dll

[-] 2008-04-13 17:53 25088 28B6EACE513CA7EABA3B809AD4BC274D c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 16:53 25088 28B6EACE513CA7EABA3B809AD4BC274D c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 18:13 845824 C43124F63818E65CAFA49D3957C3CA67 c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-13 17:13 845824 C43124F63818E65CAFA49D3957C3CA67 c:\windows\system32\comres.dll
[-] 2008-04-13 17:13 845824 C43124F63818E65CAFA49D3957C3CA67 c:\windows\system32\dllcache\comres.dll

[-] 2008-04-13 18:13 22016 1E63346FDDB693C8D5D574A49C877A2C c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-13 17:13 22016 1E63346FDDB693C8D5D574A49C877A2C c:\windows\system32\lpk.dll
[-] 2008-04-13 17:13 22016 1E63346FDDB693C8D5D574A49C877A2C c:\windows\system32\dllcache\lpk.dll

[-] 2001-08-31 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2001-08-31 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2001-08-31 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2001-08-31 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2008-04-13 18:13 927504 EE45F8D08BAEDA5316EA2C4F0B3C07AF c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-13 17:13 927504 EE45F8D08BAEDA5316EA2C4F0B3C07AF c:\windows\system32\mfc40u.dll
[-] 2008-04-13 17:13 927504 EE45F8D08BAEDA5316EA2C4F0B3C07AF c:\windows\system32\dllcache\mfc40u.dll

[-] 2009-02-09 10:55 401408 91F797DFBC1416FCEA76AD76FE07DA89 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-13 17:13 399360 DB0C9517C2374D86A18DBFA12B35B129 c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-13 18:13 399360 DB0C9517C2374D86A18DBFA12B35B129 c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2009-02-09 10:51 401408 BC4E0226341AAEC1222336B3AED86BAB c:\windows\system32\rpcss.dll
[-] 2009-02-09 10:51 401408 BC4E0226341AAEC1222336B3AED86BAB c:\windows\system32\dllcache\rpcss.dll

[-] 2008-04-13 18:13 33792 3B32F662C8607E891F325E41F7EE225C c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-13 17:13 33792 3B32F662C8607E891F325E41F7EE225C c:\windows\system32\msgsvc.dll
[-] 2008-04-13 17:13 33792 3B32F662C8607E891F325E41F7EE225C c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-13 18:13 617472 10AA0E13B4D20EE798E3382C9B89B3E3 c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-13 17:13 617472 10AA0E13B4D20EE798E3382C9B89B3E3 c:\windows\system32\comctl32.dll
[-] 2008-04-13 17:13 617472 10AA0E13B4D20EE798E3382C9B89B3E3 c:\windows\system32\dllcache\comctl32.dll
[-] 2008-04-13 17:11 1054208 9530E35D9033ACED20CDA2509A21073A c:\windows\WinSxS\InstallTemp\614350\comctl32.dll
[-] 2001-08-31 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-13 18:11 1054208 9530E35D9033ACED20CDA2509A21073A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2001-08-31 12:00 12160 49AC5CD87FBDDA62F3E25190019E7627 c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 18:13 5120 DA19147BEED619CAB738FE191BA0CD7C c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-13 17:13 5120 DA19147BEED619CAB738FE191BA0CD7C c:\windows\system32\sfc.dll
[-] 2008-04-13 17:13 5120 DA19147BEED619CAB738FE191BA0CD7C c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-13 18:13 437248 89DB90B5F35D2795D9FC56D933CC72B8 c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-13 17:13 437248 89DB90B5F35D2795D9FC56D933CC72B8 c:\windows\system32\ntmssvc.dll
[-] 2008-04-13 17:13 437248 89DB90B5F35D2795D9FC56D933CC72B8 c:\windows\system32\dllcache\ntmssvc.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-01 68856]
"Google Update"="c:\documents and settings\Gennaro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-01-24 133104]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Drag'n'Drop_Autolaunch"="c:\programmi\Iomega HotBurn Pro\Autolaunch.exe" [2002-09-05 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"googletalk"="c:\programmi\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-06-17 148888]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"bcmwltry"="bcmwltry.exe" - c:\windows\system32\bcmwltry.exe [2003-07-25 462848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-1-24 25214]
InstantTimeZone.lnk - c:\programmi\InstantTimeZone\InstantTimeZone.exe [2007-4-29 1687738]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoveCpl"=RemoveCpl.exe
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Gennaro\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Gennaro\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24/01/2009 11.30.15 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/01/2009 11.30.15 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [03/02/2009 7.27.15 55152]
R2 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19.08.58 533360]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys --> c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c986c4f9c55060;Google Update Service (gupdate1c986c4f9c55060);c:\programmi\Google\Update\GoogleUpdate.exe [04/02/2009 14.34.50 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\programmi\NOS\bin\getPlus_HelperSvc.exe [10/03/2009 20.46.18 33176]
S3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [23/01/2009 23.24.44 167661]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - dnbudf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-13 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-01-23 14:55]

2009-07-13 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-23 07:30]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-04 12:34]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-04 12:34]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1580818891-839522115-1003Core.job
- c:\documents and settings\Gennaro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-01-24 17:38]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1580818891-839522115-1003UA.job
- c:\documents and settings\Gennaro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-01-24 17:38]

2009-07-12 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-07-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-07-13 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-19 17:15]

2009-07-13 c:\windows\Tasks\User_Feed_Synchronization-{0AEA2ACB-9D5C-46A0-9C66-FC8A9877C247}.job
- c:\windows\system32\msfeedssync.exe [2001-08-31 03:31]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-dfsinstall.exe - C:\dfsinstall.exe
HKCU-Run-qwtxdtkruu.exe - c:\windows\qwtxdtkruu.exe
HKCU-Run-uiywlybpdd.exe - c:\windows\system32\uiywlybpdd.exe


.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gennaro\Dati applicazioni\Mozilla\Firefox\Profiles\rmbgp17z.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
FF - plugin: c:\documents and settings\Gennaro\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 07:35
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3928)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WgaTray.exe
c:\programmi\a-squared Free\a2service.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\searchindexer.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Windows Live\Contacts\wlcomm.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-13 7.51.51 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-13 05:51

Pre-Run: 122.256.842.752 byte disponibili
Post-Run: 122.198.302.720 byte disponibili

416 --- E O F --- 2009-06-10 05:08

Ultimo il log di Hijakthis aggiornato:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.19.20, on 13/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Programmi\Iomega HotBurn Pro\Autolaunch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\Google\Google Talk\googletalk.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\InstantTimeZone\InstantTimeZone.exe
C:\Programmi\InstantTimeZone\InstantTimeZone.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
I:\CodySafe\Launcher.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Skype\Toolbars\Shared\SkypeNames.exe
C:\Programmi\Windows Live\Toolbar\wltuser.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Programmi\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [googletalk] C:\Programmi\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gennaro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: InstantTimeZone.lnk = C:\Programmi\InstantTimeZone\InstantTimeZone.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c986c4f9c55060) (gupdate1c986c4f9c55060) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe

--
End of file - 11699 bytes


Aspetto la diagnosi finale anche se le il tutto è migliorata molto.
Ciao
Grazie
Torna in alto
 
r16
Inviato: Monday, July 13, 2009 12:12:59 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Il log è pulito.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a Cancella i file in Windows Temp solo se più vecchi di 48 ore
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected
Vediamo se il pc và meglio.
Dimmi eventuali problemi riscontrati.
Torna in alto
 
patton
Inviato: Monday, July 13, 2009 1:46:24 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Non riesco a svuotare la cartella temp.
Mi risponde accesso negato.
Le altre operazioni tutte ok e il PC migliora .
Ciao
Torna in alto
 
r16
Inviato: Monday, July 13, 2009 4:45:12 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
patton ha scritto:
Non riesco a svuotare la cartella temp.
Mi risponde accesso negato.
Le altre operazioni tutte ok e il PC migliora .
Ciao

Perchè probabilmente i file sono in uso.
L'importante è che non ci siano eseguibili (.exe)
Visto che l'infezione probabilmente l'hai presa con Messenger, suggerisco una scansione specifica:

Installa MSNfix : http://sosvirus.changelog.fr/MSNFix.zip
scompatta il file Zip che hai, precedentemente posizionato sul desktop (verrà creata una cartella)
tasto destro del mouse sulla icona dell'Archivio
scegli l'opzione Estrai il file in MSNFix/

verrà creata una cartella sul desktop dal nome MSNFix
lancia MSNfix file batch
digita I per impostare la lingua, e, premi invio
digita R per cercare il malware
digita N per eliminare ciò che trova
digita A per creare il log da pubblicare
digita R per ripulire il registro ed uscire
digita Q per terminare MSNfix
All'interno della cartella posizionata sul desktop, verranno creati un file Zip ed un log:
provvedi a cestinare, solo il file Zip e ripulisci il cestino.
salva il log che verrà rilasciato

N.B:
Durante la scansione, Messenger deve restare chiuso.
Torna in alto
 
patton
Inviato: Monday, July 13, 2009 5:18:04 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
MSNfix non ha trovato niente.
Chiedo se posso eliminare ComboFix con la procedura suggerita da te.
Ciao
Torna in alto
 
r16
Inviato: Monday, July 13, 2009 5:34:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
patton ha scritto:
MSNfix non ha trovato niente.
Chiedo se posso eliminare ComboFix con la procedura suggerita da te.
Ciao

Si certo.
Se sei soddisfatto del funzionamento del pc, possiamo chiudere.
Altrimenti sono qui.
Ciao.
Torna in alto
 
patton
Inviato: Monday, July 13, 2009 5:45:21 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Ciao r16,
mi sei stato ti grande aiuto.Ti ringrazo per la tua disponibilità.
Ciao
Torna in alto
 
r16
Inviato: Monday, July 13, 2009 5:56:38 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Figurati....di niente.
Ciao!
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Trojan.win32.Buzus.bnkh


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.