Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

problema virtumondo anche io.....cerco aiuto.....GRAZIEEEEEEEEE Opzioni
mimetic
Inviato: Sunday, June 15, 2008 9:08:18 PM

Rank: Member

Iscritto dal : 6/15/2008
Posts: 28
un saluto a tutti sono un nuovo utente di questo bel forum, spero di trovare quache amico gentile che mi possa aiutare per il mio problema, naturalmente ho' gia' letto di VIRTUMONDO e anche io ho' questo PROBLEMONE ho' seguito le istruzioni che avete gia' consigliato ad altri amici, questo e' il mio....., qualcuno mi aiuta?d'oh! grazie] Brick wall


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7.42.32, on 15/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\acs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Synaptics\SynTP\CPad\cPadFstR.Exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\Programmi\Synaptics\SynTP\cPad\AlarmWatcher.exe
C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {2FD46D6C-0DA8-4AFD-A5EF-B269EEDCD0BB} - C:\WINDOWS\system32\ddcCRKcC.dll
O2 - BHO: {b226e42b-3240-4049-beb4-61d195f9bbf5} - {5fbb9f59-1d16-4beb-9404-0423b24e622b} - C:\WINDOWS\system32\ctujtuot.dll
O2 - BHO: (no name) - {BD3C6F7C-6C8D-48F6-AC52-5E4071AEB257} - C:\WINDOWS\system32\byXQHaWm.dll (file missing)
O3 - Toolbar: Mostra Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [cPadFstR] C:\Program Files\Synaptics\SynTP\CPad\cPadFstR.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [cPadAlarm] C:\Programmi\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [7c1dfbb6] rundll32.exe "C:\WINDOWS\system32\hwdxgmos.dll",b
O4 - HKLM\..\Run: [BM7f2ec82a] Rundll32.exe "C:\WINDOWS\system32\ovauyspg.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\acs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 9701 bytes
Sponsor
Inviato: Sunday, June 15, 2008 9:08:18 PM

 
r16
Inviato: Sunday, June 15, 2008 9:49:08 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao mimetic e benvenuto.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Scarica VundoFIX:
http://www.atribune.org/public-beta/VundoFix.exe
lancia VundoFix
● clicca su Scan for Vundo
● a fine scansione, se sono stare rilevate traccie di Vundo, clicca su Remove Vundo

● vi apparirà un avviso per la rimozione dei file, cliccate su Yes
● durante la rimozione, il desktop potrebbe diventare bianco
● una volta terminata la rimozione, vi chiederà il riavvio del sistema, acconsentire .

NB:
● è possibile che il tool vi dirà che risulta impossibile rimuovere alcuni file, in tal caso verrà riavviato il sistema al fine di rimuovere i file al riavvio
● al riavvio vi apparirà di nuovo Vundofix, ripetere l'operazione di rimozione cliccando su Remove Vundo

al termine verrà rilasciato un log, che si troverà in C:\

Scarica VirtumundoBeGone: Da eseguire in MODALITA PROVVISORIA. (molto importante)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Avvia VirtumundoBeGone e segui le indicazioni a video.
riavvia il Pc in modalità normale e posta il log.


Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .
Sempre qui.
ComboFix non funziona in modalità provvisoria

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riposta un nuovo log di HijackThis
mimetic
Inviato: Monday, June 16, 2008 9:53:35 PM

Rank: Member

Iscritto dal : 6/15/2008
Posts: 28
ciao r 16 ecco quello che mi hai chiesto, e grazie

[06/16/2008, 20:56:57] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\claudio\Desktop\VirtumundoBeGone.exe" )
[06/16/2008, 20:57:10] - Detected System Information:
[06/16/2008, 20:57:10] - Windows Version: 5.1.2600, Service Pack 3
[06/16/2008, 20:57:10] - Current Username: claudio (Admin)
[06/16/2008, 20:57:10] - Windows is in SAFE mode with Networking.
[06/16/2008, 20:57:10] - Searching for Browser Helper Objects:
[06/16/2008, 20:57:10] - BHO 1: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[06/16/2008, 20:57:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 20:57:10] - Checking for HKLM\...\Winlogon\Notify\NppBho
[06/16/2008, 20:57:10] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[06/16/2008, 20:57:10] - BHO 2: {b5bfb30e-4e4e-46a1-8843-79e65d235439} ()
[06/16/2008, 20:57:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 20:57:10] - Checking for HKLM\...\Winlogon\Notify\ajxqmrhp
[06/16/2008, 20:57:10] - Key not found: HKLM\...\Winlogon\Notify\ajxqmrhp, continuing.
[06/16/2008, 20:57:10] - BHO 3: {BD3C6F7C-6C8D-48F6-AC52-5E4071AEB257} ()
[06/16/2008, 20:57:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 20:57:10] - No filename found. Continuing.
[06/16/2008, 20:57:10] - BHO 4: {CDC24DC3-9F9B-4E60-8693-20D55486DACD} ()
[06/16/2008, 20:57:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 20:57:10] - Checking for HKLM\...\Winlogon\Notify\ddcCRKcC
[06/16/2008, 20:57:10] - Key not found: HKLM\...\Winlogon\Notify\ddcCRKcC, continuing.
[06/16/2008, 20:57:10] - Finished Searching Browser Helper Objects
[06/16/2008, 20:57:10] - Finishing up...
[06/16/2008, 20:57:10] - Nothing found! Exiting...



ComboFix 08-06-15.4 - claudio 2008-06-16 21.06.06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.163 [GMT 2:00]
Eseguito da: C:\Documents and Settings\claudio\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM7f2ec82a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ajxqmrhp.dll
C:\WINDOWS\system32\CcKRCcdd.ini
C:\WINDOWS\system32\CcKRCcdd.ini2
C:\WINDOWS\system32\ctujtuot.dll
C:\WINDOWS\system32\ddcCRKcC.dll
C:\WINDOWS\system32\mcmlepti.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nhryuxmy.dll
C:\WINDOWS\system32\ovauyspg.dll
C:\WINDOWS\system32\qulcgyud.ini
C:\WINDOWS\system32\somgxdwh.ini
C:\WINDOWS\system32\swmxpjtr.ini
C:\WINDOWS\system32\ymxuyrhn.ini

.
((((((((((((((((((((((((( Files Creati Da 2008-05-16 al 2008-06-16 )))))))))))))))))))))))))))))))))))
.

2008-06-16 18:44 . 2008-04-13 11:54 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2008-06-16 18:44 . 2008-04-13 11:54 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-06-15 07:42 . 2008-06-15 07:42 <DIR> d-------- C:\Programmi\Trend Micro
2008-06-14 00:06 . 2008-06-14 00:06 <DIR> d-------- C:\VundoFix Backups
2008-06-12 16:17 . 2008-06-16 11:54 <DIR> d-------- C:\pwrcmdr
2008-06-12 11:30 . 2008-06-12 11:30 90,624 --a------ C:\WINDOWS\system32\lmkwxtca.dll
2008-06-12 09:15 . 2008-06-12 09:15 <DIR> d-------- C:\WINDOWS\system32\it
2008-06-12 09:11 . 2008-06-12 09:16 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-12 09:10 . 2008-04-13 19:14 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-06-12 09:05 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002719_.tmp
2008-06-12 08:51 . 2008-06-12 08:55 <DIR> d-------- C:\f40e8c9fdfa74a2b65e3a5b22f
2008-06-12 00:53 . 2008-06-12 09:15 <DIR> d-------- C:\WINDOWS\system32\it-it
2008-06-11 23:53 . 2008-06-12 00:01 <DIR> d-------- C:\Programmi\Lavasoft
2008-06-11 23:53 . 2008-06-11 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-06-11 22:31 . 2008-06-11 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TomTom
2008-06-11 22:30 . 2008-06-11 22:30 <DIR> d-------- C:\Programmi\TomTom HOME 2
2008-06-11 22:23 . 2008-06-11 22:23 <DIR> d-------- C:\Programmi\TomTom DesktopSuite
2008-06-11 22:06 . 2008-06-11 22:29 <DIR> d-------- C:\Programmi\TomTom HOME
2008-06-11 21:58 . 2008-06-11 21:58 <DIR> d--hs---- C:\Documents and Settings\claudio\UserData
2008-06-11 21:18 . 2008-06-11 21:18 <DIR> d-------- C:\Programmi\Novatel Wireless
2008-06-11 21:17 . 2008-06-11 23:51 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-06-11 21:13 . 2008-06-11 21:13 <DIR> d-------- C:\Programmi\mobile PhoneTools
2008-06-11 21:13 . 2008-06-11 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
2008-06-11 20:53 . 2003-07-10 22:29 36,864 -ra------ C:\WINDOWS\system32\NwtCoInstaller.dll
2008-06-11 18:57 . 2008-06-11 18:57 29 --a------ C:\WINDOWS\DEBUGSM.INI
2008-06-11 17:51 . 2008-06-11 17:52 <DIR> d-------- C:\Programmi\CCleaner
2008-06-11 17:48 . 2008-06-11 18:54 <DIR> d-------- C:\Programmi\CDex_150
2008-06-11 17:47 . 2008-06-11 17:47 <DIR> d-------- C:\Programmi\VideoLAN
2008-06-11 17:45 . 2008-06-11 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Elaborate Bytes
2008-06-11 17:40 . 2008-06-11 17:40 <DIR> d-------- C:\Programmi\Elaborate Bytes
2008-06-11 17:01 . 2004-09-28 13:08 458,112 --a------ C:\WINDOWS\system32\drivers\MarvinUsb.sys
2008-06-11 16:58 . 2008-06-11 16:58 <DIR> d-------- C:\Programmi\Pinnacle Systems
2008-06-11 16:52 . 2008-06-11 16:52 <DIR> d-------- C:\Programmi\DVD Shrink
2008-06-11 16:52 . 2008-06-11 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2008-06-11 16:07 . 2008-06-11 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SlySoft
2008-06-11 16:03 . 2008-06-11 16:42 <DIR> d-------- C:\Programmi\SlySoft
2008-06-11 16:03 . 2008-06-11 17:46 48 ---hs---- C:\WINDOWS\SF6ECA0DF.tmp
2008-06-11 03:49 . 2008-06-11 03:49 <DIR> d-------- C:\Programmi\MSXML 4.0
2008-06-11 03:43 . 2008-06-12 08:59 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-11 03:41 . 2008-04-13 18:49 273,664 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 03:25 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-06-11 03:25 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-06-11 03:25 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-06-11 03:13 . 2008-06-11 03:15 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-11 03:13 . 2008-06-11 03:15 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-11 02:58 . 2008-06-11 02:58 <DIR> d-------- C:\Programmi\D-Link
2008-06-11 02:44 . 2008-06-11 03:27 <DIR> d-------- C:\Programmi\Norton Internet Security
2008-06-11 02:42 . 2008-06-11 03:15 <DIR> d-------- C:\Programmi\Symantec
2008-06-11 02:42 . 2008-06-16 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-06-11 02:42 . 2008-06-11 03:15 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-11 02:42 . 2008-06-11 03:15 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-11 02:41 . 2008-06-16 20:51 <DIR> d-------- C:\Programmi\File comuni\Symantec Shared
2008-06-11 02:35 . 2008-06-11 02:35 <DIR> d-------- C:\WINDOWS\system32\Quicktime
2008-06-11 02:35 . 2008-06-11 02:35 <DIR> d-------- C:\Programmi\SmartSound Software
2008-06-11 02:35 . 2008-06-11 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SmartSound Software Inc
2008-06-11 02:33 . 2005-01-28 15:36 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2008-06-11 02:28 . 2008-06-11 02:28 <DIR> d-------- C:\Programmi\Real
2008-06-11 02:28 . 2008-06-11 02:28 <DIR> d-------- C:\Programmi\File comuni\xing shared
2008-06-11 02:28 . 2008-06-11 02:28 <DIR> d-------- C:\Programmi\File comuni\Real
2008-06-11 02:28 . 2008-06-11 02:28 <DIR> d-------- C:\Programmi\aod
2008-06-11 02:20 . 2003-03-15 23:15 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-06-11 02:18 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-06-11 02:17 . 2008-06-11 02:32 <DIR> d-------- C:\Programmi\Pinnacle
2008-06-11 02:17 . 2008-06-11 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
2008-06-11 02:17 . 2002-03-19 10:29 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2008-06-11 02:14 . 1998-12-22 01:49 66,594 --a--c--- C:\WINDOWS\system32\dllcache\c_862.nls
2008-06-11 02:14 . 1998-12-22 01:49 66,594 --a------ C:\WINDOWS\system32\c_862.nls
2008-06-11 02:14 . 1998-12-22 01:49 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_708.nls
2008-06-11 02:14 . 1998-12-22 01:49 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_28596.nls
2008-06-11 02:14 . 1998-12-22 01:49 66,082 --a------ C:\WINDOWS\system32\c_708.nls
2008-06-11 02:14 . 1998-12-22 01:49 66,082 --a------ C:\WINDOWS\system32\c_28596.nls
2008-06-11 02:14 . 1998-10-07 09:21 29,184 --a------ C:\WINDOWS\system32\Popup.ocx
2008-06-11 02:13 . 2008-06-11 02:13 <DIR> d-------- C:\Programmi\LHSP
2008-06-11 02:11 . 2008-06-11 02:11 <DIR> d-------- C:\My Documents
2008-06-11 02:11 . 1996-07-01 00:00 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2008-06-11 02:11 . 2008-06-11 02:11 1,276 --a------ C:\WINDOWS\photoimpression.ini
2008-06-11 02:10 . 2008-06-11 02:10 <DIR> d-------- C:\Programmi\ArcSoft
2008-06-11 02:08 . 2008-06-11 16:55 <DIR> d-------- C:\Programmi\EPSON
2008-06-11 02:05 . 2003-02-27 16:16 135,168 --a------ C:\WINDOWS\system32\l3codecx.acm
2008-06-11 02:02 . 2008-06-11 02:02 <DIR> d-------- C:\Programmi\Roxio
2008-06-11 02:01 . 2008-06-11 02:04 <DIR> d-------- C:\Programmi\File comuni\Roxio Shared
2008-06-11 00:56 . 2008-06-11 00:56 <DIR> d-------- C:\WINDOWS\Options
2008-06-11 00:56 . 2001-09-26 19:34 799,816 -ra------ C:\WINDOWS\system32\drivers\LTSM.sys
2008-06-11 00:56 . 2001-09-26 19:34 799,816 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-06-11 00:56 . 2001-10-01 19:28 121,905 --a------ C:\WINDOWS\system32\csellang.ini
2008-06-11 00:56 . 2002-03-26 14:47 102,400 --a------ C:\WINDOWS\system32\cselect.exe
2008-06-11 00:56 . 2001-05-08 21:38 77,824 --a------ C:\WINDOWS\system32\tosmreg.exe
2008-06-11 00:56 . 2002-03-19 17:23 57,344 --------- C:\WINDOWS\ltremove.exe
2008-06-11 00:56 . 2000-12-13 05:25 45,056 --a------ C:\WINDOWS\system32\csellang.dll
2008-06-11 00:56 . 2001-05-24 18:17 8,899 --a------ C:\WINDOWS\system32\tosmreg.ini
2008-06-11 00:56 . 2000-12-13 03:13 6,793 --a------ C:\WINDOWS\system32\cseltbl.ini
2008-06-11 00:54 . 2002-08-09 11:50 155,648 --a------ C:\WINDOWS\system32\TMEPROP.CPL
2008-06-11 00:54 . 2001-07-03 11:06 49,152 --a------ C:\WINDOWS\TMEVALDD.DLL
2008-06-11 00:54 . 2002-08-09 11:48 9,614 --a------ C:\WINDOWS\system32\TMESRV.HLP
2008-06-11 00:52 . 2002-04-24 12:06 94,208 --a------ C:\WINDOWS\system32\TDispVol.exe
2008-06-11 00:52 . 2002-02-28 15:40 45,056 --a------ C:\WINDOWS\system32\TDispVol.dll
2008-06-11 00:52 . 2002-07-31 15:40 40,960 --a------ C:\WINDOWS\system32\TCtrlCommon.dll
2008-06-11 00:45 . 2008-06-11 00:45 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-06-11 00:44 . 2008-06-11 00:44 <DIR> d-------- C:\Documents and Settings\claudio\WINDOWS
2008-06-11 00:44 . 2000-01-07 16:36 478,720 --a------ C:\WINDOWS\system32\ssToshiba.scr
2008-06-11 00:44 . 1998-10-01 15:22 299,520 --a------ C:\WINDOWS\uninst.exe
2008-06-11 00:43 . 2008-06-11 01:17 <DIR> d-------- C:\Programmi\TOSHIBA
2008-06-11 00:41 . 2008-06-11 00:41 <DIR> d-------- C:\Programmi\Intel
2008-06-11 00:37 . 2002-08-20 10:29 40,960 -ra------ C:\WINDOWS\system32\ezSP_Px.exe
2008-06-11 00:37 . 2002-04-18 02:02 16,288 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-06-11 00:36 . 2008-06-12 01:00 <DIR> d--h----- C:\Programmi\InstallShield Installation Information
2008-06-11 00:36 . 2008-06-11 00:36 <DIR> d-------- C:\Programmi\Drag'n Drop CD
2008-06-11 00:36 . 2002-08-19 12:35 713 --a------ C:\WINDOWS\system32\Px.ini
2008-06-11 00:33 . 2008-06-11 02:35 <DIR> d-------- C:\Programmi\File comuni\InstallShield
2008-06-11 00:30 . 2008-06-11 00:30 <DIR> d-------- C:\Programmi\Synaptics
2008-06-11 00:30 . 2002-08-16 16:15 262,160 -ra------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-06-11 00:30 . 2002-08-16 16:17 110,592 -ra------ C:\WINDOWS\system32\SynTPAPI.dll
2008-06-11 00:30 . 2002-08-16 10:47 77,824 -ra------ C:\WINDOWS\system32\SynTPCoI.dll
2008-06-11 00:30 . 2002-08-16 16:18 65,536 -ra------ C:\WINDOWS\system32\SynTPFcs.dll
2008-06-11 00:27 . 2008-06-11 00:27 <DIR> d-------- C:\Program Files
2008-06-11 00:27 . 1998-11-13 13:07 307,712 --a------ C:\WINDOWS\IsUn0410.exe
2008-06-11 00:01 . 2008-06-11 00:01 <DIR> d-------- C:\Programmi\Nero
2008-06-11 00:01 . 2008-06-11 00:02 <DIR> d-------- C:\Programmi\File comuni\Nero
2008-06-11 00:01 . 2008-06-11 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 21:57 --------- d-----w C:\Programmi\File comuni\Adobe
2008-06-10 23:58 --------- d-----w C:\Programmi\CyberLink
2008-06-10 23:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2008-06-10 23:51 --------- d-----w C:\Programmi\Microsoft.NET
2008-06-10 23:51 --------- d-----w C:\Programmi\Microsoft Works
2008-06-10 23:35 --------- d-----w C:\Programmi\Microsoft Encarta
2008-06-10 23:32 --------- d-----w C:\Programmi\Microsoft AutoRoute
2008-06-10 23:27 --------- d-----w C:\Programmi\Microsoft Works Suite 2003
2008-06-10 23:03 --------- d-----w C:\Programmi\YAMAHA
2008-06-10 21:39 --------- d-----w C:\Programmi\microsoft frontpage
2008-06-10 21:37 --------- d-----w C:\Programmi\Servizi in linea
2008-05-09 17:56 99,264 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-13 17:14 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
2008-04-13 17:14 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
2008-04-13 17:14 70,144 ----a-w C:\WINDOWS\notepad.exe
2008-04-13 17:14 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-13 17:14 286,720 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-13 17:14 18,432 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe
2008-04-13 17:14 172,032 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
2008-04-13 17:14 151,552 ----a-w C:\WINDOWS\regedit.exe
2008-04-13 17:14 151,040 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe
2008-04-13 17:14 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-13 17:14 1,036,288 ----a-w C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"AnyDVD"="C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe" [2008-05-13 20:41 89024]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"cPadFstR"="C:\Program Files\Synaptics\SynTP\CPad\cPadFstR.Exe" [2002-08-25 08:39 20480]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2002-08-16 10:43 126976]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2002-08-16 16:18 557056]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-07-24 23:18 438272 C:\WINDOWS\system32\nwiz.exe]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2002-05-13 09:12 245760]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"TFncKy"="TFncKy.exe" []
"TcmTray"="" []
"TDispVol"="TDispVol.exe" [2002-04-24 12:06 94208 C:\WINDOWS\system32\TDispVol.exe]
"TMESBS.EXE"="C:\Programmi\TOSHIBA\TME3\TMESBS32.exe" [2002-08-09 11:51 57344]
"Tpwrtray"="TPWRTRAY.EXE" [2002-07-31 17:00 188416 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TosHKCW.exe"="C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-01-22 18:20 49152]
"SxgTkBar"="SxgTkBar.exe" [2001-07-11 09:29 53248 C:\WINDOWS\system32\Sxgtkbar.exe]
"cPadAlarm"="C:\Programmi\Synaptics\SynTP\cPad\AlarmWatcher.exe" [2002-07-22 14:55 143360]
"TouchED"="C:\Programmi\TOSHIBA\TouchED\TouchED.Exe" [2002-08-01 16:26 122880]
"RoxioEngineUtility"="C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe" [2003-02-27 05:31 69632]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-06-11 02:28 151597]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2006-09-03 02:04 84640]
"osCheck"="C:\Programmi\Norton Internet Security\osCheck.exe" [2006-09-05 20:22 26248]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"CloneCDTray"="C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-27 21:14 57344]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:14 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-11 01:42:44 113664]
Wireless Connection Manager.lnk - C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe [2008-06-11 02:58:21 12693504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD]
--------- 2002-09-20 23:05 802816 C:\Programmi\Drag'n Drop CD\BinFiles\DragDrop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-02-26 16:50 253952 C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-02-27 04:36 757760 C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2001-07-13 03:26]
R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\system32\DRIVERS\TVALDX.SYS [2001-08-17 14:27]
R2 Tmesbs;Tmesbs32;C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe [2002-08-09 11:51]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-08 16:52]
R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer;C:\WINDOWS\system32\drivers\sxgxgwdm.sys [2001-10-05 09:40]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 07:00]
S2 SerialNW;NW Serial port driver;C:\WINDOWS\system32\DRIVERS\serialnw.sys [2003-08-29 08:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf444bf9-37e6-11dd-bc75-00179a428f60}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-11 00:54:59 C:\WINDOWS\Tasks\Norton Internet Security - Scansione completa sistema - claudio.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exei/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 21:12:50
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\TDispVol.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\acs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-16 21:16:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 19:16:05

12 Directory 94,146,019,328 byte disponibili
16 Directory 95,048,667,136 byte disponibili

294 --- E O F --- 2008-06-11 02:02:49






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.18.39, on 16/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\acs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Synaptics\SynTP\CPad\cPadFstR.Exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\Programmi\Synaptics\SynTP\cPad\AlarmWatcher.exe
C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [cPadFstR] C:\Program Files\Synaptics\SynTP\CPad\cPadFstR.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [cPadAlarm] C:\Programmi\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\acs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 8943 bytes



Applause Applause
r16
Inviato: Monday, June 16, 2008 10:15:47 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok,il log è pulito ma non mi fido.
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema. http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Rifai la scansione con VirtumundoBeGone (modalità Provvisoria.)
Poi:
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e lo fai girare in Modalità Provvisoria (è molto importante).

Riavvia il pc
Rifai la scansione con Combofix,e postami i log. (anche uno nuovo di HijackThis)

Ridai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223

Dimmi come và il pc.

P.S:Vorrei sapere se sai seguire il percorso delle chiavi del Registro
mimetic
Inviato: Tuesday, June 17, 2008 12:53:58 AM

Rank: Member

Iscritto dal : 6/15/2008
Posts: 28
ecco qui' le altre scansioni che mi hai chiesto


[06/16/2008, 20:56:57] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\claudio\Desktop\VirtumundoBeGone.exe" )
[06/16/2008, 20:57:10] - Detected System Information:
[06/16/2008, 20:57:10] - Windows Version: 5.1.2600, Service Pack 3
[06/16/2008, 20:57:10] - Current Username: claudio (Admin)
[06/16/2008, 20:57:10] - Windows is in SAFE mode with Networking.
[06/16/2008, 20:57:10] - Searching for Browser Helper Objects:
[06/16/2008, 20:57:10] - BHO 1: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[06/16/2008, 20:57:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 20:57:10] - Checking for HKLM\...\Winlogon\Notify\NppBho
[06/16/2008, 20:57:10] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[06/16/2008, 20:57:10] - BHO 2: {b5bfb30e-4e4e-46a1-8843-79e65d235439} ()
[06/16/2008, 20:57:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 20:57:10] - Checking for HKLM\...\Winlogon\Notify\ajxqmrhp
[06/16/2008, 20:57:10] - Key not found: HKLM\...\Winlogon\Notify\ajxqmrhp, continuing.
[06/16/2008, 20:57:10] - BHO 3: {BD3C6F7C-6C8D-48F6-AC52-5E4071AEB257} ()
[06/16/2008, 20:57:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 20:57:10] - No filename found. Continuing.
[06/16/2008, 20:57:10] - BHO 4: {CDC24DC3-9F9B-4E60-8693-20D55486DACD} ()
[06/16/2008, 20:57:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 20:57:10] - Checking for HKLM\...\Winlogon\Notify\ddcCRKcC
[06/16/2008, 20:57:10] - Key not found: HKLM\...\Winlogon\Notify\ddcCRKcC, continuing.
[06/16/2008, 20:57:10] - Finished Searching Browser Helper Objects
[06/16/2008, 20:57:10] - Finishing up...
[06/16/2008, 20:57:10] - Nothing found! Exiting...

[06/16/2008, 22:36:18] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\claudio\Desktop\VirtumundoBeGone.exe" )
[06/16/2008, 22:36:20] - Detected System Information:
[06/16/2008, 22:36:20] - Windows Version: 5.1.2600, Service Pack 3
[06/16/2008, 22:36:20] - Current Username: claudio (Admin)
[06/16/2008, 22:36:20] - Windows is in SAFE mode with Networking.
[06/16/2008, 22:36:20] - Searching for Browser Helper Objects:
[06/16/2008, 22:36:20] - BHO 1: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[06/16/2008, 22:36:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 22:36:20] - Checking for HKLM\...\Winlogon\Notify\NppBho
[06/16/2008, 22:36:20] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[06/16/2008, 22:36:20] - Finished Searching Browser Helper Objects
[06/16/2008, 22:36:20] - Finishing up...
[06/16/2008, 22:36:20] - Nothing found! Exiting...




VirIT eXplorer Lite Log--------------------------------------------------------
16/06/2008 - 22:42:58

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 56063.
Files Totali: 56063.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.







ComboFix 08-06-15.4 - claudio 2008-06-17 0.24.38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.152 [GMT 2:00]
Eseguito da: C:\Documents and Settings\claudio\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-05-16 al 2008-06-16 )))))))))))))))))))))))))))))))))))
.

2008-06-16 22:40 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-16 22:24 . 2008-06-17 00:22 <DIR> d-------- C:\VEXPLITE
2008-06-16 18:44 . 2008-04-13 11:54 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2008-06-16 18:44 . 2008-04-13 11:54 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-06-15 07:42 . 2008-06-15 07:42 <DIR> d-------- C:\Programmi\Trend Micro
2008-06-14 00:06 . 2008-06-14 00:06 <DIR> d-------- C:\VundoFix Backups
2008-06-12 16:17 . 2008-06-16 11:54 <DIR> d-------- C:\pwrcmdr
2008-06-12 11:30 . 2008-06-12 11:30 90,624 --a------ C:\WINDOWS\system32\lmkwxtca.dll
2008-06-12 09:15 . 2008-06-12 09:15 <DIR> d-------- C:\WINDOWS\system32\it
2008-06-12 09:11 . 2008-06-12 09:16 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-12 09:10 . 2008-04-13 19:14 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-06-12 09:05 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002719_.tmp
2008-06-12 08:51 . 2008-06-12 08:55 <DIR> d-------- C:\f40e8c9fdfa74a2b65e3a5b22f
2008-06-12 00:53 . 2008-06-12 09:15 <DIR> d-------- C:\WINDOWS\system32\it-it
2008-06-11 23:53 . 2008-06-12 00:01 <DIR> d-------- C:\Programmi\Lavasoft
2008-06-11 23:53 . 2008-06-11 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-06-11 22:31 . 2008-06-11 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TomTom
2008-06-11 22:30 . 2008-06-11 22:30 <DIR> d-------- C:\Programmi\TomTom HOME 2
2008-06-11 22:23 . 2008-06-11 22:23 <DIR> d-------- C:\Programmi\TomTom DesktopSuite
2008-06-11 22:06 . 2008-06-11 22:29 <DIR> d-------- C:\Programmi\TomTom HOME
2008-06-11 21:58 . 2008-06-11 21:58 <DIR> d--hs---- C:\Documents and Settings\claudio\UserData
2008-06-11 21:18 . 2008-06-11 21:18 <DIR> d-------- C:\Programmi\Novatel Wireless
2008-06-11 21:17 . 2008-06-11 23:51 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-06-11 21:13 . 2008-06-11 21:13 <DIR> d-------- C:\Programmi\mobile PhoneTools
2008-06-11 21:13 . 2008-06-11 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
2008-06-11 20:53 . 2003-07-10 22:29 36,864 -ra------ C:\WINDOWS\system32\NwtCoInstaller.dll
2008-06-11 18:57 . 2008-06-11 18:57 29 --a------ C:\WINDOWS\DEBUGSM.INI
2008-06-11 17:51 . 2008-06-11 17:52 <DIR> d-------- C:\Programmi\CCleaner
2008-06-11 17:48 . 2008-06-11 18:54 <DIR> d-------- C:\Programmi\CDex_150
2008-06-11 17:47 . 2008-06-11 17:47 <DIR> d-------- C:\Programmi\VideoLAN
2008-06-11 17:45 . 2008-06-11 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Elaborate Bytes
2008-06-11 17:40 . 2008-06-11 17:40 <DIR> d-------- C:\Programmi\Elaborate Bytes
2008-06-11 17:01 . 2004-09-28 13:08 458,112 --a------ C:\WINDOWS\system32\drivers\MarvinUsb.sys
2008-06-11 16:58 . 2008-06-11 16:58 <DIR> d-------- C:\Programmi\Pinnacle Systems
2008-06-11 16:52 . 2008-06-11 16:52 <DIR> d-------- C:\Programmi\DVD Shrink
2008-06-11 16:52 . 2008-06-11 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2008-06-11 16:07 . 2008-06-11 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SlySoft
2008-06-11 16:03 . 2008-06-11 16:42 <DIR> d-------- C:\Programmi\SlySoft
2008-06-11 16:03 . 2008-06-11 17:46 48 ---hs---- C:\WINDOWS\SF6ECA0DF.tmp
2008-06-11 03:49 . 2008-06-11 03:49 <DIR> d-------- C:\Programmi\MSXML 4.0
2008-06-11 03:43 . 2008-06-12 08:59 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-11 03:41 . 2008-04-13 18:49 273,664 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 03:25 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-06-11 03:25 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-06-11 03:25 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-06-11 03:13 . 2008-06-11 03:15 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-11 03:13 . 2008-06-11 03:15 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-11 02:58 . 2008-06-11 02:58 <DIR> d-------- C:\Programmi\D-Link
2008-06-11 02:44 . 2008-06-11 03:27 <DIR> d-------- C:\Programmi\Norton Internet Security
2008-06-11 02:42 . 2008-06-11 03:15 <DIR> d-------- C:\Programmi\Symantec
2008-06-11 02:42 . 2008-06-16 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-06-11 02:42 . 2008-06-11 03:15 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-11 02:42 . 2008-06-11 03:15 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-11 02:41 . 2008-06-17 00:27 <DIR> d-------- C:\Programmi\File comuni\Symantec Shared
2008-06-11 02:35 . 2008-06-11 02:35 <DIR> d-------- C:\WINDOWS\system32\Quicktime
2008-06-11 02:35 . 2008-06-11 02:35 <DIR> d-------- C:\Programmi\SmartSound Software
2008-06-11 02:35 . 2008-06-11 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SmartSound Software Inc
2008-06-11 02:33 . 2005-01-28 15:36 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2008-06-11 02:28 . 2008-06-11 02:28 <DIR> d-------- C:\Programmi\Real
2008-06-11 02:28 . 2008-06-11 02:28 <DIR> d-------- C:\Programmi\File comuni\xing shared
2008-06-11 02:28 . 2008-06-11 02:28 <DIR> d-------- C:\Programmi\File comuni\Real
2008-06-11 02:28 . 2008-06-11 02:28 <DIR> d-------- C:\Programmi\aod
2008-06-11 02:20 . 2003-03-15 23:15 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-06-11 02:18 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-06-11 02:17 . 2008-06-11 02:32 <DIR> d-------- C:\Programmi\Pinnacle
2008-06-11 02:17 . 2008-06-11 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
2008-06-11 02:17 . 2002-03-19 10:29 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2008-06-11 02:14 . 1998-12-22 01:49 66,594 --a--c--- C:\WINDOWS\system32\dllcache\c_862.nls
2008-06-11 02:14 . 1998-12-22 01:49 66,594 --a------ C:\WINDOWS\system32\c_862.nls
2008-06-11 02:14 . 1998-12-22 01:49 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_708.nls
2008-06-11 02:14 . 1998-12-22 01:49 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_28596.nls
2008-06-11 02:14 . 1998-12-22 01:49 66,082 --a------ C:\WINDOWS\system32\c_708.nls
2008-06-11 02:14 . 1998-12-22 01:49 66,082 --a------ C:\WINDOWS\system32\c_28596.nls
2008-06-11 02:14 . 1998-10-07 09:21 29,184 --a------ C:\WINDOWS\system32\Popup.ocx
2008-06-11 02:13 . 2008-06-11 02:13 <DIR> d-------- C:\Programmi\LHSP
2008-06-11 02:11 . 2008-06-11 02:11 <DIR> d-------- C:\My Documents
2008-06-11 02:11 . 1996-07-01 00:00 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2008-06-11 02:11 . 2008-06-11 02:11 1,276 --a------ C:\WINDOWS\photoimpression.ini
2008-06-11 02:10 . 2008-06-11 02:10 <DIR> d-------- C:\Programmi\ArcSoft
2008-06-11 02:08 . 2008-06-11 16:55 <DIR> d-------- C:\Programmi\EPSON
2008-06-11 02:05 . 2003-02-27 16:16 135,168 --a------ C:\WINDOWS\system32\l3codecx.acm
2008-06-11 02:02 . 2008-06-11 02:02 <DIR> d-------- C:\Programmi\Roxio
2008-06-11 02:01 . 2008-06-11 02:04 <DIR> d-------- C:\Programmi\File comuni\Roxio Shared
2008-06-11 00:56 . 2008-06-11 00:56 <DIR> d-------- C:\WINDOWS\Options
2008-06-11 00:56 . 2001-09-26 19:34 799,816 -ra------ C:\WINDOWS\system32\drivers\LTSM.sys
2008-06-11 00:56 . 2001-09-26 19:34 799,816 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-06-11 00:56 . 2001-10-01 19:28 121,905 --a------ C:\WINDOWS\system32\csellang.ini
2008-06-11 00:56 . 2002-03-26 14:47 102,400 --a------ C:\WINDOWS\system32\cselect.exe
2008-06-11 00:56 . 2001-05-08 21:38 77,824 --a------ C:\WINDOWS\system32\tosmreg.exe
2008-06-11 00:56 . 2002-03-19 17:23 57,344 --------- C:\WINDOWS\ltremove.exe
2008-06-11 00:56 . 2000-12-13 05:25 45,056 --a------ C:\WINDOWS\system32\csellang.dll
2008-06-11 00:56 . 2001-05-24 18:17 8,899 --a------ C:\WINDOWS\system32\tosmreg.ini
2008-06-11 00:56 . 2000-12-13 03:13 6,793 --a------ C:\WINDOWS\system32\cseltbl.ini
2008-06-11 00:54 . 2002-08-09 11:50 155,648 --a------ C:\WINDOWS\system32\TMEPROP.CPL
2008-06-11 00:54 . 2001-07-03 11:06 49,152 --a------ C:\WINDOWS\TMEVALDD.DLL
2008-06-11 00:54 . 2002-08-09 11:48 9,614 --a------ C:\WINDOWS\system32\TMESRV.HLP
2008-06-11 00:52 . 2002-04-24 12:06 94,208 --a------ C:\WINDOWS\system32\TDispVol.exe
2008-06-11 00:52 . 2002-02-28 15:40 45,056 --a------ C:\WINDOWS\system32\TDispVol.dll
2008-06-11 00:52 . 2002-07-31 15:40 40,960 --a------ C:\WINDOWS\system32\TCtrlCommon.dll
2008-06-11 00:46 . 2002-07-24 16:42 249,856 --a------ C:\WINDOWS\system32\yacxgc.cpl
2008-06-11 00:45 . 2008-06-11 00:45 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-06-11 00:44 . 2008-06-11 00:44 <DIR> d-------- C:\Documents and Settings\claudio\WINDOWS
2008-06-11 00:44 . 2000-01-07 16:36 478,720 --a------ C:\WINDOWS\system32\ssToshiba.scr
2008-06-11 00:44 . 1998-10-01 15:22 299,520 --a------ C:\WINDOWS\uninst.exe
2008-06-11 00:43 . 2008-06-11 01:17 <DIR> d-------- C:\Programmi\TOSHIBA
2008-06-11 00:41 . 2008-06-11 00:41 <DIR> d-------- C:\Programmi\Intel
2008-06-11 00:37 . 2002-08-20 10:29 40,960 -ra------ C:\WINDOWS\system32\ezSP_Px.exe
2008-06-11 00:37 . 2002-04-18 02:02 16,288 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-06-11 00:36 . 2008-06-12 01:00 <DIR> d--h----- C:\Programmi\InstallShield Installation Information
2008-06-11 00:36 . 2008-06-11 00:36 <DIR> d-------- C:\Programmi\Drag'n Drop CD
2008-06-11 00:36 . 2002-08-19 12:35 713 --a------ C:\WINDOWS\system32\Px.ini
2008-06-11 00:33 . 2008-06-11 02:35 <DIR> d-------- C:\Programmi\File comuni\InstallShield
2008-06-11 00:30 . 2008-06-11 00:30 <DIR> d-------- C:\Programmi\Synaptics
2008-06-11 00:30 . 2002-08-16 16:15 262,160 -ra------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-06-11 00:30 . 2002-08-16 16:17 110,592 -ra------ C:\WINDOWS\system32\SynTPAPI.dll
2008-06-11 00:30 . 2002-08-16 10:47 77,824 -ra------ C:\WINDOWS\system32\SynTPCoI.dll
2008-06-11 00:30 . 2002-08-16 16:18 65,536 -ra------ C:\WINDOWS\system32\SynTPFcs.dll
2008-06-11 00:27 . 2008-06-11 00:27 <DIR> d-------- C:\Program Files
2008-06-11 00:27 . 1998-11-13 13:07 307,712 --a------ C:\WINDOWS\IsUn0410.exe
2008-06-11 00:01 . 2008-06-11 00:01 <DIR> d-------- C:\Programmi\Nero
2008-06-11 00:01 . 2008-06-11 00:02 <DIR> d-------- C:\Programmi\File comuni\Nero
2008-06-11 00:01 . 2008-06-11 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 21:57 --------- d-----w C:\Programmi\File comuni\Adobe
2008-06-10 23:58 --------- d-----w C:\Programmi\CyberLink
2008-06-10 23:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2008-06-10 23:51 --------- d-----w C:\Programmi\Microsoft.NET
2008-06-10 23:51 --------- d-----w C:\Programmi\Microsoft Works
2008-06-10 23:35 --------- d-----w C:\Programmi\Microsoft Encarta
2008-06-10 23:32 --------- d-----w C:\Programmi\Microsoft AutoRoute
2008-06-10 23:27 --------- d-----w C:\Programmi\Microsoft Works Suite 2003
2008-06-10 23:03 --------- d-----w C:\Programmi\YAMAHA
2008-06-10 21:39 --------- d-----w C:\Programmi\microsoft frontpage
2008-06-10 21:37 --------- d-----w C:\Programmi\Servizi in linea
2008-05-09 17:56 99,264 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-13 17:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-13 17:16 331,776 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-13 17:13 99,840 ----a-w C:\WINDOWS\system32\loadperf.dll
2008-04-13 17:12 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-13 17:11 539,648 ----a-w C:\WINDOWS\system32\comuid.dll
2008-04-13 17:11 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-13 17:11 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-13 16:55 2,192,768 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 16:55 2,069,632 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 16:54 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 16:53 92,672 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 16:52 80,896 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 16:52 2,973,696 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-13 16:51 566,272 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:51 51,200 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 16:51 186,880 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-13 16:50 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 16:49 68,608 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 16:49 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-13 16:48 8,704 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-13 09:45 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 09:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 09:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 09:40 449,024 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 09:37 2,962,432 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 09:35 195,072 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 09:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 09:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 08:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 08:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 08:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 07:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 07:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 07:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 06:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-16_21.15.42.77 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 19:11:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-16 22:21:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-16 19:04:44 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-16 22:26:46 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-16 19:04:44 48,012 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-06-16 22:26:46 48,012 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-06-16 19:04:44 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-16 22:26:46 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-16 19:04:44 345,620 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-06-16 22:26:46 345,620 ----a-w C:\WINDOWS\system32\perfh010.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"AnyDVD"="C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe" [2008-05-13 20:41 89024]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"cPadFstR"="C:\Program Files\Synaptics\SynTP\CPad\cPadFstR.Exe" [2002-08-25 08:39 20480]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2002-08-16 10:43 126976]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2002-08-16 16:18 557056]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-07-24 23:18 438272 C:\WINDOWS\system32\nwiz.exe]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2002-05-13 09:12 245760]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"TFncKy"="TFncKy.exe" []
"TcmTray"="" []
"TDispVol"="TDispVol.exe" [2002-04-24 12:06 94208 C:\WINDOWS\system32\TDispVol.exe]
"TMESBS.EXE"="C:\Programmi\TOSHIBA\TME3\TMESBS32.exe" [2002-08-09 11:51 57344]
"Tpwrtray"="TPWRTRAY.EXE" [2002-07-31 17:00 188416 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TosHKCW.exe"="C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-01-22 18:20 49152]
"SxgTkBar"="SxgTkBar.exe" [2001-07-11 09:29 53248 C:\WINDOWS\system32\Sxgtkbar.exe]
"cPadAlarm"="C:\Programmi\Synaptics\SynTP\cPad\AlarmWatcher.exe" [2002-07-22 14:55 143360]
"TouchED"="C:\Programmi\TOSHIBA\TouchED\TouchED.Exe" [2002-08-01 16:26 122880]
"RoxioEngineUtility"="C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe" [2003-02-27 05:31 69632]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-06-11 02:28 151597]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2006-09-03 02:04 84640]
"osCheck"="C:\Programmi\Norton Internet Security\osCheck.exe" [2006-09-05 20:22 26248]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"CloneCDTray"="C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-27 21:14 57344]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-05-23 16:22 245760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:14 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-11 01:42:44 113664]
Wireless Connection Manager.lnk - C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe [2008-06-11 02:58:21 12693504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD]
--------- 2002-09-20 23:05 802816 C:\Programmi\Drag'n Drop CD\BinFiles\DragDrop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-02-26 16:50 253952 C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-02-27 04:36 757760 C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2001-07-13 03:26]
R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\system32\DRIVERS\TVALDX.SYS [2001-08-17 14:27]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R2 Tmesbs;Tmesbs32;C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe [2002-08-09 11:51]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-08 16:52]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2007-10-10 12:12]
R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer;C:\WINDOWS\system32\drivers\sxgxgwdm.sys [2001-10-05 09:40]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 07:00]
S2 SerialNW;NW Serial port driver;C:\WINDOWS\system32\DRIVERS\serialnw.sys [2003-08-29 08:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf444bf9-37e6-11dd-bc75-00179a428f60}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - VIRAGTLT
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-11 00:54:59 C:\WINDOWS\Tasks\Norton Internet Security - Scansione completa sistema - claudio.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exei/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 00:27:32
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\TDispVol.dll
.
Ora fine scansione: 2008-06-17 0.30.57
ComboFix-quarantined-files.txt 2008-06-16 22:30:44
ComboFix2.txt 2008-06-16 19:16:16

13 Directory 96,480,563,200 byte disponibili
17 Directory 96,468,819,968 byte disponibili

308 --- E O F --- 2008-06-11 02:02:49







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.32.14, on 17/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\acs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\VEXPLITE\viritsvc.exe
C:\Program Files\Synaptics\SynTP\CPad\cPadFstR.Exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\Programmi\Synaptics\SynTP\cPad\AlarmWatcher.exe
C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programmi\Symantec\LiveUpdate\AUPDATE.EXE
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [cPadFstR] C:\Program Files\Synaptics\SynTP\CPad\cPadFstR.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [cPadAlarm] C:\Programmi\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Programmi\D-Link\D-Link RangeBooster N 650 DWA-645\acs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 9252 bytes



al momento che ti sto postando le pagine web pirata non si aprono piu', speriamo bene Pray
ciao
mimetic
Inviato: Tuesday, June 17, 2008 10:33:51 PM

Rank: Member

Iscritto dal : 6/15/2008
Posts: 28
eccomiiiiii, non vorrei avanzare ipotesi, 2 ore che sono connesso e non compaiono piu' le pagine web pirata speriamo che la tua immensa saggezza sia stata propizia. fammi questo ultimo controllo dei log che mi hai chiesto, io resto in attesa di una tua risposta.
sei grande ciao
r16
Inviato: Tuesday, June 17, 2008 11:09:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao mimetic .
Non esagerare...............ti assicuro che qui,c'è gente più brava di me.Drool
Esegui queste operazioni di pulizia del pc:
Provvedi a svuotare del suo contenuto la cartella Prefetch :

Clicca su Risorse del Computer
Clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno (mi raccomando, non eliminare la cartella)
Svuota il Cestino.
Poi:

pulisci, prima di tutto, gli eventuali ADS (Alternate Data Streams), quindi:
lancia Hijackthis
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
lascia la spunta alla voce Ignore safe system info streams
togli la spunta alla voce Calculate md5 checksum of streams
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Terminata la scansione, devi riavviare il sistema.
Dai una pulita (registro compreso)con CCleaner
Fai una scansione on-line con questo http://housecall.trendmicro.com/it/
Ricordati di rinascondere le cartelle di sistema;
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Dovresti essere a posto,se hai domande sono qui.
mimetic
Inviato: Friday, June 20, 2008 8:06:39 PM

Rank: Member

Iscritto dal : 6/15/2008
Posts: 28
ciao r16 evvivaApplause Applause Applause sembra che il miracolo si sia avverato, tutto funziona perfettamante e il problema e' sparito,
naturalmente ti ringrazio e abbraccio per l'aiuto che mi hai dato.
sei un grande
Applause Applause Applause
r16
Inviato: Friday, June 20, 2008 9:39:28 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao .
Esagerato......Drool sono altri i "grandi" in questo bel forum.
Ricordati di rinascondere le cartelle di sistema;
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Ciao!
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.