Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il log?

2 pages: [1] 2
Mi controllate il log? Opzioni
Topic Precedente · Topic Sucessivo
stimpli
Inviato: Thursday, February 18, 2010 2:49:31 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
Salve a tutti. Spesso il mio pc è connesso internet ma non naviga. Questo il log. grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.42.51, on 18/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\java.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Pure Networks Shared\Platform\nmsrvc.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Spider Player\Spider.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Skype\Toolbars\Shared\SkypeNames.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Documenti\WinsockxpFix.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\LPZJ44H1\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248425424640
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://aiuto.alice.it/ata/static/installers/McciControlInstaller_6.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate1ca1aa48ebc7b9a) (gupdate1ca1aa48ebc7b9a) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Programmi\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Programmi\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Programmi\File comuni\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 10604 bytes
Torna in alto
 
Sponsor
Inviato: Thursday, February 18, 2010 2:49:31 PM

 
Torna in alto
 
r16
Inviato: Thursday, February 18, 2010 3:14:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.

N.B:
Hai installato HJT in una cartella temporanea.
Disistallalo, e lo reistalli in "Programmi" oppure in "Documenti".
Torna in alto
 
stimpli
Inviato: Thursday, February 18, 2010 4:35:11 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
Malwarebytes' Anti-Malware 1.44
Versione del database: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/02/2010 16.32.50
mbam-log-2010-02-18 (16-32-47).txt

Tipo di scansione: Scansione completa (C:\|F:\|)
Elementi scansionati: 231416
Tempo trascorso: 1 hour(s), 7 minute(s), 52 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\System Volume Information\_restore{7E42B321-54E7-4804-8757-214B2E291AEE}\RP225\A0044957.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{7E42B321-54E7-4804-8757-214B2E291AEE}\RP225\A0044954.exe (Trojan.Agent) -> No action taken.
Torna in alto
 
r16
Inviato: Thursday, February 18, 2010 4:44:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Speravo che eliminasse di più...Think

Vai in "Installazione Applicazioni" e rimuovi questa Toolbar:
Toolbar: pdfforge Toolbar
Elimina anche il suo programma:
C:\Programmi\pdfforge Toolbar\SearchSettings.dll (è una cartella)

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
stimpli
Inviato: Thursday, February 18, 2010 4:52:46 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
r16 ha scritto:
Ciao.
Speravo che eliminasse di più...Think

Vai in "Installazione Applicazioni" e rimuovi questa Toolbar:
Toolbar: pdfforge Toolbar
Elimina anche il suo programma:
C:\Programmi\pdfforge Toolbar\SearchSettings.dll (è una cartella)

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.


Ok volevo chiederti però come chiudo la connessione. Ho alice, è sempre attiva, dove devo andare per disconnettere? Potrebbe essere che il fatto che a volte non navigo anche se è connesso dipenda dai virus?
Torna in alto
 
r16
Inviato: Thursday, February 18, 2010 4:58:59 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
Ho alice, è sempre attiva

Spegni il moden, o il Router.
Quando è finita la scansione, lo riaccendi.

P.S:
Per favore non quotare le mie risposte.
Grazie.
Torna in alto
 
stimpli
Inviato: Thursday, February 18, 2010 9:35:27 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
ComboFix 10-02-17.01 - Administrator 18/02/2010 21.20.15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1561 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Documenti\ComboFix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\MCC16.dll
c:\windows\system32\xlivefnt.dll

----- BITS: Possibili siti infetti -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Files Creati Da 2010-01-18 al 2010-02-18 )))))))))))))))))))))))))))))))))))
.

2010-02-18 18:24 . 2010-02-18 18:44 -------- d-----w- C:\AVGTemp
2010-02-18 13:42 . 2010-02-18 13:42 -------- d-----w- C:\ERDNT
2010-02-18 10:22 . 2007-02-13 15:17 69632 ----a-w- c:\windows\system32\MCCDevice.dll
2010-02-17 14:59 . 2010-02-17 15:01 -------- dc-h--w- c:\windows\ie8
2010-02-17 10:15 . 2010-02-17 10:16 -------- d-----w- c:\programmi\Motive
2010-02-16 09:15 . 2010-02-16 09:15 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Motive
2010-02-03 17:36 . 2010-02-17 10:17 -------- d-----w- c:\windows\Motive
2010-02-03 17:36 . 2010-02-17 10:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
2010-02-03 17:36 . 2010-02-03 17:36 -------- d-----w- c:\programmi\File comuni\Motive
2010-02-03 17:36 . 2010-02-03 17:36 -------- d-----w- c:\programmi\Common Files
2010-02-03 17:35 . 2010-02-17 10:17 -------- d-----w- c:\programmi\Alice ti aiuta
2010-02-03 17:35 . 2002-10-17 19:44 46352 ----a-w- c:\windows\setdebug.exe
2010-02-03 17:35 . 2002-10-17 19:44 171280 ----a-w- c:\windows\system32\jit.dll
2010-02-03 17:35 . 2002-10-17 19:44 139536 ----a-w- c:\windows\system32\javaee.dll
2010-02-03 17:35 . 2002-10-17 18:08 6550 ----a-w- c:\windows\jautoexp.dat
2010-02-03 17:35 . 2002-10-17 18:07 313856 ----a-w- c:\windows\system32\dx3j.dll
2010-02-03 17:32 . 2010-02-03 17:47 -------- d-----w- c:\programmi\Telecom Italia
2010-02-02 20:10 . 2005-08-25 16:48 27136 ----a-w- c:\windows\system32\GsiDi32.dll
2010-02-01 18:37 . 2010-02-16 20:52 52224 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-29 22:10 . 2010-01-29 22:10 -------- d-----w- c:\programmi\File comuni\DirectX
2010-01-29 21:52 . 2010-01-29 22:09 -------- d-----w- c:\programmi\Microsoft Games for Windows - LIVE
2010-01-29 21:26 . 2010-01-30 14:42 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Rockstar Games
2010-01-29 21:25 . 2010-01-31 09:17 -------- d-----w- c:\programmi\Rockstar Games
2010-01-27 19:31 . 2010-01-27 19:31 -------- d-----w- c:\programmi\EA GAMES
2010-01-26 21:45 . 2010-01-26 21:45 -------- d-----w- C:\found.000
2010-01-25 14:44 . 2010-01-25 14:44 -------- d-sh--w- c:\windows\ftpcache
2010-01-22 16:33 . 2010-02-18 11:58 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\KeePass
2010-01-22 16:30 . 2010-01-22 16:30 -------- d-----w- c:\programmi\KeePass Password Safe 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 20:16 . 2009-10-18 12:52 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2010-02-18 20:11 . 2009-11-04 15:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-02-18 14:58 . 2009-10-14 17:05 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-02-18 14:19 . 2009-07-24 16:05 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-18 14:16 . 2009-07-24 16:07 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-18 13:29 . 2009-10-14 17:06 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-02-18 13:21 . 2009-08-18 17:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2010-02-18 13:06 . 2009-11-04 16:26 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Spider Player
2010-02-18 13:00 . 2009-07-24 13:47 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-02-17 18:34 . 2009-10-18 12:54 -------- d-----w- c:\programmi\uTorrent
2010-02-16 20:52 . 2009-07-24 16:06 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-16 09:11 . 2009-10-14 21:10 1006848 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-02-12 22:10 . 2009-07-24 09:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-12 17:34 . 2009-12-05 18:29 -------- d-----w- c:\programmi\Free Video Converter
2010-02-12 17:05 . 2009-07-24 15:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-02-11 20:02 . 2009-07-24 16:04 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-02-10 13:57 . 2006-03-02 12:00 80382 ----a-w- c:\windows\system32\perfc010.dat
2010-02-10 13:57 . 2006-03-02 12:00 482022 ----a-w- c:\windows\system32\perfh010.dat
2010-02-08 14:52 . 2009-08-03 17:09 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\dvdcss
2010-02-06 20:30 . 2009-07-24 13:51 -------- d-----w- c:\programmi\Google
2010-02-03 17:47 . 2009-07-24 07:49 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-03 17:35 . 2010-02-03 17:35 2232 ----a-w- c:\windows\java\Packages\Data\175R5ZFJ.DAT
2010-02-03 17:35 . 2010-02-03 17:35 155995 ----a-w- c:\windows\java\Packages\XJT3L3XR.ZIP
2010-02-03 17:35 . 2010-02-03 17:35 2678 ----a-w- c:\windows\java\Packages\Data\P3D7FFJL.DAT
2010-02-03 17:35 . 2010-02-03 17:35 2678 ----a-w- c:\windows\java\Packages\Data\3F1VBXJ1.DAT
2010-02-03 17:34 . 2010-02-03 17:34 2678 ----a-w- c:\windows\java\Packages\Data\ES86D357.DAT
2010-02-03 17:34 . 2010-02-03 17:34 2678 ----a-w- c:\windows\java\Packages\Data\UE9BH3BB.DAT
2010-02-03 17:34 . 2010-02-03 17:34 2678 ----a-w- c:\windows\java\Packages\Data\5NZJTF97.DAT
2010-01-30 15:48 . 2009-10-15 14:12 -------- d-----w- c:\programmi\eMule
2010-01-27 17:06 . 2010-01-09 17:41 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Bioshock
2010-01-25 14:33 . 2009-07-24 13:45 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ESTsoft
2010-01-22 15:53 . 2009-07-24 13:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Estsoft
2010-01-21 18:28 . 2009-11-28 19:39 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-17 09:27 . 2009-07-25 17:45 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\U3
2010-01-15 15:04 . 2009-07-31 14:40 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-14 17:42 . 2010-01-14 17:42 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater
2010-01-09 17:16 . 2010-01-09 17:16 -------- d-----w- c:\programmi\7-Zip
2010-01-07 15:07 . 2009-07-24 16:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-07-24 16:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 13:21 . 2010-01-06 13:21 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\GARMIN
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-25 20:36 . 2009-12-25 20:36 -------- d-----w- c:\programmi\Mp3 Knife
2009-12-24 23:14 . 2009-12-08 13:53 -------- d-----w- c:\programmi\3 Internet
2009-12-21 19:06 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 16:37 . 2009-07-24 08:29 71216 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-18 16:30 . 2009-12-18 16:30 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-12-18 16:30 . 2009-12-18 16:30 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-12-18 16:30 . 2009-12-18 16:30 129784 ------w- c:\windows\system32\pxafs.dll
2009-12-18 16:30 . 2009-12-18 16:30 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-12-18 16:30 . 2009-12-18 16:30 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-12-18 16:30 . 2009-12-18 16:30 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-12-14 07:08 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:12 . 2006-03-02 12:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:12 . 2004-08-19 15:39 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2001-08-30 23:08 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-03-02 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-03-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2006-03-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-19 15:39 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:54 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2010-02-17 319280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-10 23:43 67488 ----a-w- c:\programmi\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05 203416 ----a-w- c:\programmi\Alcohol Soft\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 14:14 147456 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-13 17:14 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2009-07-24 13:49 1796856 ----a-w- c:\programmi\COMODO\COMODO Internet Security\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
2008-08-06 10:16 159744 ----a-w- c:\programmi\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-05-16 04:11 648504 ----a-w- c:\programmi\File comuni\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\programmi\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-13 15:32 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-11 16:41 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-02-17 15:09 319280 ----a-w- c:\programmi\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdAgent"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [24/07/2009 14.49.38 99216]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [24/07/2009 14.49.38 31504]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2009 10.43.28 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 10.43.28 55024]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 18.19.58 13592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/11/2009 16.06.32 721904]
S2 gupdate1ca1aa48ebc7b9a;Servizio di Google Update (gupdate1ca1aa48ebc7b9a);c:\programmi\Google\Update\GoogleUpdate.exe [11/08/2009 17.55.27 133104]
S2 LinksysUpdater;Linksys Updater;c:\programmi\Linksys\Linksys Updater\bin\LinksysUpdater.exe [26/06/2008 13.52.42 204800]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [03/02/2010 18.47.55 8192]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 10.43.30 7408]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-18 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-11 16:41]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-11 16:54]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-11 16:54]

2010-02-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-02-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\nqv3kvfr.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\programmi\Common Files\Motive\npMotive.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-Mobile Partner - c:\programmi\3 Internet\3 Internet.exe
MSConfigStartUp-SearchSettings - c:\programmi\pdfforge Toolbar\SearchSettings.exe
AddRemove-HijackThis - c:\documents and settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\LPZJ44H1\HijackThis.exe



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1409082233-287218729-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,5b,d4,62,4b,6b,56,4b,9e,80,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,5b,d4,62,4b,6b,56,4b,9e,80,fd,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,48,46,f7,a7,6a,78,44,83,80,ad,\

[HKEY_USERS\S-1-5-21-1409082233-287218729-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:98,fc,1a,e4,f5,77,20,50,ee,3e,d0,9a,b7,2f,61,13,a3,2b,f2,b8,c7,17,b2,
2e,84,3f,f3,d0,ad,dd,05,08,61,0c,bb,3f,34,03,5f,06,d9,ff,1c,30,78,10,c4,b8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1409082233-287218729-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:3a,a5,79,0d,cc,13,81,f0,d2,27,8c,b3,8d,98,59,f4,d2,d5,89,3f,06,
4d,ae,ee,af,66,8f,f8,9e,bf,b1,17,42,72,6f,fc,f3,ab,1e,d9,72,95,55,af,b4,76,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2010-02-18 21:28:43
ComboFix-quarantined-files.txt 2010-02-18 20:28

Pre-Run: 110.663.675.904 byte disponibili
Post-Run: 111.084.908.544 byte disponibili

- - End Of File - - 60157F19DC0259A51229A44836F173E8
Torna in alto
 
r16
Inviato: Thursday, February 18, 2010 10:36:08 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Riavvia il pc.
Riscontri ancora problemi?
Torna in alto
 
stimpli
Inviato: Thursday, February 18, 2010 11:07:20 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
Niente, pur restando connesso dopo un pò non riesco a navigare. L'unica cosa è che togliendo pdfforge non mi dà più errore Dns quando apro la pagina web.
Torna in alto
 
r16
Inviato: Thursday, February 18, 2010 11:16:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Hai molti rimasugli di programmi disistallati male.
Comunque fai questa scansione on-line:
http://www.eset.com/onlinescan/
è in grado di rimuovere ciò che identifica come pericoloso.
Apri Internet Explorer, raggiungi il sito ESET, spunta la casella per accettare la licenza e l'installazione degli Activex, clicca su Start
spunta le caselle Remove found threats, Scan unwanted applications
Torna in alto
 
stimpli
Inviato: Friday, February 19, 2010 8:55:55 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
Ho fatto la scansione su eset. Mi ha trovato questi file.
C:\Documents and Settings\Administrator\Dati applicazioni\Thunderbird\Profiles\x2aeihs6.default\Mail\Local Folders\Trash a variant of Win32/Kryptik.BBD trojan contained infected files

C:\Documents and Settings\Administrator\Documenti\Downloads\Batman.Arkham.Asylum-RELOADED\rld-btaa.iso probably a variant of Win32/Agent trojan deleted - quarantined

F:\Mail\Local Folders\Trash a variant of Win32/Kryptik.BBD trojan contained infected files
Torna in alto
 
r16
Inviato: Friday, February 19, 2010 9:47:53 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
A cosa si riferisce la lettera F (è una periferica esterna?)
Prova a disattivare il Firewall, e vedi se riesci a navigare.
Torna in alto
 
stimpli
Inviato: Friday, February 19, 2010 10:49:14 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
La lettera F è un hard disk interno. Avevo provato anche a disattivare il firewall, ma niente. La navigazione ancora non va, cioè per gran parte del tempo sì, poi ogni tanto si impalla (ma u torrent continua a scaricare, skype resta aperto e mi dà connesso, solo le pagine web non mi visualizza). Devo formattare oppure può essere la scheda di rete?
Torna in alto
 
r16
Inviato: Friday, February 19, 2010 10:58:37 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per formattare fai sempre in tempo.

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript

Code:
RegLock::
[HKEY_USERS\S-1-5-21-1409082233-287218729-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-1409082233-287218729-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-1409082233-287218729-725345543-500\Software\SecuROM\License information*]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
stimpli
Inviato: Saturday, February 20, 2010 1:00:38 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
ComboFix 10-02-17.01 - Administrator 20/02/2010 12.50.38.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1577 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-01-20 al 2010-02-20 )))))))))))))))))))))))))))))))))))
.

2010-02-19 20:41 . 2010-02-19 20:42 -------- dc-h--w- c:\windows\ie8
2010-02-19 16:14 . 2010-02-19 16:14 -------- d-----w- c:\programmi\ESET
2010-02-18 18:24 . 2010-02-18 18:44 -------- d-----w- C:\AVGTemp
2010-02-18 13:42 . 2010-02-18 13:42 -------- d-----w- C:\ERDNT
2010-02-18 10:22 . 2007-02-13 15:17 69632 ----a-w- c:\windows\system32\MCCDevice.dll
2010-02-17 10:15 . 2010-02-17 10:16 -------- d-----w- c:\programmi\Motive
2010-02-16 09:15 . 2010-02-16 09:15 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Motive
2010-02-03 17:36 . 2010-02-17 10:17 -------- d-----w- c:\windows\Motive
2010-02-03 17:36 . 2010-02-17 10:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
2010-02-03 17:36 . 2010-02-03 17:36 -------- d-----w- c:\programmi\File comuni\Motive
2010-02-03 17:36 . 2010-02-03 17:36 -------- d-----w- c:\programmi\Common Files
2010-02-03 17:35 . 2010-02-17 10:17 -------- d-----w- c:\programmi\Alice ti aiuta
2010-02-03 17:35 . 2002-10-17 19:44 46352 ----a-w- c:\windows\setdebug.exe
2010-02-03 17:35 . 2002-10-17 19:44 171280 ----a-w- c:\windows\system32\jit.dll
2010-02-03 17:35 . 2002-10-17 19:44 139536 ----a-w- c:\windows\system32\javaee.dll
2010-02-03 17:35 . 2002-10-17 18:08 6550 ----a-w- c:\windows\jautoexp.dat
2010-02-03 17:35 . 2002-10-17 18:07 313856 ----a-w- c:\windows\system32\dx3j.dll
2010-02-03 17:32 . 2010-02-03 17:47 -------- d-----w- c:\programmi\Telecom Italia
2010-02-02 20:10 . 2005-08-25 16:48 27136 ----a-w- c:\windows\system32\GsiDi32.dll
2010-02-01 18:37 . 2010-02-19 21:02 52224 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-29 22:10 . 2010-01-29 22:10 -------- d-----w- c:\programmi\File comuni\DirectX
2010-01-29 21:52 . 2010-01-29 22:09 -------- d-----w- c:\programmi\Microsoft Games for Windows - LIVE
2010-01-29 21:26 . 2010-01-30 14:42 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Rockstar Games
2010-01-29 21:25 . 2010-01-31 09:17 -------- d-----w- c:\programmi\Rockstar Games
2010-01-27 19:31 . 2010-01-27 19:31 -------- d-----w- c:\programmi\EA GAMES
2010-01-26 21:45 . 2010-01-26 21:45 -------- d-----w- C:\found.000
2010-01-25 14:44 . 2010-01-25 14:44 -------- d-sh--w- c:\windows\ftpcache
2010-01-22 16:33 . 2010-02-18 11:58 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\KeePass
2010-01-22 16:30 . 2010-01-22 16:30 -------- d-----w- c:\programmi\KeePass Password Safe 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 11:37 . 2009-10-18 12:52 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2010-02-19 21:02 . 2009-07-24 16:06 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-19 21:02 . 2009-07-24 15:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-02-19 20:18 . 2009-10-14 17:05 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-02-19 19:58 . 2009-08-18 17:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2010-02-19 17:56 . 2009-07-24 13:47 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-02-19 15:52 . 2009-10-14 17:06 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-02-18 20:11 . 2009-11-04 15:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-02-18 14:19 . 2009-07-24 16:05 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-18 14:16 . 2009-07-24 16:07 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-18 13:06 . 2009-11-04 16:26 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Spider Player
2010-02-17 18:34 . 2009-10-18 12:54 -------- d-----w- c:\programmi\uTorrent
2010-02-16 09:11 . 2009-10-14 21:10 1006848 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-02-12 22:10 . 2009-07-24 09:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-12 17:34 . 2009-12-05 18:29 -------- d-----w- c:\programmi\Free Video Converter
2010-02-11 20:02 . 2009-07-24 16:04 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-02-10 13:57 . 2006-03-02 12:00 80382 ----a-w- c:\windows\system32\perfc010.dat
2010-02-10 13:57 . 2006-03-02 12:00 482022 ----a-w- c:\windows\system32\perfh010.dat
2010-02-08 14:52 . 2009-08-03 17:09 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\dvdcss
2010-02-06 20:30 . 2009-07-24 13:51 -------- d-----w- c:\programmi\Google
2010-02-03 17:47 . 2009-07-24 07:49 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-03 17:35 . 2010-02-03 17:35 2232 ----a-w- c:\windows\java\Packages\Data\175R5ZFJ.DAT
2010-02-03 17:35 . 2010-02-03 17:35 155995 ----a-w- c:\windows\java\Packages\XJT3L3XR.ZIP
2010-02-03 17:35 . 2010-02-03 17:35 2678 ----a-w- c:\windows\java\Packages\Data\P3D7FFJL.DAT
2010-02-03 17:35 . 2010-02-03 17:35 2678 ----a-w- c:\windows\java\Packages\Data\3F1VBXJ1.DAT
2010-02-03 17:34 . 2010-02-03 17:34 2678 ----a-w- c:\windows\java\Packages\Data\ES86D357.DAT
2010-02-03 17:34 . 2010-02-03 17:34 2678 ----a-w- c:\windows\java\Packages\Data\UE9BH3BB.DAT
2010-02-03 17:34 . 2010-02-03 17:34 2678 ----a-w- c:\windows\java\Packages\Data\5NZJTF97.DAT
2010-01-30 15:48 . 2009-10-15 14:12 -------- d-----w- c:\programmi\eMule
2010-01-27 17:06 . 2010-01-09 17:41 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Bioshock
2010-01-25 14:33 . 2009-07-24 13:45 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ESTsoft
2010-01-22 15:53 . 2009-07-24 13:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Estsoft
2010-01-21 18:28 . 2009-11-28 19:39 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-17 09:27 . 2009-07-25 17:45 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\U3
2010-01-15 15:04 . 2009-07-31 14:40 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-14 17:42 . 2010-01-14 17:42 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater
2010-01-14 10:12 . 2009-10-04 13:05 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-09 17:16 . 2010-01-09 17:16 -------- d-----w- c:\programmi\7-Zip
2010-01-07 15:07 . 2009-07-24 16:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-07-24 16:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 13:21 . 2010-01-06 13:21 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\GARMIN
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-25 20:36 . 2009-12-25 20:36 -------- d-----w- c:\programmi\Mp3 Knife
2009-12-24 23:14 . 2009-12-08 13:53 -------- d-----w- c:\programmi\3 Internet
2009-12-18 16:37 . 2009-07-24 08:29 71216 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-18 16:30 . 2009-12-18 16:30 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-12-18 16:30 . 2009-12-18 16:30 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-12-18 16:30 . 2009-12-18 16:30 129784 ------w- c:\windows\system32\pxafs.dll
2009-12-18 16:30 . 2009-12-18 16:30 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-12-18 16:30 . 2009-12-18 16:30 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-12-18 16:30 . 2009-12-18 16:30 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-12-14 07:08 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:12 . 2006-03-02 12:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:12 . 2004-08-19 15:39 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2001-08-30 23:08 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-03-02 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-03-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2006-03-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-19 15:39 48128 ----a-w- c:\windows\system32\iyuv_32.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-18_20.26.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-20 11:48 . 2010-02-20 11:48 16384 c:\windows\Temp\Perflib_Perfdata_6d0.dat
- 2009-03-08 03:31 . 2009-12-21 19:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-03-02 12:00 . 2009-03-08 03:33 25600 c:\windows\system32\jsproxy.dll
- 2006-03-02 12:00 . 2009-12-21 19:06 25600 c:\windows\system32\jsproxy.dll
- 2009-03-08 03:33 . 2009-12-21 19:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 37888 c:\windows\ie8\url.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 37888 c:\windows\ie8\url.dll
+ 2010-02-19 20:41 . 2009-03-08 19:34 58448 c:\windows\ie8\spuninst\iecustom.dll
- 2010-02-17 15:00 . 2009-03-08 19:34 58448 c:\windows\ie8\spuninst\iecustom.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 39424 c:\windows\ie8\pngfilt.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 39424 c:\windows\ie8\pngfilt.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 97280 c:\windows\ie8\occache.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 97280 c:\windows\ie8\occache.dll
+ 2010-02-19 20:41 . 2008-04-13 16:49 57344 c:\windows\ie8\mshtmler.dll
- 2010-02-17 14:59 . 2008-04-13 16:49 57344 c:\windows\ie8\mshtmler.dll
- 2010-02-17 14:59 . 2008-04-13 17:14 29184 c:\windows\ie8\mshta.exe
+ 2010-02-19 20:41 . 2008-04-13 17:14 29184 c:\windows\ie8\mshta.exe
+ 2010-02-19 20:41 . 2008-04-13 17:13 22016 c:\windows\ie8\licmgr10.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 22016 c:\windows\ie8\licmgr10.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 15872 c:\windows\ie8\jsproxy.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 15872 c:\windows\ie8\jsproxy.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 96768 c:\windows\ie8\inseng.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 96768 c:\windows\ie8\inseng.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 35840 c:\windows\ie8\imgutil.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 35840 c:\windows\ie8\imgutil.dll
- 2010-02-17 14:59 . 2008-04-13 17:14 93184 c:\windows\ie8\iexplore.exe
+ 2010-02-19 20:41 . 2008-04-13 17:14 93184 c:\windows\ie8\iexplore.exe
+ 2010-02-19 20:41 . 2008-04-13 17:13 63488 c:\windows\ie8\iesetup.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 63488 c:\windows\ie8\iesetup.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 49152 c:\windows\ie8\iernonce.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 49152 c:\windows\ie8\iernonce.dll
- 2010-02-17 14:59 . 2009-04-29 04:33 81920 c:\windows\ie8\ieencode.dll
+ 2010-02-19 20:41 . 2009-04-29 04:33 81920 c:\windows\ie8\ieencode.dll
+ 2010-02-19 20:41 . 2008-04-13 17:14 34304 c:\windows\ie8\ie4uinit.exe
- 2010-02-17 14:59 . 2008-04-13 17:14 34304 c:\windows\ie8\ie4uinit.exe
- 2010-02-17 14:59 . 2008-04-13 17:13 38912 c:\windows\ie8\hmmapi.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 38912 c:\windows\ie8\hmmapi.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 35328 c:\windows\ie8\corpol.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 35328 c:\windows\ie8\corpol.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 61440 c:\windows\ie8\admparse.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 61440 c:\windows\ie8\admparse.dll
+ 2006-03-02 12:00 . 2009-03-08 03:34 914944 c:\windows\system32\wininet.dll
+ 2006-03-02 12:00 . 2009-03-08 03:34 109568 c:\windows\system32\occache.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 594432 c:\windows\system32\msfeeds.dll
- 2009-03-08 03:32 . 2009-12-21 19:06 594432 c:\windows\system32\msfeeds.dll
- 2006-03-02 12:00 . 2009-06-22 06:45 726528 c:\windows\system32\jscript.dll
+ 2006-03-02 12:00 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll
+ 2006-03-02 12:00 . 2009-03-08 03:31 183808 c:\windows\system32\iepeers.dll
+ 2006-03-02 12:00 . 2009-03-08 13:09 391536 c:\windows\system32\iedkcs32.dll
- 2006-03-02 12:00 . 2009-12-21 13:20 173056 c:\windows\system32\ie4uinit.exe
+ 2006-03-02 12:00 . 2009-03-08 03:32 173056 c:\windows\system32\ie4uinit.exe
+ 2009-03-08 03:34 . 2009-03-08 03:34 914944 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 03:34 . 2009-03-08 03:34 109568 c:\windows\system32\dllcache\occache.dll
+ 2008-05-09 10:53 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-06-22 06:45 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 183808 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 13:09 . 2009-03-08 13:09 391536 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 03:32 . 2009-12-21 13:20 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2010-02-17 14:59 . 2008-04-13 17:13 668672 c:\windows\ie8\wininet.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 668672 c:\windows\ie8\wininet.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 280576 c:\windows\ie8\webcheck.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 280576 c:\windows\ie8\webcheck.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 851968 c:\windows\ie8\vgx.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 851968 c:\windows\ie8\vgx.dll
- 2010-02-17 14:59 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2010-02-19 20:41 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 620544 c:\windows\ie8\urlmon.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 620544 c:\windows\ie8\urlmon.dll
+ 2010-02-19 20:41 . 2009-01-07 17:21 401952 c:\windows\ie8\spuninst\updspapi.dll
- 2010-02-17 15:00 . 2009-01-07 17:21 401952 c:\windows\ie8\spuninst\updspapi.dll
- 2010-02-17 15:00 . 2009-01-07 17:21 234016 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-02-19 20:41 . 2009-01-07 17:21 234016 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-02-19 20:41 . 2008-04-13 17:13 532480 c:\windows\ie8\mstime.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 532480 c:\windows\ie8\mstime.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 146432 c:\windows\ie8\msrating.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 146432 c:\windows\ie8\msrating.dll
+ 2010-02-19 20:41 . 2006-03-02 12:00 146432 c:\windows\ie8\msls31.dll
- 2010-02-17 14:59 . 2006-03-02 12:00 146432 c:\windows\ie8\msls31.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 449024 c:\windows\ie8\mshtmled.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 449024 c:\windows\ie8\mshtmled.dll
+ 2010-02-19 20:41 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
- 2010-02-17 14:59 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 251904 c:\windows\ie8\iepeers.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 251904 c:\windows\ie8\iepeers.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 323584 c:\windows\ie8\iedkcs32.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 323584 c:\windows\ie8\iedkcs32.dll
+ 2010-02-19 20:41 . 2006-03-02 12:00 237568 c:\windows\ie8\ieakui.dll
- 2010-02-17 14:59 . 2006-03-02 12:00 237568 c:\windows\ie8\ieakui.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 221184 c:\windows\ie8\ieaksie.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 221184 c:\windows\ie8\ieaksie.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 143360 c:\windows\ie8\ieakeng.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 143360 c:\windows\ie8\ieakeng.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 205312 c:\windows\ie8\dxtrans.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 205312 c:\windows\ie8\dxtrans.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 357888 c:\windows\ie8\dxtmsft.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 357888 c:\windows\ie8\dxtmsft.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 101888 c:\windows\ie8\advpack.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 101888 c:\windows\ie8\advpack.dll
+ 2006-03-02 12:00 . 2009-03-08 03:34 1206784 c:\windows\system32\urlmon.dll
+ 2006-03-02 12:00 . 2009-03-08 03:41 5937152 c:\windows\system32\mshtml.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 1985024 c:\windows\system32\iertutil.dll
+ 2009-03-08 03:34 . 2009-03-08 03:34 1206784 c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-08 03:41 . 2009-03-08 03:41 5937152 c:\windows\system32\dllcache\mshtml.dll
- 2010-02-17 14:59 . 2008-04-13 17:13 3066880 c:\windows\ie8\mshtml.dll
+ 2010-02-19 20:41 . 2008-04-13 17:13 3066880 c:\windows\ie8\mshtml.dll
+ 2009-03-08 03:39 . 2009-03-08 03:39 11063808 c:\windows\system32\ieframe.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2010-02-17 319280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2009-07-24 1796856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-10 23:43 67488 ----a-w- c:\programmi\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05 203416 ----a-w- c:\programmi\Alcohol Soft\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 14:14 147456 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-13 17:14 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
2008-08-06 10:16 159744 ----a-w- c:\programmi\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-05-16 04:11 648504 ----a-w- c:\programmi\File comuni\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\programmi\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-13 15:32 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-11 16:41 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-02-17 15:09 319280 ----a-w- c:\programmi\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdAgent"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [24/07/2009 14.49.38 99216]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [24/07/2009 14.49.38 31504]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2009 10.43.28 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 10.43.28 55024]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 18.19.58 13592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/11/2009 16.06.32 721904]
S2 gupdate1ca1aa48ebc7b9a;Servizio di Google Update (gupdate1ca1aa48ebc7b9a);c:\programmi\Google\Update\GoogleUpdate.exe [11/08/2009 17.55.27 133104]
S2 LinksysUpdater;Linksys Updater;c:\programmi\Linksys\Linksys Updater\bin\LinksysUpdater.exe [26/06/2008 13.52.42 204800]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [03/02/2010 18.47.55 8192]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 10.43.30 7408]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-20 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-11 16:41]

2010-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-11 16:54]

2010-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-11 16:54]

2010-02-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-02-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\nqv3kvfr.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\programmi\Common Files\Motive\npMotive.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
Notify-avgrsstarter - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-20 12:56
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1409082233-287218729-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:98,fc,1a,e4,f5,77,20,50,ee,3e,d0,9a,b7,2f,61,13,a3,2b,f2,b8,c7,17,b2,
2e,84,3f,f3,d0,ad,dd,05,08,61,0c,bb,3f,34,03,5f,06,d9,ff,1c,30,78,10,c4,b8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1409082233-287218729-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:3a,a5,79,0d,cc,13,81,f0,d2,27,8c,b3,8d,98,59,f4,d2,d5,89,3f,06,
4d,ae,ee,af,66,8f,f8,9e,bf,b1,17,42,72,6f,fc,f3,ab,1e,d9,72,95,55,af,b4,76,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2010-02-20 12:58:37
ComboFix-quarantined-files.txt 2010-02-20 11:58
ComboFix2.txt 2010-02-18 20:28

Pre-Run: 110.872.158.208 byte disponibili
Post-Run: 110.824.443.904 byte disponibili

- - End Of File - - A7403671AE0687E8B21E908A0DE908B6
Torna in alto
 
r16
Inviato: Saturday, February 20, 2010 2:11:46 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Il problema persiste?
Torna in alto
 
stimpli
Inviato: Saturday, February 20, 2010 3:31:05 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
Per il momento pare di no, ora navigo tutto il pomeriggio e vedo se succede di nuovo. Applause
Torna in alto
 
r16
Inviato: Saturday, February 20, 2010 3:37:25 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
In ogni caso, ti consiglio di disistallare uno di questi due software:
SpyBot, (compreso il Tea Timer) oppure Superantispyware.
Uno dei due, è superfluo.
Se tieni SpyBot, (che non mi sembra proprio installato, ma ci sono le chiavi del Tea Timer) non tenere attivo il Tea Timer, crea più problemi che benefici.

Per eliminare i vari Tooll scaricati: (combofix)
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.
Poi lo puoi eliminare .

Disattiva il ripristino configurazione di sistema,
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Spegni il pc.
Riavvia il pc.
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Torna in alto
 
stimpli
Inviato: Saturday, February 20, 2010 4:16:26 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
Grazie, quale antivirus mi consigli? Per eseguire combofix ho dovuto disintallare avg free perchè non riuscivo a disabilitarlo e al momento non nessun antivirus. E per il firewall, mi tengo comodo?
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il log?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.