Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Finestre che si aprono da sole con IE e Firefox

Finestre che si aprono da sole con IE e Firefox Opzioni
Topic Precedente · Topic Sucessivo
ilsandrone
Inviato: Monday, December 01, 2008 4:38:37 PM
Rank: Member

Iscritto dal : 8/18/2001
Posts: 24
Ciao,ho seguito tutto quello che avete detto di fare, ma le pagine indesiderate mi si aprono ancora, sia con Firefox che con IE.
Ho spedito il log, sareste così gentili di farmi sapere cosa c'è che non va? Grazie in anticipo -Sandro_


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.36.33, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\HP\HP Software Update\HPWuSchd.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\documents and settings\sandrone\impostazioni locali\dati applicazioni\nffmf.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\HP\hpcoretech\comp\hptskmgr.exe
C:\Programmi\Trend Micro\BM\TMBMSRV.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Trend Micro\Internet Security\TmPfw.exe
C:\Programmi\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Nokia\Nokia PC Suite 6\MultimediaPlayer.exe
C:\Programmi\IVAO\IvAe\IvAe.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Programmi\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OE] "C:\Programmi\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [nffmf] "c:\documents and settings\sandrone\impostazioni locali\dati applicazioni\nffmf.exe" nffmf
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SmartRAM] "C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Programmi\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227304863500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226761489343
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9039074C-A6CC-4C4E-9432-CF6286C2112A}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Componente Central Control Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Programmi\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programmi\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Programmi\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programmi\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 10125 bytes
Torna in alto
 
Sponsor
Inviato: Monday, December 01, 2008 4:38:37 PM

 
Torna in alto
 
r16
Inviato: Monday, December 01, 2008 6:02:13 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Non ho capito cosa hai eseguito, e chi ti ha detto di eseguirle.
Comunque segui queste indicazioni:
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema (consigliato)


Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [nffmf] "c:\documents and settings\sandrone\impostazioni locali\dati applicazioni\nffmf.exe" nffmf
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site .cab?1227304863500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_si te.cab?1226761489343
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

Trova e cancella i file in rosso:
c:\documents and settings\sandrone\impostazioni locali\dati applicazioni\nffmf.exe

Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).
Posta anche il log. (lo trovi sull'icona in alto, con raffigurato un block notes ,con una penna)
Fai anche una scansione con SpyBot.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riavvia il Pc
*********************************************************************************************************
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
*********************************************************************************************************
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.malwarebytes.org/
esegui una scansione completa del sistema e, una volta terminata la scansione, allega il log che verrà rilasciato in questa discussione.
Prima di fare la scansione AGGIORNALO
********************************************************************************************************

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .Sempre in questo topic
Buon lavoro.
Torna in alto
 
ilsandrone
Inviato: Monday, December 01, 2008 6:20:39 PM
Rank: Member

Iscritto dal : 8/18/2001
Posts: 24
Grazie infinite, ora mi metto al lavoro, ci risentiamo poi, GRAZIE ancoraApplause
Torna in alto
 
ilsandrone
Inviato: Monday, December 01, 2008 9:38:41 PM
Rank: Member

Iscritto dal : 8/18/2001
Posts: 24
Ecco tutti i log richiesti:



VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
01/12/2008 - 18:54:27

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\RECYCLER\S-1-5-21-117609710-1425521274-839522115-1003\Dc13.exe Infetto da Trojan.Win32.Rootkit.AQ
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 161993.
Files Totali: 161993.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1.




Malwarebytes' Anti-Malware 1.30
Versione del database: 1441
Windows 5.1.2600 Service Pack 3

01/12/2008 20.59.35
mbam-log-2008-12-01 (20-59-35).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 183174
Tempo trascorso: 52 minute(s), 44 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)





ComboFix 08-11-30.02 - Sandrone 2008-12-01 21.02.58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2796 [GMT 1:00]
Eseguito da: c:\documents and settings\Sandrone\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sandrone\Impostazioni locali\Dati applicazioni\nffmf.dat
c:\documents and settings\Sandrone\Impostazioni locali\Dati applicazioni\nffmf_nav.dat
c:\documents and settings\Sandrone\Impostazioni locali\Dati applicazioni\nffmf_navps.dat
c:\documents and settings\Sandrone\Preferiti\Videos.url
c:\windows\msvrc20.dll
c:\windows\system32\_004361_.tmp.dll
c:\windows\system32\_004362_.tmp.dll
c:\windows\system32\_004363_.tmp.dll
c:\windows\system32\_004364_.tmp.dll
c:\windows\system32\_004371_.tmp.dll
c:\windows\system32\_004372_.tmp.dll
c:\windows\system32\_004373_.tmp.dll
c:\windows\system32\_004374_.tmp.dll
c:\windows\system32\_004376_.tmp.dll
c:\windows\system32\_004377_.tmp.dll
c:\windows\system32\_004380_.tmp.dll
c:\windows\system32\_004381_.tmp.dll
c:\windows\system32\_004383_.tmp.dll
c:\windows\system32\_004384_.tmp.dll
c:\windows\system32\_004385_.tmp.dll
c:\windows\system32\_004387_.tmp.dll
c:\windows\system32\_004390_.tmp.dll
c:\windows\system32\_004391_.tmp.dll
c:\windows\system32\_004395_.tmp.dll
c:\windows\system32\_004396_.tmp.dll
c:\windows\system32\_004398_.tmp.dll
c:\windows\system32\_004401_.tmp.dll
c:\windows\system32\_004403_.tmp.dll
c:\windows\system32\_004404_.tmp.dll
c:\windows\system32\_004405_.tmp.dll
c:\windows\system32\_004406_.tmp.dll
c:\windows\system32\_004407_.tmp.dll
c:\windows\system32\_004410_.tmp.dll
c:\windows\system32\_004411_.tmp.dll
c:\windows\system32\_004412_.tmp.dll
c:\windows\system32\_004413_.tmp.dll
c:\windows\system32\_004414_.tmp.dll
c:\windows\system32\_004419_.tmp.dll
c:\windows\system32\hpvaut32.dll
c:\windows\system32\hpvcp70.dll
c:\windows\system32\hpvcr70.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-11-01 al 2008-12-01 )))))))))))))))))))))))))))))))))))
.

2008-12-01 21:00 . 2008-12-01 21:00 4,958,588 --a------ c:\windows\{00000001-00000000-00000007-00001102-00000004-20021102}.BAK
2008-12-01 18:40 . 2008-12-01 18:40 <DIR> d-------- c:\documents and settings\Sandrone\Dati applicazioni\Malwarebytes
2008-12-01 18:40 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-01 18:40 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-01 18:39 . 2008-12-01 18:40 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-01 18:39 . 2008-12-01 18:39 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-01 18:37 . 2008-08-30 12:11 40,960 --a------ c:\windows\system32\drivers\VIRAGTLT.SYS
2008-12-01 18:36 . 2008-12-01 19:57 <DIR> d-------- C:\VEXPLITE
2008-12-01 15:27 . 2008-12-01 17:33 <DIR> d-------- c:\programmi\Microsoft Games
2008-11-30 22:43 . 2008-11-30 22:43 <DIR> d-------- c:\programmi\CCleaner
2008-11-30 20:47 . 2008-11-30 21:01 <DIR> d-------- c:\programmi\SopCast
2008-11-30 18:16 . 2008-11-30 18:31 <DIR> d-------- C:\mia card
2008-11-30 18:00 . 2008-11-30 19:30 <DIR> d-------- C:\Keygen
2008-11-30 15:59 . 2008-04-13 19:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2008-11-30 15:59 . 2008-04-13 19:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys
2008-11-30 15:55 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2008-11-30 15:55 . 2008-11-30 15:55 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-11-30 15:55 . 2008-11-30 15:55 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-11-30 15:51 . 2008-11-30 15:51 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Nokia
2008-11-30 15:49 . 2008-11-30 15:49 <DIR> d-------- c:\programmi\MSXML 6.0
2008-11-30 15:49 . 2008-09-15 08:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2008-11-30 15:49 . 2008-09-15 08:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-11-30 15:49 . 2008-02-01 16:17 138,112 --a------ c:\windows\system32\drivers\nmwcdnsu.sys
2008-11-30 15:49 . 2008-09-15 08:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-11-30 15:49 . 2008-09-15 08:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-11-30 15:49 . 2008-02-01 16:17 8,320 --a------ c:\windows\system32\drivers\nmwcdnsuc.sys
2008-11-30 15:49 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-11-30 15:49 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-11-30 14:59 . 2008-11-30 14:59 <DIR> d-------- c:\documents and settings\Sandrone\Dati applicazioni\Nokia Multimedia Player
2008-11-30 14:43 . 2008-11-30 14:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2008-11-30 14:42 . 2008-11-30 14:42 <DIR> d-------- c:\programmi\PC Connectivity Solution
2008-11-30 14:42 . 2008-11-30 14:42 <DIR> d-------- c:\programmi\File comuni\PCSuite
2008-11-30 14:42 . 2008-11-30 15:48 <DIR> d-------- c:\programmi\File comuni\Nokia
2008-11-30 14:42 . 2008-11-30 14:42 <DIR> d-------- c:\programmi\DIFX
2008-11-30 14:41 . 2008-11-30 15:49 <DIR> d-------- c:\programmi\Nokia
2008-11-30 14:41 . 2008-11-30 15:48 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Installations
2008-11-30 14:41 . 2008-09-15 08:56 91,136 --a------ c:\windows\system32\nmwcdcls.dll
2008-11-30 14:34 . 2008-11-30 14:34 19 --a------ c:\windows\SoundConverter.INI
2008-11-27 19:25 . 2008-11-30 11:21 <DIR> d-------- c:\documents and settings\Sandrone\Dati applicazioni\IObit
2008-11-26 18:46 . 2008-11-26 18:46 <DIR> d-------- c:\programmi\Lavasoft
2008-11-26 18:46 . 2008-11-26 18:47 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-11-26 18:31 . 2008-11-30 23:05 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2008-11-26 18:31 . 2008-12-01 19:56 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-25 00:02 . 2008-11-25 00:03 <DIR> d-------- c:\programmi\Avanquest update
2008-11-25 00:01 . 2008-11-25 00:24 <DIR> d-------- c:\programmi\Mobile Media Studio
2008-11-25 00:01 . 2008-11-25 00:02 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\BVRP Software
2008-11-25 00:00 . 2008-11-25 00:00 <DIR> d-------- c:\documents and settings\Sandrone\Dati applicazioni\InstallShield
2008-11-24 23:58 . 2008-11-24 23:58 <DIR> d-------- C:\Compil2008IT
2008-11-23 21:33 . 2008-11-23 21:33 <DIR> d-------- c:\programmi\TVAnts
2008-11-23 11:19 . 2003-08-11 07:44 34,480 --------- c:\windows\hpomdl03.dat.temp
2008-11-23 11:19 . 2008-11-23 10:27 28,885 --------- c:\windows\hpoins03.dat.temp
2008-11-23 10:22 . 2008-11-23 10:22 <DIR> d-------- c:\programmi\File comuni\Hewlett-Packard
2008-11-23 10:17 . 2008-11-23 10:17 <DIR> d-------- c:\programmi\File comuni\HP
2008-11-23 10:17 . 2008-11-23 10:17 43,488 --a------ c:\windows\system32\drivers\AFS2K.SYS
2008-11-23 10:03 . 2003-08-11 07:44 34,480 --------- c:\windows\hpomdl03.dat
2008-11-23 10:03 . 2008-11-23 11:24 28,929 --a------ c:\windows\hpoins03.dat
2008-11-22 11:05 . 2008-11-22 11:05 <DIR> d-------- c:\documents and settings\Sandrone\Dati applicazioni\Windows Search
2008-11-22 10:55 . 2008-11-22 10:55 <DIR> d-------- c:\programmi\Microsoft Silverlight
2008-11-22 10:53 . 2008-11-22 10:53 <DIR> d-------- c:\documents and settings\Sandrone\Dati applicazioni\Windows Desktop Search
2008-11-22 10:52 . 2008-11-22 10:52 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-11-22 10:52 . 2008-11-22 10:52 <DIR> d-------- c:\programmi\Windows Desktop Search
2008-11-22 10:51 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-11-22 10:51 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-11-22 10:51 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-11-22 00:50 . 2008-11-22 00:55 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-21 23:39 . 2003-02-28 18:26 139,536 --a------ c:\windows\system32\javaee.dll
2008-11-21 22:35 . 2008-06-14 18:32 272,768 --------- c:\windows\system32\drivers\bthport.sys
2008-11-21 22:35 . 2008-06-14 18:32 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-21 22:34 . 2008-09-15 16:24 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-21 22:34 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-21 22:32 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-21 22:32 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-21 22:31 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-21 22:06 . 2004-07-17 10:34 663,442 -----c--- c:\windows\system32\dllcache\wmplayer.chm
2008-11-21 22:06 . 2006-11-02 22:56 75,584 -----c--- c:\windows\system32\dllcache\wmplayer.adm
2008-11-21 22:06 . 2004-07-17 21:54 26,344 -----c--- c:\windows\system32\dllcache\wmplay.chm
2008-11-21 22:06 . 2001-08-31 16:00 1,771 -----c--- c:\windows\system32\dllcache\wmptour.css
2008-11-21 22:06 . 2004-08-19 14:35 1,722 -----c--- c:\windows\system32\dllcache\wmpocm.inf
2008-11-21 22:04 . 2004-08-19 15:23 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2008-11-20 18:53 . 2008-11-20 19:01 <DIR> d-------- c:\documents and settings\Sandrone\Dati applicazioni\ZipGenius
2008-11-20 18:52 . 2008-11-20 18:52 <DIR> d-------- c:\programmi\ZipGenius 6
2008-11-20 00:30 . 2008-04-14 03:13 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-18 23:06 . 2008-11-18 23:06 <DIR> d-------- c:\programmi\PowerQuest
2008-11-18 19:45 . 2008-11-18 19:45 <DIR> d-------- c:\windows\OPTIONS
2008-11-18 19:45 . 2008-11-18 19:45 <DIR> d-------- c:\programmi\NETGEAR
2008-11-18 19:45 . 2006-03-20 19:22 196,608 --a------ c:\windows\system32\WG1v2Lib.dll
2008-11-18 19:45 . 2006-03-16 11:39 167,808 --a------ c:\windows\system32\drivers\wg111v2.sys
2008-11-18 19:45 . 2003-11-18 09:27 155,648 --a------ c:\windows\system32\IpLib.dll
2008-11-18 19:45 . 2005-12-29 00:16 114,688 -ra------ c:\windows\system32\EnumDev111.dll
2008-11-18 19:45 . 2005-04-01 11:43 66,048 --a------ c:\windows\system32\drivers\EAPPkt.sys
2008-11-18 19:45 . 2002-10-02 08:57 13,532 --a------ c:\windows\system32\drivers\SjyPkt.sys
2008-11-18 18:58 . 2008-11-30 14:52 <DIR> d-------- c:\documents and settings\Sandrone\Phone Browser
2008-11-18 18:58 . 2008-11-30 16:02 <DIR> d-------- c:\documents and settings\Sandrone\Dati applicazioni\Nokia
2008-11-18 18:58 . 2008-11-18 18:58 <DIR> d-------- c:\documents and settings\Sandrone\Dati applicazioni\Datalayer
2008-11-18 18:56 . 2008-11-30 16:04 <DIR> d-------- c:\documents and settings\Sandrone\Dati applicazioni\PC Suite
2008-11-17 18:53 . 2008-11-17 18:53 <DIR> d-------- c:\programmi\aicon
2008-11-17 18:53 . 2008-11-17 18:53 <DIR> d-------- c:\documents and settings\Sandrone\Dati applicazioni\aicon
2008-11-17 00:58 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-17 00:55 . 2008-11-17 00:58 <DIR> d-------- C:\AULOGS
2008-11-15 16:51 . 2008-11-15 16:51 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-11-15 16:37 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-15 16:37 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-15 16:37 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-15 16:37 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-15 16:35 . 2008-10-03 17:58 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-15 16:35 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-15 16:35 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-15 16:35 . 2008-08-26 08:57 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-15 16:35 . 2008-08-26 08:57 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-15 16:35 . 2008-08-26 08:57 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-15 16:35 . 2008-08-26 08:57 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-15 16:35 . 2008-08-26 08:57 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-15 16:35 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-15 16:29 . 2008-11-15 16:29 <DIR> d-------- c:\programmi\MSXML 4.0
2008-11-15 16:27 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-15 16:26 . 2008-09-04 18:15 1,106,944 --a--c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-15 16:12 . 2008-12-01 16:51 <DIR> d--h----- c:\windows\msdownld.tmp
2008-11-15 16:12 . 2008-12-01 16:57 <DIR> d-------- c:\windows\Logs
2008-11-15 16:00 . 2008-11-15 16:21 <DIR> d-------- C:\wua
2008-11-15 14:58 . 2008-11-15 16:15 <DIR> d-------- c:\documents and settings\Sandrone\Dati applicazioni\OfficeUpdate12
2008-11-15 14:06 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-15 14:06 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-11 23:12 . 2007-09-09 14:29 152,848 --a------ c:\windows\system32\COMDLG32.OCX
2008-11-11 23:12 . 2007-09-09 14:29 143,360 --a------ c:\windows\system32\Unzip32.dll
2008-11-11 23:12 . 2007-09-09 14:29 124,688 --a------ c:\windows\system32\MSWINSCK.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 14:55 --------- d-----w c:\programmi\Teamspeak2_RC2
2008-12-01 11:29 --------- d-----w c:\documents and settings\Sandrone\Dati applicazioni\teamspeak2
2008-11-30 22:33 --------- d-----w c:\programmi\Trend Micro
2008-11-30 13:35 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-27 18:25 --------- d-----w c:\programmi\IObit
2008-11-23 10:54 --------- d-----w c:\programmi\HP
2008-11-22 09:55 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-11-18 17:54 --------- d-----w c:\programmi\File comuni\InstallShield
2008-11-17 23:24 --------- d-----w c:\documents and settings\Sandrone\Dati applicazioni\Skype
2008-11-17 23:23 --------- d-----w c:\documents and settings\Sandrone\Dati applicazioni\skypePM
2008-11-14 23:43 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-14 23:19 --------- d-----w c:\programmi\Skype
2008-11-12 13:54 6,188,320 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-11-03 00:16 --------- d-----w c:\programmi\SWFMenu
2008-11-02 23:19 --------- d-----w c:\programmi\SWiSHmax
2008-11-02 09:14 --------- d-----w c:\programmi\File comuni\Adobe
2008-10-31 08:35 --------- d-----w c:\documents and settings\Sandrone\Dati applicazioni\VCOM
2008-10-31 08:35 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\VCOM
2008-10-31 08:33 --------- d-----w c:\programmi\Macromedia
2008-10-31 08:33 --------- d-----w c:\programmi\File comuni\Macromedia
2008-10-31 07:20 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Macrovision
2008-10-29 21:40 --------- d-----w c:\programmi\File comuni\Skype
2008-10-29 21:40 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2008-10-29 18:40 --------- d-----w c:\documents and settings\Sandrone\Dati applicazioni\AntsSoft
2008-10-29 18:39 --------- d-----w c:\programmi\Show.kit 2.1
2008-10-29 18:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Trend Micro
2008-10-28 22:17 --------- d-----w c:\programmi\SWFBanner
2008-10-28 22:06 --------- d-----w c:\programmi\UltraButton
2008-10-28 21:53 --------- d-----w c:\programmi\SWFText
2008-10-28 21:36 --------- d-----w c:\programmi\File comuni\Adobe Systems Shared
2008-10-28 21:36 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Adobe Systems
2008-10-28 21:18 --------- d-----w c:\programmi\Namo
2008-10-27 23:46 --------- d-----w c:\programmi\IVAO
2008-10-27 23:19 --------- d-----w c:\programmi\QuickTime
2008-10-27 23:19 --------- d-----w c:\programmi\File comuni\Apple
2008-10-27 23:19 --------- d-----w c:\programmi\Apple Software Update
2008-10-27 23:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-10-27 23:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple
2008-10-27 23:17 --------- d-----w c:\programmi\Java
2008-10-27 21:57 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-27 21:57 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-10-27 18:51 --------- d-----w c:\programmi\Creative
2008-10-27 00:51 --------- d-----w c:\programmi\Analog Devices
2008-10-27 00:06 --------- d-----w c:\documents and settings\Sandrone\Dati applicazioni\Creative
2008-10-26 23:56 --------- d-----w c:\programmi\Windows Media Connect 2
2008-10-26 23:08 80,400 ----a-w c:\windows\system32\drivers\tmtdi.sys
2008-10-26 23:08 50,192 ----a-w c:\windows\system32\drivers\tmactmon.sys
2008-10-26 23:08 49,680 ----a-w c:\windows\system32\drivers\tmevtmgr.sys
2008-10-26 23:08 36,368 ----a-w c:\windows\system32\drivers\tmpreflt.sys
2008-10-26 23:08 334,352 ----a-w c:\windows\system32\drivers\TM_CFW.sys
2008-10-26 23:08 205,328 ----a-w c:\windows\system32\drivers\tmxpflt.sys
2008-10-26 23:08 144,912 ----a-w c:\windows\system32\drivers\tmcomm.sys
2008-10-26 23:08 1,195,448 ----a-w c:\windows\system32\drivers\vsapint.sys
2008-10-26 22:58 155,995 ----a-w c:\windows\java\Packages\4ya03jtr.zip
2008-10-26 22:58 --------- d-----w c:\programmi\Motive
2008-10-26 22:58 --------- d-----w c:\programmi\Common Files
2008-10-26 22:58 --------- d-----w c:\programmi\Alice ti aiuta
2008-10-26 22:57 --------- d-----w c:\programmi\Telecom Italia
2008-10-26 22:07 --------- d-----w c:\programmi\MSBuild
2008-10-26 22:07 --------- d-----w c:\programmi\Microsoft Works
2008-10-26 21:54 --------- d-----w c:\programmi\microsoft frontpage
2008-10-26 21:53 --------- d-----w c:\programmi\Servizi in linea
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"OE"="c:\programmi\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-10-27 497008]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2008-11-15 2235920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"UfSeAgnt.exe"="c:\programmi\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-10-27 970808]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-10-28 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2008-12-01 249856]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"OE"="c:\programmi\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-10-27 497008]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\Sandrone\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-10-26 212992]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.SYS [2008-12-01 40960]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2008-11-18 66048]
R2 viritsvclite;Virit eXplorer Lite;c:\vexplite\viritsvc.exe [2007-10-10 57344]
S3 Asushwio;Asushwio;\??\c:\windows\system32\drivers\Asushwio.sys [2008-10-27 5824]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS []
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS []
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS []
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS []
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS []
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS []
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS []
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS []
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-11-30 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-11-30 8320]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2008-11-18 167808]
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-01 c:\windows\Tasks\AWC AutoSweep.job
- c:\programmi\IObit\Advanced SystemCare 3\AutoSweep.exe [2008-11-02 16:35]

2008-12-01 c:\windows\Tasks\AWC Update.job
- c:\programmi\IObit\Advanced SystemCare 3\IObitUpdate.exe [2008-11-14 23:44]

2008-12-01 c:\windows\Tasks\AWC Update.job
- c:\programmi\IObit\Advanced SystemCare 3\ [2008-12-01 21:10]

2008-11-23 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1227435843.job
- c:\programmi\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 18:50]
.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Sandrone\Dati applicazioni\Mozilla\Firefox\Profiles\ezn1fvfe.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.corriere.it
FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\programmi\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\programmi\Mozilla Firefox\plugins\npdeploytk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 21:08:13
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\windows\tmevtmgr.log 185 bytes

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\searchprotocolhost.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-01 21:12:38 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-01 20:12:35

Pre-Run: 276.205.993.984 byte disponibili
Post-Run: 276,063,559,680 byte disponibili

367 --- E O F --- 2008-11-22 22:58:33





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.30.25, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Programmi\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Programmi\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Programmi\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Componente Central Control Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Programmi\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programmi\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Programmi\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programmi\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 7707 bytes
Torna in alto
 
r16
Inviato: Monday, December 01, 2008 10:04:01 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Virit, e sopratutto Combofix hanno levato molta cacca.
Se il problema è risolto esegui queste operazioni di pulizia:

Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Per disistallare Virit,fai :
Start\Tutti Programmi, e trovi il suo Unistall.
Poi:
lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Ricordati di rinascondere le cartelle di sistema;
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Dimenticavo: il log di HJT è pulito.
Torna in alto
 
ilsandrone
Inviato: Monday, December 01, 2008 10:18:13 PM
Rank: Member

Iscritto dal : 8/18/2001
Posts: 24
Per il momento tutto ok, spero che sia definitivo.
Ti ringrazio del prezioso aiuto, GRAZIE INFINITE. Applause Dancing Dancing Boo hoo! Boo hoo!
Ciao -Sandro-
Torna in alto
 
r16
Inviato: Monday, December 01, 2008 10:25:38 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non penso che si ripresenterà (poi non si sà mai)
Tieni installato Malwarebytes che è un programma valido.
Aggiornalo sempre prima di fare una scansione.
Ciao.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Finestre che si aprono da sole con IE e Firefox


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.