Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

scanzione con Hijakthis Opzioni
leo345
Inviato: Friday, November 13, 2009 1:15:02 AM
Rank: AiutAmico

Iscritto dal : 2/10/2009
Posts: 75
qualcuno mi può controllare se ci sono voci sospette




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.34.54, on 09/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Lingoes\Translator2\Lingoes.exe
C:\Programmi\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
F:\PhoneConnectorVMC.exe
C:\WINDOWS\System32\svchost.exe
F:\vmc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Lingoes] C:\Programmi\Lingoes\Translator2\Lingoes.exe -minimize
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Programmi\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1c9c9edbcb77d86) (gupdate1c9c9edbcb77d86) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe

--
End of file - 8264 bytes
Sponsor
Inviato: Friday, November 13, 2009 1:15:02 AM

 
antonpaco
Inviato: Friday, November 13, 2009 10:06:51 AM
Rank: AiutAmico

Iscritto dal : 11/7/2006
Posts: 1,180
il log e' pulito, comunque aspettiamo qualche amico esperto che possa confermare, hai qualche problema nel pc?
leo345
Inviato: Friday, November 13, 2009 11:45:39 PM
Rank: AiutAmico

Iscritto dal : 2/10/2009
Posts: 75
Si ho un problema, dopo un pò che sono connesso le pagine si aprono più lentamente o addirittura non si aprono affatto. Premetto che mi connetto ad internet con una chiavetta vodafone 3.6.
leo345
Inviato: Saturday, November 14, 2009 12:36:45 AM
Rank: AiutAmico

Iscritto dal : 2/10/2009
Posts: 75
leo345 ha scritto:
Si ho un problema, dopo un pò che sono connesso le pagine si aprono più lentamente o addirittura non si aprono affatto. Premetto che mi connetto ad internet con una chiavetta vodafone 3.6.
.Inizialmente questa cosa non accadeva
r16
Inviato: Saturday, November 14, 2009 1:30:20 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.

----------------------------------------------------------------------------------------------------
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)
leo345
Inviato: Sunday, November 15, 2009 10:48:50 PM
Rank: AiutAmico

Iscritto dal : 2/10/2009
Posts: 75
Questa é la scanzione di Malvarebyte

Malwarebytes' Anti-Malware 1.41
Versione del database: 3175
Windows 5.1.2600 Service Pack 3

10/11/2009 3.52.41
mbam-log-2009-11-10 (03-52-41).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|)
Elementi scansionati: 170739
Tempo trascorso: 33 minute(s), 5 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 5

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Programmi\Navilog1\gnc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-220523388-299502267-1177238915-1003\Dc203.exe (Packed.Krap) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F79E75C7-46C5-4882-89BE-AD1233B20F1A}\RP93\A0039560.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
r16
Inviato: Sunday, November 15, 2009 11:35:52 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Dov'è il log di Combofix, che ho richiesto?
leo345
Inviato: Sunday, November 15, 2009 11:38:20 PM
Rank: AiutAmico

Iscritto dal : 2/10/2009
Posts: 75

Per la scanzione con Combofix .axe devo disabilitare l'antivirus (avira) come devo fare?

r16
Inviato: Sunday, November 15, 2009 11:49:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per disattivare temporaneamente Avira, clicca con il tasto destro del mouse sull'icona vicino all'orologio e togli il segno di spunta a AntiVir Guard.
Per riattivarlo, è sufficiente fare il procedimento inverso.
leo345
Inviato: Monday, November 16, 2009 8:19:22 PM
Rank: AiutAmico

Iscritto dal : 2/10/2009
Posts: 75



Non riesco ad aprire Combofix. ho chiuso antivirus e firewall ,ma il pc mi da i seguenti messaggi:


1) Combofix ha rilevato che il seguente scanner(s) in real t ime é attivo:

antivirus: antivir Desktop

E' risaputo che gli antivirus e i software Hips interferiscono con ComboFix's se é in esecuzione.ecc....

2) antivirus antivir Desktop

Lo scanner(s) in real time su citato é ancora attivo ma Combofix continuerà la sua esecuzione.ecc....

3) Errore data:2009-11-16 Controlla le tue impostazioni.

prima del terso messaggio si apre una piccola finestra blu. ma quando chiudo il 3) messaggio anche la finestra blu si
chiude e non succede più niente.


r16
Inviato: Monday, November 16, 2009 9:33:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)
Riavvia il pc.

Scarica questa versione:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

In fase di scaricamento,cambiagli (lo rinomini) con il nome COMBO-FIX.EXE

Poi, quando lo hai scaricato sul desktop, fai così:
Start\Esegui\ copia-incolla questa stringa, e clicca invio:

"%userprofile%\desktop\COMBO-FIX.EXE" /killall

Ignora tutti i messaggi che vengono aperti
leo345
Inviato: Monday, November 16, 2009 10:25:39 PM
Rank: AiutAmico

Iscritto dal : 2/10/2009
Posts: 75
leo345 ha scritto:



Non riesco ad aprire Combofix. ho chiuso antivirus e firewall ,ma il pc mi da i seguenti messaggi:


1) Combofix ha rilevato che il seguente scanner(s) in real t ime é attivo:
antivirus: antivir Desktop

E' risaputo che gli antivirus e i software Hips interferiscono con ComboFix's se é in esecuzione.ecc....

2) antivirus antivir Desktop

Lo scanner(s) in real time su citato é ancora attivo ma Combofix continuerà la sua esecuzione.ecc....

3) Errore data:2009-11-16 Controlla le tue impostazioni.

prima del terso messaggio si apre una piccola finestra blu. ma quando chiudo il 3) messaggio anche la finestra blu si
chiude e non succede più niente.


r16
Inviato: Monday, November 16, 2009 11:29:14 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Prova a farlo partire in Modalità provvisoria.
leo345
Inviato: Saturday, November 21, 2009 12:52:06 AM
Rank: AiutAmico

Iscritto dal : 2/10/2009
Posts: 75

leo345
Inviato: Saturday, November 21, 2009 3:27:13 PM
Rank: AiutAmico

Iscritto dal : 2/10/2009
Posts: 75

ComboFix 09-11-16.03 - Utente 19/11/2009 23.09.14..2 - FAT32x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.721 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Utente\Dati applicazioni\Desktopicon
c:\documents and settings\Utente\Dati applicazioni\Desktopicon\eBay.ico
c:\documents and settings\Utente\Dati applicazioni\Desktopicon\uninst.exe
c:\documents and settings\Utente\Dati applicazioni\inst.exe
c:\documents and settings\Utente\Documenti\ZbThumbnail.info
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\awuso.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\awuso_nav.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\awuso_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2009-10-19 al 2009-11-19 )))))))))))))))))))))))))))))))))))
.

2009-11-17 05:03 . 2009-11-17 05:07 5908024 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-17 05:03 . 2009-11-17 05:03 327000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-17 05:03 . 2009-11-17 05:03 87496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-17 04:58 . 2009-11-17 05:00 0 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-17 04:57 . 2009-11-17 04:58 641632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-17 04:54 . 2009-11-17 04:55 816272 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-17 04:51 . 2009-11-17 04:54 822904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-17 04:49 . 2009-11-17 04:51 1638640 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-17 04:48 . 2009-11-17 04:49 788880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-17 04:47 . 2009-11-17 04:48 1184912 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-17 03:57 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-17 03:54 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-17 03:54 . 2009-11-17 03:54 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-17 03:52 . 2009-11-17 03:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-11-17 03:52 . 2009-11-17 03:52 -------- d-----w- c:\programmi\Lavasoft
2009-11-16 23:01 . 2009-11-16 23:01 -------- d-----w- c:\programmi\Globus
2009-11-16 22:36 . 2009-11-16 22:36 8240064 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Azureus\tmp\AZU24902.tmp\Vuze_4.3.0.0_win32.exe
2009-11-16 21:34 . 2009-11-16 21:34 -------- d-----w- c:\documents and settings\Utente\Nuova cartella (3)
2009-11-16 05:05 . 2009-11-16 05:05 -------- d-----w- c:\programmi\JPEGCompress
2009-11-12 05:50 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-12 05:36 . 2009-11-12 05:37 93360 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-12 05:35 . 2009-11-12 05:36 862040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-11-12 05:35 . 2009-11-12 05:35 554280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-12 05:35 . 2009-11-12 05:35 15880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-12 05:34 . 2009-11-12 05:34 206944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-11-12 05:33 . 2009-11-12 05:34 390288 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-11-12 05:33 . 2009-11-12 05:33 537576 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-11-12 05:32 . 2009-11-12 05:33 212480 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-12 05:32 . 2009-11-12 05:32 283944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-12 05:31 . 2009-11-12 05:31 370744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-11-12 05:31 . 2009-11-12 05:31 163728 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-12 05:31 . 2009-11-12 05:31 194104 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-11-12 05:30 . 2009-11-12 05:31 1223976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-12 05:29 . 2009-11-12 05:29 242984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-08 22:41 . 2009-10-30 13:38 528764 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-11-08 22:41 . 2009-09-15 15:58 106867 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-11-08 22:41 . 2009-09-03 15:24 127346 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-11-08 22:41 . 2009-11-05 14:21 422261 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-11-08 22:41 . 2009-11-05 14:21 2093431 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-11-08 22:41 . 2009-11-05 14:21 364916 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-11-08 22:41 . 2009-10-02 22:15 479604 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
2009-11-08 22:41 . 2009-09-03 15:24 237940 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-11-08 22:41 . 2009-06-17 14:32 196987 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
2009-11-08 22:41 . 2009-11-05 14:21 184694 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-11-08 22:41 . 2009-10-02 22:15 393587 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll
2009-11-08 22:41 . 2008-10-15 10:49 53618 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\CONFIG\AVWIN.INIaebb.dll
2009-11-08 03:22 . 2009-11-08 03:22 -------- d-----w- c:\documents and settings\Utente\Nuova cartella (2)
2009-11-01 13:04 . 2009-11-01 13:07 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\AskToolbar
2009-10-31 13:46 . 2009-10-31 13:47 -------- d-----w- c:\programmi\Ask.com
2009-10-31 13:46 . 2009-10-31 16:56 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2009-10-31 13:46 . 2009-10-31 14:40 -------- d-----w- c:\programmi\DVDVideoSoft
2009-10-31 11:32 . 2009-10-31 11:32 -------- d-----w- c:\documents and settings\Utente\esame 2lia
2009-10-31 07:40 . 2009-10-31 07:40 -------- d-----w- C:\Disc1 (DVD-Video
2009-10-29 22:43 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-29 22:43 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-29 22:43 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-29 22:43 . 2009-10-29 22:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-16 22:49 . 2009-10-01 16:44 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Azureus
2009-11-16 21:26 . 2008-10-22 15:00 1 ----a-w- c:\documents and settings\Utente\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-12 05:52 . 2009-04-13 00:16 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-10 02:52 . 2009-02-09 23:19 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-11-09 14:23 . 2009-02-08 23:44 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-11-09 01:08 . 2009-02-27 22:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DriverCure
2009-11-02 22:25 . 2009-03-27 23:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NCH Swift Sound
2009-11-02 22:25 . 2009-03-27 23:12 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\NCH Swift Sound
2009-11-02 22:23 . 2009-03-28 13:46 -------- d-----w- c:\programmi\NCH Swift Sound
2009-11-02 18:12 . 2008-12-25 16:10 335 ----a-w- c:\windows\nsreg.dat
2009-11-02 14:16 . 2009-04-12 19:43 -------- d-----w- c:\programmi\vanBasco's Karaoke Player
2009-10-31 17:13 . 2009-03-28 00:35 -------- d-----w- c:\programmi\AVS4YOU
2009-10-31 13:22 . 2009-03-28 00:35 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\AVS4YOU
2009-10-29 23:50 . 2008-11-19 22:31 -------- d-----w- c:\programmi\eMule
2009-10-29 21:25 . 2008-10-21 17:18 18624 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-29 21:15 . 2009-09-04 13:46 -------- d-----w- c:\programmi\Fighters
2009-10-29 20:59 . 2009-10-28 20:34 4526 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-10-29 20:59 . 2001-08-31 17:00 80186 ----a-w- c:\windows\system32\perfc010.dat
2009-10-29 20:59 . 2001-08-31 17:00 480640 ----a-w- c:\windows\system32\perfh010.dat
2009-10-29 16:09 . 2009-10-23 21:45 -------- d-----w- c:\programmi\Easy Graphic Converter
2009-10-29 16:09 . 2009-10-25 18:55 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Thunderbird(2)
2009-10-29 16:09 . 2009-10-25 17:57 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Real(2)
2009-10-29 16:09 . 2008-12-07 22:58 -------- d-----w- c:\programmi\Google
2009-10-29 16:08 . 2009-10-29 16:08 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-10-29 16:08 . 2008-11-25 23:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-10-29 16:08 . 2009-10-29 16:08 -------- d-----w- c:\programmi\Garmin
2009-10-29 16:08 . 2009-10-29 16:08 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\GARMIN
2009-10-29 16:08 . 2009-10-29 16:08 -------- d-----w- c:\programmi\Garmin GPS Plugin
2009-10-29 05:59 . 2008-11-24 18:27 18273 ----a-w- c:\windows\E220AutoRunLog.tmp
2009-10-28 21:37 . 2009-10-28 21:37 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\vlc(2)
2009-10-28 21:20 . 2009-01-19 00:51 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-10-28 20:31 . 2009-10-28 20:31 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Uniblue(2)
2009-10-27 10:05 . 2009-10-27 10:05 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\OpenOffice(2).org
2009-10-25 18:55 . 2009-10-25 18:55 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Talkback(2)
2009-10-21 20:50 . 2009-10-01 16:43 -------- d-----w- c:\programmi\Vuze
2009-10-12 22:30 . 2008-11-09 22:24 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\ZoomBrowser EX
2009-10-12 21:50 . 2008-11-09 22:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ZoomBrowser
2009-10-10 22:09 . 2009-10-10 22:09 -------- d-----w- c:\programmi\MSBuild
2009-10-10 22:09 . 2009-10-10 22:09 -------- d-----w- c:\programmi\Reference Assemblies
2009-10-10 16:24 . 2009-10-10 16:24 -------- d-----w- c:\programmi\File comuni\ParetoLogic
2009-10-10 16:24 . 2009-10-10 16:24 -------- d-----w- c:\programmi\ParetoLogic
2009-10-10 14:14 . 2009-10-10 14:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Drivers HeadQuarters
2009-10-07 21:49 . 2009-09-04 10:11 -------- d-----w- c:\programmi\iTunes
2009-10-07 21:49 . 2009-09-04 10:09 -------- d-----w- c:\programmi\File comuni\Apple
2009-10-07 21:41 . 2008-10-22 14:23 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-07 21:41 . 2009-10-07 21:41 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\InstallShield
2009-10-05 06:29 . 2009-10-05 06:29 -------- d-----w- c:\programmi\Packard Bell
2009-10-02 23:47 . 2009-10-02 23:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-10-02 22:34 . 2009-09-30 21:21 -------- d-----w- c:\programmi\Registry Winner
2009-10-01 18:34 . 2009-10-01 18:34 -------- d-----w- c:\programmi\Uniblue
2009-10-01 18:11 . 2009-10-01 18:11 -------- d-----w- c:\programmi\SmartPCTools
2009-10-01 16:44 . 2009-10-01 16:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Azureus
2009-09-30 19:28 . 2009-09-30 19:28 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Uniblue
2009-09-29 16:25 . 2009-09-29 16:25 435720 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.08\setup.exe
2009-09-11 14:17 . 2008-04-13 17:13 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 13:54 . 2009-02-09 23:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-02-09 23:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2008-04-13 17:13 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 08:18 . 2009-10-20 16:19 52224 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1ir2zbah.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2009-08-31 08:18 . 2009-10-20 16:19 114688 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1ir2zbah.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\npmozax.dll
2009-08-29 07:26 . 2008-10-09 14:28 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:26 . 2008-10-09 14:27 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:26 . 2008-10-09 14:27 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2008-04-13 17:13 247326 ----a-w- c:\windows\system32\strmdll.dll
.

------- Sigcheck -------

[-] 2008-10-09 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Lingoes"="c:\programmi\Lingoes\Translator2\Lingoes.exe" [2009-07-01 2187264]
"Registry Repair Wizard Scheduler"="c:\programmi\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2009-07-25 1540352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"EPSON Stylus C46 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" [2004-01-13 99840]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-12-25 185872]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-05-26 413696]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BlueSoleil.lnk - c:\programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-11-3 656384]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/11/2009 4.57.08 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12.17.32 1169232]
S2 gupdate1c9c9edbcb77d86;Google Update Service (gupdate1c9c9edbcb77d86);c:\programmi\Google\Update\GoogleUpdate.exe [01/05/2009 0.45.25 133104]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06]

2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-09 c:\windows\Tasks\DriverCure.job
- c:\programmi\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-30 23:45]

2009-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-30 23:45]

2009-11-09 c:\windows\Tasks\ParetoLogic Registration.job
- c:\programmi\File comuni\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2009-11-09 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\programmi\File comuni\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2009-11-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2009-06-16 16:22]

2009-11-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-09-04 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Open With JPEGCompress - c:\programmi\JPEGCompress\owjc.dll/CONTEXT_HANDLE.HTM
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1ir2zbah.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=it_IT&q=
FF - component: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1ir2zbah.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1ir2zbah.default\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\FFExternalAlert.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-WgaLogon - (no file)
AddRemove-eBay Icon - c:\documents and settings\Utente\Dati applicazioni\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 23:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-220523388-299502267-1177238915-1003\Software\MZ*#*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-220523388-299502267-1177238915-1003\Software\MZ*#*\ITA_Settings\BCGCommandManager]
"CommandsWithoutImages"=hex:00,00
"MenuUserImages"=hex:00,00

[HKEY_USERS\S-1-5-21-220523388-299502267-1177238915-1003\Software\MZ*#*\ITA_Settings\BCGControlBarVersion]
"Major"=dword:00000008
"Minor"=dword:0000003c

[HKEY_USERS\S-1-5-21-220523388-299502267-1177238915-1003\Software\MZ*#*\ITA_Settings\BCGToolbarParameters]
"Tooltips"=dword:00000001
"ShortcutKeys"=dword:00000001
"LargeIcons"=dword:00000001
"MenuAnimation"=dword:00000000
"RecentlyUsedMenus"=dword:00000001
"MenuShadows"=dword:00000001
"ShowAllMenusAfterDelay"=dword:00000001
"Look2000"=dword:00000001
"CommandsUsage"=hex:47,00,00,00,00,00
.
Ora fine scansione: 2009-11-19 23:20
ComboFix-quarantined-files.txt 2009-11-19 22:20

Pre-Run: 49.022.631.936 byte disponibili
Post-Run: 49.455.378.432 byte disponibili

- - End Of File - - 7263EABE1EAC2AA484160278710E6C98
leo345
Inviato: Saturday, November 21, 2009 3:28:10 PM
Rank: AiutAmico

Iscritto dal : 2/10/2009
Posts: 75
r16
Inviato: Saturday, November 21, 2009 9:51:18 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per prima cosa Disistalla Ad-Aware .
Poi:
In modalità normale.
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt


Code:
File::
c:\windows\Tasks\Ad-Aware Update (Weekly).job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\system32\drivers\Lbd.sys

Folder::
c:\programmi\Ask.com
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\AskToolbar
c:\programmi\Lavasoft

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service

Driver::
Lbd

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
leo345
Inviato: Sunday, November 22, 2009 3:02:37 PM
Rank: AiutAmico

Iscritto dal : 2/10/2009
Posts: 75
ComboFix 09-11-16.03 - Utente 22/11/2009 5.35.24..2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.551 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {00000002-0002-0000-6C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-10-22 al 2009-11-22 )))))))))))))))))))))))))))))))))))
.

2009-11-21 15:46 . 2009-11-21 15:46 -------- d-----w- c:\programmi\Globus
2009-11-08 22:41 . 2009-10-30 13:38 528764 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-11-08 22:41 . 2009-09-15 15:58 106867 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-11-08 22:41 . 2009-09-03 15:24 127346 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-11-08 22:41 . 2009-11-05 14:21 422261 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-11-08 22:41 . 2009-11-05 14:21 2093431 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-11-08 22:41 . 2009-11-05 14:21 364916 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-11-08 22:41 . 2009-10-02 22:15 479604 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
2009-11-08 22:41 . 2009-09-03 15:24 237940 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-11-08 22:41 . 2009-06-17 14:32 196987 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
2009-11-08 22:41 . 2009-11-05 14:21 184694 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-11-08 22:41 . 2009-10-02 22:15 393587 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll
2009-11-08 22:41 . 2008-10-15 10:49 53618 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\CONFIG\AVWIN.INIaebb.dll
2009-11-08 03:22 . 2009-11-08 03:22 -------- d-----w- c:\documents and settings\Utente\Nuova cartella (2)
2009-11-01 13:04 . 2009-11-01 13:07 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\AskToolbar
2009-10-31 13:46 . 2009-10-31 13:47 -------- d-----w- c:\programmi\Ask.com
2009-10-31 13:46 . 2009-10-31 16:56 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2009-10-31 13:46 . 2009-10-31 14:40 -------- d-----w- c:\programmi\DVDVideoSoft
2009-10-31 11:32 . 2009-10-31 11:32 -------- d-----w- c:\documents and settings\Utente\esame 2lia
2009-10-31 07:40 . 2009-10-31 07:40 -------- d-----w- C:\Disc1 (DVD-Video
2009-10-29 22:43 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-29 22:43 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-29 22:43 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-29 22:43 . 2009-10-29 22:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 04:13 . 2008-10-22 15:00 1 ----a-w- c:\documents and settings\Utente\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-22 03:50 . 2009-04-13 00:16 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-22 00:30 . 2009-11-17 03:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-11-21 18:27 . 2009-02-08 23:44 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-11-21 15:46 . 2009-10-01 16:44 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Azureus
2009-11-21 15:45 . 2009-11-16 05:05 -------- d-----w- c:\programmi\JPEGCompress
2009-11-19 22:35 . 2009-03-14 12:40 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-16 22:36 . 2009-11-16 22:36 8240064 ------w- c:\documents and settings\Utente\Dati applicazioni\Azureus\tmp\AZU24902.tmp\Vuze_4.3.0.0_win32.exe
2009-11-10 02:52 . 2009-02-09 23:19 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-11-09 01:08 . 2009-02-27 22:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DriverCure
2009-11-02 22:25 . 2009-03-27 23:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NCH Swift Sound
2009-11-02 22:25 . 2009-03-27 23:12 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\NCH Swift Sound
2009-11-02 22:23 . 2009-03-28 13:46 -------- d-----w- c:\programmi\NCH Swift Sound
2009-11-02 18:12 . 2008-12-25 16:10 335 ----a-w- c:\windows\nsreg.dat
2009-11-02 14:16 . 2009-04-12 19:43 -------- d-----w- c:\programmi\vanBasco's Karaoke Player
2009-10-31 17:13 . 2009-03-28 00:35 -------- d-----w- c:\programmi\AVS4YOU
2009-10-31 13:22 . 2009-03-28 00:35 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\AVS4YOU
2009-10-29 23:50 . 2008-11-19 22:31 -------- d-----w- c:\programmi\eMule
2009-10-29 21:25 . 2008-10-21 17:18 18624 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-29 21:15 . 2009-09-04 13:46 -------- d-----w- c:\programmi\Fighters
2009-10-29 20:59 . 2009-10-28 20:34 4526 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-10-29 20:59 . 2001-08-31 17:00 80186 ----a-w- c:\windows\system32\perfc010.dat
2009-10-29 20:59 . 2001-08-31 17:00 480640 ----a-w- c:\windows\system32\perfh010.dat
2009-10-29 16:09 . 2009-10-23 21:45 -------- d-----w- c:\programmi\Easy Graphic Converter
2009-10-29 16:09 . 2009-10-25 18:55 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Thunderbird(2)
2009-10-29 16:09 . 2009-10-25 17:57 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Real(2)
2009-10-29 16:09 . 2008-12-07 22:58 -------- d-----w- c:\programmi\Google
2009-10-29 16:08 . 2009-10-29 16:08 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-10-29 16:08 . 2008-11-25 23:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-10-29 16:08 . 2009-10-29 16:08 -------- d-----w- c:\programmi\Garmin
2009-10-29 16:08 . 2009-10-29 16:08 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\GARMIN
2009-10-29 16:08 . 2009-10-29 16:08 -------- d-----w- c:\programmi\Garmin GPS Plugin
2009-10-29 05:59 . 2008-11-24 18:27 18273 ----a-w- c:\windows\E220AutoRunLog.tmp
2009-10-28 21:37 . 2009-10-28 21:37 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\vlc(2)
2009-10-28 21:20 . 2009-01-19 00:51 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-10-28 20:31 . 2009-10-28 20:31 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Uniblue(2)
2009-10-27 10:05 . 2009-10-27 10:05 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\OpenOffice(2).org
2009-10-25 18:55 . 2009-10-25 18:55 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Talkback(2)
2009-10-21 20:50 . 2009-10-01 16:43 -------- d-----w- c:\programmi\Vuze
2009-10-12 22:30 . 2008-11-09 22:24 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\ZoomBrowser EX
2009-10-12 21:50 . 2008-11-09 22:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ZoomBrowser
2009-10-10 22:09 . 2009-10-10 22:09 -------- d-----w- c:\programmi\MSBuild
2009-10-10 22:09 . 2009-10-10 22:09 -------- d-----w- c:\programmi\Reference Assemblies
2009-10-10 16:24 . 2009-10-10 16:24 -------- d-----w- c:\programmi\File comuni\ParetoLogic
2009-10-10 16:24 . 2009-10-10 16:24 -------- d-----w- c:\programmi\ParetoLogic
2009-10-10 14:14 . 2009-10-10 14:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Drivers HeadQuarters
2009-10-07 21:49 . 2009-09-04 10:11 -------- d-----w- c:\programmi\iTunes
2009-10-07 21:49 . 2009-09-04 10:09 -------- d-----w- c:\programmi\File comuni\Apple
2009-10-07 21:41 . 2008-10-22 14:23 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-07 21:41 . 2009-10-07 21:41 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\InstallShield
2009-10-05 06:29 . 2009-10-05 06:29 -------- d-----w- c:\programmi\Packard Bell
2009-10-02 23:47 . 2009-10-02 23:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-10-02 22:34 . 2009-09-30 21:21 -------- d-----w- c:\programmi\Registry Winner
2009-10-01 18:34 . 2009-10-01 18:34 -------- d-----w- c:\programmi\Uniblue
2009-10-01 18:11 . 2009-10-01 18:11 -------- d-----w- c:\programmi\SmartPCTools
2009-10-01 16:44 . 2009-10-01 16:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Azureus
2009-09-30 19:28 . 2009-09-30 19:28 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Uniblue
2009-09-29 16:25 . 2009-09-29 16:25 435720 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.08\setup.exe
2009-09-11 14:17 . 2008-04-13 17:13 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 13:54 . 2009-02-09 23:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-02-09 23:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2008-04-13 17:13 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 08:18 . 2009-10-20 16:19 52224 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1ir2zbah.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2009-08-31 08:18 . 2009-10-20 16:19 114688 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1ir2zbah.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\npmozax.dll
2009-08-29 07:26 . 2008-10-09 14:28 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:26 . 2008-10-09 14:27 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:26 . 2008-10-09 14:27 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2008-04-13 17:13 247326 ----a-w- c:\windows\system32\strmdll.dll
.

------- Sigcheck -------

[-] 2008-10-09 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-19_22.17.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-08 19:31 . 2009-11-21 15:46 2568196 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Lingoes"="c:\programmi\Lingoes\Translator2\Lingoes.exe" [2009-07-01 2187264]
"Registry Repair Wizard Scheduler"="c:\programmi\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2009-07-25 1540352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"EPSON Stylus C46 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" [2004-01-13 99840]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-12-25 185872]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-05-26 413696]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BlueSoleil.lnk - c:\programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-11-3 656384]

[HKLM\~\startupfolder\C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

S2 gupdate1c9c9edbcb77d86;Google Update Service (gupdate1c9c9edbcb77d86);c:\programmi\Google\Update\GoogleUpdate.exe [01/05/2009 0.45.25 133104]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-09 c:\windows\Tasks\DriverCure.job
- c:\programmi\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-30 23:45]

2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-30 23:45]

2009-11-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\programmi\File comuni\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2009-11-19 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\programmi\File comuni\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2009-11-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2009-06-16 16:22]

2009-11-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-09-04 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Open With JPEGCompress - c:\programmi\JPEGCompress\owjc.dll/CONTEXT_HANDLE.HTM
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1ir2zbah.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=it_IT&q=
FF - component: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1ir2zbah.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1ir2zbah.default\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\FFExternalAlert.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 05:40
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-220523388-299502267-1177238915-1003\Software\MZ**]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-220523388-299502267-1177238915-1003\Software\MZ**\ITA_Settings\BCGCommandManager]
"CommandsWithoutImages"=hex:00,00
"MenuUserImages"=hex:00,00

[HKEY_USERS\S-1-5-21-220523388-299502267-1177238915-1003\Software\MZ**\ITA_Settings\BCGControlBarVersion]
"Major"=dword:00000008
"Minor"=dword:0000003c

[HKEY_USERS\S-1-5-21-220523388-299502267-1177238915-1003\Software\MZ**\ITA_Settings\BCGToolbarParameters]
"Tooltips"=dword:00000001
"ShortcutKeys"=dword:00000001
"LargeIcons"=dword:00000001
"MenuAnimation"=dword:00000000
"RecentlyUsedMenus"=dword:00000001
"MenuShadows"=dword:00000001
"ShowAllMenusAfterDelay"=dword:00000001
"Look2000"=dword:00000001
"CommandsUsage"=hex:47,00,00,00,00,00
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2596)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSIT.DLL
c:\programmi\Lingoes\Translator2\opentext2.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-11-22 05:42
ComboFix-quarantined-files.txt 2009-11-22 04:42
ComboFix2.txt 2009-11-19 22:20

Pre-Run: 49.465.917.440 byte disponibili
Post-Run: 49.446.141.952 byte disponibili

- - End Of File - - 500FD80B79406CC9EEED841CC2880E43
leo345
Inviato: Sunday, November 22, 2009 3:27:27 PM
Rank: AiutAmico

Iscritto dal : 2/10/2009
Posts: 75
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.