Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

internet dirottato Opzioni
stulfy66
Inviato: Tuesday, April 14, 2009 11:03:43 PM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
ciao a tutti. vi scrivo un pò da blasfemo del problema,ma grazie al forum comincio a capirci qualcosa(ma solo qualcosa) di quello che accade al mio notebook.
spiego:apro internet (sia explorer che firefox) dopo breve tempo sulla barra dove c'è il pulsante start mi appare un'altra "finestrella" passatemi il termine che indica
un'altro collegamento ad internet che io non ho fatto bah.... lo chiudo ,navigo,ma dopo poco,rieccolo.ma che ca...spita succede? è un hijack mi dicono fonti esperte a me vicine che però non sanno come eliminare questo grande fastidio.
so dolo che devo allegare questo:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.44.16, on 14/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Apoint\Apoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\documents and settings\saretta\impostazioni locali\dati applicazioni\gokyese.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Lphant\eLePhantClient.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://it.rd.yahoo.com/customize/ycomp/defaults/sb/*http://it.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/en/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MessengerUpdate - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - (no file)
O2 - BHO: freedomltd browser enhancer - {7E69EBA2-7081-DDEE-363C-407B4CA7ADE7} - C:\WINDOWS\system32\ilalebmbizp.dll
O2 - BHO: Google Plus - {C8CD2017-F1E5-4F1A-B58A-EE0B1AF0D0D8} - C:\PROGRA~1\GOOGLE~1\11GOOG~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mxkfirhsjxkidqzqo] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\ilalebmbizp.dll"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [IgfxSys] rundll32.exe "C:\Documents and Settings\saretta\Dati applicazioni\Messenger\Drivers\IgfxSys.dll",StartProtector
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [gokyese] "c:\documents and settings\saretta\impostazioni locali\dati applicazioni\gokyese.exe" gokyese
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Trasferimento tramite Image Converter 2 - C:\Programmi\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Programmi\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 11934 bytes

per favore aiutamici,aiutatemi.
grazie
Sponsor
Inviato: Tuesday, April 14, 2009 11:03:43 PM

 
r16
Inviato: Tuesday, April 14, 2009 11:16:31 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao stulfy66 .
Fai queste 2 scansioni:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è importante)
Esegui una scansione completa del sistema.
Posta il log.
*********************************************************************************************************
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)

Oltre i log richiesti, posta anche un ulteriore log di HJT.
stulfy66
Inviato: Tuesday, April 14, 2009 11:45:23 PM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
ciao r16 sto facendo la prima scansione.ti chiedo,finito la scansione che penso sarà lunga ti devo scrivere il log solo o devo anche rimuovere con il programma quello che ha trovato? grazie.
r16
Inviato: Wednesday, April 15, 2009 12:03:11 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao stulfy66 .
No, non eliminare niente, postami solo il log (stiamo parlando di Malwarebytes) . Mi raccomando, aggiornalo prima della scansione.
Poi una volta che abbiamo bonificato il pc, ti consiglio di tenerlo installato questo programma, in quanto è a mio avviso molto valido.
Diverso il discorso di Combofix, lo elimini quando avrò visto il log.
stulfy66
Inviato: Wednesday, April 15, 2009 12:09:58 AM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
grazie r16 qui ti posto il risultato di malware:

Malwarebytes' Anti-Malware 1.36
Versione del database: 1983
Windows 5.1.2600 Service Pack 3

15/04/2009 0.06.37
da malwarebytes.txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 158176
Tempo trascorso: 30 minute(s), 26 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 2
Chiavi di registro infette: 21
Valori di registro infetti: 2
Elementi dato del registro infetti: 0
Cartelle infette: 3
File infetti: 10

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\Documents and Settings\saretta\Dati applicazioni\Messenger\Drivers\IgfxSys.dll (Trojan.BHO) -> No action taken.
C:\Programmi\GooglePlusVideos\11.GooglePlusVideos.dll (Hijack.Search) -> No action taken.

Chiavi di registro infette:
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e3cfdfe-79c8-4225-81b9-20fc99da6972} (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.Search) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.Search) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{a5b0779f-0a3e-482e-bb31-b7b871599f60} (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5106ed5c-7245-4f5a-abca-67b0c15333d2} (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{99e0eee5-14c5-46d3-878b-7da2663e1a92} (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aef427e4-b0d8-4457-b437-c72f0921fe39} (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ec26f9c5-812f-4cec-90e2-343e85564ddd} (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge.1 (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdat.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdate (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{d8c0508c-e235-4d9e-a27e-c8bb5f527dc9} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\MessengerUpdateProject.DLL (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e69eba2-7081-ddee-363c-407b4ca7ade7} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7e69eba2-7081-ddee-363c-407b4ca7ade7} (Adware.BHO) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxsys (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mxkfirhsjxkidqzqo (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Documents and Settings\saretta\Dati applicazioni\Messenger\Drivers (Trojan.Agent.M) -> No action taken.
C:\Documents and Settings\saretta\Dati applicazioni\Messenger\Drivers\Aud32 (Trojan.Agent.M) -> No action taken.
C:\Documents and Settings\saretta\Dati applicazioni\Messenger\Sys (Trojan.Agent.M) -> No action taken.

File infetti:
C:\Documents and Settings\saretta\Dati applicazioni\Messenger\Drivers\IgfxSys.dll (Trojan.BHO) -> No action taken.
C:\Programmi\GooglePlusVideos\11.GooglePlusVideos.dll (Hijack.Search) -> No action taken.
C:\Documents and Settings\saretta\Dati applicazioni\Messenger\Drivers\phuninst.dll (Trojan.BHO) -> No action taken.
C:\Documents and Settings\saretta\Dati applicazioni\Messenger\Drivers\conf.sys (Trojan.Agent.M) -> No action taken.
C:\Documents and Settings\saretta\Dati applicazioni\Messenger\Drivers\pub.dll (Trojan.Agent.M) -> No action taken.
C:\Documents and Settings\saretta\Dati applicazioni\Messenger\Drivers\serial.sys (Trojan.Agent.M) -> No action taken.
C:\Documents and Settings\saretta\Dati applicazioni\Messenger\Drivers\Aud32\gan.exe (Trojan.Agent.M) -> No action taken.
C:\Documents and Settings\saretta\Dati applicazioni\Messenger\Drivers\Aud32\ganb.exe (Trojan.Agent.M) -> No action taken.
C:\Documents and Settings\saretta\Dati applicazioni\Messenger\Drivers\Aud32\ganc.exe (Trojan.Agent.M) -> No action taken.
C:\WINDOWS\system32\ilalebmbizp.dll (Trojan.Agent) -> No action taken.


rimango in attesa di notifiche su azioni da intraprendere.
grazie r16
r16
Inviato: Wednesday, April 15, 2009 12:11:30 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina tutto e Riavvia il pc.
Poi fai Combofix.
stulfy66
Inviato: Wednesday, April 15, 2009 12:34:42 AM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
rieccomi r16.
questo è il risultato di combofix:

ComboFix 09-04-15.01 - saretta 15/04/2009 0.24.19.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.510.123 [GMT 2:00]
Eseguito da: c:\documents and settings\saretta\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-03-15 al 2009-04-15 )))))))))))))))))))))))))))))))))))
.

2009-04-14 21:23 . 2009-04-14 21:23 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Malwarebytes
2009-04-14 21:23 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-14 21:23 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 21:23 . 2009-04-14 21:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-14 19:45 . 2009-04-14 19:51 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\dvdcss
2009-04-14 17:00 . 2009-04-14 17:00 -------- d-----w C:\CNYSELPHYCP
2009-04-13 21:17 . 2009-04-13 21:20 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-04-13 14:15 . 2009-04-13 14:15 -------- d-----w c:\windows\Sun
2009-04-13 14:04 . 2009-04-13 14:05 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 09:44 . 2009-04-13 17:04 69 ----a-w c:\windows\NeroDigital.ini
2009-04-13 09:43 . 2009-04-13 09:43 2332416 ----a-w c:\windows\system32\TUKernel.exe
2009-04-13 08:47 . 2008-06-14 17:32 272768 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-13 08:47 . 2008-10-16 01:00 668672 -c----w c:\windows\system32\dllcache\wininet.dll
2009-04-13 08:47 . 2008-10-16 01:00 1499648 -c----w c:\windows\system32\dllcache\shdocvw.dll
2009-04-13 08:47 . 2008-10-16 01:00 619520 -c----w c:\windows\system32\dllcache\urlmon.dll
2009-04-13 08:45 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-13 08:45 . 2008-08-14 13:22 2069760 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-13 08:45 . 2008-08-14 13:22 2148864 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-13 08:45 . 2008-08-14 13:22 2192896 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-13 08:45 . 2008-08-14 13:22 2027520 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-13 08:45 . 2008-12-12 17:01 3088896 -c----w c:\windows\system32\dllcache\mshtml.dll
2009-04-13 08:45 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-13 08:44 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-13 08:44 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-13 08:44 . 2008-10-15 16:36 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-12 20:35 . 2009-04-12 20:35 -------- d-----w c:\windows\l2schemas
2009-04-12 20:35 . 2009-04-12 20:35 -------- d-----w c:\windows\system32\it
2009-04-12 20:35 . 2009-04-12 20:35 -------- d-----w c:\windows\system32\bits
2009-04-12 20:31 . 2009-04-12 20:36 -------- d-----w c:\windows\ServicePackFiles
2009-04-12 20:21 . 2009-04-12 20:21 -------- d-----w c:\windows\EHome
2009-04-12 15:12 . 2009-04-13 12:44 -------- d--h--w c:\windows\Icons
2009-04-12 14:36 . 2004-08-19 13:23 701440 ------w c:\windows\system32\drivers\ati2mtag.sys
2009-04-12 14:03 . 2009-04-12 14:03 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Innovative Solutions
2009-04-12 13:59 . 2009-04-12 13:59 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\TeamViewer
2009-04-12 13:58 . 2009-04-12 13:58 -------- d-----w c:\documents and settings\saretta\temp
2009-04-11 16:51 . 2009-04-13 09:49 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Lphant
2009-04-11 16:30 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-11 16:23 . 2009-04-11 16:29 -------- d-----w c:\windows\system32\XPSViewer
2009-04-11 16:20 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-11 16:20 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-11 16:20 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-11 16:20 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-11 16:20 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-11 16:20 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-11 16:20 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-11 14:21 . 2006-03-17 13:49 368640 ----a-w c:\windows\system32\TwnLib4.dll
2009-04-11 14:21 . 2006-03-17 10:45 802816 ----a-w c:\windows\system32\imagXRA7.dll
2009-04-11 14:21 . 2006-03-17 10:45 497296 ----a-w c:\windows\system32\imagXpr7.dll
2009-04-11 14:21 . 2006-03-17 10:45 258048 ----a-w c:\windows\system32\imagXR7.dll
2009-04-11 14:21 . 2006-03-17 10:45 1757184 ----a-w c:\windows\system32\imagX7.dll
2009-04-11 14:21 . 2009-04-11 14:21 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2009-04-11 14:05 . 2009-04-11 14:05 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-11 14:05 . 2008-12-11 12:31 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-11 14:05 . 2009-04-11 14:05 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-11 14:03 . 2009-04-11 14:03 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\TuneUp Software
2009-04-11 14:03 . 2009-04-11 14:03 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-04-11 14:02 . 2009-04-11 14:02 -------- d-sh--w c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-11 13:42 . 2009-04-11 13:48 -------- d-----w c:\windows\SHELLNEW
2009-04-11 13:42 . 2009-04-11 13:42 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Microsoft Help
2009-04-11 13:38 . 2009-04-11 13:51 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-04-11 13:36 . 2009-04-11 13:36 -------- d--h--r C:\MSOCache
2009-04-11 13:15 . 2009-04-11 13:15 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\vlc
2009-04-11 12:49 . 2009-04-13 14:34 -------- d--h--w C:\$AVG8.VAULT$
2009-04-11 12:42 . 2009-04-11 12:42 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-11 12:42 . 2009-04-11 12:42 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-11 12:42 . 2009-04-11 12:42 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-11 12:41 . 2009-04-14 16:32 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-11 12:41 . 2009-04-11 12:41 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-04-11 12:01 . 2009-04-11 12:01 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Cooliris
2009-04-11 11:54 . 2009-04-11 11:54 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Google
2009-04-11 09:49 . 2009-04-11 09:49 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-11 09:49 . 2009-04-11 09:49 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-11 08:45 . 2009-04-11 08:45 0 ----a-w c:\windows\nsreg.dat
2009-04-11 08:45 . 2009-04-11 08:45 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Mozilla
2009-04-11 08:26 . 2009-04-11 08:26 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\sony
2009-04-08 20:09 . 2009-04-08 20:09 0 ----a-w C:\winamp.ini
2009-04-05 16:36 . 2009-04-05 16:36 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\HTML Executable
2009-04-05 14:59 . 2009-04-05 14:59 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-05 14:54 . 2009-03-05 21:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-29 16:31 . 2009-04-11 15:56 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Skype
2009-03-29 16:31 . 2009-04-11 15:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2009-03-29 12:42 . 2009-03-29 12:42 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Smart-Ads-Solutions
2009-03-22 17:41 . 2009-03-22 17:41 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Adobe Systems
2009-03-22 17:37 . 2009-04-07 19:07 57421 ----a-w c:\windows\system32\lqxchrypmhx.dll-uninst.exe
2009-03-21 17:07 . 2009-04-07 19:10 48267 ----a-w c:\windows\system32\asddlccmhhncj.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 22:19 . 2009-03-15 21:01 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Messenger
2009-04-14 21:25 . 2009-03-13 20:13 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\uTorrent
2009-04-14 21:23 . 2009-04-14 21:23 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-14 20:43 . 2009-04-14 20:43 -------- d-----w c:\programmi\Trend Micro
2009-04-14 19:30 . 2009-03-21 16:39 -------- d-----w c:\programmi\GooglePlusVideos
2009-04-13 21:21 . 2009-04-13 21:17 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-04-13 21:08 . 2005-07-14 08:39 89094 ----a-w c:\windows\system32\perfc010.dat
2009-04-13 21:08 . 2005-07-14 08:39 500302 ----a-w c:\windows\system32\perfh010.dat
2009-04-13 14:05 . 2009-04-13 14:04 -------- d-----w c:\programmi\iTunes
2009-04-13 14:04 . 2009-04-13 14:04 -------- d-----w c:\programmi\iPod
2009-04-13 14:04 . 2008-12-18 22:39 -------- d-----w c:\programmi\File comuni\Apple
2009-04-13 13:16 . 2008-08-17 19:08 -------- d-----w c:\programmi\Collegamenti programmi
2009-04-13 12:29 . 2005-07-15 08:15 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-13 08:43 . 2008-08-17 19:09 73104 ----a-w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-12 20:38 . 2005-07-14 15:52 76875 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-12 20:26 . 2005-07-14 08:39 251600 --sha-r C:\ntldr
2009-04-12 13:59 . 2009-04-12 13:59 -------- d-----w c:\programmi\TeamViewer
2009-04-11 16:51 . 2009-04-11 16:51 -------- d-----w c:\programmi\Lphant
2009-04-11 16:23 . 2009-04-11 16:23 -------- d-----w c:\programmi\MSBuild
2009-04-11 16:22 . 2009-04-11 16:22 -------- d-----w c:\programmi\Reference Assemblies
2009-04-11 16:12 . 2009-04-11 16:12 -------- d-----w c:\programmi\MSXML 6.0
2009-04-11 15:23 . 2009-04-11 15:23 -------- d-----r c:\programmi\Skype
2009-04-11 14:22 . 2009-04-11 14:21 -------- d-----w c:\programmi\Nero
2009-04-11 14:21 . 2009-04-11 14:21 -------- d-----w c:\programmi\File comuni\Nero
2009-04-11 14:05 . 2009-04-11 14:03 -------- d-----w c:\programmi\TuneUp Utilities 2009
2009-04-11 13:59 . 2005-07-15 11:45 -------- d-----w c:\programmi\Sony
2009-04-11 13:57 . 2008-08-17 19:24 -------- d-----w c:\programmi\Microsoft Works
2009-04-11 13:18 . 2008-12-18 22:42 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Apple Computer
2009-04-11 13:10 . 2009-04-11 13:10 -------- d-----w c:\programmi\VideoLAN
2009-04-11 12:52 . 2009-04-11 12:52 -------- d-----w c:\programmi\RocketDock
2009-04-11 12:47 . 2009-03-13 19:55 -------- d-----w c:\programmi\CCleaner
2009-04-11 12:41 . 2009-04-11 12:41 -------- d-----w c:\programmi\AVG
2009-04-11 11:54 . 2005-07-15 11:47 -------- d-----w c:\programmi\InterVideo
2009-04-11 11:53 . 2005-07-15 12:00 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sony Corporation
2009-04-11 11:39 . 2005-07-15 11:52 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-04-11 09:49 . 2005-07-15 11:44 -------- d-----w c:\programmi\Java
2009-04-11 08:26 . 2009-04-11 08:26 -------- d-----w c:\programmi\File comuni\SWF Studio
2009-04-08 20:09 . 2008-08-17 19:17 -------- d-----w c:\programmi\MoodLogic
2009-04-08 19:52 . 2005-07-15 11:45 -------- d-----w c:\programmi\File comuni\Adobe
2009-04-08 19:49 . 2009-04-08 19:49 -------- d-----w c:\programmi\Foxit Software
2009-04-05 14:56 . 2009-04-05 14:56 -------- d-----w c:\programmi\QuickTime
2009-04-05 14:19 . 2009-04-05 14:18 -------- d-----w c:\programmi\Safari
2009-04-05 14:10 . 2009-04-05 14:10 -------- d-----w c:\programmi\Bonjour
2009-03-29 15:16 . 2009-03-13 20:13 -------- d-----w c:\programmi\uTorrent
2009-03-29 12:42 . 2009-03-29 12:42 -------- d-----w c:\programmi\Smart-Ads-Solutions
2009-03-22 17:41 . 2009-03-22 17:41 -------- d-----w c:\programmi\File comuni\Adobe Systems Shared
2009-03-19 14:32 . 2008-12-18 22:41 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-14 13:05 . 2009-03-14 13:05 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Yahoo!
2009-03-14 12:24 . 2008-08-29 16:58 -------- d-----w c:\programmi\Canon
2009-03-13 21:47 . 2009-03-13 21:47 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-03-13 21:24 . 2009-03-13 21:24 -------- d-----w c:\programmi\File comuni\Adobe AIR
2009-03-13 21:18 . 2009-03-13 21:18 -------- d-----w c:\programmi\File comuni\Macrovision Shared
2009-03-13 20:17 . 2009-03-13 20:17 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\U3
2009-03-07 14:40 . 2009-03-07 14:29 -------- d-----w c:\programmi\Arteferro CAD 3D
2009-03-05 21:59 . 2008-12-18 22:39 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-09 14:04 . 2005-07-14 08:39 1846784 ----a-w c:\windows\system32\win32k.sys
2005-07-14 15:57 . 2009-04-13 20:27 12328 ----a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-04-14_22.16.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-14 22:22 . 2009-04-14 22:22 16384 c:\windows\Temp\Perflib_Perfdata_444.dat
+ 2009-04-14 22:22 . 2009-04-14 22:22 16384 c:\windows\Temp\Perflib_Perfdata_170.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-09 6746112]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 184320]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-29 114688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-29 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-29 77824]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2003-11-07 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-11 1932568]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-11 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-06-29 14720000]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-11 12:42 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 15:42 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\FILECO~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-11 09:49 148888 ----a-w c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2005-01-14 11:43 151552 ----a-w c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2002-03-14 14:46 45056 ----a-w c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\TeamViewer\\Version4\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"4509:UDP"= 4509:UDP:emule

R3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bsusbser.sys [2006-12-20 94848]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\Drivers\eusk3usb.sys [2004-11-17 45534]
R3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-11 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-11 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-11 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-11 298264]
S2 eugss;EUTRON SmartKey GSS2 Driver;c:\windows\system32\Drivers\eugssxp.sys [2004-11-17 57951]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-11 603904]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0df9b811-7c20-11dd-88fb-0013cead98b8}]
\Shell\AutoRun\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{605973ed-ceab-11dd-8923-0013cead98b8}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97bcf244-1008-11de-8945-0013cead98b8}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d18119be-9d44-11dd-8903-0013cead98b8}]
\Shell\auto\command - G:\Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - G:\Knight.exe open
\Shell\find\command - G:\Knight.exe open
\Shell\install\command - G:\Knight.exe open
\Shell\open\command - G:\Knight.exe open
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-04-14 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 - c:\programmi\Sony\Image Converter 2\menu.htm
FF - ProfilePath - c:\documents and settings\saretta\Dati applicazioni\Mozilla\Firefox\Profiles\5whj6mu1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - component: c:\documents and settings\saretta\Dati applicazioni\Mozilla\Firefox\Profiles\5whj6mu1.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 00:26
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1704)
c:\windows\system32\VESWinlogon.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2188)
c:\programmi\RocketDock\RocketDock.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Ora fine scansione: 2009-04-14 0.29.03
ComboFix-quarantined-files.txt 2009-04-14 22:28
ComboFix2.txt 2009-04-14 22:18

Pre-Run: 12.971.278.336 byte disponibili
Post-Run: 12.960.169.984 byte disponibili

303 --- E O F --- 2009-04-13 10:35


aspetto tue notizie .
grazie r16
r16
Inviato: Wednesday, April 15, 2009 12:44:44 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok.
Hai anche il virus Knight.exe .
Apri un file di testo sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{605973ed-ceab-11dd-8923-0013cead98b8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d18119be-9d44-11dd-8903-0013cead98b8}]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
*********************************************************************************************************
Hai una chiavetta USB (o un HD esterno) infettata.
Bisogna disattivare momentaneamente il riconoscimento automatico delle periferiche USB;
serve il programma TweakUI scaricabile in questa pagina (lo trovi sulla destra verso metà pagina) e installalo:
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
Una volta installato, eseguilo e procedi con questi passaggi:

clicca sul simbolo + la sezione My Computer
clicca sul simbolo [+] la sottosezione Autoplay
Spostati in Types
Togli il segno di spunta a Enable Autoplay for removable drives
Clicca su Apply
Chiudi TweakUI

Da questo momento tutti gli apparati USB smetteranno di avviarsi automaticamente.
Inserisci le tue chiavette e fai una scansione delle stesse, con il tuo antivirus.
Quando sei sicuro che tutto è a posto, puoi riabilitare l'avvio automatico, rifacendo lo stesso percorso che ti ho indicato.
Per sicurezza, scansiona la chiavetta anche con Malwarebytes.
stulfy66
Inviato: Wednesday, April 15, 2009 1:03:13 AM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
sono pronto. ecco la seconda scansione di combofix p.s. c'era una chiavetta usb che aveva questo knight .exe però ora ,grazie a mio figlio, non esiste più,(ci è passato sopra con il suo trattore).......


ComboFix 09-04-15.01 - saretta 15/04/2009 0.52.37.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.510.93 [GMT 2:00]
Eseguito da: c:\documents and settings\saretta\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\saretta\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-03-15 al 2009-04-15 )))))))))))))))))))))))))))))))))))
.

2009-04-14 21:23 . 2009-04-14 21:23 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Malwarebytes
2009-04-14 21:23 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-14 21:23 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 21:23 . 2009-04-14 21:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-14 19:45 . 2009-04-14 19:51 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\dvdcss
2009-04-14 17:00 . 2009-04-14 17:00 -------- d-----w C:\CNYSELPHYCP
2009-04-13 21:17 . 2009-04-13 21:20 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-04-13 14:15 . 2009-04-13 14:15 -------- d-----w c:\windows\Sun
2009-04-13 14:04 . 2009-04-13 14:05 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 09:44 . 2009-04-13 17:04 69 ----a-w c:\windows\NeroDigital.ini
2009-04-13 09:43 . 2009-04-13 09:43 2332416 ----a-w c:\windows\system32\TUKernel.exe
2009-04-13 08:47 . 2008-06-14 17:32 272768 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-13 08:47 . 2008-10-16 01:00 668672 -c----w c:\windows\system32\dllcache\wininet.dll
2009-04-13 08:47 . 2008-10-16 01:00 1499648 -c----w c:\windows\system32\dllcache\shdocvw.dll
2009-04-13 08:47 . 2008-10-16 01:00 619520 -c----w c:\windows\system32\dllcache\urlmon.dll
2009-04-13 08:45 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-13 08:45 . 2008-08-14 13:22 2069760 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-13 08:45 . 2008-08-14 13:22 2148864 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-13 08:45 . 2008-08-14 13:22 2192896 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-13 08:45 . 2008-08-14 13:22 2027520 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-13 08:45 . 2008-12-12 17:01 3088896 -c----w c:\windows\system32\dllcache\mshtml.dll
2009-04-13 08:45 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-13 08:44 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-13 08:44 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-13 08:44 . 2008-10-15 16:36 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-12 20:35 . 2009-04-12 20:35 -------- d-----w c:\windows\l2schemas
2009-04-12 20:35 . 2009-04-12 20:35 -------- d-----w c:\windows\system32\it
2009-04-12 20:35 . 2009-04-12 20:35 -------- d-----w c:\windows\system32\bits
2009-04-12 20:31 . 2009-04-12 20:36 -------- d-----w c:\windows\ServicePackFiles
2009-04-12 20:21 . 2009-04-12 20:21 -------- d-----w c:\windows\EHome
2009-04-12 15:12 . 2009-04-13 12:44 -------- d--h--w c:\windows\Icons
2009-04-12 14:36 . 2004-08-19 13:23 701440 ------w c:\windows\system32\drivers\ati2mtag.sys
2009-04-12 14:03 . 2009-04-12 14:03 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Innovative Solutions
2009-04-12 13:59 . 2009-04-12 13:59 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\TeamViewer
2009-04-12 13:58 . 2009-04-12 13:58 -------- d-----w c:\documents and settings\saretta\temp
2009-04-11 16:51 . 2009-04-13 09:49 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Lphant
2009-04-11 16:30 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-11 16:23 . 2009-04-11 16:29 -------- d-----w c:\windows\system32\XPSViewer
2009-04-11 16:20 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-11 16:20 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-11 16:20 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-11 16:20 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-11 16:20 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-11 16:20 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-11 16:20 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-11 14:21 . 2006-03-17 13:49 368640 ----a-w c:\windows\system32\TwnLib4.dll
2009-04-11 14:21 . 2006-03-17 10:45 802816 ----a-w c:\windows\system32\imagXRA7.dll
2009-04-11 14:21 . 2006-03-17 10:45 497296 ----a-w c:\windows\system32\imagXpr7.dll
2009-04-11 14:21 . 2006-03-17 10:45 258048 ----a-w c:\windows\system32\imagXR7.dll
2009-04-11 14:21 . 2006-03-17 10:45 1757184 ----a-w c:\windows\system32\imagX7.dll
2009-04-11 14:21 . 2009-04-11 14:21 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2009-04-11 14:05 . 2009-04-11 14:05 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-11 14:05 . 2008-12-11 12:31 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-11 14:05 . 2009-04-11 14:05 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-11 14:03 . 2009-04-11 14:03 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\TuneUp Software
2009-04-11 14:03 . 2009-04-11 14:03 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-04-11 14:02 . 2009-04-11 14:02 -------- d-sh--w c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-11 13:42 . 2009-04-11 13:48 -------- d-----w c:\windows\SHELLNEW
2009-04-11 13:42 . 2009-04-11 13:42 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Microsoft Help
2009-04-11 13:38 . 2009-04-11 13:51 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-04-11 13:36 . 2009-04-11 13:36 -------- d--h--r C:\MSOCache
2009-04-11 13:15 . 2009-04-11 13:15 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\vlc
2009-04-11 12:49 . 2009-04-13 14:34 -------- d--h--w C:\$AVG8.VAULT$
2009-04-11 12:42 . 2009-04-11 12:42 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-11 12:42 . 2009-04-11 12:42 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-11 12:42 . 2009-04-11 12:42 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-11 12:41 . 2009-04-14 16:32 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-11 12:41 . 2009-04-11 12:41 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-04-11 12:01 . 2009-04-11 12:01 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Cooliris
2009-04-11 11:54 . 2009-04-11 11:54 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Google
2009-04-11 09:49 . 2009-04-11 09:49 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-11 09:49 . 2009-04-11 09:49 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-11 08:45 . 2009-04-11 08:45 0 ----a-w c:\windows\nsreg.dat
2009-04-11 08:45 . 2009-04-11 08:45 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Mozilla
2009-04-11 08:26 . 2009-04-11 08:26 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\sony
2009-04-08 20:09 . 2009-04-08 20:09 0 ----a-w C:\winamp.ini
2009-04-05 16:36 . 2009-04-05 16:36 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\HTML Executable
2009-04-05 14:59 . 2009-04-05 14:59 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-05 14:54 . 2009-03-05 21:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-29 16:31 . 2009-04-11 15:56 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Skype
2009-03-29 16:31 . 2009-04-11 15:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2009-03-29 12:42 . 2009-03-29 12:42 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Smart-Ads-Solutions
2009-03-22 17:41 . 2009-03-22 17:41 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Adobe Systems
2009-03-22 17:37 . 2009-04-07 19:07 57421 ----a-w c:\windows\system32\lqxchrypmhx.dll-uninst.exe
2009-03-21 17:07 . 2009-04-07 19:10 48267 ----a-w c:\windows\system32\asddlccmhhncj.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 22:19 . 2009-03-15 21:01 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Messenger
2009-04-14 21:25 . 2009-03-13 20:13 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\uTorrent
2009-04-14 21:23 . 2009-04-14 21:23 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-14 20:43 . 2009-04-14 20:43 -------- d-----w c:\programmi\Trend Micro
2009-04-14 19:30 . 2009-03-21 16:39 -------- d-----w c:\programmi\GooglePlusVideos
2009-04-13 21:21 . 2009-04-13 21:17 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-04-13 21:08 . 2005-07-14 08:39 89094 ----a-w c:\windows\system32\perfc010.dat
2009-04-13 21:08 . 2005-07-14 08:39 500302 ----a-w c:\windows\system32\perfh010.dat
2009-04-13 14:05 . 2009-04-13 14:04 -------- d-----w c:\programmi\iTunes
2009-04-13 14:04 . 2009-04-13 14:04 -------- d-----w c:\programmi\iPod
2009-04-13 14:04 . 2008-12-18 22:39 -------- d-----w c:\programmi\File comuni\Apple
2009-04-13 13:16 . 2008-08-17 19:08 -------- d-----w c:\programmi\Collegamenti programmi
2009-04-13 12:29 . 2005-07-15 08:15 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-13 08:43 . 2008-08-17 19:09 73104 ----a-w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-12 20:38 . 2005-07-14 15:52 76875 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-12 20:26 . 2005-07-14 08:39 251600 --sha-r C:\ntldr
2009-04-12 13:59 . 2009-04-12 13:59 -------- d-----w c:\programmi\TeamViewer
2009-04-11 16:51 . 2009-04-11 16:51 -------- d-----w c:\programmi\Lphant
2009-04-11 16:23 . 2009-04-11 16:23 -------- d-----w c:\programmi\MSBuild
2009-04-11 16:22 . 2009-04-11 16:22 -------- d-----w c:\programmi\Reference Assemblies
2009-04-11 16:12 . 2009-04-11 16:12 -------- d-----w c:\programmi\MSXML 6.0
2009-04-11 15:23 . 2009-04-11 15:23 -------- d-----r c:\programmi\Skype
2009-04-11 14:22 . 2009-04-11 14:21 -------- d-----w c:\programmi\Nero
2009-04-11 14:21 . 2009-04-11 14:21 -------- d-----w c:\programmi\File comuni\Nero
2009-04-11 14:05 . 2009-04-11 14:03 -------- d-----w c:\programmi\TuneUp Utilities 2009
2009-04-11 13:59 . 2005-07-15 11:45 -------- d-----w c:\programmi\Sony
2009-04-11 13:57 . 2008-08-17 19:24 -------- d-----w c:\programmi\Microsoft Works
2009-04-11 13:18 . 2008-12-18 22:42 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Apple Computer
2009-04-11 13:10 . 2009-04-11 13:10 -------- d-----w c:\programmi\VideoLAN
2009-04-11 12:52 . 2009-04-11 12:52 -------- d-----w c:\programmi\RocketDock
2009-04-11 12:47 . 2009-03-13 19:55 -------- d-----w c:\programmi\CCleaner
2009-04-11 12:41 . 2009-04-11 12:41 -------- d-----w c:\programmi\AVG
2009-04-11 11:54 . 2005-07-15 11:47 -------- d-----w c:\programmi\InterVideo
2009-04-11 11:53 . 2005-07-15 12:00 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sony Corporation
2009-04-11 11:39 . 2005-07-15 11:52 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-04-11 09:49 . 2005-07-15 11:44 -------- d-----w c:\programmi\Java
2009-04-11 08:26 . 2009-04-11 08:26 -------- d-----w c:\programmi\File comuni\SWF Studio
2009-04-08 20:09 . 2008-08-17 19:17 -------- d-----w c:\programmi\MoodLogic
2009-04-08 19:52 . 2005-07-15 11:45 -------- d-----w c:\programmi\File comuni\Adobe
2009-04-08 19:49 . 2009-04-08 19:49 -------- d-----w c:\programmi\Foxit Software
2009-04-05 14:56 . 2009-04-05 14:56 -------- d-----w c:\programmi\QuickTime
2009-04-05 14:19 . 2009-04-05 14:18 -------- d-----w c:\programmi\Safari
2009-04-05 14:10 . 2009-04-05 14:10 -------- d-----w c:\programmi\Bonjour
2009-03-29 15:16 . 2009-03-13 20:13 -------- d-----w c:\programmi\uTorrent
2009-03-29 12:42 . 2009-03-29 12:42 -------- d-----w c:\programmi\Smart-Ads-Solutions
2009-03-22 17:41 . 2009-03-22 17:41 -------- d-----w c:\programmi\File comuni\Adobe Systems Shared
2009-03-19 14:32 . 2008-12-18 22:41 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-14 13:05 . 2009-03-14 13:05 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Yahoo!
2009-03-14 12:24 . 2008-08-29 16:58 -------- d-----w c:\programmi\Canon
2009-03-13 21:47 . 2009-03-13 21:47 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-03-13 21:24 . 2009-03-13 21:24 -------- d-----w c:\programmi\File comuni\Adobe AIR
2009-03-13 21:18 . 2009-03-13 21:18 -------- d-----w c:\programmi\File comuni\Macrovision Shared
2009-03-13 20:17 . 2009-03-13 20:17 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\U3
2009-03-07 14:40 . 2009-03-07 14:29 -------- d-----w c:\programmi\Arteferro CAD 3D
2009-03-05 21:59 . 2008-12-18 22:39 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-09 14:04 . 2005-07-14 08:39 1846784 ----a-w c:\windows\system32\win32k.sys
2005-07-14 15:57 . 2009-04-13 20:27 12328 ----a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-04-14_22.16.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-14 22:22 . 2009-04-14 22:22 16384 c:\windows\Temp\Perflib_Perfdata_444.dat
+ 2009-04-14 22:22 . 2009-04-14 22:22 16384 c:\windows\Temp\Perflib_Perfdata_170.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-09 6746112]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 184320]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-29 114688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-29 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-29 77824]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2003-11-07 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-11 1932568]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-11 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-06-29 14720000]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-11 12:42 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 15:42 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\FILECO~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-11 09:49 148888 ----a-w c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2005-01-14 11:43 151552 ----a-w c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2002-03-14 14:46 45056 ----a-w c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\TeamViewer\\Version4\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"4509:UDP"= 4509:UDP:emule

R3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bsusbser.sys [2006-12-20 94848]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\Drivers\eusk3usb.sys [2004-11-17 45534]
R3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-11 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-11 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-11 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-11 298264]
S2 eugss;EUTRON SmartKey GSS2 Driver;c:\windows\system32\Drivers\eugssxp.sys [2004-11-17 57951]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-11 603904]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0df9b811-7c20-11dd-88fb-0013cead98b8}]
\Shell\AutoRun\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{605973ed-ceab-11dd-8923-0013cead98b8}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97bcf244-1008-11de-8945-0013cead98b8}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d18119be-9d44-11dd-8903-0013cead98b8}]
\Shell\auto\command - G:\Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - G:\Knight.exe open
\Shell\find\command - G:\Knight.exe open
\Shell\install\command - G:\Knight.exe open
\Shell\open\command - G:\Knight.exe open
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-04-14 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 - c:\programmi\Sony\Image Converter 2\menu.htm
FF - ProfilePath - c:\documents and settings\saretta\Dati applicazioni\Mozilla\Firefox\Profiles\5whj6mu1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - component: c:\documents and settings\saretta\Dati applicazioni\Mozilla\Firefox\Profiles\5whj6mu1.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 00:55
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1704)
c:\windows\system32\VESWinlogon.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3108)
c:\programmi\RocketDock\RocketDock.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Ora fine scansione: 2009-04-14 0.57.13
ComboFix-quarantined-files.txt 2009-04-14 22:57
ComboFix2.txt 2009-04-14 22:29
ComboFix3.txt 2009-04-14 22:18

Pre-Run: 12.938.747.904 byte disponibili
Post-Run: 12.930.015.232 byte disponibili

306 --- E O F --- 2009-04-13 10:35


se non ti viene troppo tardi io rimango qui in attesa.
grazie r16
r16
Inviato: Wednesday, April 15, 2009 11:40:41 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Il virus Knight.exe non è stato eliminato, nè dal computer, nè dalla chiavetta ( G:\Knight.exe open)

Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema (consigliato)

Controlla se nel Task Manager trovi il processo knight.exe.
Inserisci la pendrive infetta nel pc ed apri il contenuto.
Elimina dalla pendrive i file knight.exe e autorun.inf.
Poi vai in C.\Windows e controlla se li trovi il file knight.exe, se lo trovi lo elimini.


Per sicurezza, proviamo con un Tool specifico:
Scarica questo tool, (è in spagnolo):

http://www.plusexpert.cl/download/AntiKnight.rar

estrai tutti i file in una cartella
inserisci la pendrive nel pc
apri il file AntiKnight
clicca su "buscar y reparar"
Alla fine togli la pendrive e riavvia il sistema.
stulfy66
Inviato: Wednesday, April 15, 2009 3:46:26 PM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
ciao r16 ,la chiavetta non c'è più,distrutta,polverizzata.ho cercato knight.exe in windows che però non è stato trovato......adesso????
grazie per la tua costanza nell'aiutarmi.
r16
Inviato: Wednesday, April 15, 2009 5:20:57 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao stulfy66 .
Purtroppo, non è che me lo inventi io.
Combofix, dice che nel pc, hai dei "richiami" di Knight.exe :

Proviamo un'altra volta a eliminarli:

Apri un file di testo sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{605973ed-ceab-11dd-8923-0013cead98b8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d18119be-9d44-11dd-8903-0013cead98b8}]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Il problema degli reindirizzamenti è risolto?
Posta anche un log aggiornato di HJT.



stulfy66
Inviato: Wednesday, April 15, 2009 7:07:51 PM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
non riesco a far partire combofix mi dice dopo aver trascinato il txt che si è verificato un errore l'applicazione verrà chiusa
stulfy66
Inviato: Wednesday, April 15, 2009 7:21:37 PM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
ecco ora è fatto


ComboFix 09-04-15.01 - saretta 15/04/2009 19.08.54.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.510.140 [GMT 2:00]
Eseguito da: c:\documents and settings\saretta\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\saretta\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-03-15 al 2009-04-15 )))))))))))))))))))))))))))))))))))
.

2009-04-15 09:48 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 09:48 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 09:48 . 2009-02-09 11:22 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 09:48 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 09:48 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 09:48 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-15 09:48 . 2009-02-09 10:51 734720 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 09:48 . 2009-02-09 10:51 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 09:48 . 2009-02-09 10:51 736256 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 09:48 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 09:47 . 2009-03-27 06:48 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 09:47 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 09:38 . 2009-04-15 09:38 -------- d-----w c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Share_Accelerator_MM
2009-04-15 09:38 . 2009-04-15 09:38 -------- d-----w c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-04-14 21:23 . 2009-04-14 21:23 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Malwarebytes
2009-04-14 21:23 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-14 21:23 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 21:23 . 2009-04-14 21:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-14 19:45 . 2009-04-15 08:57 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\dvdcss
2009-04-14 17:00 . 2009-04-14 17:00 -------- d-----w C:\CNYSELPHYCP
2009-04-13 21:17 . 2009-04-15 10:17 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-04-13 14:15 . 2009-04-13 14:15 -------- d-----w c:\windows\Sun
2009-04-13 14:04 . 2009-04-13 14:05 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 09:44 . 2009-04-15 11:41 69 ----a-w c:\windows\NeroDigital.ini
2009-04-13 09:43 . 2009-04-13 09:43 2332416 ----a-w c:\windows\system32\TUKernel.exe
2009-04-13 08:47 . 2008-06-14 17:32 272768 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-13 08:47 . 2009-02-20 08:09 668672 -c----w c:\windows\system32\dllcache\wininet.dll
2009-04-13 08:47 . 2009-03-02 23:10 1499648 -c----w c:\windows\system32\dllcache\shdocvw.dll
2009-04-13 08:47 . 2009-02-20 08:09 619520 -c----w c:\windows\system32\dllcache\urlmon.dll
2009-04-13 08:45 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-13 08:45 . 2009-02-10 17:02 2069760 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-13 08:45 . 2009-02-09 11:22 2148864 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-13 08:45 . 2009-02-09 11:23 2192768 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-13 08:45 . 2009-02-09 11:23 2027520 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-13 08:45 . 2009-02-20 08:09 3089408 -c----w c:\windows\system32\dllcache\mshtml.dll
2009-04-13 08:45 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-13 08:44 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-13 08:44 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-13 08:44 . 2008-10-15 16:36 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-12 20:35 . 2009-04-12 20:35 -------- d-----w c:\windows\l2schemas
2009-04-12 20:35 . 2009-04-12 20:35 -------- d-----w c:\windows\system32\it
2009-04-12 20:35 . 2009-04-12 20:35 -------- d-----w c:\windows\system32\bits
2009-04-12 20:31 . 2009-04-12 20:36 -------- d-----w c:\windows\ServicePackFiles
2009-04-12 20:21 . 2009-04-12 20:21 -------- d-----w c:\windows\EHome
2009-04-12 15:12 . 2009-04-13 12:44 -------- d--h--w c:\windows\Icons
2009-04-12 14:36 . 2004-08-19 13:23 701440 ------w c:\windows\system32\drivers\ati2mtag.sys
2009-04-12 14:03 . 2009-04-12 14:03 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Innovative Solutions
2009-04-12 13:59 . 2009-04-12 13:59 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\TeamViewer
2009-04-12 13:58 . 2009-04-12 13:58 -------- d-----w c:\documents and settings\saretta\temp
2009-04-11 16:51 . 2009-04-13 09:49 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Lphant
2009-04-11 16:30 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-11 16:23 . 2009-04-11 16:29 -------- d-----w c:\windows\system32\XPSViewer
2009-04-11 16:20 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-11 16:20 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-11 16:20 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-11 16:20 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-11 16:20 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-11 16:20 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-11 16:20 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-11 14:21 . 2006-03-17 13:49 368640 ----a-w c:\windows\system32\TwnLib4.dll
2009-04-11 14:21 . 2006-03-17 10:45 802816 ----a-w c:\windows\system32\imagXRA7.dll
2009-04-11 14:21 . 2006-03-17 10:45 497296 ----a-w c:\windows\system32\imagXpr7.dll
2009-04-11 14:21 . 2006-03-17 10:45 258048 ----a-w c:\windows\system32\imagXR7.dll
2009-04-11 14:21 . 2006-03-17 10:45 1757184 ----a-w c:\windows\system32\imagX7.dll
2009-04-11 14:21 . 2009-04-11 14:21 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2009-04-11 14:05 . 2009-04-11 14:05 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-11 14:05 . 2008-12-11 12:31 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-11 14:05 . 2009-04-11 14:05 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-11 14:03 . 2009-04-11 14:03 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\TuneUp Software
2009-04-11 14:03 . 2009-04-11 14:03 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-04-11 14:02 . 2009-04-11 14:02 -------- d-sh--w c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-11 13:42 . 2009-04-11 13:48 -------- d-----w c:\windows\SHELLNEW
2009-04-11 13:42 . 2009-04-11 13:42 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Microsoft Help
2009-04-11 13:38 . 2009-04-11 13:51 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-04-11 13:36 . 2009-04-11 13:36 -------- d--h--r C:\MSOCache
2009-04-11 13:15 . 2009-04-11 13:15 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\vlc
2009-04-11 12:49 . 2009-04-13 14:34 -------- d--h--w C:\$AVG8.VAULT$
2009-04-11 12:42 . 2009-04-11 12:42 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-11 12:42 . 2009-04-11 12:42 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-11 12:42 . 2009-04-11 12:42 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-11 12:41 . 2009-04-15 10:11 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-11 12:41 . 2009-04-11 12:41 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-04-11 12:01 . 2009-04-11 12:01 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Cooliris
2009-04-11 11:54 . 2009-04-11 11:54 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Google
2009-04-11 09:49 . 2009-04-11 09:49 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-11 09:49 . 2009-04-11 09:49 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-11 08:45 . 2009-04-11 08:45 0 ----a-w c:\windows\nsreg.dat
2009-04-11 08:45 . 2009-04-11 08:45 -------- d-----w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\Mozilla
2009-04-11 08:26 . 2009-04-11 08:26 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\sony
2009-04-08 20:09 . 2009-04-08 20:09 0 ----a-w C:\winamp.ini
2009-04-05 16:36 . 2009-04-05 16:36 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\HTML Executable
2009-04-05 14:59 . 2009-04-05 14:59 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-05 14:54 . 2009-03-05 21:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-29 16:31 . 2009-04-15 11:22 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Skype
2009-03-29 16:31 . 2009-04-11 15:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2009-03-29 12:42 . 2009-03-29 12:42 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Smart-Ads-Solutions
2009-03-22 17:41 . 2009-03-22 17:41 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Adobe Systems
2009-03-22 17:37 . 2009-04-07 19:07 57421 ----a-w c:\windows\system32\lqxchrypmhx.dll-uninst.exe
2009-03-21 17:07 . 2009-04-07 19:10 48267 ----a-w c:\windows\system32\asddlccmhhncj.exe
2009-03-21 14:06 . 2009-03-21 14:06 1033728 -c----w c:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 11:05 . 2009-03-13 20:13 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\uTorrent
2009-04-14 22:19 . 2009-03-15 21:01 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Messenger
2009-04-14 21:23 . 2009-04-14 21:23 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-14 20:43 . 2009-04-14 20:43 -------- d-----w c:\programmi\Trend Micro
2009-04-14 19:30 . 2009-03-21 16:39 -------- d-----w c:\programmi\GooglePlusVideos
2009-04-13 21:21 . 2009-04-13 21:17 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-04-13 21:08 . 2005-07-14 08:39 89094 ----a-w c:\windows\system32\perfc010.dat
2009-04-13 21:08 . 2005-07-14 08:39 500302 ----a-w c:\windows\system32\perfh010.dat
2009-04-13 14:05 . 2009-04-13 14:04 -------- d-----w c:\programmi\iTunes
2009-04-13 14:04 . 2009-04-13 14:04 -------- d-----w c:\programmi\iPod
2009-04-13 14:04 . 2008-12-18 22:39 -------- d-----w c:\programmi\File comuni\Apple
2009-04-13 13:16 . 2008-08-17 19:08 -------- d-----w c:\programmi\Collegamenti programmi
2009-04-13 12:29 . 2005-07-15 08:15 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-13 08:43 . 2008-08-17 19:09 73104 ----a-w c:\documents and settings\saretta\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-12 20:38 . 2005-07-14 15:52 76875 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-12 20:26 . 2005-07-14 08:39 251600 --sha-r C:\ntldr
2009-04-12 13:59 . 2009-04-12 13:59 -------- d-----w c:\programmi\TeamViewer
2009-04-11 16:51 . 2009-04-11 16:51 -------- d-----w c:\programmi\Lphant
2009-04-11 16:23 . 2009-04-11 16:23 -------- d-----w c:\programmi\MSBuild
2009-04-11 16:22 . 2009-04-11 16:22 -------- d-----w c:\programmi\Reference Assemblies
2009-04-11 16:12 . 2009-04-11 16:12 -------- d-----w c:\programmi\MSXML 6.0
2009-04-11 15:23 . 2009-04-11 15:23 -------- d-----r c:\programmi\Skype
2009-04-11 14:22 . 2009-04-11 14:21 -------- d-----w c:\programmi\Nero
2009-04-11 14:21 . 2009-04-11 14:21 -------- d-----w c:\programmi\File comuni\Nero
2009-04-11 14:05 . 2009-04-11 14:03 -------- d-----w c:\programmi\TuneUp Utilities 2009
2009-04-11 13:59 . 2005-07-15 11:45 -------- d-----w c:\programmi\Sony
2009-04-11 13:57 . 2008-08-17 19:24 -------- d-----w c:\programmi\Microsoft Works
2009-04-11 13:18 . 2008-12-18 22:42 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Apple Computer
2009-04-11 13:10 . 2009-04-11 13:10 -------- d-----w c:\programmi\VideoLAN
2009-04-11 12:52 . 2009-04-11 12:52 -------- d-----w c:\programmi\RocketDock
2009-04-11 12:47 . 2009-03-13 19:55 -------- d-----w c:\programmi\CCleaner
2009-04-11 12:41 . 2009-04-11 12:41 -------- d-----w c:\programmi\AVG
2009-04-11 11:54 . 2005-07-15 11:47 -------- d-----w c:\programmi\InterVideo
2009-04-11 11:53 . 2005-07-15 12:00 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sony Corporation
2009-04-11 11:39 . 2005-07-15 11:52 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-04-11 09:49 . 2005-07-15 11:44 -------- d-----w c:\programmi\Java
2009-04-11 08:26 . 2009-04-11 08:26 -------- d-----w c:\programmi\File comuni\SWF Studio
2009-04-08 20:09 . 2008-08-17 19:17 -------- d-----w c:\programmi\MoodLogic
2009-04-08 19:52 . 2005-07-15 11:45 -------- d-----w c:\programmi\File comuni\Adobe
2009-04-08 19:49 . 2009-04-08 19:49 -------- d-----w c:\programmi\Foxit Software
2009-04-05 14:56 . 2009-04-05 14:56 -------- d-----w c:\programmi\QuickTime
2009-04-05 14:19 . 2009-04-05 14:18 -------- d-----w c:\programmi\Safari
2009-04-05 14:10 . 2009-04-05 14:10 -------- d-----w c:\programmi\Bonjour
2009-03-29 15:16 . 2009-03-13 20:13 -------- d-----w c:\programmi\uTorrent
2009-03-29 12:42 . 2009-03-29 12:42 -------- d-----w c:\programmi\Smart-Ads-Solutions
2009-03-22 17:41 . 2009-03-22 17:41 -------- d-----w c:\programmi\File comuni\Adobe Systems Shared
2009-03-19 14:32 . 2008-12-18 22:41 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-14 13:05 . 2009-03-14 13:05 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\Yahoo!
2009-03-14 12:24 . 2008-08-29 16:58 -------- d-----w c:\programmi\Canon
2009-03-13 21:47 . 2009-03-13 21:47 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-03-13 21:24 . 2009-03-13 21:24 -------- d-----w c:\programmi\File comuni\Adobe AIR
2009-03-13 21:18 . 2009-03-13 21:18 -------- d-----w c:\programmi\File comuni\Macrovision Shared
2009-03-13 20:17 . 2009-03-13 20:17 -------- d-----w c:\documents and settings\saretta\Dati applicazioni\U3
2009-03-07 14:40 . 2009-03-07 14:29 -------- d-----w c:\programmi\Arteferro CAD 3D
2009-03-06 14:19 . 2005-07-14 08:39 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-05 21:59 . 2008-12-18 22:39 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-20 08:09 . 2005-07-14 08:39 668672 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:09 . 2005-07-14 08:38 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:02 . 2004-08-19 15:34 2069760 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:04 . 2005-07-14 08:39 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2005-07-14 08:39 2192768 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2005-07-14 08:39 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2005-07-14 08:38 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2005-07-14 08:39 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2005-07-14 08:38 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2005-07-14 08:39 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2005-07-14 08:39 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2005-07-14 08:39 56832 ----a-w c:\windows\system32\secur32.dll
2005-07-14 15:57 . 2009-04-13 20:27 12328 ----a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-04-14_22.16.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-15 13:36 . 2009-04-15 13:36 16384 c:\windows\Temp\Perflib_Perfdata_728.dat
+ 2009-04-15 13:36 . 2009-04-15 13:36 16384 c:\windows\Temp\Perflib_Perfdata_288.dat
+ 2005-07-15 11:42 . 2008-07-09 07:42 26488 c:\windows\system32\spupdsvc.exe
- 2005-07-15 11:42 . 2007-08-10 06:20 26488 c:\windows\system32\spupdsvc.exe
+ 2005-07-14 15:53 . 2008-07-09 07:42 18808 c:\windows\system32\spmsg.dll
- 2005-07-14 15:53 . 2007-11-30 11:19 18808 c:\windows\system32\spmsg.dll
+ 2005-07-14 08:39 . 2009-02-03 19:57 56832 c:\windows\system32\secur32.dll
+ 2005-07-14 08:39 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
- 2005-07-14 15:50 . 2008-04-14 02:13 91648 c:\windows\system32\mtxoci.dll
+ 2005-07-14 15:50 . 2008-06-12 14:21 91648 c:\windows\system32\mtxoci.dll
- 2005-07-14 08:39 . 2008-04-14 02:13 66560 c:\windows\system32\mtxclu.dll
+ 2005-07-14 08:39 . 2008-06-12 14:21 66560 c:\windows\system32\mtxclu.dll
+ 2005-07-14 15:50 . 2008-06-12 14:21 58880 c:\windows\system32\msdtclog.dll
- 2005-07-14 15:50 . 2008-04-14 02:13 58880 c:\windows\system32\msdtclog.dll
+ 2005-07-14 08:38 . 2009-02-20 08:09 81920 c:\windows\system32\ieencode.dll
- 2005-07-14 08:38 . 2008-04-14 02:13 81920 c:\windows\system32\ieencode.dll
+ 2009-02-03 19:57 . 2009-02-03 19:57 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-04-15 09:48 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2008-06-12 14:21 . 2008-06-12 14:21 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:21 . 2008-06-12 14:21 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-06-12 14:21 . 2008-06-12 14:21 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-02-20 08:09 . 2009-02-20 08:09 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2008-05-05 05:25 . 2008-05-05 05:25 3072 c:\windows\system32\xpsp4res.dll
- 2005-07-14 08:39 . 2008-10-16 01:00 668672 c:\windows\system32\wininet.dll
+ 2005-07-14 08:39 . 2009-02-20 08:09 668672 c:\windows\system32\wininet.dll
- 2005-07-14 08:39 . 2008-04-14 02:13 354304 c:\windows\system32\winhttp.dll
+ 2005-07-14 08:39 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
+ 2005-07-14 15:50 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2005-07-14 15:50 . 2009-02-09 10:51 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2005-07-14 15:49 . 2009-02-09 10:51 473600 c:\windows\system32\wbem\fastprox.dll
+ 2005-07-14 08:39 . 2009-02-20 08:09 619520 c:\windows\system32\urlmon.dll
- 2005-07-14 08:39 . 2008-10-16 01:00 619520 c:\windows\system32\urlmon.dll
+ 2005-07-14 08:39 . 2009-02-09 11:22 111104 c:\windows\system32\services.exe
+ 2005-07-14 08:39 . 2009-02-09 10:51 401408 c:\windows\system32\rpcss.dll
+ 2005-07-14 08:39 . 2009-03-06 14:19 286208 c:\windows\system32\pdh.dll
- 2005-07-14 08:39 . 2008-04-14 02:13 286208 c:\windows\system32\pdh.dll
+ 2005-07-14 08:39 . 2009-02-09 10:51 736256 c:\windows\system32\ntdll.dll
+ 2005-07-14 15:50 . 2008-06-12 14:21 161792 c:\windows\system32\msdtcuiu.dll
- 2005-07-14 15:50 . 2008-04-14 02:13 161792 c:\windows\system32\msdtcuiu.dll
- 2005-07-14 15:50 . 2008-04-14 02:13 956928 c:\windows\system32\msdtctm.dll
+ 2005-07-14 15:50 . 2008-06-12 14:21 956928 c:\windows\system32\msdtctm.dll
+ 2005-07-14 15:50 . 2008-06-12 14:21 428032 c:\windows\system32\msdtcprx.dll
+ 2005-07-14 08:38 . 2009-02-09 10:51 734720 c:\windows\system32\lsasrv.dll
+ 2009-04-15 09:47 . 2008-04-21 21:14 219136 c:\windows\system32\dllcache\wordpad.exe
+ 2009-04-15 09:48 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-04-15 09:48 . 2009-02-09 10:51 453120 c:\windows\system32\dllcache\wmiprvsd.dll
- 2009-04-13 08:47 . 2008-10-16 01:00 668672 c:\windows\system32\dllcache\wininet.dll
+ 2009-04-13 08:47 . 2009-02-20 08:09 668672 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
- 2009-04-13 08:47 . 2008-10-16 01:00 619520 c:\windows\system32\dllcache\urlmon.dll
+ 2009-04-13 08:47 . 2009-02-20 08:09 619520 c:\windows\system32\dllcache\urlmon.dll
+ 2009-04-15 09:48 . 2009-02-09 11:22 111104 c:\windows\system32\dllcache\services.exe
+ 2009-04-15 09:48 . 2009-02-09 10:51 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2009-04-15 09:48 . 2009-03-06 14:19 286208 c:\windows\system32\dllcache\pdh.dll
+ 2009-04-15 09:48 . 2009-02-09 10:51 736256 c:\windows\system32\dllcache\ntdll.dll
+ 2008-06-12 14:21 . 2008-06-12 14:21 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:21 . 2008-06-12 14:21 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:21 . 2008-06-12 14:21 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-04-15 09:48 . 2009-02-09 10:51 734720 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-04-15 09:48 . 2009-02-09 10:51 473600 c:\windows\system32\dllcache\fastprox.dll
+ 2009-04-15 09:48 . 2009-02-09 10:51 683520 c:\windows\system32\dllcache\advapi32.dll
+ 2005-07-14 08:38 . 2009-02-09 10:51 683520 c:\windows\system32\advapi32.dll
- 2005-07-14 08:38 . 2008-04-14 02:13 683520 c:\windows\system32\advapi32.dll
+ 2005-07-14 08:39 . 2009-03-02 23:10 1499648 c:\windows\system32\shdocvw.dll
- 2005-07-14 08:39 . 2008-10-16 01:00 1499648 c:\windows\system32\shdocvw.dll
- 2005-07-14 08:39 . 2008-05-07 05:10 1293312 c:\windows\system32\quartz.dll
+ 2005-07-14 08:39 . 2008-12-20 22:13 1293312 c:\windows\system32\quartz.dll
+ 2005-07-14 08:39 . 2009-02-09 11:23 2192768 c:\windows\system32\ntoskrnl.exe
+ 2004-08-19 15:34 . 2009-02-10 17:02 2069760 c:\windows\system32\ntkrnlpa.exe
- 2004-08-19 15:34 . 2008-08-14 13:22 2069760 c:\windows\system32\ntkrnlpa.exe
+ 2005-07-14 08:39 . 2009-02-20 08:09 3089408 c:\windows\system32\mshtml.dll
- 2005-07-14 08:38 . 2008-04-14 02:13 1033728 c:\windows\system32\kernel32.dll
+ 2005-07-14 08:38 . 2009-03-21 14:06 1033728 c:\windows\system32\kernel32.dll
- 2009-04-13 08:47 . 2008-10-16 01:00 1499648 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-04-13 08:47 . 2009-03-02 23:10 1499648 c:\windows\system32\dllcache\shdocvw.dll
- 2008-05-07 05:10 . 2008-05-07 05:10 1293312 c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:10 . 2008-12-20 22:13 1293312 c:\windows\system32\dllcache\quartz.dll
+ 2009-04-13 08:45 . 2009-02-09 11:23 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-04-13 08:45 . 2008-08-14 13:22 2027520 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-04-13 08:45 . 2009-02-09 11:23 2027520 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-04-13 08:45 . 2008-08-14 13:22 2069760 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-13 08:45 . 2009-02-10 17:02 2069760 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-13 08:45 . 2009-02-09 11:22 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-04-13 08:45 . 2008-08-14 13:22 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-04-13 08:45 . 2009-02-20 08:09 3089408 c:\windows\system32\dllcache\mshtml.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 1033728 c:\windows\system32\dllcache\kernel32.dll
+ 2009-04-13 08:45 . 2009-02-09 11:23 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-13 08:45 . 2008-08-14 13:22 2027520 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-04-13 08:45 . 2009-02-09 11:23 2027520 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-04-13 08:45 . 2009-02-10 17:02 2069760 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-04-13 08:45 . 2008-08-14 13:22 2069760 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-04-13 08:45 . 2008-08-14 13:22 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-13 08:45 . 2009-02-09 11:22 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-01-18 14:36 . 2009-04-06 14:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-09 6746112]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 184320]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-29 114688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-29 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-29 77824]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2003-11-07 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-11 1932568]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-11 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-06-29 14720000]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-11 12:42 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 15:42 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\FILECO~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-11 09:49 148888 ----a-w c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2005-01-14 11:43 151552 ----a-w c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2002-03-14 14:46 45056 ----a-w c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\TeamViewer\\Version4\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"4509:UDP"= 4509:UDP:emule

R3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bsusbser.sys [2006-12-20 94848]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\Drivers\eusk3usb.sys [2004-11-17 45534]
R3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-11 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-11 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-11 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-11 298264]
S2 eugss;EUTRON SmartKey GSS2 Driver;c:\windows\system32\Drivers\eugssxp.sys [2004-11-17 57951]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-11 603904]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0df9b811-7c20-11dd-88fb-0013cead98b8}]
\Shell\AutoRun\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{605973ed-ceab-11dd-8923-0013cead98b8}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97bcf244-1008-11de-8945-0013cead98b8}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d18119be-9d44-11dd-8903-0013cead98b8}]
\Shell\auto\command - G:\Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - G:\Knight.exe open
\Shell\find\command - G:\Knight.exe open
\Shell\install\command - G:\Knight.exe open
\Shell\open\command - G:\Knight.exe open
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-04-15 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 - c:\programmi\Sony\Image Converter 2\menu.htm
FF - ProfilePath - c:\documents and settings\saretta\Dati applicazioni\Mozilla\Firefox\Profiles\5whj6mu1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - component: c:\documents and settings\saretta\Dati applicazioni\Mozilla\Firefox\Profiles\5whj6mu1.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 19:14
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1892)
c:\windows\system32\VESWinlogon.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2616)
c:\programmi\RocketDock\RocketDock.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Ora fine scansione: 2009-04-15 19.16.30
ComboFix-quarantined-files.txt 2009-04-15 17:16
ComboFix2.txt 2009-04-14 22:57
ComboFix3.txt 2009-04-14 22:29
ComboFix4.txt 2009-04-14 22:18

Pre-Run: 13.486.108.672 byte disponibili
Post-Run: 13.474.377.728 byte disponibili

428 --- E O F --- 2009-04-13 10:35


a tua disposizione
grazie r16
r16
Inviato: Wednesday, April 15, 2009 7:42:50 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao .
Mi manca il log di HijackThis che ti ho richiesto.
Dimenticato?Drool
stulfy66
Inviato: Wednesday, April 15, 2009 7:56:32 PM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
chiedo venia,sto diventando ubriaco con tutti sti report



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.52.56, on 15/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Apoint\Apoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Trasferimento tramite Image Converter 2 - C:\Programmi\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Programmi\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 10809 bytes


spero vada bene cosi'
grazie r16
r16
Inviato: Wednesday, April 15, 2009 8:00:08 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Purtroppo alle volte si deve pazientare, per avere risultati.
Il log è pulito.
Come funziona il pc? riscontri problemi?
stulfy66
Inviato: Wednesday, April 15, 2009 8:11:02 PM

Rank: Member

Iscritto dal : 1/11/2009
Posts: 24
di problemi non ne riscontro ,la navigazione è pulita ,l'unica cosa è che nel frattempo rovistando nel pc ho trovato tre programmi (RON Too1 Freedomltd , search assistant leftsidebuddy , bonjour che io almeno nei miei ricordi non mi sembra di avere mai installato.
se cerco di rimuoverli mi dice in inglese che il pc dopo non potrebbe funzionare a dovere.
sarà partito da questi il problema principale?
grazie r16
r16
Inviato: Wednesday, April 15, 2009 9:37:18 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Conosco (poco) solo il programma bonjour , che si installa quando installi programmi della Sony.
A mio avviso, io ti consiglio di cambiare antivirus. (se vuoi)
Potresti installare Antivir:
http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
E lo configuri cosi:
http://www.zeusnews.it/zz_upload/PSV/avira.pdf
Fai una scansione e posta il log.
Per disistallare AVG usa questo Tool:
http://www.grisoft.cz/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Fai questa operazione, se non ti trovi ,reistalliamo l'ultima versione di AVG8.5
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.