Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » problemi con finestre poup all`impoviso controllo log grz

problemi con finestre poup all`impoviso controllo log grz Opzioni
Topic Precedente · Topic Sucessivo
FraCro
Inviato: Saturday, November 14, 2009 1:14:27 PM
Rank: AiutAmico

Iscritto dal : 10/1/2003
Posts: 220

problemi con finestre poup
ho provato da solo ma non riesco a comprendere quali file eliminare
percke sul sito di hjackthis non porta nesun commento vicino alle croci rosse gialle e punti interrogativi comparsi. Cmq grazie per l aiuto



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.50.48, on 14/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\Brother\ControlCenter2\brctrcen.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\xyz\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [CAMP SHIM EXIT HECK] C:\Documents and Settings\All Users\Dati applicazioni\That Face Camp Shim\Tons 16.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Programmi\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [less acid] C:\DOCUME~1\xyz\DATIAP~1\ELSECA~1\Audio Way.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Controllo dello stato.lnk = C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe

--
End of file - 7681 bytes
Torna in alto
 
Sponsor
Inviato: Saturday, November 14, 2009 1:14:27 PM

 
Torna in alto
 
r16
Inviato: Saturday, November 14, 2009 1:25:32 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.search.yahoo.com/search?fr=mcafee&p=%s
O4 - HKLM\..\Run: [CAMP SHIM EXIT HECK] C:\Documents and Settings\All Users\Dati applicazioni\That Face Camp Shim\Tons 16.exe
O4 - HKCU\..\Run: [less acid] C:\DOCUME~1\xyz\DATIAP~1\ELSECA~1\Audio Way.exe
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
Torna in alto
 
FraCro
Inviato: Saturday, November 14, 2009 3:16:14 PM
Rank: AiutAmico

Iscritto dal : 10/1/2003
Posts: 220
Malwarebytes' Anti-Malware 1.41
Versione del database: 3168
Windows 5.1.2600 Service Pack 3

14/11/2009 14.31.15
mbam-log-2009-11-14 (14-31-13).txt

Tipo di scansione: Scansione completa (C:\|H:\|)
Elementi scansionati: 148180
Tempo trascorso: 18 minute(s), 45 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 3
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
r16
Inviato: Saturday, November 14, 2009 3:31:00 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Il log di Malwarebytes, non è completo.

Esegui questa scansione:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)
Torna in alto
 
FraCro
Inviato: Saturday, November 14, 2009 3:55:19 PM
Rank: AiutAmico

Iscritto dal : 10/1/2003
Posts: 220
ComboFix 09-11-14.03 - xyz 14/11/2009 15.46.22..2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.894.517 [GMT 1:00]
Eseguito da: c:\documents and settings\xyz\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
.

((((((((((((((((((((((((( Files Creati Da 2009-10-14 al 2009-11-14 )))))))))))))))))))))))))))))))))))
.

2009-11-14 14:45 . 2009-11-14 14:45 -------- d-----w- C:\32788R22FWJFW
2009-11-04 13:16 . 2009-11-04 13:16 299008 ----a-w- c:\documents and settings\xyz\Dati applicazioni\ELSE CAMP\Pile exit dash.exe
2009-11-04 13:15 . 2009-11-04 13:15 339968 ----a-w- c:\documents and settings\xyz\Dati applicazioni\ELSE CAMP\move defy burn deaf.exe
2009-11-04 13:15 . 2009-11-14 14:41 770048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\That Face Camp Shim\Tons 16.exe
2009-11-04 13:15 . 2009-11-04 13:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\That Face Camp Shim
2009-11-04 13:15 . 2009-11-04 13:15 770048 ----a-w- c:\documents and settings\xyz\Dati applicazioni\ELSE CAMP\rmifqqbq.exe
2009-11-04 13:15 . 2009-11-04 13:16 -------- d-----w- c:\documents and settings\xyz\Dati applicazioni\ELSE CAMP
2009-11-04 13:15 . 2009-11-04 13:15 -------- d-----w- c:\programmi\ELSE CAMP
2009-11-04 13:15 . 2009-11-04 13:15 643072 ----a-w- c:\documents and settings\xyz\Dati applicazioni\ELSE CAMP\Audio Way.exe
2009-11-04 13:15 . 2009-11-04 13:15 -------- d-----w- c:\programmi\Circle Developeent
2009-10-26 10:09 . 2005-05-09 09:35 54272 ------w- c:\windows\system32\brinsstr.dll
2009-10-26 10:09 . 2009-10-26 10:09 -------- d-----w- C:\Brother
2009-10-26 10:09 . 2004-12-10 15:35 147456 ------w- c:\windows\brunin03.dll
2009-10-26 09:57 . 2009-10-26 09:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-10-26 09:57 . 2009-10-26 09:57 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared
2009-10-26 09:57 . 2009-10-26 09:57 -------- d-----w- c:\programmi\ScanSoft
2009-10-26 09:57 . 2009-10-26 09:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2009-10-26 09:55 . 2009-10-28 12:32 57 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-10-26 09:55 . 2009-10-26 09:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Brother
2009-10-26 09:46 . 2009-10-26 09:46 -------- d-----w- c:\documents and settings\xyz\Dati applicazioni\AdobeUM
2009-10-22 13:03 . 2008-04-13 09:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-22 13:03 . 2008-04-13 09:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-22 10:27 . 2001-08-30 21:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-22 10:27 . 2008-04-13 17:13 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-22 10:27 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-22 10:27 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-22 08:19 . 2009-10-28 13:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-10-21 13:56 . 2009-10-21 13:56 1961720 ----a-w- c:\documents and settings\xyz\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-10-21 12:40 . 2009-10-21 12:41 -------- d-----w- c:\documents and settings\xyz\Impostazioni locali\Dati applicazioni\Windows Live Writer
2009-10-21 12:40 . 2009-10-21 12:40 -------- d-----w- c:\documents and settings\xyz\Dati applicazioni\Windows Live Writer
2009-10-21 11:53 . 2009-10-21 11:53 -------- d-----w- c:\programmi\Ask Search Assistant
2009-10-21 11:53 . 2009-11-04 13:15 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-10-21 11:38 . 2009-10-21 11:38 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-10-21 11:38 . 2009-10-21 11:38 -------- d-----w- c:\programmi\Microsoft Office Outlook Connector
2009-10-21 11:38 . 2009-08-05 20:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-10-21 11:37 . 2009-10-21 11:37 -------- d-----w- c:\programmi\Microsoft Sync Framework
2009-10-21 11:37 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-21 11:36 . 2009-10-21 11:36 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2009-10-21 10:55 . 2009-11-11 19:00 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\SACore
2009-10-21 10:55 . 2009-10-21 10:55 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\SACore
2009-10-21 10:42 . 2009-10-21 10:42 -------- d-----w- c:\programmi\File comuni\McAfee
2009-10-21 10:41 . 2009-10-22 08:19 -------- d-----w- c:\programmi\McAfee
2009-10-20 17:19 . 2009-10-20 17:19 -------- d-----w- c:\documents and settings\xyz\Dati applicazioni\Ahead
2009-10-20 15:13 . 2009-10-20 15:13 -------- d-----w- c:\windows\BarTr23
2009-10-20 15:13 . 2001-05-24 10:59 162304 ---ha-w- C:\UNWISE.EXE
2009-10-20 14:50 . 2009-10-20 14:50 395744 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-10-20 14:50 . 2009-10-20 14:50 39264 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-10-20 14:50 . 2009-10-20 14:50 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-10-20 13:20 . 2009-10-20 13:20 -------- d-----w- c:\programmi\DsNET Corp
2009-10-20 13:19 . 2009-10-20 13:19 -------- d-----w- c:\documents and settings\xyz\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2009-10-20 13:19 . 2009-10-20 13:19 -------- d-----w- c:\documents and settings\xyz\Impostazioni locali\Dati applicazioni\Adobe
2009-10-20 13:18 . 2009-10-20 13:18 -------- d-----w- c:\programmi\Sierra On-Line
2009-10-20 13:18 . 1998-06-30 15:13 252176 ----a-w- c:\windows\system32\msrd2x35.dll
2009-10-20 13:18 . 1998-06-30 15:13 1045776 ----a-w- c:\windows\system32\msjet35.dll
2009-10-20 13:18 . 1998-06-30 15:13 407312 ----a-w- c:\windows\system32\msrepl35.dll
2009-10-20 13:18 . 1998-06-30 15:12 24848 ----a-w- c:\windows\system32\msjter35.dll
2009-10-20 13:18 . 1998-06-30 15:12 123664 ----a-w- c:\windows\system32\Msjint35.dll
2009-10-20 13:17 . 2009-10-20 13:17 -------- d-----w- C:\Sierra
2009-10-20 13:17 . 1998-11-13 10:07 307712 ----a-w- c:\windows\IsUn0410.exe
2009-10-20 13:06 . 2009-10-20 13:06 -------- d-----w- c:\programmi\eMule
2009-10-20 13:03 . 2009-10-20 13:03 -------- d-----w- c:\documents and settings\xyz\Impostazioni locali\Dati applicazioni\Ahead
2009-10-20 12:44 . 2009-10-20 13:40 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-20 12:42 . 2009-10-20 12:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2009-10-20 12:41 . 2009-10-20 12:41 -------- d-----w- c:\programmi\CyberLink
2009-10-20 12:38 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-10-20 12:36 . 2009-10-20 12:37 -------- d-----w- c:\windows\SHELLNEW
2009-10-20 12:36 . 2009-10-20 12:36 -------- d-----w- c:\programmi\Microsoft.NET
2009-10-20 12:32 . 2009-10-20 12:32 -------- d-----r- C:\MSOCache
2009-10-20 12:30 . 1998-08-04 22:00 63488 ----a-w- c:\windows\system32\MSCc2IT.dll
2009-10-20 12:30 . 1998-08-04 22:00 33792 ----a-w- c:\windows\system32\CmDlgIT.dll
2009-10-20 12:30 . 1998-08-04 22:00 150528 ----a-w- c:\windows\system32\MSCmCIT.dll
2009-10-20 12:30 . 2009-10-22 12:00 -------- d-----w- c:\programmi\Translationplus
2009-10-20 12:30 . 1998-08-04 22:00 28672 ----a-w- c:\windows\system32\Cmct3IT.dll
2009-10-20 12:30 . 1998-04-24 22:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-10-20 12:29 . 2005-07-29 15:12 2977792 ------w- c:\windows\UNNeroVision.exe
2009-10-20 12:29 . 2001-03-08 17:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-10-20 12:28 . 2009-10-20 12:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ahead
2009-10-20 12:28 . 2004-07-09 07:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-10-20 12:28 . 2001-06-26 06:15 38912 ------w- c:\windows\system32\picn20.dll
2009-10-20 12:27 . 2004-03-02 15:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2009-10-20 12:27 . 2004-03-02 15:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2009-10-20 12:27 . 2004-07-26 15:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-10-20 12:27 . 2000-06-26 09:45 106496 ------w- c:\windows\system32\TwnLib20.dll
2009-10-20 12:27 . 2009-10-20 12:27 -------- d-----w- c:\programmi\File comuni\Ahead
2009-10-20 12:27 . 2004-07-26 15:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-10-20 12:27 . 2004-07-26 15:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-10-20 12:27 . 2004-07-26 15:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-10-20 12:27 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-10-20 12:27 . 2009-10-20 12:29 -------- d-----w- c:\programmi\Ahead
2009-10-20 12:05 . 2009-11-08 21:26 -------- d-----w- c:\documents and settings\xyz\Dati applicazioni\vlc
2009-10-20 12:04 . 2009-10-20 12:04 -------- d-----w- c:\programmi\VideoLAN
2009-10-20 12:00 . 2009-10-20 12:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-10-20 12:00 . 2009-11-14 13:56 -------- d-----w- c:\programmi\Google
2009-10-20 11:15 . 2009-10-20 11:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2009-10-20 11:13 . 2008-09-05 00:22 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2009-10-20 11:13 . 2009-10-20 11:13 10134 ----a-r- c:\documents and settings\xyz\Dati applicazioni\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-10-20 11:13 . 2009-10-20 11:13 -------- d-----w- c:\programmi\Microsoft WSE
2009-10-20 11:11 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-10-20 11:11 . 2009-10-20 11:11 -------- d-----w- c:\windows\Logs
2009-10-20 10:51 . 2009-10-20 11:23 -------- d-----w- c:\programmi\Electronic Arts
2009-10-20 10:41 . 2001-08-30 18:41 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-10-20 10:41 . 2001-08-30 18:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-20 10:41 . 2008-04-13 09:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-10-20 10:41 . 2008-04-13 09:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-20 10:41 . 2008-04-13 09:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-10-20 10:41 . 2008-04-13 09:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-10-15 16:32 . 2009-10-15 16:32 -------- d-----w- c:\programmi\Elaborate Bytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 14:31 . 2009-11-14 13:42 -------- d-----w- c:\programmi\DivX
2009-11-14 13:07 . 2009-11-14 13:07 -------- d-----w- c:\documents and settings\xyz\Dati applicazioni\Malwarebytes
2009-11-14 13:07 . 2009-11-14 13:07 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-11-14 13:07 . 2009-11-14 13:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-11-14 13:06 . 2009-11-14 13:06 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-11-14 12:01 . 2009-11-14 12:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IObit
2009-11-14 12:01 . 2009-11-14 12:01 -------- d-----w- c:\programmi\IObit
2009-10-28 12:27 . 2009-10-26 10:09 50 ----a-w- c:\windows\system32\bridf05a.dat
2009-10-28 12:27 . 2009-10-28 12:27 -------- d-----w- c:\programmi\Brother
2009-10-28 12:27 . 2009-10-28 12:27 -------- d-----w- c:\programmi\Common Files
2009-10-28 12:27 . 2009-10-13 12:35 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-10-28 12:26 . 2009-10-13 12:35 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-25 09:32 . 2001-08-31 12:00 71114 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 09:32 . 2001-08-31 12:00 440832 ----a-w- c:\windows\system32\perfh010.dat
2009-10-21 11:38 . 2009-10-15 13:23 -------- d-----w- c:\programmi\Microsoft
2009-10-21 11:38 . 2009-10-15 13:22 -------- d-----w- c:\programmi\Windows Live
2009-10-21 11:03 . 2009-10-13 12:57 54888 ----a-w- c:\documents and settings\xyz\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-21 10:42 . 2009-10-15 13:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SiteAdvisor
2009-10-21 10:42 . 2009-10-15 13:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-10-20 11:59 . 2009-10-15 13:37 -------- d-----w- c:\programmi\MemoriesOnTV3
2009-10-15 13:27 . 2009-10-15 13:27 -------- d-----w- c:\programmi\Avira
2009-10-15 13:27 . 2009-10-15 13:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-10-15 13:23 . 2009-10-15 13:23 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-10-15 13:19 . 2009-10-15 13:19 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-10-15 12:19 . 2009-10-13 13:03 -------- d-----w- c:\documents and settings\xyz\Dati applicazioni\Uniblue
2009-10-15 12:19 . 2009-10-13 13:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DriverScanner
2009-10-15 11:37 . 2009-10-15 11:37 -------- d-----w- c:\programmi\DIFX
2009-10-13 14:31 . 2009-10-13 14:31 -------- d-----w- c:\programmi\ATI
2009-10-13 13:25 . 2009-10-13 12:28 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-13 13:15 . 2009-10-13 13:15 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-13 12:44 . 2009-10-13 12:44 -------- d-----w- c:\programmi\ATI Technologies
2009-10-13 12:35 . 2009-10-13 12:35 -------- d-----w- c:\programmi\Realtek
2009-10-13 12:29 . 2009-10-13 12:29 -------- d-----w- c:\programmi\microsoft frontpage
2009-10-13 12:27 . 2009-10-13 12:27 -------- d-----w- c:\programmi\Servizi in linea
2009-10-13 12:25 . 2009-10-13 12:25 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-06 16:54 . 2009-10-13 12:35 5922816 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-10-06 14:34 . 2009-10-13 12:35 18750976 ----a-w- c:\windows\RTHDCPL.EXE
2009-09-29 16:38 . 2009-10-13 12:35 352256 ----a-w- c:\windows\vncutil.exe
2009-09-21 14:47 . 2009-10-13 12:35 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-09-10 13:54 . 2009-11-14 13:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-11-14 13:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 15:16 . 2009-10-13 12:35 831488 ----a-w- c:\windows\RtlExUpd.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Controllo dello stato.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Controllo dello stato.lnk
backup=c:\windows\pss\Controllo dello stato.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [13/10/2009 14.23.16 113152]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/10/2009 12.38.13 54752]
S2 gupdate1ca65304d128398;Servizio di Google Update (gupdate1ca65304d128398);c:\programmi\Google\Update\GoogleUpdate.exe [14/11/2009 14.42.24 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/10/2009 13.35.10 1684736]
S3 cpuz132;cpuz132;\??\c:\docume~1\xyz\IMPOST~1\Temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\xyz\IMPOST~1\Temp\cpuz132\cpuz132_x32.sys [?]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21.48.42 704864]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\McAfee\SiteAdvisor\McSACore.exe [21/10/2009 11.41.57 210216]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-14 c:\windows\Tasks\A19CEBC2919F62AE.job
- c:\docume~1\xyz\datiap~1\elseca~1\Pile exit dash.exe [2009-11-04 13:16]

2009-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-11-14 13:42]

2009-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-11-14 13:42]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 15:49
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3520)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2009-11-14 15:50
ComboFix-quarantined-files.txt 2009-11-14 14:50
ComboFix2.txt 2009-11-14 14:33

Pre-Run: 124.989.308.928 byte disponibili
Post-Run: 124.958.162.944 byte disponibili

- - End Of File - - 8ED4F91D597E8937458BEA4BAB349797
Torna in alto
 
r16
Inviato: Saturday, November 14, 2009 9:52:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Escono ancora le finestre popup?
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » problemi con finestre poup all`impoviso controllo log grz


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.