Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Mi controllate questo log x favore? Opzioni
sodomino
Inviato: Friday, July 25, 2008 5:37:21 PM
Rank: AiutAmico

Iscritto dal : 7/17/2008
Posts: 96
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.36.15, on 25/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\Gio\Desktop\Lanterna\Lantmirc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\VEXPLITE\viritexp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C2DA439-4680-4E85-A22D-EB2385FABF80} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3074AA52-404E-44DB-B08F-C7061BCEAF9D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54AB3632-1CD9-411D-BE67-A50C237A26AA} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO.toolbar3 - {A4D16645-4149-41FB-B670-E06072E540C1} - C:\WINDOWS\system32\sofbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S107.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{212E581A-A559-4231-81DB-42815137BEA0}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 11107 bytes

Please aiutatemi ke ho un virus ke mi sta facendo sclerare....

In pratica quando tento di aprire una qualsiasi cartella mi dice questo:

Attention Gio some dangerous viruses detected in your system. Microsoft windows xp file corrupted. This may lead to the destruction of important file in c:\WINDOWS. download protection software now.
Click ok to download the antispyware. (raccommended) e devo scegliere tra si e no e qualsiasi schiaccio mi indirizza in una pagina e mi fa scarikare quello ke all'apparenza sembra un antispyware ma in realtà è un'altro virus che l'avast riesce a bloccare fortunatamente..... aiutatemi x fav
Sponsor
Inviato: Friday, July 25, 2008 5:37:21 PM

 
r16
Inviato: Friday, July 25, 2008 5:52:15 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O2 - BHO: (no name) - {1C2DA439-4680-4E85-A22D-EB2385FABF80} - (no file)
O2 - BHO: (no name) - {3074AA52-404E-44DB-B08F-C7061BCEAF9D} - (no file)
O2 - BHO: (no name) - {54AB3632-1CD9-411D-BE67-A50C237A26AA} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BHO.toolbar3 - {A4D16645-4149-41FB-B670-E06072E540C1} - C:\WINDOWS\system32\sofbho.dll
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

Trova e cancella i file in rosso:
C:\WINDOWS\system32\sofbho.dll
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).
RIAVVIA IL PC .
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
*********************************************************************************************************
POI:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .
Sempre qui.
ComboFix non funziona in modalità provvisoria

sodomino
Inviato: Friday, July 25, 2008 6:55:39 PM
Rank: AiutAmico

Iscritto dal : 7/17/2008
Posts: 96
LOG Combofix

ComboFix 08-07-24.6 - Gio 2008-07-25 18.41.10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.648 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Gio\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gio\Dati applicazioni\rhc3hqj0epct
C:\WINDOWS\cookies.ini
C:\WINDOWS\egwp.exe
C:\WINDOWS\system32\ehRtwyay.ini
C:\WINDOWS\system32\ehRtwyay.ini2
C:\WINDOWS\system32\makvhemr.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nyqjgrri.ini
C:\WINDOWS\system32\outhtetj.ini

.
((((((((((((((((((((((((( Files Creati Da 2008-06-25 al 2008-07-25 )))))))))))))))))))))))))))))))))))
.

2008-07-25 17:35 . 2008-07-25 17:35 <DIR> d-------- C:\Programmi\Trend Micro
2008-07-24 16:25 . 2008-07-25 15:10 <DIR> d-------- C:\Programmi\Any DVD Converter Professional
2008-07-24 16:25 . 2008-07-25 15:10 <DIR> d-------- C:\Documents and Settings\Gio\Dati applicazioni\Any DVD Converter Professional
2008-07-24 15:57 . 2007-02-27 19:36 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-07-24 15:57 . 2007-02-27 19:36 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-07-24 15:57 . 2007-02-27 19:36 221,215 --a------ C:\WINDOWS\system32\divxdec.ax
2008-07-24 15:57 . 2007-02-27 19:36 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-07-24 15:57 . 2007-02-27 19:36 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-07-24 15:57 . 2007-02-27 19:36 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2008-07-24 15:57 . 2007-02-27 19:36 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-07-24 15:57 . 2007-02-27 19:36 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-07-24 15:04 . 2008-07-24 15:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-24 14:54 . 2008-07-24 14:54 <DIR> d-------- C:\Documents and Settings\Gio\Dati applicazioni\AVS4YOU
2008-07-24 14:54 . 2008-07-24 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-07-24 14:53 . 2008-07-25 15:11 <DIR> d-------- C:\Programmi\File comuni\AVSMedia
2008-07-24 14:53 . 2008-07-25 15:11 <DIR> d-------- C:\Programmi\AVS4YOU
2008-07-24 14:53 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-07-24 14:53 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-07-24 14:53 . 2007-02-27 19:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-07-24 14:53 . 2007-02-27 19:36 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-07-24 14:53 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-07-24 14:20 . 2008-07-24 14:46 <DIR> d-------- C:\Programmi\Total Video Converter
2008-07-24 14:00 . 2008-07-24 14:04 56 --a------ C:\WINDOWS\VideoConvert.INI
2008-07-24 13:45 . 2008-07-24 13:45 <DIR> d-------- C:\Programmi\QuickTime
2008-07-24 13:45 . 2008-07-24 13:45 <DIR> d-------- C:\Programmi\ImTOO
2008-07-24 12:14 . 2008-07-24 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\vsosdk
2008-07-24 12:09 . 2008-07-24 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SlySoft
2008-07-24 12:08 . 2008-07-24 12:09 24 ---hs---- C:\WINDOWS\S723D68D4.tmp
2008-07-24 12:07 . 2008-07-24 12:07 <DIR> d-------- C:\Programmi\SlySoft
2008-07-23 19:00 . 2008-07-23 19:00 <DIR> d-------- C:\Programmi\VSO
2008-07-23 19:00 . 2008-07-24 12:48 <DIR> d-------- C:\Documents and Settings\Gio\Dati applicazioni\Vso
2008-07-23 19:00 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-07-23 19:00 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-07-23 19:00 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-07-23 19:00 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-07-23 19:00 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-07-23 19:00 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-07-23 19:00 . 2008-07-23 19:00 87,608 --a------ C:\Documents and Settings\Gio\Dati applicazioni\inst.exe
2008-07-23 19:00 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-07-23 19:00 . 2008-07-23 19:00 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-23 19:00 . 2008-07-23 19:00 47,360 --a------ C:\Documents and Settings\Gio\Dati applicazioni\pcouffin.sys
2008-07-23 18:44 . 2008-07-23 18:48 <DIR> d-------- C:\Programmi\MKVConverter
2008-07-23 14:59 . 2008-07-23 14:59 69 --a------ C:\WINDOWS\system32\3gpvideoconverterb.dat
2008-07-23 14:59 . 2008-07-23 14:59 69 --a------ C:\WINDOWS\system32\3gpvideoconvertera.dat
2008-07-23 14:24 . 2003-12-03 21:18 7,168 --a------ C:\WINDOWS\system\temp.000
2008-07-23 14:24 . 2003-12-03 21:17 5,120 --a------ C:\WINDOWS\system\temp.001
2008-07-22 16:38 . 2008-07-22 16:38 <DIR> d-------- C:\WINDOWS\Mozilla
2008-07-22 15:14 . 2007-12-17 08:02 700,416 --a------ C:\WINDOWS\system32\LameACM.acm
2008-07-22 11:43 . 2008-07-22 11:43 <DIR> d-------- C:\Programmi\mkvtoavis
2008-07-22 11:43 . 2008-07-22 11:43 <DIR> d-------- C:\Programmi\MKVTOAVI
2008-07-22 10:17 . 2008-07-22 10:17 <DIR> d-------- C:\Programmi\Easiestutils
2008-07-22 10:17 . 2008-05-09 12:53 512,000 --------- C:\WINDOWS\system32\dllcache\jscript.dll
2008-07-22 10:17 . 2008-05-09 12:53 430,080 --------- C:\WINDOWS\system32\dllcache\vbscript.dll
2008-07-22 10:17 . 2008-05-09 12:53 180,224 --------- C:\WINDOWS\system32\dllcache\scrobj.dll
2008-07-22 10:17 . 2008-05-09 12:53 172,032 --------- C:\WINDOWS\system32\dllcache\scrrun.dll
2008-07-22 10:17 . 2008-05-08 13:24 155,648 --------- C:\WINDOWS\system32\dllcache\wscript.exe
2008-07-22 10:17 . 2008-05-09 10:45 135,168 --------- C:\WINDOWS\system32\dllcache\cscript.exe
2008-07-22 10:17 . 2008-05-09 12:53 90,112 --------- C:\WINDOWS\system32\dllcache\wshext.dll
2008-07-21 20:39 . 2008-07-21 20:39 268 --ah----- C:\sqmdata05.sqm
2008-07-21 20:39 . 2008-07-21 20:39 244 --ah----- C:\sqmnoopt05.sqm
2008-07-21 19:40 . 2008-07-21 19:40 268 --ah----- C:\sqmdata04.sqm
2008-07-21 19:40 . 2008-07-21 19:40 244 --ah----- C:\sqmnoopt04.sqm
2008-07-21 19:24 . 2008-07-21 19:24 <DIR> d-------- C:\Programmi\Nero
2008-07-21 18:45 . 2008-07-21 18:45 0 --a------ C:\WINDOWS\Irremote.ini
2008-07-21 18:06 . 2008-07-21 18:06 268 --ah----- C:\sqmdata03.sqm
2008-07-21 18:06 . 2008-07-21 18:06 244 --ah----- C:\sqmnoopt03.sqm
2008-07-21 18:00 . 2008-07-21 19:26 <DIR> d-------- C:\Programmi\File comuni\Nero
2008-07-21 17:35 . 2008-07-21 17:35 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-07-21 17:35 . 2008-07-21 17:35 <DIR> d-------- C:\Programmi\microsoft frontpage
2008-07-21 17:27 . 2008-07-21 17:27 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-21 17:27 . 2008-07-21 17:27 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-21 17:24 . 2008-07-21 17:27 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-21 17:01 . 2008-07-21 17:01 268 --ah----- C:\sqmdata02.sqm
2008-07-21 17:01 . 2008-07-21 17:01 244 --ah----- C:\sqmnoopt02.sqm
2008-07-21 16:55 . 2008-04-14 04:13 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-07-21 16:55 . 2008-04-14 04:13 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-07-21 16:53 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-21 16:52 . 2008-07-21 16:52 <DIR> d-------- C:\Programmi\Microsoft Works
2008-07-21 16:52 . 2008-04-14 04:13 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-07-21 16:51 . 2008-07-21 16:51 <DIR> d-------- C:\Programmi\MSBuild
2008-07-21 16:48 . 2008-07-21 16:48 <DIR> d-------- C:\Programmi\Microsoft.NET
2008-07-21 16:43 . 2008-07-21 16:49 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-21 16:43 . 2008-07-21 16:43 <DIR> d-------- C:\Programmi\Microsoft Visual Studio 8
2008-07-21 16:41 . 2008-07-21 16:41 <DIR> dr-h----- C:\MSOCache
2008-07-21 15:20 . 2008-07-21 15:20 268 --ah----- C:\sqmdata01.sqm
2008-07-21 15:20 . 2008-07-21 15:20 244 --ah----- C:\sqmnoopt01.sqm
2008-07-21 13:40 . 2008-07-21 13:40 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-07-21 13:38 . 2008-07-21 13:38 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\iolo
2008-07-21 13:31 . 2008-07-21 13:38 <DIR> d-------- C:\Documents and Settings\Gio\Dati applicazioni\iolo
2008-07-21 13:31 . 2008-07-21 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\iolo
2008-07-21 13:31 . 2008-07-21 13:31 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-07-21 12:12 . 2008-07-25 15:27 <DIR> d-------- C:\Programmi\Registry Clean Expert
2008-07-18 17:59 . 2008-07-20 14:47 <DIR> d-------- C:\Programmi\XMS7
2008-07-17 20:12 . 2008-07-17 20:29 <DIR> d-------- C:\QUARANTENA_VIRIT
2008-07-17 14:39 . 2008-07-25 15:02 <DIR> d-------- C:\VEXPLITE
2008-07-17 14:39 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-07-15 15:10 . 2008-07-15 12:45 102,400 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-15 15:08 . 2008-07-17 14:06 90,838 --a------ C:\WINDOWS\system32\phc7hqj0epct.bmp
2008-07-15 13:44 . 2008-07-15 13:44 95 --a------ C:\WINDOWS\wininit.ini
2008-07-15 13:28 . 2008-07-15 13:28 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-07-15 13:28 . 2008-07-15 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-14 14:32 . 2008-07-16 21:52 110,419 --a------ C:\WINDOWS\BMfbff0021.xml
2008-07-14 12:53 . 2008-07-14 12:53 <DIR> d-------- C:\Documents and Settings\Gio\Dati applicazioni\STOIK
2008-07-14 12:53 . 2008-07-25 14:46 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-09 14:23 . 2008-07-09 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Adsl Software Ltd
2008-07-09 10:00 . 2008-06-20 13:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-07-09 10:00 . 2008-06-20 19:46 247,296 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-07-09 10:00 . 2008-06-20 13:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-07-09 10:00 . 2008-06-20 19:46 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-07-09 10:00 . 2008-06-20 13:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-07-07 22:20 . 2008-07-07 22:20 <DIR> d-------- C:\Documents and Settings\Franco\Dati applicazioni\skypePM
2008-07-07 22:20 . 2008-07-07 22:20 32 --a------ C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-07-07 22:17 . 2008-07-07 22:26 <DIR> d-------- C:\Documents and Settings\Franco\Dati applicazioni\Skype
2008-07-07 22:16 . 2008-07-07 22:16 <DIR> d-------- C:\Programmi\Skype
2008-07-07 22:16 . 2008-07-07 22:16 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-07-07 22:16 . 2008-07-07 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-07-07 22:15 . 2008-07-07 22:15 <DIR> d-------- C:\Documents and Settings\Franco\Contacts
2008-07-07 22:14 . 2008-07-07 22:14 <DIR> d-------- C:\Documents and Settings\Franco\Dati applicazioni\PC Suite
2008-06-30 18:58 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-06-30 18:58 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2008-06-30 18:58 . 2008-02-07 16:15 408,576 --a------ C:\WINDOWS\system32\Smab.dll
2008-06-30 18:58 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-06-30 18:58 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2008-06-30 18:58 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-06-30 18:58 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 15:28 --------- d-----w C:\Documents and Settings\Gio\Dati applicazioni\uTorrent
2008-07-25 08:53 --------- d-----w C:\Programmi\eMule
2008-07-21 17:24 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-07-21 16:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-07-14 13:24 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-07-08 14:13 --------- d-----w C:\Documents and Settings\Gio\Dati applicazioni\Screenshot Sender
2008-07-03 17:00 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2008-06-27 09:02 --------- d-----w C:\Programmi\File comuni\Real
2008-06-24 14:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-21 08:38 --------- d-----w C:\Documents and Settings\Gio\Dati applicazioni\Media Player Classic
2008-06-21 08:31 --------- d-----w C:\Programmi\K-Lite Codec Pack
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 07:22 --------- d-----w C:\Programmi\Replay Media Catcher
2008-06-18 19:50 --------- d-----w C:\Programmi\File comuni\SWF Studio
2008-06-14 17:32 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 08:11 --------- d-----w C:\Programmi\FDRLab
2008-06-08 07:37 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-08 07:37 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-06 12:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-03 15:09 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-03 14:43 --------- d-----w C:\Programmi\Lavalys
2008-06-03 14:14 --------- d--h--r C:\Documents and Settings\Gio\Dati applicazioni\SecuROM
2008-06-03 07:23 --------- d-----w C:\Programmi\RamBooster
2008-06-03 07:16 --------- d-----w C:\Documents and Settings\Gio\Dati applicazioni\Lavasoft
2008-05-29 12:25 --------- d-----w C:\Programmi\DVD Shrink
2008-05-19 19:21 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-19 19:21 253,952 ------w C:\WINDOWS\Setup1.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14 15360]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"EPSON Stylus DX6000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE" [2006-09-22 04:01 139264]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 15:13 68856]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"AnyDVD"="C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe" [2008-01-02 08:23 1653696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"CnxDslTaskBar"="C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2003-10-29 09:11 462848]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Programmi\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Programmi\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-06-27 11:01 185896]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 04:14 172032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:14 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
--a------ 2008-07-21 14:38 601848 C:\Programmi\Registry Clean Expert\RCHelper.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Documents and Settings\\Gio\\Desktop\\zDC++0.668z3Ita\\zDCPlusPlus.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\Gio\\Desktop\\Lanterna\\Lantmirc.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1755:TCP"= 1755:TCP:eMule_TCP
"1755:UDP"= 1755:UDP:eMule_UDP

R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 20:42]
R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 02:38]
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 13:22]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-07-17 14:44]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-09-12 04:26]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-09-12 04:26]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-10-29 09:02]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F191BA9-931C-A9AA-0203-070008010106}]
C:\WINDOWS\system32\usnsva.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-23 18:10:53 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-07-25 16:43:58 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
- - - - ORFÇOS REMOVIDOS - - - -

BHO-{1C2DA439-4680-4E85-A22D-EB2385FABF80} - (no file)
BHO-{3074AA52-404E-44DB-B08F-C7061BCEAF9D} - (no file)
BHO-{54AB3632-1CD9-411D-BE67-A50C237A26AA} - (no file)
BHO-{A4D16645-4149-41FB-B670-E06072E540C1} - (no file)
ShellExecuteHooks-{1C2DA439-4680-4E85-A22D-EB2385FABF80} - (no file)


.
------- Supplementary Scan -------
.
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 18:44:11
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-25 18:46:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-25 16:46:23

Pre-Run: 25,601,474,560 byte disponibili
Post-Run: 25,514,123,264 byte disponibili

294 --- E O F --- 2008-07-22 08:32:30


LOG hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.53.40, on 25/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S107.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{212E581A-A559-4231-81DB-42815137BEA0}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 9833 bytes

non ho trovato il file

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE') in hijackthis
e non ho trovato neanche C:\WINDOWS\system32\sofbho.dll
cmq il problema è risolto grazie mille solo ke quando ho avviato combofix mi ha tolto la protezione di avast all'avvio e non so + come rimetterla...
aspetto risposta e grazie ancora
r16
Inviato: Friday, July 25, 2008 7:20:54 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Prova a fixare queste voci in modalità normale:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
Per disistallare Virit,fai :
Start\Tutti Programmi, e trovi il suo Unistall.
Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Ti avevo segnalato (in rosso) che dovevi DISABILITARE Avast........
sodomino
Inviato: Friday, July 25, 2008 7:22:33 PM
Rank: AiutAmico

Iscritto dal : 7/17/2008
Posts: 96
lo ho disabilitato poi mandato combofix me lo ha tolto dall'avvio e adesso nn mi protegge + cm faccio a rimetterlo?? mi è uscito il centro di sicurezza pc che mi dice protezione da virus disabilitato...
r16
Inviato: Friday, July 25, 2008 10:19:29 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao Il pulsante per riattivare Avast forse (non ho mai installato Avast) dovrebbe trovarsi sull'icona vicino all'orologio.
Ci sarà qualche voce che ti dice "abilita".
sodomino
Inviato: Saturday, July 26, 2008 10:36:02 AM
Rank: AiutAmico

Iscritto dal : 7/17/2008
Posts: 96
no si è tolta l'icona xkè io forse ho fatto una cavolata mi è uscito lo spybot che mi ha chiesto di effettuare una modifica ad avast e io gli ho detto d si e mo nn so cm tornare indietro...
r16
Inviato: Saturday, July 26, 2008 10:45:52 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Taglia la testa al toro, disistalla Avast e reistallalo.
Oppure ,lo disistalli, e installi AVG8,che a mio parere è migliore di Avast.
http://www.aiutaamici.com/software?s=y
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.