Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log

Controllo log Opzioni
Topic Precedente · Topic Sucessivo
maria_na
Inviato: Wednesday, October 01, 2008 2:14:17 PM
Rank: Member

Iscritto dal : 9/14/2005
Posts: 7
Mi controllate il log per favore perchè credo di avere qualche problema.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.43.49, on 01/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Raxco\PerfectDisk\PDSched.exe
C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\WINDOWS\mstinit.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\X'nBeep 1.1\XnBeep.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
D:\Applicazioni\Pulizia virus,spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: RadioItalia Toolbar - {0aaeaede-aefd-4672-a764-5c5c037612a2} - C:\Programmi\RadioItalia\tbRadi.dll
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
F3 - REG:win.ini: load=C:\WINDOWS\System\mstsc.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: RadioItalia Toolbar - {0aaeaede-aefd-4672-a764-5c5c037612a2} - C:\Programmi\RadioItalia\tbRadi.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [X'nBeep] C:\Programmi\X'nBeep 1.1\XnBeep.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\WINDOWS\mstinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\System32\drivers\cisvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\System\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\System\cisvc.exe /waitservice (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11232 bytes
Torna in alto
 
Sponsor
Inviato: Wednesday, October 01, 2008 2:14:17 PM

 
Torna in alto
 
r16
Inviato: Wednesday, October 01, 2008 10:37:46 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema (consigliato)


Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\WINDOWS\mstinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\System32\drivers\cisvc.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\System\cisvc.exe /waitservice (User 'SYSTEM'
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\System\cisvc.exe /waitservice (User 'Default user')
Trova e cancella i file in rosso:
C:\WINDOWS\mstinit.exe
C:\WINDOWS\System32\drivers\cisvc.exe
C:\WINDOWS\System\cisvc.exe /waitservice (User 'SYSTEM'
Fai attenzione ai percorsi dei file segnati in rosso.

Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).
Posta anche il log. (lo trovi sull'icona in alto, con raffigurato un block notes ,con una penna)
Riavvia il computer.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223

Scarica: Malwarebytes' Anti-MalwareMalwarebyte e salvalo dove vuoi tu. : http://www.besttechie.net/tools/mbam-setup.exe

Doppio click sull'icona di mbam-setup.exe che hai salvato,e procedi con l'installazione

Assicurati che ci siano entrambi i segni di spunta su :Aggiorna Malwarebytes' Anti-Malware e Avvia, e clicca Fine
Al primo avvio, ti comparirà un messaggio di benvenuto, Assicurati che il collegamento Internet sia attivo e clicca OK
Attendi la fine dell'aggiornamento.
Compare la schermata principale.
Clicca Scansiona
Potrebbe volerci parecchio tempo,(dipende quanto è infettato il pc) quindi bisogna avere un pò di pazienza.

Al termine della scansione, clicca OK

Assicurati che tutti i files evidenziati siano selezionati e clicca Rimuovi Selezionati

Quando la disinfezione sarà completata, verrà aperto Notepad con il risultato dell'operazione .
Postalo qui.
Vedi se i problemi sono risolti.
Torna in alto
 
maria_na
Inviato: Thursday, October 02, 2008 3:07:57 PM
Rank: Member

Iscritto dal : 9/14/2005
Posts: 7
Ho eseguito alla lettera tutte le indicazioni per ben due volte ma purtroppo al riavvio in modalità normale mi si reinstallano in esecuzione automatica. Naturalmente eseguendo l'hijackthis mi riappaiono le voci che ho eliminato precedentemente.
Mi sa che sono nei guai......come posso procedere?
Torna in alto
 
monsee
Inviato: Thursday, October 02, 2008 3:34:55 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Sicura di aver disabilitato il Ripristino configurazione di sistema PRIMA di procedere all'eliminazione?
Torna in alto
 
maria_na
Inviato: Thursday, October 02, 2008 4:08:16 PM
Rank: Member

Iscritto dal : 9/14/2005
Posts: 7
Si, e tutte e due le volte, ma per sicurezza riprovo.
Torna in alto
 
r16
Inviato: Thursday, October 02, 2008 5:47:28 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao .
Mi sembra di averti chiesto dei log...Think

Le hai fatte le scansioni richieste?
Ne ho bisogno per capire da cosa sei infettata.
*********************************************************************************************************
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Posta un nuovo log di HijackThis .Sempre in questo topic.
Se non funziona useremo le "brutte maniere".
Torna in alto
 
maria_na
Inviato: Thursday, October 02, 2008 8:23:44 PM
Rank: Member

Iscritto dal : 9/14/2005
Posts: 7
Ho ripetuto ancora una volta tutte le operazioni in modalità provvisoria, e disattivando il ripristino configurazione, poi ho scansionato con il Combofix, ma questo è il risultato:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.19.21, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Raxco\PerfectDisk\PDSched.exe
C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\X'nBeep 1.1\XnBeep.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\WINDOWS\System32\drivers\esentutl.exe
C:\Programmi\Opera\opera.exe
D:\Applicazioni\Pulizia virus,spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: RadioItalia Toolbar - {0aaeaede-aefd-4672-a764-5c5c037612a2} - C:\Programmi\RadioItalia\tbRadi.dll
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
F3 - REG:win.ini: load=C:\WINDOWS\System32\drivers\esentutl.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: RadioItalia Toolbar - {0aaeaede-aefd-4672-a764-5c5c037612a2} - C:\Programmi\RadioItalia\tbRadi.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [X'nBeep] C:\Programmi\X'nBeep 1.1\XnBeep.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\WINDOWS\System\esentutl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\WINDOWS\System\cmstp.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [SessMgr] C:\DOCUME~1\Paolo\IMPOST~1\Temp\sessmgr.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [SessMgr] C:\DOCUME~1\Paolo\IMPOST~1\Temp\sessmgr.exe /waitservice (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10943 bytes

Spero di non dover formattare:(
Torna in alto
 
maria_na
Inviato: Thursday, October 02, 2008 8:49:37 PM
Rank: Member

Iscritto dal : 9/14/2005
Posts: 7
Questo il log di Malwarebytes:

Malwarebytes' Anti-Malware 1.28
Versione del database: 1226
Windows 5.1.2600 Service Pack 3

02/10/2008 14.18.03
mbam-log-2008-10-02 (14-17-53).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 164152
Tempo trascorso: 1 hour(s), 19 minute(s), 18 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
Torna in alto
 
r16
Inviato: Thursday, October 02, 2008 10:44:11 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scusa maria_na, ma dovè il log di Combofix?
Lo vorrei vedere .
Torna in alto
 
maria_na
Inviato: Thursday, October 02, 2008 11:02:52 PM
Rank: Member

Iscritto dal : 9/14/2005
Posts: 7
Scusa hai ragione, ho fatto un pò di confusione, quello di prima era il log di Virit-Lite. Questo è il log di Combofix:

ComboFix 08-10-01.06 - Paolo 2008-10-02 22.50.21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.543 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Paolo\Desktop\ComboFix.exe
* Resident AV is active


ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-09-02 al 2008-10-02 )))))))))))))))))))))))))))))))))))
.

2008-10-02 20:12 . 2008-09-03 14:21 86,016 --a------ C:\WINDOWS\system\esentutl.exe
2008-10-02 19:18 . 2008-09-03 14:21 86,016 --a------ C:\WINDOWS\system32\drivers\esentutl.exe
2008-10-02 19:18 . 2008-09-03 14:21 86,016 --a------ C:\WINDOWS\system\cmstp.exe
2008-10-02 19:16 . 2008-09-03 14:21 86,016 --a------ C:\Documents and Settings\Paolo\Dati applicazioni\clipsrv.exe
2008-10-02 19:05 . 2008-10-02 19:05 2,885,367 -ra------ C:\ComboFix.exe
2008-10-02 14:45 . 2008-09-03 14:21 86,016 --a------ C:\WINDOWS\comrepl.exe
2008-10-02 14:35 . 2008-08-27 09:58 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-10-02 14:35 . 2008-08-27 09:58 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-10-02 14:35 . 2008-08-27 09:58 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-10-02 14:35 . 2008-08-27 09:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-10-02 14:35 . 2008-08-27 09:58 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-10-02 14:35 . 2008-10-02 22:54 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-10-02 14:35 . 2008-08-27 09:58 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-10-02 14:35 . 2008-08-27 09:58 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-10-02 14:35 . 2008-10-02 14:35 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-02 13:24 . 2008-09-03 14:21 86,016 --a------ C:\WINDOWS\cmstp.exe
2008-10-02 12:56 . 2008-10-02 12:57 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-02 12:56 . 2008-10-02 12:56 <DIR> d-------- C:\Documents and Settings\Paolo\Dati applicazioni\Malwarebytes
2008-10-02 12:56 . 2008-10-02 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-02 12:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-02 12:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-02 09:50 . 2008-10-02 12:50 <DIR> d-------- C:\VEXPLITE
2008-10-02 09:50 . 2008-08-30 12:11 40,960 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-10-02 08:37 . 2008-10-02 21:46 1,113 --a------ C:\rollback.ini
2008-10-02 08:26 . 2008-09-03 14:21 86,016 --a------ C:\WINDOWS\system32\drivers\cmstp.exe
2008-10-01 22:50 . 2008-10-01 22:50 <DIR> d-------- C:\WINDOWS\system32\oodag
2008-09-29 23:33 . 2008-09-29 23:33 0 --a------ C:\WINDOWS\iPlayer.INI
2008-09-26 21:12 . 2008-09-26 21:12 256 --a------ C:\Documents and Settings\Paolo\pool.bin
2008-09-26 15:02 . 2008-09-26 22:17 <DIR> d-------- C:\Documents and Settings\Paolo\Dati applicazioni\Research In Motion
2008-09-26 15:02 . 2008-10-01 18:51 256 --a------ C:\WINDOWS\system32\pool.bin
2008-09-26 15:00 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-09-26 14:58 . 2008-09-26 22:14 <DIR> d-------- C:\Programmi\Research In Motion
2008-09-26 14:58 . 2008-10-01 16:38 <DIR> d-------- C:\Programmi\File comuni\Research In Motion
2008-09-24 20:28 . 2008-09-24 20:28 <DIR> d-------- C:\Programmi\TVAnts
2008-09-24 12:54 . 2008-09-24 14:56 <DIR> d-------- C:\Mappe e mio
2008-09-24 12:53 . 2008-09-24 12:54 <DIR> d-------- C:\MaxBlastSetup
2008-09-22 22:22 . 2008-10-01 16:36 <DIR> d-------- C:\Blackberry
2008-09-22 12:20 . 2008-09-22 12:24 68,671,488 --a------ C:\austrumi-1.6.0.iso
2008-09-22 09:32 . 2008-09-22 09:32 121 --a------ C:\WINDOWS\Winchat.ini
2008-09-21 23:54 . 2008-09-21 23:55 <DIR> d-------- C:\WINDOWS\VistaMizer
2008-09-21 20:55 . 2008-09-21 20:55 <DIR> d-------- C:\Documents and Settings\Paolo\LocalLow
2008-09-21 16:47 . 2008-09-21 16:47 3,596 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-09-21 15:46 . 2008-09-22 00:02 <DIR> d-------- C:\Documents and Settings\Paolo\Dati applicazioni\avidemux
2008-09-21 15:45 . 2008-09-22 00:02 <DIR> d-------- C:\Programmi\Avidemux 2.4
2008-09-21 13:11 . 2008-10-01 22:31 <DIR> d-------- C:\WINXP_SP3+Driver
2008-09-21 10:09 . 2008-09-21 23:32 18,787 --a------ C:\WINDOWS\wizard.log_20080922_14_10_55
2008-09-21 10:09 . 2008-09-21 22:33 18,787 --a------ C:\WINDOWS\wizard.log_20080921_22_58_37
2008-09-21 10:09 . 2008-09-22 14:10 16,521 --a------ C:\WINDOWS\wizard.log_20081001_21_05_53
2008-09-21 10:09 . 2008-09-21 10:09 16,132 --a------ C:\WINDOWS\wizard.log_20080921_22_10_46
2008-09-21 10:09 . 2008-09-21 22:10 16,045 --a------ C:\WINDOWS\wizard.log_20080921_22_33_16
2008-09-21 10:09 . 2008-09-21 22:58 15,972 --a------ C:\WINDOWS\wizard.log_20080921_23_13_56
2008-09-21 10:09 . 2008-09-21 23:13 15,919 --a------ C:\WINDOWS\wizard.log_20080921_23_32_25
2008-09-21 09:19 . 2008-10-01 21:42 <DIR> d-------- C:\Programmi\nLite
2008-09-18 15:30 . 2008-09-18 15:30 <DIR> d-------- C:\Documents and Settings\Paolo\Dati applicazioni\MailFrontier
2008-09-18 15:24 . 2008-09-19 08:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MailFrontier
2008-09-18 15:23 . 2008-09-18 15:23 <DIR> d-------- C:\Programmi\Zone Labs
2008-09-18 14:33 . 2008-09-18 14:33 <DIR> d-------- C:\Programmi\Innovative Solutions
2008-09-18 12:13 . 2008-09-18 12:13 <DIR> d-------- C:\Documents and Settings\Paolo\Dati applicazioni\GrassGames
2008-09-18 10:30 . 2008-10-02 22:54 20,387,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-18 10:30 . 2008-10-02 19:23 277,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-18 10:30 . 2008-09-18 15:07 7,456 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-18 10:30 . 2008-09-18 15:07 2,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-17 23:42 . 2008-09-17 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-09-17 21:38 . 2008-09-17 21:38 <DIR> d-------- C:\Programmi\JLC's Software
2008-09-17 21:38 . 2008-09-17 21:38 <DIR> d-------- C:\Documents and Settings\Paolo\Dati applicazioni\JLC's Software
2008-09-17 20:52 . 2008-09-17 23:43 <DIR> d-------- C:\Programmi\File comuni\uusee
2008-09-17 13:46 . 2008-09-17 23:43 <DIR> d-------- C:\Programmi\AAA Photo Album
2008-09-11 23:28 . 2008-09-11 23:28 <DIR> d-------- C:\WINDOWS\Sun
2008-09-07 13:35 . 2008-09-07 13:35 <DIR> d-------- C:\Programmi\123 Free Solitaire
2008-09-07 13:35 . 2008-09-07 13:38 <DIR> d-------- C:\Documents and Settings\Paolo\Dati applicazioni\123 Free Solitaire
2008-09-07 13:33 . 2008-09-07 13:33 <DIR> d-------- C:\Programmi\SIW
2008-09-06 17:58 . 2008-09-17 23:43 <DIR> d-------- C:\Programmi\SopCast
2008-09-06 10:58 . 2008-10-01 22:32 <DIR> d-------- C:\Da spostare
2008-09-05 22:29 . 2008-09-05 22:29 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\DivX
2008-09-05 18:53 . 2008-09-05 18:53 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-09-05 18:53 . 2008-09-05 18:54 2 --a------ C:\WINDOWS\Twain001.Mtx
2008-09-05 18:53 . 2008-09-05 18:53 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-09-05 10:03 . 2008-09-05 10:07 <DIR> d-------- C:\Programmi\JPEGCompress
2008-09-05 00:39 . 2008-09-05 09:17 <DIR> d-------- C:\Programmi\Microsoft Student
2008-09-05 00:38 . 2008-09-05 00:38 <DIR> d-------- C:\Programmi\Learning Essentials
2008-09-03 22:31 . 2008-09-03 22:31 <DIR> d-------- C:\Documents and Settings\Paolo\Dati applicazioni\Roxio
2008-09-03 22:31 . 2008-09-03 22:31 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\Roxio
2008-09-03 22:30 . 2008-09-03 22:31 <DIR> d-------- C:\Programmi\InterActual
2008-09-03 20:33 . 2008-09-03 14:21 86,016 --a------ C:\WINDOWS\system32\drivers\dllhst3g.exe
2008-09-03 20:33 . 2008-09-03 14:21 86,016 --a------ C:\Documents and Settings\Paolo\Dati applicazioni\rsvp.exe
2008-09-03 16:16 . 2008-09-03 16:16 <DIR> d-------- C:\Documents and Settings\Paolo\Dati applicazioni\Media Player Classic
2008-09-03 15:07 . 2008-09-03 15:07 <DIR> d-------- C:\Programmi\File comuni\xing shared
2008-09-03 15:07 . 2008-09-03 15:07 <DIR> d-------- C:\Program Files
2008-09-03 14:50 . 2008-09-03 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Sonic
2008-09-03 14:46 . 2008-09-03 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Roxio
2008-09-03 14:44 . 2008-09-03 14:51 <DIR> d-------- C:\Programmi\File comuni\Sonic Shared
2008-09-03 14:43 . 2008-09-03 14:43 <DIR> d-------- C:\Programmi\SmartSound Software
2008-09-03 14:43 . 2008-09-03 14:51 <DIR> d-------- C:\Programmi\Roxio
2008-09-03 14:43 . 2008-09-03 14:51 <DIR> d-------- C:\Programmi\File comuni\Roxio Shared
2008-09-03 14:43 . 2008-09-03 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SmartSound Software Inc
2008-09-03 14:21 . 2008-09-03 14:21 86,016 --a------ C:\WINDOWS\system\mstsc.exe
2008-09-03 14:21 . 2008-09-03 14:21 86,016 --a------ C:\WINDOWS\sessmgr.exe
2008-09-03 14:21 . 2008-09-03 14:21 86,016 --a------ C:\Documents and Settings\Paolo\Dati applicazioni\cisvc.exe
2008-09-03 11:54 . 2008-09-03 11:54 <DIR> d-------- C:\Programmi\Seagate
2008-09-02 15:38 . 2008-09-02 15:39 <DIR> d-------- C:\Documents and Settings\Paolo\Dati applicazioni\JDiskReport
2008-09-02 10:19 . 2008-09-02 10:19 <DIR> d-------- C:\Programmi\Microsoft AutoRoute
2008-09-02 10:10 . 2008-09-02 10:10 <DIR> d-------- C:\Programmi\ScanSoft
2008-09-02 09:59 . 2008-09-02 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet
2008-09-02 09:47 . 2008-09-02 09:47 <DIR> d-------- C:\Programmi\File comuni\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 14:18 259,584 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-10-02 12:27 347,648 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-10-02 10:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-10-02 06:24 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-10-01 21:13 1,248,768 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-10-01 21:12 1,707,008 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-10-01 19:38 --------- d-----w C:\Documents and Settings\Paolo\Dati applicazioni\Winamp
2008-10-01 18:00 --------- d-----w C:\Programmi\eMule
2008-10-01 16:31 --------- d-----w C:\Documents and Settings\Paolo\Dati applicazioni\Apple Computer
2008-10-01 16:05 --------- d-----w C:\Programmi\Bonjour
2008-10-01 13:43 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-10-01 13:43 --------- d-----w C:\Programmi\SpywareBlaster
2008-10-01 07:38 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-10-01 07:23 --------- d-----w C:\Documents and Settings\Paolo\Dati applicazioni\wsInspector
2008-09-30 21:54 651,264 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-09-30 21:54 1,668,096 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-09-30 13:38 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Bluetooth
2008-09-30 11:35 5,850 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-09-30 11:28 --------- d-----w C:\Documents and Settings\Paolo\Dati applicazioni\Vso
2008-09-29 22:02 259,072 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-09-29 12:55 315,392 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-09-28 21:44 274,432 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-09-27 23:10 93,696 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-09-27 12:30 259,584 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-09-26 16:53 45,056 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-09-26 15:53 245,760 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-09-26 13:45 517,632 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-09-25 21:12 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-09-25 13:45 72,192 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-09-25 08:59 144,384 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-09-24 21:39 323,584 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-09-24 14:11 161,280 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-09-24 08:20 252,416 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-09-23 14:50 233,984 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-09-22 21:33 220,160 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-09-22 16:26 73,728 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-09-22 16:08 62,976 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-09-22 15:38 88,064 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-09-22 13:58 49,664 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-09-22 12:49 520,192 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-09-21 21:53 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-09-21 15:06 121,856 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-09-21 15:06 1,688,576 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-09-21 14:42 852,480 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-09-21 09:55 1,481,728 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-09-21 08:39 177,664 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-09-20 22:46 51,712 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-09-20 17:04 398,336 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-09-19 22:53 566,784 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-09-19 14:51 1,472,512 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-09-18 22:00 788,480 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-09-18 13:20 --------- d-----w C:\Documents and Settings\Paolo\Dati applicazioni\LimeWire
2008-09-17 21:34 --------- d-----w C:\Programmi\Yahoo!
2008-09-17 18:53 --------- d-----w C:\Programmi\Google
2008-09-09 22:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-09-07 12:13 --------- d-----w C:\Programmi\FreeCommander
2008-09-07 11:31 --------- d-----w C:\Programmi\Teen Spirit
2008-09-06 10:46 --------- d-----w C:\Programmi\bobyte
2008-09-05 16:44 --------- d-----w C:\Programmi\Opera
2008-09-03 13:07 --------- d-----w C:\Programmi\File comuni\Real
2008-09-03 09:53 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-09-02 07:55 --------- d-----w C:\Programmi\File comuni\Adobe
2008-08-31 08:28 --------- d-----w C:\Programmi\ESET
2008-08-31 08:17 --------- d-----w C:\Documents and Settings\Paolo\Dati applicazioni\vlc
2008-08-31 08:16 --------- d-----w C:\Programmi\Coolstreaming_Tool-Bar_v1.0
2008-08-31 08:16 --------- d-----w C:\Programmi\Conduit
2008-08-31 08:15 --------- d-----w C:\Programmi\MegaPack CoolStreaming
2008-08-31 08:12 --------- d-----w C:\Programmi\Elaborate Bytes
2008-08-31 08:08 --------- d-----w C:\Programmi\SlySoft
2008-08-31 07:21 --------- d-----w C:\Programmi\File comuni\Nero
2008-08-30 21:55 --------- d-----w C:\Programmi\Photo!
2008-08-30 21:55 --------- d-----w C:\Documents and Settings\Paolo\Dati applicazioni\Photo! 3D ScreenSaver
2008-08-30 21:32 --------- d-----w C:\Programmi\iColorFolder
2008-08-30 20:20 102 --sha-w C:\Programmi\desktop.ini
2008-08-30 20:17 --------- d-----w C:\Programmi\RocketDock
2008-08-30 20:17 --------- d-----w C:\Programmi\DeskSlide
2008-08-30 20:16 --------- d-----w C:\Programmi\Cities of Earth
2008-08-30 20:15 --------- d-----w C:\Programmi\WFlip
2008-08-30 20:08 --------- d-----w C:\Programmi\X'nBeep 1.1
2008-08-30 20:07 --------- d-----w C:\Programmi\IObit
2008-08-30 17:28 --------- d-----w C:\Programmi\File comuni\Corel
2008-08-30 17:27 --------- d-----w C:\Programmi\Corel
2008-08-30 16:30 --------- d-----w C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-08-30 12:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Corel
2008-08-30 12:35 --------- d-----w C:\Documents and Settings\Paolo\Dati applicazioni\Corel
2008-08-30 12:20 --------- d-----w C:\Documents and Settings\Paolo\Dati applicazioni\InstallShield
2008-08-30 07:08 --------- d-----w C:\Programmi\Startup Inspector for Windows
2008-08-29 21:59 --------- d-----w C:\Programmi\Real
2008-08-29 21:03 --------- d-----w C:\Programmi\Microsoft Works
2008-08-29 21:03 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-08-29 21:02 --------- d-----w C:\Programmi\SpeedFan
2008-08-29 21:02 --------- d-----w C:\Programmi\Microsoft.NET
2008-08-29 21:02 --------- d-----w C:\Programmi\Microsoft Visual Studio 8
2008-08-29 21:02 --------- d-----w C:\Programmi\Magic Reader
2008-08-29 21:02 --------- d-----w C:\Programmi\HD Tune
2008-08-29 21:02 --------- d-----w C:\Programmi\FDF
2008-08-29 21:02 --------- d-----w C:\Documents and Settings\Paolo\Dati applicazioni\JAM Software
2008-08-29 21:01 --------- d-----w C:\Programmi\Seterra
2008-08-29 21:01 --------- d-----w C:\Programmi\MyWC2006
2008-08-29 21:01 --------- d-----w C:\Programmi\Codici Fiscali Master
.

------- Sigcheck -------

2005-01-27 19:12 660480 934b43c987c2d3ba72ca0a2ce3e83064 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
2008-06-23 17:39 827904 bf9d17259082632f03f3ff5759c6ae32 C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2004-08-19 15:39 658944 27966534a0820cd3bd988bd1517c8ff2 C:\WINDOWS\$NtUninstallKB867282$\wininet.dll
2005-01-27 19:13 659456 3fb5565b436507c981a70d822cb8680d C:\WINDOWS\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-06-23 18:15 927744 bbb4ef63f758b7966a2ee1e63cbdf281 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-06-23 18:15 826368 4b54220877703198e55f61cb7b87979e C:\WINDOWS\SoftwareDistribution\Download\921eed15ab37cd7c76babbe10158742c\SP2GDR\wininet.dll
2008-06-23 17:39 827904 bf9d17259082632f03f3ff5759c6ae32 C:\WINDOWS\SoftwareDistribution\Download\921eed15ab37cd7c76babbe10158742c\SP2QFE\wininet.dll
2008-06-23 18:15 927744 bbb4ef63f758b7966a2ee1e63cbdf281 C:\WINDOWS\system32\wininet.dll
2008-06-23 18:15 927744 bbb4ef63f758b7966a2ee1e63cbdf281 C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 18:15 826368 4b54220877703198e55f61cb7b87979e C:\WINDOWS\VistaMizer\old\wininet.dll

2004-08-19 15:39 504832 4166454e2bcfcc20d1b8a5ac9feab243 C:\WINDOWS\$NtUninstallKB883529$\winlogon.exe
2008-04-13 19:14 549888 6dc43081c760eec1130d2c8c145df375 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-13 19:14 549888 6dc43081c760eec1130d2c8c145df375 C:\WINDOWS\system32\winlogon.exe
2008-04-13 19:14 510464 9259170d29b5a256735fcb8b80280857 C:\WINDOWS\VistaMizer\old\winlogon.exe

2004-08-19 15:34 2060544 4dc3a3626b02c39aa69aae6f64bfbc2d C:\WINDOWS\$NtUninstallKB883517$\ntkrnlpa.exe
2008-04-13 18:55 2326784 9e7fba7d6872a2ff5de1ace7f176aab3 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 18:55 2326784 9e7fba7d6872a2ff5de1ace7f176aab3 C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:55 2326784 9e7fba7d6872a2ff5de1ace7f176aab3 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-04-13 18:55 2069632 5e95f445b70adcf8876d1203852262a1 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2004-08-19 15:34 2184704 4591cf1f202181113de2996e79a2905a C:\WINDOWS\$NtUninstallKB883517$\ntoskrnl.exe
2008-04-13 18:55 2449920 177bed6d03675567bd0e1a5e9d913f64 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 18:55 2449920 177bed6d03675567bd0e1a5e9d913f64 C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:55 2449920 177bed6d03675567bd0e1a5e9d913f64 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-04-13 18:55 2192768 7d804c28404e94f57967de3394201d55 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2008-04-13 19:14 1554944 19cb8aa5b83d0017eb9a9126aa2eeb55 C:\WINDOWS\explorer.exe
2008-04-13 19:14 1554944 19cb8aa5b83d0017eb9a9126aa2eeb55 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-13 19:14 1036288 70d7f99d95615c3c278367756287db71 C:\WINDOWS\VistaMizer\old\explorer.exe

2008-04-13 19:14 25088 91b6aac828f8bbe1796275424e44dfb0 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 19:14 25088 91b6aac828f8bbe1796275424e44dfb0 C:\WINDOWS\system32\ctfmon.exe
2008-04-13 19:14 15360 f53cddef33a4c41336a782be3d170158 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-02_19.16.54.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-23 17:14:25 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-10-02 20:26:53 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
- 2008-10-02 17:09:59 881,256 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-10-02 20:48:31 880,052 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"X'nBeep"="C:\Programmi\X'nBeep 1.1\XnBeep.exe" [2007-01-08 1067520]
"RocketDock"="C:\Programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-08-27 949376]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-10-02 249856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Esent Utl"="C:\WINDOWS\System\esentutl.exe" [2008-09-03 86016]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"="C:\WINDOWS\System\cmstp.exe" [2008-09-03 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" /background
"LogitechSoftwareUpdate"=C:\Programmi\Logitech\Video\ManifestEngine.exe boot
"InstantTray"=C:\Programmi\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
"IW_Drop_Icon"=C:\Programmi\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
"SpybotSD TeaTimer"=C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
"Yahoo! Pager"="C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"swg"=C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"Gadwin PrintScreen"=C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
"FAST Defrag"=
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
"E07IXLRD_7283296"="C:\Programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE" -m

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=C:\ATI-CPanel\atiptaxx.exe
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"LogitechVideoRepair"=C:\Programmi\Logitech\Video\ISStart.exe
"LogitechVideoTray"=C:\Programmi\Logitech\Video\LogiTray.exe
"EPSON Stylus Photo RX500"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
"SoundMan"=SOUNDMAN.EXE
"AlcWzrd"=ALCWZRD.EXE
"Alcmtr"=ALCMTR.EXE
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe
"PinnacleRemote"=C:\Programmi\Pinnacle\Shared Files\remoterm.exe
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
"AppleSyncNotifier"=C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe"
"PowerTranslator Pro OLR"=C:\PROGRA~1\BVRPSO~1\POWERT~1\BVRPOlr.exe /PowerTranslator Pro
"CloneDVDElbyDelay"="C:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
"CloneCDElbyCDFL"="C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"ComRepl"=C:\WINDOWS\System32\comrepl.exe /com /w
"Zone Labs Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
"<NO NAME>"=
"RoxWatchTray"="C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
"DMXLauncher"="C:\Programmi\Roxio\CinePlayer\DMXLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\Opera\\opera.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 54424]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-08-30 40960]
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 29239]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 188416]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 54424]
R2 PDSched;PDScheduler;C:\Programmi\Raxco\PerfectDisk\PDSched.exe [2004-11-01 237635]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-10-02 57344]
R3 Cap7134;ProVideo Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-03-24 334944]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 62976]
R3 PhTVTune;ProVideo WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-03-24 24288]
R3 RoxMediaDB10;RoxMediaDB10;C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Programmi\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\31.tmp [ ]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Programmi\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S4 SessionLauncher;SessionLauncher;C:\DOCUME~1\Paolo\IMPOST~1\Temp\DX9\SessionLauncher.exe [ ]
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://it.yahoo.com/
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://it.yahoo.com
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;*.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 22:54:45
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\DOCUME~1\Paolo\IMPOST~1\Temp\RGI110F.tmp

Scansione completata con successo
Files nascosti: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\31.tmp"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-10-02 22:56:01
ComboFix-quarantined-files.txt 2008-10-02 20:55:57
ComboFix2.txt 2008-10-02 17:18:11

Pre-Run: 12.713.140.224 byte disponibili
Post-Run: 12,700,594,176 byte disponibili

395 --- E O F --- 2008-09-09 22:42:07
Torna in alto
 
maria_na
Inviato: Thursday, October 02, 2008 11:07:30 PM
Rank: Member

Iscritto dal : 9/14/2005
Posts: 7
Ho chiesto a mio fratello se negli ultimi giorni ha installato qualcosa di particolare sul pc, e mi ha detto che effettivamente ha lavorato qualcosa con il suo Blackberry, mi sembra abbia parlato di firmware del telefono installato sul pc.
Non so se questo può aiutare a capire, mah.
Torna in alto
 
r16
Inviato: Thursday, October 02, 2008 11:29:15 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina queste voci di HijackThis:
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\WINDOWS\System\esentutl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\WINDOWS\System\cmstp.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [SessMgr] C:\DOCUME~1\Paolo\IMPOST~1\Temp\sessmgr.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [SessMgr] C:\DOCUME~1\Paolo\IMPOST~1\Temp\sessmgr.exe /waitservice (User 'Default user')
Poi fai Start\ Esegui\ copia-incolla questo comando: %temp% clicca OK.
Elimina TUTTO quello che trovi dentro la cartella TEMP.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Torna in alto
 
maria_na
Inviato: Thursday, October 02, 2008 11:33:50 PM
Rank: Member

Iscritto dal : 9/14/2005
Posts: 7
Devo eseguire tutto in modalità provvisoria?
Torna in alto
 
r16
Inviato: Thursday, October 02, 2008 11:36:04 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Prova in Modalità normale, se vedi che non si eliminano prova in Provvisoria.
Quando hai eliminato le voci , RIAVVIA il PC.
Torna in alto
 
maria_na
Inviato: Thursday, October 02, 2008 11:52:20 PM
Rank: Member

Iscritto dal : 9/14/2005
Posts: 7
Ho eliminato tutto in modalità normale e sembra che sia tutto a posto, comunque da adesso tengo alta la guardia, che è tutto il giorno che provo a sistemare i disastri che combinano altri sul pc.
Comunque devo proprio ringraziarti r16 mi sei stato di grande aiuto come del resto tutti quelli che collaborano con voi per rendere questo sito unico.
Grazie ancora.
Torna in alto
 
maria_na
Inviato: Thursday, October 02, 2008 11:54:31 PM
Rank: Member

Iscritto dal : 9/14/2005
Posts: 7
Un'ultima cosa, quei programmi installati per fare le varie scansioni li devo tenere tutti o è meglio disinstallarli?
Torna in alto
 
r16
Inviato: Friday, October 03, 2008 12:04:33 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Per disistallare Virit,fai :
Start\Tutti Programmi, e trovi il suo Unistall.
Ti consiglio di tenere Malwarebytes' Anti-MalwareMalwarebyte, è un programma valido.
Ricordati di aggiornarlo prima di fare la scansione.
Ciao!
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.