Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Virus Vundo@dl Opzioni
rene
Inviato: Thursday, May 22, 2008 10:37:29 AM
Rank: AiutAmico

Iscritto dal : 6/16/2004
Posts: 412
Salve il mio p.c si e preso il seguente virus (Vundo@dl ) non so casa sia o se è un vero virus ma e fastidioso cosa dovrei fare per rimuoverlo definitimamente grazie
Sponsor
Inviato: Thursday, May 22, 2008 10:37:29 AM

 
suarez73
Inviato: Thursday, May 22, 2008 10:50:23 AM

Rank: AiutAmico

Iscritto dal : 2/17/2008
Posts: 887
Ciao rene, potresti allegare al tuo post un log di hijack http://software.aiutamici.com/software?ID=11175 mentre aspetti la risposta dagli esperti!
rene
Inviato: Thursday, May 22, 2008 1:06:30 PM
Rank: AiutAmico

Iscritto dal : 6/16/2004
Posts: 412

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\gin\Desktop\UTILI\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://it.rd.yahoo.com/customize/ycomp/defaults/sb/*http://it.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {0541290B-954E-4B9E-B9D0-907944A5F690} - C:\WINDOWS\system32\hgGvuVpp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{37632D32-3132-45D8-8ACC-964E095F0DD1}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: hgGvuVpp - C:\WINDOWS\SYSTEM32\hgGvuVpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6473 bytes
r16
Inviato: Thursday, May 22, 2008 8:55:50 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao rene .
Scarica VundoFix.exe sul desktop http://www.atribune.org/ccount/click.php?id=4
Doppio click sull'icona per avviare VundoFix.exe
Clicca Scan for Vundo.
Durante le operazioni di scansione, non utilizzare il pc
al termine della scansione, clicca Remove Vundo.

Ti chiede se vuoi eliminare i files infetti, clicca YES
il tuo video diventerà nero durante la rimozione di Vundo.

Al termine ti chiederà di riavviare il pc, clicca OK.
Copia qui il contenuto del log C:\vundofix.txt e un nuovo log di hijackthis
Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.

Scarica VirtuMondeBegone sul desktop http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Avvia il pc in modalità provvisoria. (va usato esclusivamente in questa modalità)
Doppio click sull'icona per avviare il programma

Clicca su Continue
Clicca su Start
Clicca su Si
Al termine riavvia il pc e copia qui il log che verrà creato.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni
Alla fine di queste operazioni.posta un nuovo log di hijackthis.




rene
Inviato: Thursday, May 22, 2008 11:49:03 PM
Rank: AiutAmico

Iscritto dal : 6/16/2004
Posts: 412
Ciao fatto scansione con VUNDIFIX non da nessun virus fatto scansione con VIRT MODE in modalita' provisoria ti allego il risultato:/2008, 23:35:44] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\gin\Desktop\HijackThis\VirtumundoBeGone.exe" )
[05/22/2008, 23:35:48] - Detected System Information:
[05/22/2008, 23:35:48] - Windows Version: 5.1.2600, Service Pack 2
[05/22/2008, 23:35:48] - Current Username: gin (Admin)
[05/22/2008, 23:35:48] - Windows is in SAFE mode with Networking.
[05/22/2008, 23:35:48] - Searching for Browser Helper Objects:
[05/22/2008, 23:35:48] - BHO 1: {0541290B-954E-4B9E-B9D0-907944A5F690} ()
[05/22/2008, 23:35:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 23:35:48] - Checking for HKLM\...\Winlogon\Notify\hgGvuVpp
[05/22/2008, 23:35:48] - Found: HKLM\...\Winlogon\Notify\hgGvuVpp - This is probably Virtumundo.
[05/22/2008, 23:35:48] - Assigning {0541290B-954E-4B9E-B9D0-907944A5F690} MSEvents Object
[05/22/2008, 23:35:48] - BHO list has been changed! Starting over...
[05/22/2008, 23:35:48] - BHO 1: {0541290B-954E-4B9E-B9D0-907944A5F690} (MSEvents Object)
[05/22/2008, 23:35:48] - ALERT: Found MSEvents Object!
[05/22/2008, 23:35:48] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/22/2008, 23:35:48] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/22/2008, 23:35:48] - BHO 4: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[05/22/2008, 23:35:48] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/22/2008, 23:35:48] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/22/2008, 23:35:48] - Finished Searching Browser Helper Objects
[05/22/2008, 23:35:48] - *** Detected MSEvents Object
[05/22/2008, 23:35:48] - Trying to remove MSEvents Object...
[05/22/2008, 23:35:49] - Terminating Process: IEXPLORE.EXE
[05/22/2008, 23:35:50] - Terminating Process: RUNDLL32.EXE
[05/22/2008, 23:35:50] - Disabling Automatic Shell Restart
[05/22/2008, 23:35:50] - Terminating Process: EXPLORER.EXE
[05/22/2008, 23:35:50] - Suspending the NT Session Manager System Service
[05/22/2008, 23:35:50] - Terminating Windows NT Logon/Logoff Manager
[05/22/2008, 23:35:50] - Re-enabling Automatic Shell Restart
[05/22/2008, 23:35:50] - File to disable: C:\WINDOWS\system32\hgGvuVpp.dll
[05/22/2008, 23:35:50] - Renaming C:\WINDOWS\system32\hgGvuVpp.dll -> C:\WINDOWS\system32\hgGvuVpp.dll.vir
[05/22/2008, 23:35:50] - File successfully renamed!
[05/22/2008, 23:35:50] - Removing HKLM\...\Browser Helper Objects\{0541290B-954E-4B9E-B9D0-907944A5F690}
[05/22/2008, 23:35:50] - Removing HKCR\CLSID\{0541290B-954E-4B9E-B9D0-907944A5F690}
[05/22/2008, 23:35:50] - Adding Kill Bit for ActiveX for GUID: {0541290B-954E-4B9E-B9D0-907944A5F690}
[05/22/2008, 23:35:51] - Deleting ATLEvents/MSEvents Registry entries
[05/22/2008, 23:35:51] - Removing HKLM\...\Winlogon\Notify\hgGvuVpp
[05/22/2008, 23:35:51] - Searching for Browser Helper Objects:
[05/22/2008, 23:35:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/22/2008, 23:35:51] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/22/2008, 23:35:51] - BHO 3: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[05/22/2008, 23:35:51] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/22/2008, 23:35:51] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/22/2008, 23:35:51] - Finished Searching Browser Helper Objects
[05/22/2008, 23:35:51] - Finishing up...
[05/22/2008, 23:35:51] - A restart is needed.
[05/22/2008, 23:35:54] - Attempting to Restart via STOP error (Blue Screen!)
ti allego scansione hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.47.15, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\gin\Desktop\UTILI\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://it.rd.yahoo.com/customize/ycomp/defaults/sb/*http://it.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{37632D32-3132-45D8-8ACC-964E095F0DD1}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6341 bytes
ciao
r16
Inviato: Friday, May 23, 2008 7:26:58 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Molto bene.
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e lo fai girare in Modalità Provvisoria (è molto importante).
Posta il risultato di Virit.




Disabilita temporaneamente il tuo antivirus. ( Avast lo rileva come una minaccia)

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .
Sempre qui.
ComboFix non funziona in modalità provvisoria
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223

Dimmi come và il pc.
Ti consiglio di installare un Firewall.
http://www.aiutamici.com/software?ID=80142





rene
Inviato: Saturday, May 24, 2008 9:55:32 AM
Rank: AiutAmico

Iscritto dal : 6/16/2004
Posts: 412
Ciao invio scansione Hijack:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.49.53, on 24/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\VEXPLITE\MONLITE.EXE
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\gin\Desktop\UTILI\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmartRAM] C:\Programmi\IObit\Advanced WindowsCare V2 Pro\MemCleaner.exe /m
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{37632D32-3132-45D8-8ACC-964E095F0DD1}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 6663 bytes

Invio scansione Viritexp:VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK

24/05/2008 - 01:41:36

[SCANSIONE DEL REGISTRO]
OK

[H:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

[SCANSIONE DELLA MEMORIA]
OK

24/05/2008 - 01:43:59

[SCANSIONE DEL REGISTRO]
OK

[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 1861.
Files Totali: 1861.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.


24/05/2008 - 01:47:45

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Programmi\Adobe\Acrobat 7.0\Reader\adobeupdatemanager .exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\Programmi\Analog Devices\SoundMAX\smtray.exe1451545444 Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\Programmi\Analog Devices\SoundMAX\smtray.exe3547372108 Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\Programmi\Analog Devices\SoundMAX\smtray.exe3914412696 Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe2557840732 Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe3966276044 Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe4208234652 Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\Programmi\CyberLink\PowerDVD\pdvdserv.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\Programmi\CyberLink\PowerDVD\pdvdserv.exe1712239420 Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe1250005084 Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe1350194220 Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe2811096608 Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP38\A0012552.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP38\A0012553.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP38\A0012555.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP38\A0012558.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP38\A0012559.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP38\A0012560.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP39\A0012604.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP39\A0012608.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP39\A0012609.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP39\A0012623.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP39\A0012627.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP39\A0012628.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP42\A0013079.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP42\A0013080.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP42\A0013081.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP42\A0013082.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP45\A0016560.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{F2833766-8BED-427D-8AAD-40D599981412}\RP45\A0016561.exe Infetto da FraudTool.XPAntivirus.B
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 30.
Files Sospetti: 0.
Files Analizzati: 39533.
Files Totali: 39533.
Chiavi Registro rimosse: 0.
Virus Rimossi: 30.

[SCANSIONE DELLA MEMORIA]
OK

24/05/2008 - 02:37:28

[SCANSIONE DEL REGISTRO]

non so se quelli rimossi siono veri virus ciao
r16
Inviato: Saturday, May 24, 2008 11:07:12 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Certo che sono veri.
Forse non lo sai,ma guarda che Vundo è una delle peggiori infezioni in circolazione.
Il più delle volte si è costretti alla formattazione.
Fai questa operazione:
Disattiva il ripristino configurazione di sistema.
Spegni il pc.
Avvia il pc.
Questa manovra serve a eliminare i virus che hai nella cartella System Volume Information\_restore.
Non vedo il log di Combofix
Fai quella scansione, che serve.
E postami il log (di Combofix) che troverai in C:\ComboFix.txt.
Vorrei sapere come funziona il pc,se hai ancora problemi.
Ti riconsiglio di installare un Firewall.
rene
Inviato: Saturday, May 24, 2008 2:49:00 PM
Rank: AiutAmico

Iscritto dal : 6/16/2004
Posts: 412
Ciao invio il log di combofix


Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.659 [GMT 2:00]
Eseguito da: C:\Documents and Settings\gin\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-24 al 2008-05-24 )))))))))))))))))))))))))))))))))))
.

2008-05-24 12:58 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-05-24 12:58 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-05-24 12:58 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-05-24 12:58 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-05-24 12:58 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-05-24 12:58 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-05-24 12:58 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-05-24 12:58 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-05-24 01:33 . 2008-05-24 02:36 <DIR> d-------- C:\VEXPLITE
2008-05-24 01:33 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-23 19:56 . 2008-05-23 19:56 <DIR> d-------- C:\Documents and Settings\gin\Dati applicazioni\IObit
2008-05-23 12:52 . 2008-04-13 19:13 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-23 12:44 . 2008-05-23 12:46 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-23 12:42 . 2007-08-10 08:20 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-23 12:42 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002508_.tmp
2008-05-22 23:09 . 2008-05-22 23:09 <DIR> d-------- C:\VundoFix Backups
2008-05-22 11:01 . 2008-05-22 11:01 32,397 --a------ C:\WINDOWS\SGTBox.INI
2008-05-22 10:53 . 2008-05-22 10:53 <DIR> d-------- C:\Documents and Settings\gin\Dati applicazioni\VSRevoGroup
2008-05-22 10:47 . 2008-05-22 10:47 <DIR> d-------- C:\Programmi\VS Revo Group
2008-05-22 00:38 . 2008-05-22 00:38 58,368 --a------ C:\WINDOWS\system32\hgGvuVpp.dll.vir
2008-05-22 00:05 . 2008-05-22 00:05 <DIR> d-------- C:\Documents and Settings\gin\Dati applicazioni\Convivea
2008-05-21 23:48 . 2008-05-22 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-05-21 23:47 . 2008-05-21 23:47 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-05-21 22:24 . 2008-05-22 00:31 <DIR> d-------- C:\Programmi\LimeWire
2008-05-21 22:24 . 2008-05-24 10:20 <DIR> d-------- C:\Documents and Settings\gin\Dati applicazioni\LimeWire
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-13 12:47 . 2008-05-24 10:18 <DIR> d-------- C:\Programmi\eMule
2008-05-13 11:32 . 2008-05-13 11:32 <DIR> d-------- C:\Programmi\Microsoft Visual Studio 8
2008-05-13 10:46 . 2008-05-13 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Elaborate Bytes
2008-05-13 01:44 . 2008-05-13 01:44 <DIR> d-------- C:\WINDOWS\Sun
2008-05-13 01:25 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-12 17:25 . 2008-05-12 17:25 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-12 13:32 . 2008-05-12 13:32 <DIR> d-------- C:\Documents and Settings\gin\Dati applicazioni\DICOMedReview
2008-05-12 13:32 . 2008-05-12 13:32 0 --a------ C:\WINDOWS\DVLite.INI
2008-05-12 00:49 . 2008-05-22 00:14 <DIR> d-------- C:\Documents and Settings\gin\Dati applicazioni\AdobeUM
2008-05-12 00:09 . 2008-05-20 09:56 <DIR> d-------- C:\Programmi\IObit
2008-05-12 00:07 . 2008-05-12 00:07 <DIR> d-------- C:\Programmi\Auslogics
2008-05-12 00:07 . 2008-05-12 00:07 <DIR> d-------- C:\Documents and Settings\gin\Dati applicazioni\Auslogics
2008-05-11 17:18 . 2008-05-11 17:18 <DIR> d-------- C:\Programmi\File comuni\Ahead
2008-05-11 17:18 . 2008-05-11 17:18 <DIR> d-------- C:\Programmi\Ahead
2008-05-11 17:18 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-11 17:18 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-11 17:18 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-11 17:18 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-11 17:18 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-11 17:18 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-05-11 17:18 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-11 17:18 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-05-11 17:10 . 2007-07-05 08:22 3,073,320 --a------ C:\WINDOWS\system32\AdvrCntr2D6E0B790.dll
2008-05-11 16:58 . 2005-11-10 13:03 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-05-11 16:57 . 2008-05-11 16:58 <DIR> d-------- C:\Programmi\Java
2008-05-11 16:57 . 2008-05-11 16:57 <DIR> d-------- C:\Programmi\File comuni\Java
2008-05-11 14:33 . 2008-05-11 14:33 <DIR> d-------- C:\Documents and Settings\gin\Contacts
2008-05-11 13:37 . 2008-05-23 01:37 <DIR> d-------- C:\Programmi\QuickTime
2008-05-11 13:24 . 2008-05-11 17:17 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-11 13:17 . 2008-05-11 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Windows Live Toolbar
2008-05-11 13:17 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-11 13:17 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-11 13:17 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-11 13:17 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-11 13:17 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-11 13:17 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-11 13:17 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-11 13:17 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-11 13:15 . 2008-05-11 13:15 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-11 13:15 . 2008-05-11 13:15 <DIR> d-------- C:\Programmi\MSN Messenger
2008-05-11 12:36 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-05-11 12:36 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-05-11 12:36 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-05-11 12:36 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-05-11 12:36 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-05-11 12:36 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-05-11 12:36 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-05-11 12:36 . 2008-05-11 12:36 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-11 12:36 . 2008-05-11 12:36 47,360 --a------ C:\Documents and Settings\gin\Dati applicazioni\pcouffin.sys
2008-05-11 12:27 . 2008-05-11 12:37 <DIR> d-------- C:\Documents and Settings\gin\Dati applicazioni\Vso
2008-05-11 12:26 . 2008-05-11 12:36 <DIR> d-------- C:\Programmi\vso
2008-05-11 10:48 . 2008-05-23 01:39 <DIR> d-------- C:\Programmi\WashAndGo
2008-05-11 10:25 . 2008-05-11 10:25 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-11 02:01 . 2008-05-11 02:01 <DIR> d-------- C:\Programmi\uTorrent
2008-05-11 02:01 . 2008-05-24 12:12 <DIR> d-------- C:\Documents and Settings\gin\Dati applicazioni\uTorrent
2008-05-11 01:36 . 2008-05-22 00:05 <DIR> d-------- C:\Programmi\Bit Che
2008-05-11 01:36 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\mswinsck.ocx
2008-05-11 01:20 . 2008-05-11 01:20 <DIR> d-------- C:\Programmi\Google
2008-05-11 00:57 . 2008-05-24 12:21 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-10 19:32 . 2008-05-15 10:51 <DIR> d-------- C:\Programmi\Unlocker
2008-05-10 19:29 . 2008-05-10 19:29 <DIR> d-------- C:\Programmi\CCleaner
2008-05-10 19:28 . 2008-05-10 19:28 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-05-10 19:28 . 2008-05-10 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-10 19:18 . 2008-05-11 01:27 <DIR> d-------- C:\Programmi\SpywareBlaster
2008-05-10 19:18 . 2008-05-10 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-10 19:18 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-10 19:06 . 2008-05-11 01:28 <DIR> d-------- C:\Programmi\vanBasco's Karaoke Player
2008-05-10 19:05 . 2008-05-11 13:10 <DIR> d-------- C:\Programmi\RegCleaner
2008-05-10 18:57 . 2008-05-10 18:57 <DIR> d---s---- C:\Documents and Settings\gin\UserData
2008-05-10 18:48 . 2008-05-10 18:48 <DIR> d-------- C:\Programmi\Alwil Software
2008-05-10 18:45 . 2008-05-10 18:45 <DIR> d-------- C:\WINDOWS\Motive
2008-05-10 18:45 . 2008-05-10 18:45 <DIR> d-------- C:\Programmi\Motive
2008-05-10 18:45 . 2008-05-10 18:45 <DIR> d-------- C:\Programmi\File comuni\Motive
2008-05-10 18:45 . 2008-05-10 18:45 <DIR> d-------- C:\Programmi\Common Files
2008-05-10 18:45 . 2008-05-10 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Motive
2008-05-10 18:44 . 2008-05-10 18:45 <DIR> d-------- C:\Programmi\Alice ti aiuta
2008-05-10 18:43 . 2008-05-10 18:43 <DIR> d-------- C:\Programmi\Telecom Italia
2008-05-10 16:57 . 2008-05-10 16:59 <DIR> d-------- C:\Programmi\micla-multimedia
2008-05-10 16:57 . 2008-05-11 01:27 <DIR> d-------- C:\Programmi\CodFisc
2008-05-10 16:57 . 2008-05-10 16:57 738,304 --a------ C:\WINDOWS\GPInstall.exe
2008-05-10 16:57 . 2000-09-19 12:50 8,377 --a------ C:\WINDOWS\ITAL_IT.gpl
2008-05-10 16:54 . 2008-05-10 16:54 48 ---hs---- C:\WINDOWS\S5E957C26.tmp
2008-05-10 16:51 . 2008-05-10 16:51 <DIR> d-------- C:\Programmi\Elaborate Bytes
2008-05-10 16:50 . 2008-05-13 10:47 <DIR> d-------- C:\Programmi\SlySoft
2008-05-10 16:48 . 2008-05-10 16:48 <DIR> d-------- C:\Programmi\Finson Live Update
2008-05-10 16:48 . 1999-11-18 14:42 874,224 --a------ C:\WINDOWS\system32\ssdw3b32.ocx
2008-05-10 16:48 . 1996-08-30 02:05 465,920 --a------ C:\WINDOWS\system32\sstabs32.ocx
2008-05-10 16:48 . 1995-07-26 01:00 200,704 --a------ C:\WINDOWS\system32\threed32.ocx
2008-05-10 16:48 . 2004-05-20 18:00 80,384 --a------ C:\WINDOWS\system32\FinsonLU.dll
2008-05-10 16:48 . 1998-05-06 17:59 72,192 --a------ C:\WINDOWS\system32\ssprn32.dll
2008-05-10 16:48 . 1998-09-01 14:17 71,680 --a------ C:\WINDOWS\system32\ssmedt32.dll
2008-05-10 16:48 . 2008-05-10 16:48 129 --a------ C:\WINDOWS\FinsonLiveUpdate.ini
2008-05-10 16:47 . 2008-05-14 20:48 <DIR> d-------- C:\Programmi\Codice Fiscale
2008-05-10 16:47 . 2000-10-02 01:00 122,128 --a------ C:\WINDOWS\system32\Vb6it.dll
2008-05-10 16:47 . 1999-06-03 01:00 101,888 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2008-05-10 16:45 . 2008-05-10 16:45 <DIR> d-------- C:\Documents and Settings\gin\Dati applicazioni\Apple Computer
2008-05-10 16:44 . 2008-05-11 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-05-10 16:44 . 2008-05-11 13:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-10 16:44 . 2008-05-11 13:38 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 21:48 --------- d-----w C:\Programmi\Lavasoft
2008-05-11 07:42 --------- d-----w C:\Documents and Settings\gin\Dati applicazioni\Ahead
2008-05-10 23:02 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-10 16:44 155,995 ----a-w C:\WINDOWS\java\Packages\ZD75BRVN.ZIP
2008-05-10 15:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\LightScribe
2008-05-10 15:15 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-05-10 15:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Ahead
2008-05-10 15:07 --------- d-----w C:\Documents and Settings\gin\Dati applicazioni\Lavasoft
2008-05-10 14:44 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-05-10 13:59 --------- d-----w C:\Programmi\Canon
2008-05-10 13:59 --------- d-----w C:\Programmi\ArcSoft
2008-05-10 13:58 --------- d-----w C:\Programmi\File comuni\Caere
2008-05-10 13:57 --------- d-----w C:\Programmi\Caere
2008-05-10 13:52 --------- d-----w C:\Programmi\ATI Technologies
2008-05-10 13:49 --------- d-----w C:\Programmi\SiSLan
2008-05-10 13:48 --------- d-----w C:\Programmi\Analog Devices
2008-05-10 13:46 --------- d-----w C:\Programmi\Silicon Integrated Systems
2008-05-10 13:38 --------- d-----w C:\Programmi\microsoft frontpage
2008-05-10 13:35 --------- d-----w C:\Programmi\Servizi in linea
2008-04-13 17:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-13 17:16 331,776 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-13 17:13 99,840 ----a-w C:\WINDOWS\system32\loadperf.dll
2008-04-13 17:12 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-13 17:11 539,648 ----a-w C:\WINDOWS\system32\comuid.dll
2008-04-13 17:11 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-13 17:11 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-13 16:56 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-13 16:56 68,736 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-13 16:56 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-13 16:55 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-13 16:55 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-13 16:55 2,192,768 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 16:55 2,069,632 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 16:54 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 16:54 154,240 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 16:53 92,672 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 16:53 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 16:53 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 16:52 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 16:52 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-13 16:52 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-13 16:52 37,504 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-13 16:52 2,973,696 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-13 16:51 65,792 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 16:51 566,272 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:51 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 16:51 51,200 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 16:51 186,880 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-13 16:50 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 16:50 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 16:49 68,608 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 16:49 58,368 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-13 16:49 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-13 16:49 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 16:49 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 16:49 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-13 16:48 8,704 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-13 16:48 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-13 16:48 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-13 16:48 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-13 16:48 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-13 16:48 327,168 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-13 16:47 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 16:47 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-13 16:47 188,416 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 10:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 10:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 10:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 10:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 10:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 10:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 10:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 10:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 10:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 10:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 10:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 10:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 10:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 10:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 10:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 10:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 10:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 10:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 10:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 10:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 10:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 10:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 09:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 09:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 09:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 09:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 09:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 09:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 09:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 09:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 09:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 09:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 09:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 09:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 09:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
.
Code:
<pre>
----a-w           143,360 2003-05-05 06:57:30  C:\Programmi\Analog Devices\SoundMAX\smtray .exe
----a-w           344,064 2004-09-29 05:15:00  C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w            29,696 2006-09-18 09:08:56  C:\Programmi\CyberLink\PowerDVD\pdvdserv .exe
-c--a-w            36,975 2005-11-10 11:03:52  C:\Programmi\Java\jre1.5.0_06\bin\jusched .exe
----a-w           106,496 2002-07-12 10:15:12  C:\WINDOWS\sisusbrg .exe
----a-w            15,360 2004-08-19 13:39:36  C:\WINDOWS\system32\ctfmon .exe
</pre>



((((((((((((((((((((((((((((( snapshot@2008-05-24_ 1.08.31,04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 20:34:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 12:14:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-06-20 13:44:04 379,704 ----a-w C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
+ 2006-06-20 13:44:02 117,560 ----a-w C:\WINDOWS\Downloaded Program Files\PURen-us.dll
+ 2007-01-09 06:17:48 110,592 ----a-w C:\WINDOWS\Downloaded Program Files\PURit-it.dll
- 2008-05-23 10:53:53 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-24 12:28:15 63,324 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-23 10:53:53 74,432 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-05-24 12:28:15 75,408 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-05-23 10:53:53 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-24 12:28:15 404,104 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-23 10:53:53 447,874 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-05-24 12:28:15 450,730 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-05-24 12:14:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_534.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:14 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2008-04-13 19:14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SmartRAM"="C:\Programmi\IObit\Advanced WindowsCare V2 Pro\MemCleaner.exe" [2007-10-29 16:43 662016]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-05-24 01:35 245760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 15:47 57344 C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-09-29 21:58 49152 C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-08-23 17:36 455968 C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-04-21 15:41 438359 C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:14 1695232 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 06:15 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2004-11-22 08:18 307200 C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-05-24 01:35]
R3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 11:45]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-23 14:30:01 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Programmi\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
"2008-05-22 09:25:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-23 18:00:28 C:\WINDOWS\Tasks\AwcProUpdate.job"
- C:\Programmi\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Programmi\IObit\Advanced WindowsCare V2 Pro\
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 14:43:47
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-05-24 14.44.55
ComboFix-quarantined-files.txt 2008-05-24 12:44:50
ComboFix2.txt 2008-05-23 23:08:44

7 Directory 88,975,917,056 byte disponibili
10 Directory 89,016,176,640 byte disponibili

347
ciao fammi sapere
r16
Inviato: Saturday, May 24, 2008 9:00:10 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Ok,Combofix non ha rilevato altre infezioni.
Il log è pulito.
Al riguardo,mi sembri un pò "stitico"nel darmi informazioni.
Hai installato un Firewall?
Hai fatto l'operazione: Disattiva il ripristino configurazione di sistema.
Spegni il pc.
Avvia il pc.?
Hai fatto una pulizia con CCleaner?
Il pc come và?
Rilevi gli stessi problemi?
In pratica,non sò niente.......Silenced

rene
Inviato: Monday, May 26, 2008 12:13:06 AM
Rank: AiutAmico

Iscritto dal : 6/16/2004
Posts: 412
Ciao scusa alle risposte un po stitiche:
Non ho ancora istallato il Firewall Perchè dovrei prima guardare il funzionamento mo lo istallerò
effetuato disattiva ed attivi il pc con spegni ed accendi
effetuato pulizia con CCleaner
adesso mi sembra che non dia piu fastidio
ti ringrazio per il tuo valido aiuto
ciao
r16
Inviato: Monday, May 26, 2008 5:49:16 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao rene .
Spero non ti sia offeso ..........ti assicuro che la mia osservazione voleva essere bonaria.Drool
Ultimo consiglio: prima di disistallare i programmi che hai scaricato, aspetta 3-4 giorni,nel frattempo, vedi se il "signor Vundo"ha levato definitivamente le chiappe dal tuo pc.
Ogni tanto,sempre nelle modalità che ho descritto nel topic,fai qualche scansione, se non rilevano nulla,allora i programmi che ti ho fatto installare li puoi levare.
Mi raccomando il Firewall,guarda che ti serve.
Ciao!
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.