Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

un controllino, grazie Opzioni
maopapof
Inviato: Tuesday, June 30, 2009 9:37:16 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,185
ma che bella giornata .... :O(

UN CONSIGLIO PER TUTTI ... FATE SEMPRE ATTENZIONE CHE I PEGGIORI VIRUS SONO QUELLI CHE NOI AUTORIZZIAMO CON UN SEMPLICE CLICK :o(

oggi per la mania di un clik più veloce dell usare il cervello ... mi son trovato in mezzo .... ..... nei guai ( p2p )

bdoscandel.exe msa.exe b.exe c.exe b.exe ... la famiglia al completo :O) che si nasconndono sia nella cartella di windows che nella temp ... ed è inutile cancellarli direttamente ... in quanto oltre ad autoreplicarsi nel registro si infiltrano in sotto cartelle che sono difficili da ididentificarle tutte

usate sempre un antivirus e un antiavare sempre aggiornato ... e li ammazzerete tutti questi fetentoni
e come dice l'amico r16 non andate nel registro ...perchè il fare casino non è cosa difficile

adesso .... il mio lavoro ...posso andare tranquillo ... grazie per un controllino :O)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:51, on 30/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\VisualTaskTips\VisualTaskTips.exe
C:\Programmi\MD-@ HSUPA\MD-@ HSUPA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://internet.tre.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [VisualTaskTips] C:\Programmi\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Programmi\MD-@ HSUPA\MD-@ HSUPA.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F760C52C-FCBE-4BCB-A5D9-8212A2DDFE8E}: NameServer = 62.13.171.4 62.13.171.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7310 bytes





Sponsor
Inviato: Tuesday, June 30, 2009 9:37:16 PM

 
r16
Inviato: Tuesday, June 30, 2009 10:39:18 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao maopapof .
Toh... anche tu ti sei fatto un "sonnellino"......Drool
Elimina questa voce di HJT:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://internet.tre.it/
Per sicurezza fai una scansione (penso l'avrai già fatta) con Malwarebytes.
Per essere ancora più sicuro, esegui una scansione con Combofix:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)

maopapof
Inviato: Thursday, July 02, 2009 9:25:54 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,185
adesso .... non ti invidio ....

Elimina questa voce di HJT:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://internet.tre.it/ .... è la pagina iniziale della mia connessione della tr la più ...... sono vietate le parolacce .... comunque la ho controllata in html non esistono bottoni e collegamenti forvianti nascosti :O)

adesso il primo malloppone


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:31, on 02/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\VisualTaskTips\VisualTaskTips.exe
C:\Programmi\MD-@ HSUPA\MD-@ HSUPA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://internet.tre.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [VisualTaskTips] C:\Programmi\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Programmi\MD-@ HSUPA\MD-@ HSUPA.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F760C52C-FCBE-4BCB-A5D9-8212A2DDFE8E}: NameServer = 62.13.171.4 62.13.171.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7569 bytes

il secondo malloppone


ComboFix 09-05-11.08 - maopapof 02/07/2009 20.59.27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.447.158 [GMT 2:00]
Eseguito da: d:\docume~1\maopapof\Desktop\da mettere a posto in 03\combofix\ComboFix.exe
Opzioni usate :: / u
AV: avast! antivirus 4.8.1335 [VPS 090701-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((( Files Creati Da 2009-06-02 al 2009-07-02 )))))))))))))))))))))))))))))))))))
.

2009-07-01 15:15 . 2009-07-01 15:15 -------- d-----w d:\documents and settings\Administrator\Dati applicazioni\GlarySoft
2009-07-01 15:06 . 2009-07-01 15:06 -------- d-----w d:\documents and settings\Administrator\Dati applicazioni\TuneUp Software
2009-07-01 12:46 . 2009-07-01 12:46 -------- d-----w d:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-06-26 22:03 . 2009-06-26 22:03 49 ----a-w c:\windows\DelToolbox.bat
2009-06-26 19:22 . 2009-07-02 18:59 -------- d-----w c:\windows\system32\CatRoot2
2009-06-25 09:08 . 2009-06-25 09:08 -------- d-----w c:\programmi\Defraggler
2009-06-25 00:22 . 2009-06-25 13:37 -------- d-----w c:\programmi\WebSite X5 Smart
2009-06-24 21:42 . 2009-06-25 13:26 -------- d-----w c:\programmi\WebSite X5 v8 - Smart
2009-06-15 12:32 . 2009-06-15 12:32 -------- d-----w c:\programmi\Wondershare
2009-06-14 14:57 . 2009-06-14 21:12 -------- d-----w c:\programmi\Extra Screen Capture Pro
2009-06-14 14:24 . 2009-07-01 19:17 -------- d-----w c:\programmi\Fresh RAM
2009-06-12 22:00 . 2009-06-12 22:01 -------- d-----w d:\documents and settings\maopapof\Dati applicazioni\.clamwin
2009-06-12 21:59 . 2009-06-12 21:59 -------- d-----w c:\programmi\ClamWin
2009-06-12 21:59 . 2009-06-12 21:59 -------- d-----w d:\documents and settings\All Users\.clamwin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 19:01 . 2009-04-04 15:47 98322464 -csha-w c:\windows\system32\drivers\fidbox.dat
2009-07-02 17:16 . 2009-04-04 15:47 1153580 -csha-w c:\windows\system32\drivers\fidbox.idx
2009-07-01 15:27 . 2004-09-03 09:37 84872 ----a-w c:\windows\system32\perfc010.dat
2009-07-01 15:27 . 2004-09-03 09:37 490660 ----a-w c:\windows\system32\perfh010.dat
2009-07-01 15:14 . 2009-04-09 10:47 -------- d-----w c:\programmi\Wise Disk Cleaner
2009-07-01 08:17 . 2008-05-17 16:57 -------- d-----w c:\programmi\Windows Live Safety Center
2009-07-01 08:00 . 2008-10-30 15:05 -------- d-----w c:\programmi\WinClamAVShield
2009-06-30 09:48 . 2008-05-19 15:25 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-06-26 21:52 . 2007-12-10 04:16 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-06-26 19:17 . 2009-06-26 19:17 76875 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-26 18:49 . 2009-05-12 13:47 4556459 -c--a-w c:\windows\Internet Logs\tvDebug.zip
2009-06-25 10:18 . 2009-02-03 22:52 82380 ----a-w c:\windows\system32\drivers\AFS2K.SYS
2009-06-17 22:52 . 2007-12-09 23:00 76744 ----a-w d:\documents and settings\darfix\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-17 09:27 . 2009-01-09 14:30 38160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2008-05-19 15:25 19096 -c--a-w c:\windows\system32\drivers\mbam.sys
2009-06-16 10:03 . 2008-05-29 14:20 76744 ----a-w d:\documents and settings\maopapof\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-15 12:33 . 2007-12-09 20:52 76744 ----a-w d:\documents and settings\maopapof\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-13 16:57 . 2009-05-16 17:11 -------- d-----w c:\programmi\TuneUp Utilities 2008
2009-05-31 09:58 . 2008-09-25 13:09 -------- d-----w c:\programmi\Spyware Terminator
2009-05-28 15:35 . 2009-05-28 15:35 4096 ----a-w c:\windows\d3dx.dat
2009-05-24 01:15 . 2009-05-24 09:02 292352 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-05-22 23:48 . 2009-02-15 17:55 433840 ----a-w d:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-05-22 21:49 . 2007-12-10 04:16 -------- d-----w c:\programmi\File comuni\Adobe
2009-05-22 07:38 . 2007-12-10 14:44 -------- d-----w c:\programmi\HP
2009-05-22 07:38 . 2007-12-10 14:44 -------- d-----w c:\programmi\Hewlett-Packard
2009-05-21 16:29 . 2009-05-21 16:29 -------- d-----w c:\programmi\Glary Utilities
2009-05-21 13:07 . 2009-05-21 13:07 23 --sha-w c:\windows\system32\accaec6_g.dll
2009-05-20 21:01 . 2009-05-20 21:01 -------- d-----w c:\programmi\Skype
2009-05-18 16:59 . 2009-05-18 15:23 -------- d-----w c:\programmi\FrostWire
2009-05-16 17:12 . 2009-05-16 17:12 355584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-16 17:10 . 2009-05-16 17:10 -------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-05-16 10:23 . 2009-05-16 10:23 6682 ----a-w C:\pulisci.bat
2009-05-16 08:15 . 2007-12-10 04:16 -------- d-----w c:\programmi\Java
2009-05-14 14:26 . 2008-03-14 16:46 207872 ----a-w c:\windows\system32\iwpsetup.exe
2009-05-10 15:36 . 2009-05-10 15:36 -------- d-----w c:\programmi\Windows Installer Clean Up
2009-05-10 15:36 . 2009-05-07 18:12 -------- d-----w c:\programmi\MSECACHE
2009-05-07 15:32 . 2004-09-03 09:36 347648 -c--a-w c:\windows\system32\localspl.dll
2009-05-07 14:28 . 2008-08-05 10:42 -------- d-----w c:\programmi\VS Revo Group
2009-05-07 07:04 . 2008-06-30 07:17 157712 -c--a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-29 04:45 . 2004-09-03 09:36 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-29 04:44 . 2004-09-03 09:36 78336 -c--a-w c:\windows\system32\ieencode.dll
2009-04-19 19:47 . 2004-09-03 09:36 1847168 ----a-w c:\windows\system32\win32k.sys
2009-04-15 14:52 . 2004-09-03 09:36 585216 ----a-w c:\windows\system32\rpcrt4.dll
2009-04-04 15:45 . 2007-12-09 23:40 4212 -c-h--w c:\windows\system32\zllictbl.dat
2009-02-26 15:07 . 2009-02-26 15:07 1414 ----a-w C:\programmi.txt
.

------- Sigcheck -------

[-] 2008-04-14 02:14 14336 BB8363ABEC09AA2F9B363484E282117C c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 02:14 14336 BB8363ABEC09AA2F9B363484E282117C c:\windows\system32\svchost.exe

[-] 2005-03-02 18:20 578048 488019BFE2B0F9F8CD8394276D5B664A c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 579072 BAB4F995E526484A235A276E269AAF7F c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2008-04-14 02:13 579584 FA94696C0727BD59E517C674CD6E7C72 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 02:13 579584 FA94696C0727BD59E517C674CD6E7C72 c:\windows\system32\user32.dll

[-] 2008-04-14 02:13 82432 D34F635FF28F2AABEDC95BFEB891864C c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 02:13 82432 D34F635FF28F2AABEDC95BFEB891864C c:\windows\system32\ws2_32.dll

[-] 2005-10-21 03:39 664064 B94ABC767831F875E95F7F23BD9DB85D c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2007-08-22 12:56 668160 2385E8CAF1ED885CAF1F480E3AB0EB05 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2007-08-20 09:48 825344 69D5497609B4FB0981F17074671E072B c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 23:21 825344 714D8A2B05B2AAF0C6A39241A1ED914F c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 01:40 825344 39CCDA0E9B778792B06C1B9D794A9776 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 12:34 827392 93DB90BE4A10EC784DDC9C8601A28AA6 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 04:19 827392 FE184A2B736F216CCC22ABEEBB40787D c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 15:39 827904 BF9D17259082632F03F3FF5759C6AE32 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 09:08 827904 8E694EC9DA095E518D9447B3293208EA c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 19:32 827904 F303CFED3D8B8348A54F7A53DDC7CCA0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:47 827904 3F7320E0F75F2B5A7A9AD32AEA08BF21 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-03-03 00:15 828416 C04C42D707CDB4129B86C4E96FA5C24B c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-04-29 04:37 828928 D327397F4448DCB912E9FE78C9A94C88 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2007-08-22 13:12 661504 C82A1185BECD4B075E86E3C3B22E762C c:\windows\ie7\wininet.dll
[-] 2007-08-13 17:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-08-20 09:57 824832 21AA12B75CE02358E0AD8C706680869F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 23:49 824832 419A6F3D56E469BCBE71128A78463DA4 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-12-07 02:04 824832 ED2A73AB0EBA3C4CB6794077CD09EC95 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2008-03-01 12:58 826368 61D4F43D26EC9D21BEB6F38F22B396AB c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 826368 C1089010BCC3FD01056D26E9A36BBB79 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:15 826368 4B54220877703198E55F61CB7B87979E c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 07:57 826368 D590241CADEC69A1BC157DC0452C92D1 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:04 826368 A4C79606C0D9835E8A5A8E5E5804AE60 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 22:31 826368 EF1520F95DD25F48C18502005F5EE995 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:03 826368 0F74B461F95EC8373FFF5990DC619A75 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2008-04-14 02:13 668672 663E74D98D2E67C1343D367388EDD711 c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-04-29 04:45 827392 B7DFEFC4FC10B8AC464FCDCA309267B6 c:\windows\system32\wininet.dll
[-] 2009-04-29 04:45 827392 B7DFEFC4FC10B8AC464FCDCA309267B6 c:\windows\system32\dllcache\wininet.dll

[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 48299C8FBD41C977348A31B837EC3F25 c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 02:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 02:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\system32\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 08:12 2060672 DE16030E8209FD96EEB06D9E3D8C84A8 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 11:14 2069888 FF69166080436A31A3EAC9CC7C3F1847 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 17:25 2069760 C812D8551FD3B6ACDBF7EB6B18B1B992 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 01:54 2069632 5E95F445B70ADCF8876D1203852262A1 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 18:12 2183296 C120A33C71E706545CF26D6276BC0344 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2009-02-10 17:14 2192896 3B5928FCD0DD3E10DEB1C13CA35201F6 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 17:25 2192896 0EE73494680235D59F4E57301D7AD580 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 01:55 2192768 7D804C28404E94F57967DE3394201D55 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2008-04-14 02:14 1036288 70D7F99D95615C3C278367756287DB71 c:\windows\explorer.exe
[-] 2007-06-13 13:10 1035776 B4E85805BE6D23DE697F7B3BA7492D0B c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2008-04-14 02:14 1036288 70D7F99D95615C3C278367756287DB71 c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2009-02-09 11:14 111104 C79FEAE2F68982259907AB52B0F2676F c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 02:14 109056 DAC0440C89B1EA4E35684896D5BF856E c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-09 11:22 111104 26845F272435302E0F3322E660A24F7D c:\windows\system32\services.exe
[-] 2009-02-09 11:22 111104 26845F272435302E0F3322E660A24F7D c:\windows\system32\dllcache\services.exe

[-] 2008-04-14 02:14 13312 0FBA335727905DE8E4CB5A2CF438ABF5 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 02:14 13312 0FBA335727905DE8E4CB5A2CF438ABF5 c:\windows\system32\lsass.exe

[-] 2008-04-14 02:14 15360 F53CDDEF33A4C41336A782BE3D170158 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 02:14 15360 F53CDDEF33A4C41336A782BE3D170158 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2008-04-14 02:14 57856 60977C9BAE8F86F9075829325303D0C9 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 02:14 57856 60977C9BAE8F86F9075829325303D0C9 c:\windows\system32\spoolsv.exe

[-] 2008-04-14 02:14 26624 DF69726907357C3ADD243F48902B0331 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 02:14 26624 DF69726907357C3ADD243F48902B0331 c:\windows\system32\userinit.exe

[-] 2008-04-14 02:13 296960 FE5A5329CCFC33D645C33077FF04F052 c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 02:13 296960 FE5A5329CCFC33D645C33077FF04F052 c:\windows\system32\termsrv.dll

[-] 2007-04-16 16:09 1030144 6D9421A648F26B8640C63D0F8F2B7D48 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 13:59 1035776 A3A365C46057532F6638D57E4C0B66B8 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 02:13 1033728 06157539EBB8B87D47B9B6C5DA44B62F c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:06 1033728 5576C1D7AF026D18240ED6A624FD01A2 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:06 1033728 5576C1D7AF026D18240ED6A624FD01A2 c:\windows\system32\dllcache\kernel32.dll

[-] 2008-04-14 02:13 17408 2F331374433E3FE176BEE155D9BE83E1 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 02:13 17408 2F331374433E3FE176BEE155D9BE83E1 c:\windows\system32\powrprof.dll

[-] 2008-04-14 02:13 110080 3F970150C170A38FCE423994341205B4 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 02:13 110080 3F970150C170A38FCE423994341205B4 c:\windows\system32\imm32.dll

[-] 2008-04-14 02:13 1571840 CE7DB8EE1C9BD8A40F84529DDC28B0D8 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 02:13 1571840 CE7DB8EE1C9BD8A40F84529DDC28B0D8 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"="c:\programmi\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]
"Mobile Partner"="c:\programmi\MD-@ HSUPA\MD-@ HSUPA.exe" [2009-04-05 110592]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2009-06-11 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\FrostWire\\FrostWire.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [02/04/2008 17.01.07 maopapof 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [25/09/2008 15.09.30 maopapof 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/04/2008 17.01.07 maopapof 20560]
R3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\drivers\pfc027.sys [24/02/2005 13.29.14 maopapof 162176]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ad4663b-2117-11de-9a44-0016e611bd3a}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcb07cf5-2115-11de-9a43-0016e611bd3a}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-02 c:\windows\Tasks\Garanzia estesa.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 11:55]

2009-07-02 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-05-21 09:50]

2009-07-02 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 13:26]

2009-03-15 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\programmi\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-04-09 11:15]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://internet.tre.it/
IE: E&sporta in Microsoft Excel
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 21:00
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2491783405-3748807332-3772402248-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2491783405-3748807332-3772402248-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E9C4AF2-32B9-7760-C21C-E16CA004A955}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iagepoojbnekadmlhb"=hex:69,61,66,70,68,62,68,66,6f,6b,6d,67,6c,69,62,6c,6f,61,
00,00
"haiefbpioibnkdom"=hex:69,61,66,70,68,62,68,66,6f,6b,6d,67,6c,69,62,6c,6f,61,
00,00

[HKEY_USERS\S-1-5-21-2491783405-3748807332-3772402248-1006\Software\Skype\Phone\UI]
@DACL=(02 0000)
@SACL=
"Installed"=dword:00000001

[HKEY_LOCAL_MACHINE\software\1307\cdd18413cd406c]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\58f\2004888\9360]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\781\0000161CB2755E0C]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\90c\4K0RBVC2XDFMHYHS]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E9C4AF2-32B9-7760-C21C-E16CA004A955}\InProcServer32*]
"jameengehcflelgbkilf"=hex:69,61,66,70,68,62,68,66,6f,6b,6d,67,6c,69,62,6c,6f,
61,00,00
"iameommglnlcchpgcg"=hex:69,61,66,70,68,62,68,66,6f,6b,6d,67,6c,69,62,6c,6f,61,
00,00

[HKEY_LOCAL_MACHINE\software\Cygnus Solutions\Cygwin]
@Class="cygnus"
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\HaaliMkx\Input]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\LEAD Technologies, Inc.\DShow]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\HotFix\KB911564]
@DACL=(02 0000)
@SACL=
"Installed"=dword:00000001
"Comments"="Aggiornamento della protezione per Windows Media Player (KB911564)"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\PeerNet]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Tracing\WDF API DLL]
@DACL=(02 0000)
@SACL=
"LogSessionName"=expand:"stdout"
"Active"=dword:00000001
"ControlFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Mozilla\Firefox]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek AC'97 Audio]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.\SharedDlls]
@DACL=(02 0000)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2220)
c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll
c:\programmi\VisualTaskTips\VttHooks.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\programmi\Microsoft Office\Office10\msohev.dll
c:\windows\system32\PDFShell.dll
.
Ora fine scansione: 2009-07-02 21.03.56
ComboFix-quarantined-files.txt 2009-07-02 19:03

Pre-Run: 24.340.733.952 byte disponibili
Post-Run: 24.328.179.712 byte disponibili

325


e se non sei ancora morto .... ti ringrazio :O)



r16
Inviato: Thursday, July 02, 2009 11:24:00 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao "dormiglione".Drool
I log sono a posto.
Se vuoi, puoi eliminare le voci 016 che riguardano gli Activex scaricati, non serve averle nel pc.
Certo però che ti sei riempito per bene di software per la sicurezza.(ne ho contati 5 mi sembra)
Ti fanno tanta paura le fetecchie?
Ciao!

maopapof
Inviato: Friday, July 03, 2009 12:14:17 AM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,185
.......... :O)))))) ..... grazie ... per gli 016 erano sopratutto gli online ... ero non solo sporco ma zozzo che andava bene per aver fatto un clik di troppo su un p2p di un download ...neanche fra i disonesti c'è più onestà ! :O)

bisognerebbe avere una bella lavatrice di intrusi ...che prima di scaricare ed installare ... ti pulisca al meglio il file che vuoi scaricare :O(

ALFONSOOOOOOO ...fai una bella penlavatrice per tutti i peertopeermitomani :O))))))))

Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.