Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Ho tolto tutti i virus???

5 pages: [1] 2 3 4 5
Ho tolto tutti i virus??? Opzioni
Topic Precedente · Topic Sucessivo
dc881
Inviato: Wednesday, March 17, 2010 6:26:47 PM
Rank: AiutAmico

Iscritto dal : 8/2/2009
Posts: 53
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.58.07, on 17/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Programmi\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Programmi\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Programmi\Paltalk Messenger\paltalk.exe
C:\Documents and Settings\6750\Desktop\html2pop3232win32\html2pop3.exe
C:\Programmi\FastFX Trader\terminal.exe
C:\Programmi\MagicDisc\MagicDisc.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
C:\xampp\apache\bin\apache.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Interbank FX Trader 4\terminal.exe
C:\Programmi\RapidBIT\cidaemon.exe
C:\Programmi\Tencent\Foxmail\Foxmail.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Interbank42\terminal.exe
C:\Programmi\Notepad++\notepad++.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.incredimail.com/app/?tag=page_app_welcome&lang=16&version=5853823&setup_id=16000002&aff_id=1&addon=IncrediMail
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Programmi\PHPNukeIT\tbPHP0.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Programmi\TRELLIAN\Toolbar\toolbar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Programmi\PHPNukeIT\tbPHP0.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Programmi\SGPSA\SearchAssistant.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Programmi\vmntoolbar\vmntoolbar.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Programmi\SGPSA\BHO.dll
O3 - Toolbar: Web Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\Programmi\Accessibility_Toolbar\Accessibility_Toolbar.dll
O3 - Toolbar: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Programmi\PHPNukeIT\tbPHP0.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Programmi\vmntoolbar\vmntoolbar.dll
O3 - Toolbar: Trellian &Toolbar - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Programmi\TRELLIAN\Toolbar\toolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Programmi\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SGPUpdater] C:\Programmi\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [FBSearch] C:\Programmi\Search Guard Plus\SearchGuardPlus.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Collegamento a html2pop3.exe (2).lnk = C:\Documents and Settings\6750\Desktop\html2pop3232win32\html2pop3.exe
O4 - Startup: FastFX Trader.lnk = C:\Programmi\FastFX Trader\terminal.exe
O4 - Startup: ibfx42l.exe.lnk = C:\Programmi\Interbank42\terminal.exe
O4 - Startup: MagicDisc.lnk = C:\Programmi\MagicDisc\MagicDisc.exe
O4 - Startup: Popup.lnk = C:\MKT-Director\Database\Director\Popup.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Finestra di stato di Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PalTalk.lnk = C:\Programmi\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &BOM hinzufügen - C:\\PROGRA~1\\BID-O-~1\\\\AddToBOM.hta
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ricerca - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programmi\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .mu3: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mxl: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mya: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myt: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B4864BE-E218-4265-A013-AD9896B69D39}: NameServer = 151.99.125.1,195.110.128.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Programmi\RapidBIT\cisvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: JTVNCProxy (JTVNCProxy_10.0) - Unknown owner - C:\Programmi\Freedom Scientific\JAWS\10.0\JTVNCProxy.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programmi\WinPcap\rpcapd.exe

--
End of file - 15291 bytes
Torna in alto
 
Sponsor
Inviato: Wednesday, March 17, 2010 6:26:47 PM

 
Torna in alto
 
bazzurlone
Inviato: Wednesday, March 17, 2010 6:45:30 PM

Rank: AiutAmico

Iscritto dal : 1/20/2005
Posts: 1,537
A me non sembra,usa questo,aggiornalo,scansione completa,posta il log
http://www.aiutamici.com/software?ID=80346
Torna in alto
 
paolopa
Inviato: Wednesday, March 17, 2010 6:45:51 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ho paura che ti sei dimenticato qualcosa....
scarica ed installa mbam: http://software.aiutamici.com/software?ID=80346
lo aggiorni e fai una scansione completa,posta il log.
Torna in alto
 
paolopa
Inviato: Wednesday, March 17, 2010 6:46:40 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ciao bazz,stavo scrivendo e non potevo vederti....meglio due che nessuno.buona serata.
Torna in alto
 
bazzurlone
Inviato: Wednesday, March 17, 2010 6:49:34 PM

Rank: AiutAmico

Iscritto dal : 1/20/2005
Posts: 1,537
paolopa ha scritto:
ciao bazz,stavo scrivendo e non potevo vederti....meglio due che nessuno.buona serata.

Vai tranquillo,ora che la situazione in questo forum è tornata accettabile mi vedrete piu' spesso
Torna in alto
 
dc881
Inviato: Wednesday, March 17, 2010 10:01:43 PM
Rank: AiutAmico

Iscritto dal : 8/2/2009
Posts: 53
Avevate ragione


Malwarebytes' Anti-Malware 1.44
Versione del database: 3876
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/03/2010 22.01.45
mbam-log-2010-03-17 (22-01-45).txt

Tipo di scansione: Scansione completa (C:\|F:\|)
Elementi scansionati: 773942
Tempo trascorso: 3 hour(s), 4 minute(s), 2 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 4

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\6750\Dati applicazioni\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9CFBA845-D615-4F92-B3F4-F5FDDF674D6B}\RP399\A0122219.exe (HackTool.Snadboy) -> Quarantined and deleted successfully.
C:\Programmi\Navilog1\gnc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{9CFBA845-D615-4F92-B3F4-F5FDDF674D6B}\RP420\A0130679.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Torna in alto
 
paolopa
Inviato: Thursday, March 18, 2010 6:48:43 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
dal pannello di controllo elimina tutte le toolbar,poi:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX chiudi la connessione disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

posta un log aggiornato di hijack

cosa è "f"?una memoria esterna?
Torna in alto
 
dc881
Inviato: Thursday, March 18, 2010 6:38:53 PM
Rank: AiutAmico

Iscritto dal : 8/2/2009
Posts: 53
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.36.34, on 18/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
C:\Programmi\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\xampp\apache\bin\apache.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Programmi\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Programmi\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Programmi\Paltalk Messenger\paltalk.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Documents and Settings\6750\Desktop\html2pop3232win32\html2pop3.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\RapidBIT\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Interbank FX Trader 4\terminal.exe
C:\Programmi\FastFX Trader\terminal.exe
C:\Programmi\Interbank42\terminal.exe
C:\Programmi\Tencent\Foxmail\Foxmail.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.incredimail.com/app/?tag=page_app_welcome&lang=16&version=5853823&setup_id=16000002&aff_id=1&addon=IncrediMail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Programmi\vmntoolbar\vmntoolbar.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Web Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\Programmi\Accessibility_Toolbar\Accessibility_Toolbar.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Programmi\vmntoolbar\vmntoolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Programmi\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Collegamento a html2pop3.exe (2).lnk = C:\Documents and Settings\6750\Desktop\html2pop3232win32\html2pop3.exe
O4 - Startup: FastFX Trader.lnk = C:\Programmi\FastFX Trader\terminal.exe
O4 - Startup: ibfx42l.exe.lnk = C:\Programmi\Interbank42\terminal.exe
O4 - Startup: Popup.lnk = C:\MKT-Director\Database\Director\Popup.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Finestra di stato di Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PalTalk.lnk = C:\Programmi\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &BOM hinzufügen - C:\\PROGRA~1\\BID-O-~1\\\\AddToBOM.hta
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ricerca - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programmi\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .mu3: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mxl: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mya: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myt: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B4864BE-E218-4265-A013-AD9896B69D39}: NameServer = 151.99.125.1,195.110.128.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Programmi\RapidBIT\cisvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: JTVNCProxy (JTVNCProxy_10.0) - Unknown owner - C:\Programmi\Freedom Scientific\JAWS\10.0\JTVNCProxy.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programmi\WinPcap\rpcapd.exe

--
End of file - 12962 bytes
Torna in alto
 
dc881
Inviato: Thursday, March 18, 2010 6:39:41 PM
Rank: AiutAmico

Iscritto dal : 8/2/2009
Posts: 53
Mi sembra andare tutto molto meglio, forse questa volta gli ho tolti davvero.
Grazie
Torna in alto
 
paolopa
Inviato: Thursday, March 18, 2010 7:55:27 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
io ti ho consigliato di fare una scansione,ma se pensi di essere a posto cosi' va benissimo.fai un po tu.
ciao e buona serata.
Torna in alto
 
dc881
Inviato: Thursday, March 18, 2010 9:46:56 PM
Rank: AiutAmico

Iscritto dal : 8/2/2009
Posts: 53
La scansione con il programma che mi hai segnalato l'ho fatta, ma non hocapito il log finale
Torna in alto
 
simo95
Inviato: Thursday, March 18, 2010 10:18:18 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
dc881 ha scritto:
La scansione con il programma che mi hai segnalato l'ho fatta, ma non hocapito il log finale


Devi incollare il contenuto qui.
Il log lo trovi in C:\ComboFix.txt


Ciao
Torna in alto
 
dc881
Inviato: Thursday, March 18, 2010 10:30:27 PM
Rank: AiutAmico

Iscritto dal : 8/2/2009
Posts: 53
Non lo trova, forse non l'ho salvato!!!!! Scusate
Trovo solo Combofix nel C: che ha l'icona di risorse del computer e facendoci click sopra si comporta come risorse del computer!!!!!!!
Torna in alto
 
dc881
Inviato: Thursday, March 18, 2010 11:50:28 PM
Rank: AiutAmico

Iscritto dal : 8/2/2009
Posts: 53
ComboFix 10-03-17.07 - 6750 18/03/2010 23.30.29.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2038.1103 [GMT 1:00]
Eseguito da: c:\documents and settings\6750\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\att114.pdf
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\foto10(03-18-21-47-59).gif
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\foto10.gif
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\foto10.jpg
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\foto11(03-18-21-37-04).jpg
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\foto11(03-18-21-47-59).jpg
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\foto11.jpg
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\foto12(03-18-21-47-59).jpg
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\foto12.jpg
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\foto13(03-18-21-47-59).jpg
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\foto13.jpg
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\foto14(03-18-21-47-59).jpg
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\foto14.jpg
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\foto8.gif
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\foto9.jpg
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\leftbg(03-18-20-15-01).gif
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\leftbg(03-18-20-15-43).gif
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\leftbg(1).gif
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\leftbg.gif
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\Programma Escursioni CAI 2010.jpg
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\rightbg(03-18-20-15-01).gif
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\rightbg(03-18-20-15-43).gif
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\rightbg.gif
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\scrollbar.css
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\toppic(03-18-20-15-01).gif
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\toppic(03-18-20-15-43).gif
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\toppic.gif
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-18-30-16).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-18-30-31).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-19-50-40).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-19-50-52).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-19-50-55).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-19-50-58).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-19-51-14).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-19-52-03).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-19-58-11).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-19-58-22).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-20-15-01).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-20-15-43).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-20-21-19).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-20-32-53).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-20-32-55).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-20-36-11).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-21-02-49).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-21-03-22).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-21-17-58).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-21-19-56).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-21-32-10).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-21-33-19).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-21-37-04).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-21-47-58).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-21-47-59)(1).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-21-47-59)(2).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-21-47-59).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-21-48-00).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-21-48-04).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-21-50-13).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-22-48-00).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-18-23-00-36).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown.htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown.jpg

.
((((((((((((((((((((((((( Files Creati Da 2010-02-18 al 2010-03-18 )))))))))))))))))))))))))))))))))))
.

2010-03-17 21:25 . 2009-12-28 21:21 12288 ----a-w- c:\windows\system32\netset.exe
2010-03-17 21:18 . 2010-03-17 21:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FreeRIP
2010-03-15 20:54 . 2010-03-15 20:54 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2010-03-15 20:50 . 2010-03-15 20:50 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-03-15 20:49 . 2010-03-15 20:50 -------- d-----w- c:\programmi\Google
2010-03-14 12:47 . 2010-03-14 12:47 -------- d-----w- c:\documents and settings\6750\Impostazioni locali\Dati applicazioni\Winamp Toolbar
2010-03-12 15:14 . 2010-03-12 15:17 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Synthesia
2010-03-12 15:11 . 2010-03-12 15:11 -------- d-----w- c:\programmi\Synthesia
2010-03-11 16:53 . 2010-03-11 16:53 540568 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-03-10 20:55 . 2010-03-10 20:55 -------- d-----w- c:\programmi\Winamp Toolbar
2010-03-10 20:55 . 2010-03-10 20:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar
2010-03-10 19:13 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-10 19:13 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-10 19:13 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-10 19:13 . 2010-02-02 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-10 19:12 . 2010-03-10 19:16 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-03-09 22:06 . 2010-03-09 22:06 -------- d-----w- c:\programmi\Lame for Audacity
2010-03-09 19:10 . 2010-03-09 19:10 -------- d-----w- C:\MAGIX
2010-03-09 17:32 . 2010-03-11 13:44 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Audacity
2010-03-09 17:32 . 2010-03-09 17:32 -------- d-----w- c:\programmi\Audacity 1.3 Beta (Unicode)
2010-03-07 22:58 . 2010-03-07 22:58 -------- d-----w- c:\documents and settings\6750\Impostazioni locali\Dati applicazioni\Phase_One
2010-03-07 22:42 . 2010-03-07 22:42 -------- d-----w- c:\programmi\DIFX
2010-03-07 22:42 . 2010-03-07 22:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Phase One
2010-03-07 22:42 . 2010-03-07 22:47 -------- d-----w- c:\documents and settings\6750\Impostazioni locali\Dati applicazioni\CaptureOne
2010-03-05 18:31 . 2010-03-07 19:11 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2010-03-05 18:27 . 2010-03-07 19:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2010-03-05 18:27 . 2010-03-05 18:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2010-03-05 18:27 . 2010-03-05 18:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2010-03-03 14:52 . 2010-03-03 14:52 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-02 22:38 . 2010-03-02 22:44 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Trellian
2010-03-02 22:38 . 2010-03-02 22:40 -------- d-----w- c:\documents and settings\6750\Impostazioni locali\Dati applicazioni\WebPage
2010-03-02 22:36 . 2007-09-07 22:43 512000 ----a-w- c:\windows\system32\Achroma2.dll
2010-03-02 22:36 . 2010-03-18 17:42 -------- d-----w- c:\programmi\Trellian
2010-03-02 22:22 . 2010-03-02 22:22 -------- d-----w- c:\programmi\HTML TableFactory
2010-03-02 17:29 . 2010-03-02 17:29 -------- d-----w- c:\programmi\MPC HomeCinema
2010-03-02 17:26 . 2010-03-02 17:26 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-02-28 19:52 . 2010-02-28 19:52 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\freeTVRadio
2010-02-28 17:09 . 2010-03-18 17:46 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\OfferBox
2010-02-22 19:10 . 2010-02-22 19:10 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Facebook

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 22:26 . 2009-04-16 22:37 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\FileZilla
2010-03-18 17:52 . 2009-10-19 16:37 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2010-03-18 17:48 . 2009-04-08 21:04 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-18 17:48 . 2009-04-08 21:10 3907616 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-18 17:45 . 2009-05-07 18:59 -------- d-----w- c:\programmi\RipTiger
2010-03-18 17:43 . 2009-12-30 12:50 -------- d-----w- c:\programmi\eBay
2010-03-18 17:10 . 2009-04-08 21:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-03-18 17:07 . 2009-04-08 21:10 107564 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-18 17:07 . 2009-04-08 21:10 29449760 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-18 17:07 . 2009-04-08 21:10 293960 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-18 16:48 . 2009-08-28 22:31 -------- d-----w- c:\programmi\PHPNukeIT
2010-03-17 21:15 . 2009-08-08 14:53 -------- d-----w- c:\programmi\FLVPlayer4Free
2010-03-17 17:56 . 2009-08-02 16:09 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-16 23:17 . 2009-05-10 19:38 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\uTorrent
2010-03-16 23:02 . 2009-05-13 14:06 -------- d-----w- c:\programmi\Direct MIDI to MP3 Converter
2010-03-16 23:01 . 2009-04-08 22:21 -------- d-----w- c:\programmi\eMule
2010-03-16 23:00 . 2009-10-01 13:50 -------- d-----w- c:\programmi\e107 Theme Creator Beta
2010-03-16 23:00 . 2009-10-01 13:52 -------- d-----w- c:\programmi\e107 Tool
2010-03-16 23:00 . 2010-01-12 21:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AppSoft
2010-03-11 16:40 . 2009-05-23 16:20 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\muvee Technologies
2010-03-11 08:58 . 2009-04-16 15:11 79776 ----a-w- c:\documents and settings\6750\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-11 08:57 . 2009-05-23 14:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\muvee Technologies
2010-03-11 08:56 . 2009-05-23 14:59 -------- d-----w- c:\programmi\File comuni\muvee Technologies
2010-03-11 08:56 . 2009-11-16 15:53 79776 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-11 08:56 . 2009-05-23 14:59 -------- d-----w- c:\programmi\muvee Technologies
2010-03-11 08:12 . 2010-01-11 16:20 -------- d-----w- c:\programmi\File comuni\Nikon
2010-03-11 08:11 . 2010-01-11 16:18 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2010-03-10 20:57 . 2009-11-19 18:58 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Winamp
2010-03-10 20:56 . 2009-11-19 18:58 -------- d-----w- c:\programmi\Winamp
2010-03-10 19:10 . 2009-04-21 21:25 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\DivX
2010-03-06 20:29 . 2010-01-11 16:34 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2010-03-04 07:36 . 2009-07-27 21:49 -------- d-----w- c:\programmi\Microsoft ActiveSync
2010-03-03 14:56 . 2009-10-29 09:27 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-03 14:56 . 2009-05-17 07:03 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-03 14:52 . 2009-05-16 13:44 -------- d-----w- c:\programmi\Lavasoft
2010-02-27 07:58 . 2009-04-21 21:13 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Any Video Converter
2010-02-25 18:41 . 2009-05-01 14:07 -------- d-----w- c:\programmi\FileZilla FTP Client
2010-02-24 08:48 . 2009-11-30 15:51 66 ----a-w- c:\documents and settings\6750\Dati applicazioni\isfree4_1.tmp
2010-02-18 07:37 . 2010-01-21 22:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2010-02-16 21:28 . 2009-04-18 13:34 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\U3
2010-02-16 21:23 . 2010-01-05 12:21 -------- d-----w- c:\programmi\CA VMN Anti-Spyware
2010-02-14 18:46 . 2009-04-08 20:45 -------- d-----w- c:\programmi\microsoft frontpage
2010-02-14 15:15 . 2009-04-08 21:27 -------- d-----w- c:\programmi\Notepad++
2010-02-14 15:15 . 2009-04-08 21:27 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Notepad++
2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- c:\programmi\STEARsoft
2010-02-10 19:22 . 2009-12-16 19:29 798 ----a-w- c:\windows\unins000.dat
2010-02-10 10:12 . 2009-06-08 21:13 -------- d-----w- c:\programmi\MSECache
2010-02-07 23:02 . 2009-04-28 15:36 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-02-06 08:30 . 2010-02-06 08:25 -------- d-----w- c:\programmi\Grammatica32SG
2010-02-06 08:25 . 2009-05-13 14:19 253952 ------w- c:\windows\Setup1.exe
2010-02-06 08:23 . 2010-02-06 08:22 -------- d-----w- c:\programmi\linguavox
2010-02-06 08:22 . 2009-04-21 22:10 74752 ------w- c:\windows\ST6UNST.EXE
2010-02-04 15:53 . 2009-05-16 13:47 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-03 14:47 . 2009-12-01 12:41 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\QuickScan
2010-01-31 12:21 . 2010-01-31 12:10 -------- d-----w- c:\programmi\Esplorando 3 Matematica per le medie inferiori
2010-01-31 12:10 . 2010-01-31 12:10 -------- d-----w- c:\programmi\Finson Live Update
2010-01-28 22:21 . 2009-06-22 18:12 -------- d-----w- c:\programmi\Paltalk Messenger
2010-01-26 16:36 . 2010-01-26 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Cakewalk
2010-01-26 16:36 . 2010-01-26 16:34 -------- d-----w- c:\programmi\Cakewalk
2010-01-26 16:33 . 2010-01-26 16:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ableton
2010-01-26 16:33 . 2010-01-26 16:33 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Ableton
2010-01-26 15:54 . 2010-01-26 15:54 -------- d-----w- c:\programmi\Ableton
2010-01-25 17:26 . 2010-01-25 17:26 -------- d-----w- c:\programmi\Oversoft
2010-01-24 22:27 . 2009-12-22 12:53 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\ACAMPREF
2010-01-23 19:32 . 2010-01-23 19:30 -------- d-----w- c:\programmi\EMC
2010-01-22 19:49 . 2009-04-24 19:24 -------- d-----w- c:\programmi\CyberLink
2010-01-22 12:11 . 2009-12-30 12:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\eBay
2010-01-22 12:11 . 2009-12-30 12:50 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\eBay
2010-01-21 22:51 . 2010-01-21 22:51 -------- d-----w- c:\programmi\DVD Shrink
2010-01-21 22:15 . 2010-01-21 22:15 -------- d-----w- c:\programmi\DVD Decrypter
2010-01-20 16:45 . 2009-04-30 15:49 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-18 23:35 . 2010-01-18 23:34 -------- d-----w- c:\programmi\MagicDisc
2010-01-11 17:04 . 2010-01-11 17:00 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdw.DAT
2010-01-11 16:25 . 2010-01-11 16:25 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLck.DAT
2010-01-07 15:07 . 2009-08-02 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-08-02 16:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 17:33 . 2010-01-06 17:33 295424 ----a-w- c:\windows\system32\bwmedia1.dll
2010-01-06 17:33 . 2010-01-06 17:33 150016 ----a-w- c:\windows\system32\bwmedia.dll
2010-01-05 13:42 . 2001-08-31 12:00 80946 ----a-w- c:\windows\system32\perfc010.dat
2010-01-05 13:42 . 2001-08-31 12:00 481680 ----a-w- c:\windows\system32\perfh010.dat
2010-01-01 14:18 . 2010-01-01 14:18 44544 ------w- c:\windows\AWuninstall.exe
2009-12-31 16:50 . 2008-04-13 10:15 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-23 17:30 . 2010-01-26 15:57 368640 ----a-w- c:\windows\system32\ReWire.dll
2009-12-23 17:30 . 2010-01-26 15:57 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-12-22 16:05 . 2009-12-22 12:52 724 ----a-w- c:\windows\wacam.TMP
2009-12-22 12:52 . 2009-12-22 12:52 1409 ----a-w- c:\windows\Fonts\SToccata.fot
2009-12-21 19:06 . 2008-05-08 16:27 916480 ------w- c:\windows\system32\wininet.dll
2009-09-23 16:47 . 2009-09-23 16:47 28488 ----a-w- c:\programmi\mozilla firefox\plugins\atgpcdec.dll
2009-09-23 16:47 . 2009-09-23 16:47 185240 ----a-w- c:\programmi\mozilla firefox\plugins\atgpcext.dll
2009-09-23 16:50 . 2009-09-23 16:50 46408 ----a-w- c:\programmi\mozilla firefox\plugins\atmccli.dll
2009-09-23 16:47 . 2009-09-23 16:47 99224 ----a-w- c:\programmi\mozilla firefox\plugins\ieatgpc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-05-08 . 4ED067D8270174E777286A26FECDB3E8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-03-18_17.09.01 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-09-24 14:26 2022912 ----a-w- c:\programmi\vmntoolbar\vmntoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\programmi\vmntoolbar\vmntoolbar.dll" [2007-09-24 2022912]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\programmi\vmntoolbar\vmntoolbar.dll" [2007-09-24 2022912]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-02 201992]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-18 818256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"MaxBlastMonitor.exe"="c:\programmi\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-08-30 1190760]
"AcronisTimounterMonitor"="c:\programmi\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-08-30 1966376]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Maxtor\Schedule2\schedhlp.exe" [2007-08-30 148760]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"CAPON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2000-04-20 22528]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Nikon Transfer Monitor"="c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe" [2009-05-29 479232]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

c:\documents and settings\6750\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a html2pop3.exe (2).lnk - c:\documents and settings\6750\Desktop\html2pop3232win32\html2pop3.exe [2009-4-8 111104]
FastFX Trader.lnk - c:\programmi\FastFX Trader\terminal.exe [2009-5-14 2765520]
ibfx42l.exe.lnk - c:\programmi\Interbank42\terminal.exe [2009-7-10 2765520]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-25 113664]
Finestra di stato di Canon LBP-800.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2009-4-14 113664]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
PalTalk.lnk - c:\programmi\Paltalk Messenger\paltalk.exe [2009-12-23 11552768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-06-30 07:55 2329224 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [14/04/2009 16.58.59 40464]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17.29.38 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16/05/2009 14.47.50 64288]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [23/05/2009 16.50.46 15172]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [14/06/2008 18.02.12 17408]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16.52.57 1263728]
R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [20/10/2009 20.36.34 23008]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [08/04/2009 22.06.14 39424]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 18.02.46 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 12.28.40 24592]
S2 FlexService;Remote Connections Service;c:\programmi\RapidBIT\cisvc.exe [17/05/2009 5.16.24 41984]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [15/03/2010 21.49.44 135664]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [22/12/2009 12.17.45 1527900]
S3 JTVNCProxy_10.0;JTVNCProxy;c:\programmi\Freedom Scientific\JAWS\10.0\JTVNCProxy.exe [22/10/2008 23.22.00 17176]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [22/05/2008 0.57.38 34576]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 09:27]

2010-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-18 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-08-24 14:09]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-03-15 20:49]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-03-15 20:49]

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1580818891-1801674531-1003Core.job
- c:\documents and settings\6750\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-17 19:18]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1580818891-1801674531-1003UA.job
- c:\documents and settings\6750\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-17 19:18]

2010-03-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{BEB02B75-5635-4488-9403-B5782412E6A5}.job
- c:\windows\system32\msfeedssync.exe [2001-08-31 03:31]

2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{F10321DB-C234-4692-8587-F00FC7DCB7DF}.job
- c:\windows\system32\msfeedssync.exe [2001-08-31 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.igoogle.it/
uInternet Connection Wizard,ShellNext = hxxp://www.incredimail.com/app/?tag=page_app_welcome&lang=16&version=5853823&setup_id=16000002&aff_id=1&addon=IncrediMail
IE: &BOM hinzufügen - c:\\PROGRA~1\\BID-O-~1\\\\AddToBOM.hta
IE: Aggiungi al banner Blocco pubblicità - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ricerca - c:\programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Sothink SWF Catcher - c:\programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: {6B4864BE-E218-4265-A013-AD9896B69D39} = 151.99.125.1,195.110.128.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\6750\Dati applicazioni\Mozilla\Firefox\Profiles\n5stigdk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - www.igoogle.it
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\6750\Dati applicazioni\Mozilla\Firefox\Profiles\n5stigdk.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\6750\Dati applicazioni\Mozilla\Firefox\Profiles\n5stigdk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff30\gears.dll
FF - plugin: c:\documents and settings\6750\Dati applicazioni\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\6750\Dati applicazioni\Mozilla\Firefox\Profiles\n5stigdk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPMyrMus.dll
FF - plugin: c:\programmi\Musicnotes\GuitarGuru\npmusicn.dll
FF - plugin: c:\programmi\Opera\program\plugins\NPMyrMus.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

FF - user.js: browser.sessionstore.resume_from_crash - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 23:41
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1580818891-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{102C5F45-D234-D487-A882-766FD7355D49}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ianflneajplhklenio"=hex:6b,61,62,6d,6b,63,6a,63,66,6c,67,66,69,63,6f,6c,6c,6a,
6c,67,6f,6e,00,00
"hadfenaiglhcjeil"=hex:6b,61,62,6d,6b,63,6a,63,66,6c,67,66,69,63,6f,6c,6c,6a,
6c,67,6f,6e,00,00

[HKEY_USERS\S-1-5-21-1220945662-1580818891-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63E3B181-2029-37C0-710C-CE66C5C493BD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaelehpfinbloojccn"=hex:69,61,6e,66,69,64,6d,61,64,64,6e,67,6e,6f,6c,6c,6e,6b,
00,00
"haofggdfllbikinc"=hex:69,61,61,67,66,66,64,61,66,63,6f,6a,69,62,62,65,69,65,
00,00

[HKEY_USERS\S-1-5-21-1220945662-1580818891-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D34DD8E-61DC-5D24-24D9-13E8ADFE847A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oagdkllabmgkpgonbfbihofbfnmigd"=hex:64,61,66,6e,69,70,67,6c,00,85
"oakelkmlkmekgkekmibnlbcljlhboe"=hex:6a,61,66,6e,68,70,65,6a,6b,66,64,6e,63,6d,
6f,6f,64,6f,68,68,00,0f
"naaenkdfhcecpchnebemhfogodll"=hex:6a,61,67,6e,6b,6a,68,63,64,61,69,62,63,6f,
65,6f,67,62,67,62,00,02
"oagdkllabmgkpgonbfbihofbimpgbn"=hex:64,61,66,6e,69,70,69,6c,00,85
"oakelkmlkmekgkekmibnlbclmlebnb"=hex:6a,61,67,6e,6b,6a,68,63,64,61,69,62,63,6f,
65,6f,67,62,67,62,00,02
"naaenkdfhcecpchnebemhfhikehh"=hex:69,61,6e,6d,6c,6b,6c,61,69,6c,6b,61,70,65,
68,6e,68,6f,00,ff

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{63E3B181-2029-37C0-710C-CE66C5C493BD}\InProcServer32*]
"jaclheihnhingopjeofa"=hex:69,61,6e,66,69,64,6d,61,64,64,6e,67,6e,6f,6c,6c,6e,
6b,00,00
"iaclneglbgmbgkfcif"=hex:69,61,61,67,66,66,64,61,66,63,6f,6a,69,62,62,65,69,65,
00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\klogon.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(1444)
c:\windows\system32\relog_ap.dll
.
Ora fine scansione: 2010-03-18 23:48:06
ComboFix-quarantined-files.txt 2010-03-18 22:48
ComboFix2.txt 2010-03-18 17:19

Pre-Run: 76.438.581.248 byte disponibili
Post-Run: 76.396.384.256 byte disponibili

- - End Of File - - 78C491AA2787742B3001B302422EF317
Torna in alto
 
dc881
Inviato: Thursday, March 18, 2010 11:52:10 PM
Rank: AiutAmico

Iscritto dal : 8/2/2009
Posts: 53
ho rifatto la scansione con combofix e postato il log perché...... non ci siamo ancora, il pc sembrava funzionare poi ha ricominciato a rallentare, a pensare e fare i capricci
Torna in alto
 
paolopa
Inviato: Friday, March 19, 2010 7:15:32 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
facciamo un po di pulizie in attesa che r16 ti controlli il log:
Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected
mi suona strano che dopo una prima scansione combo,alla seconda,abbia trovato tutta quella roba da eliminare.posta un log aggiornato di hijack dopo che avrai fatto tutto.
Torna in alto
 
r16
Inviato: Friday, March 19, 2010 2:00:54 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

File::
c:\windows\system32\lsdelete.exe
c:\windows\system32\drivers\Lbd.sys
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe

Folder::
C:\Programmi\Lavasoft\Ad-Aware
c:\programmi\Lavasoft
c:\windows\Tasks

Driver::
Lbd
Lavasoft Ad-Aware Service

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"=-
[-HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[-HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"=-
[-HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

RegNull::
[HKEY_USERS\S-1-5-21-1220945662-1580818891-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{102C5F45-D234-D487-A882-766FD7355D49}*]
[HKEY_USERS\S-1-5-21-1220945662-1580818891-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63E3B181-2029-37C0-710C-CE66C5C493BD}*]
[HKEY_USERS\S-1-5-21-1220945662-1580818891-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D34DD8E-61DC-5D24-24D9-13E8ADFE847A}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{63E3B181-2029-37C0-710C-CE66C5C493BD}\InProcServer32*]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
dc881
Inviato: Friday, March 19, 2010 2:55:11 PM
Rank: AiutAmico

Iscritto dal : 8/2/2009
Posts: 53
ComboFix 10-03-17.07 - 6750 19/03/2010 14.17.38.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2038.1253 [GMT 1:00]
Eseguito da: c:\documents and settings\6750\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\6750\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe"
"c:\windows\system32\drivers\Lbd.sys"
"c:\windows\system32\lsdelete.exe"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\scrollbar.css
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-19-14-00-09).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-19-14-00-12).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-19-14-00-17).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-19-14-00-32).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-19-14-00-38).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-19-14-00-40).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-19-14-00-42).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-19-14-05-39).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown(03-19-14-05-55).htm
c:\documents and settings\6750\Impostazioni locali\Temporary Internet Files\unknown.htm
c:\programmi\Lavasoft
c:\programmi\Lavasoft\Ad-Aware\aawapi.dll
c:\programmi\Lavasoft\Ad-Aware\AAWService.exe
c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
c:\programmi\Lavasoft\Ad-Aware\AAWWSC.exe
c:\programmi\Lavasoft\Ad-Aware\Ad-Aware.exe
c:\programmi\Lavasoft\Ad-Aware\Ad-Aware_manual_DE.chm
c:\programmi\Lavasoft\Ad-Aware\Ad-Aware_manual_EN.chm
c:\programmi\Lavasoft\Ad-Aware\Ad-Aware_manual_FR.chm
c:\programmi\Lavasoft\Ad-Aware\Ad-Aware_manual_JA.chm
c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe.aawbak
c:\programmi\Lavasoft\Ad-Aware\Ad-AwareCommand.exe
c:\programmi\Lavasoft\Ad-Aware\AutoLaunch.exe
c:\programmi\Lavasoft\Ad-Aware\CEAPI.dll
c:\programmi\Lavasoft\Ad-Aware\dbghelp.dll
c:\programmi\Lavasoft\Ad-Aware\Download Guard for Internet Explorer.exe
c:\programmi\Lavasoft\Ad-Aware\Drivers\32\AAWDriverTool.exe
c:\programmi\Lavasoft\Ad-Aware\Drivers\32\DIFxAPI.dll
c:\programmi\Lavasoft\Ad-Aware\Drivers\32\lbd.cat
c:\programmi\Lavasoft\Ad-Aware\Drivers\32\lbd.inf
c:\programmi\Lavasoft\Ad-Aware\Drivers\32\lbd.sys
c:\programmi\Lavasoft\Ad-Aware\Drivers\64\AAWDriverTool.exe
c:\programmi\Lavasoft\Ad-Aware\Drivers\64\DIFxAPI.dll
c:\programmi\Lavasoft\Ad-Aware\Drivers\64\lbd.cat
c:\programmi\Lavasoft\Ad-Aware\Drivers\64\lbd.inf
c:\programmi\Lavasoft\Ad-Aware\Drivers\64\lbd.sys
c:\programmi\Lavasoft\Ad-Aware\Drivers\i386\sbaphd.sys
c:\programmi\Lavasoft\Ad-Aware\Drivers\i386\sbapifs.sys
c:\programmi\Lavasoft\Ad-Aware\Drivers\i386\sbapifsl.sys
c:\programmi\Lavasoft\Ad-Aware\Drivers\sbapifs.cat
c:\programmi\Lavasoft\Ad-Aware\Drivers\sbapifs.inf
c:\programmi\Lavasoft\Ad-Aware\Drivers\sbapifsl.cat
c:\programmi\Lavasoft\Ad-Aware\Drivers\sbapx64.cat
c:\programmi\Lavasoft\Ad-Aware\EmailScannerAddinSetup.msi
c:\programmi\Lavasoft\Ad-Aware\EmailScannerBridge.dll
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_de-DE.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_en-US.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_es-ES.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_fr-FR.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_it-IT.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_ja-JP.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_nl-NL.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_pt-PT.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_sv-SE.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_tr-TR.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_zh-CN.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_zh-TW.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\ResourceAdmin.xml
c:\programmi\Lavasoft\Ad-Aware\lavalicense.dll
c:\programmi\Lavasoft\Ad-Aware\lavamessage.dll
c:\programmi\Lavasoft\Ad-Aware\Lavasoft Homepage.url
c:\programmi\Lavasoft\Ad-Aware\lsdelete.exe
c:\programmi\Lavasoft\Ad-Aware\metafile.dat
c:\programmi\Lavasoft\Ad-Aware\Neutralize.dll
c:\programmi\Lavasoft\Ad-Aware\PrivacyClean.dll
c:\programmi\Lavasoft\Ad-Aware\Rebrand.dat
c:\programmi\Lavasoft\Ad-Aware\Resources.dll
c:\programmi\Lavasoft\Ad-Aware\Resources.dll.aawbak
c:\programmi\Lavasoft\Ad-Aware\Resources\Carbon.eGL
c:\programmi\Lavasoft\Ad-Aware\Resources\Default.eGL
c:\programmi\Lavasoft\Ad-Aware\Resources\Gold.eGL
c:\programmi\Lavasoft\Ad-Aware\Resources\Orange.eGL
c:\programmi\Lavasoft\Ad-Aware\Resources\Sedona.eGL
c:\programmi\Lavasoft\Ad-Aware\RPAPI.dll
c:\programmi\Lavasoft\Ad-Aware\sbap.dll
c:\programmi\Lavasoft\Ad-Aware\SBRE.dll
c:\programmi\Lavasoft\Ad-Aware\SBTE.dll
c:\programmi\Lavasoft\Ad-Aware\ShellExt.dll
c:\programmi\Lavasoft\Ad-Aware\threatwork.exe
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\AutoStart Manager.exe
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Settings.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gbottompic.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gbottompicp.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gtoppic.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gtoppicp.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\skin.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\SO.dll
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\de.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\en.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\es.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\fr.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\it.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\ja.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\nl.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\pr.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\zh-cmn-Hans.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\zh-cmn-Hant.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Extras.LGFF
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\HostFileEditor.exe
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\DE.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\EN.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\ES.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\FL.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\FR.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\IT.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\NL.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\PT.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\ProcessWatch.dll
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\ProcessWatch.exe
c:\programmi\Lavasoft\Ad-Aware\unrar.dll
c:\programmi\Lavasoft\Ad-Aware\UpdateManager.dll
c:\programmi\Lavasoft\Ad-Aware\UpdateManager.dll.aawbak
c:\programmi\Lavasoft\Ad-Aware\Vipre.dll
c:\programmi\Lavasoft\Ad-Aware\VipreBridge.dll
c:\programmi\Lavasoft\Ad-Aware\WSCUpdate.dll
c:\programmi\Lavasoft\Email Scanner\EmailScanner.dll
c:\programmi\Lavasoft\Email Scanner\EmailScannerIcon.ico
c:\programmi\Lavasoft\Email Scanner\Languages\resource_de-DE.xml
c:\programmi\Lavasoft\Email Scanner\Languages\resource_en-US.xml
c:\programmi\Lavasoft\Email Scanner\Languages\resource_es-ES.xml
c:\programmi\Lavasoft\Email Scanner\Languages\resource_fr-FR.xml
c:\programmi\Lavasoft\Email Scanner\Languages\resource_it-IT.xml
c:\programmi\Lavasoft\Email Scanner\Languages\resource_ja-JP.xml
c:\programmi\Lavasoft\Email Scanner\Languages\resource_nl-NL.xml
c:\programmi\Lavasoft\Email Scanner\Languages\resource_pt-PT.xml
c:\programmi\Lavasoft\Email Scanner\Languages\resource_sv-SE.xml
c:\programmi\Lavasoft\Email Scanner\Languages\resource_tr-TR.xml
c:\programmi\Lavasoft\Email Scanner\Languages\resource_zh-CN.xml
c:\programmi\Lavasoft\Email Scanner\Languages\resource_zh-TW.xml
c:\programmi\Lavasoft\Email Scanner\Languages\ResourceAdmin.xml
c:\programmi\Lavasoft\Email Scanner\rebrand.dat
c:\windows\system32\drivers\Lbd.sys
c:\windows\system32\lsdelete.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LAVASOFT_AD-AWARE_SERVICE
-------\Legacy_LBD
-------\Service_Lavasoft Ad-Aware Service
-------\Service_Lbd


((((((((((((((((((((((((( Files Creati Da 2010-02-19 al 2010-03-19 )))))))))))))))))))))))))))))))))))
.

2010-03-17 21:25 . 2009-12-28 21:21 12288 ----a-w- c:\windows\system32\netset.exe
2010-03-17 21:18 . 2010-03-17 21:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FreeRIP
2010-03-15 20:54 . 2010-03-15 20:54 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2010-03-15 20:50 . 2010-03-15 20:50 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-03-15 20:49 . 2010-03-15 20:50 -------- d-----w- c:\programmi\Google
2010-03-14 12:47 . 2010-03-14 12:47 -------- d-----w- c:\documents and settings\6750\Impostazioni locali\Dati applicazioni\Winamp Toolbar
2010-03-12 15:14 . 2010-03-12 15:17 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Synthesia
2010-03-12 15:11 . 2010-03-12 15:11 -------- d-----w- c:\programmi\Synthesia
2010-03-11 16:53 . 2010-03-11 16:53 540568 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-03-10 20:55 . 2010-03-10 20:55 -------- d-----w- c:\programmi\Winamp Toolbar
2010-03-10 20:55 . 2010-03-10 20:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar
2010-03-10 19:13 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-10 19:13 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-10 19:13 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-10 19:13 . 2010-02-02 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-10 19:12 . 2010-03-10 19:16 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-03-09 22:06 . 2010-03-09 22:06 -------- d-----w- c:\programmi\Lame for Audacity
2010-03-09 19:10 . 2010-03-09 19:10 -------- d-----w- C:\MAGIX
2010-03-09 17:32 . 2010-03-11 13:44 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Audacity
2010-03-09 17:32 . 2010-03-09 17:32 -------- d-----w- c:\programmi\Audacity 1.3 Beta (Unicode)
2010-03-07 22:58 . 2010-03-07 22:58 -------- d-----w- c:\documents and settings\6750\Impostazioni locali\Dati applicazioni\Phase_One
2010-03-07 22:42 . 2010-03-07 22:42 -------- d-----w- c:\programmi\DIFX
2010-03-07 22:42 . 2010-03-07 22:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Phase One
2010-03-07 22:42 . 2010-03-07 22:47 -------- d-----w- c:\documents and settings\6750\Impostazioni locali\Dati applicazioni\CaptureOne
2010-03-05 18:31 . 2010-03-07 19:11 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2010-03-05 18:27 . 2010-03-07 19:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2010-03-05 18:27 . 2010-03-05 18:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2010-03-05 18:27 . 2010-03-05 18:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2010-03-03 14:52 . 2010-03-03 14:52 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-02 22:38 . 2010-03-02 22:44 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Trellian
2010-03-02 22:38 . 2010-03-02 22:40 -------- d-----w- c:\documents and settings\6750\Impostazioni locali\Dati applicazioni\WebPage
2010-03-02 22:36 . 2007-09-07 22:43 512000 ----a-w- c:\windows\system32\Achroma2.dll
2010-03-02 22:36 . 2010-03-18 17:42 -------- d-----w- c:\programmi\Trellian
2010-03-02 22:22 . 2010-03-02 22:22 -------- d-----w- c:\programmi\HTML TableFactory
2010-03-02 17:29 . 2010-03-02 17:29 -------- d-----w- c:\programmi\MPC HomeCinema
2010-03-02 17:26 . 2010-03-02 17:26 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-02-28 19:52 . 2010-02-28 19:52 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\freeTVRadio
2010-02-28 17:09 . 2010-03-18 17:46 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\OfferBox
2010-02-22 19:10 . 2010-02-22 19:10 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Facebook

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 13:33 . 2009-04-08 21:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-03-19 13:30 . 2009-04-08 21:10 3907616 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-19 13:30 . 2009-04-08 21:10 29449760 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-19 13:30 . 2009-04-08 21:10 293960 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-19 13:30 . 2009-04-08 21:10 107564 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-19 12:19 . 2009-06-22 18:12 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Paltalk
2010-03-18 22:26 . 2009-04-16 22:37 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\FileZilla
2010-03-18 17:52 . 2009-10-19 16:37 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2010-03-18 17:48 . 2009-04-08 21:04 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-18 17:45 . 2009-05-07 18:59 -------- d-----w- c:\programmi\RipTiger
2010-03-18 17:43 . 2009-12-30 12:50 -------- d-----w- c:\programmi\eBay
2010-03-18 16:48 . 2009-08-28 22:31 -------- d-----w- c:\programmi\PHPNukeIT
2010-03-17 21:15 . 2009-08-08 14:53 -------- d-----w- c:\programmi\FLVPlayer4Free
2010-03-17 17:56 . 2009-08-02 16:09 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-16 23:17 . 2009-05-10 19:38 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\uTorrent
2010-03-16 23:02 . 2009-05-13 14:06 -------- d-----w- c:\programmi\Direct MIDI to MP3 Converter
2010-03-16 23:01 . 2009-04-08 22:21 -------- d-----w- c:\programmi\eMule
2010-03-16 23:00 . 2009-10-01 13:50 -------- d-----w- c:\programmi\e107 Theme Creator Beta
2010-03-16 23:00 . 2009-10-01 13:52 -------- d-----w- c:\programmi\e107 Tool
2010-03-16 23:00 . 2010-01-12 21:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AppSoft
2010-03-11 16:40 . 2009-05-23 16:20 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\muvee Technologies
2010-03-11 08:58 . 2009-04-16 15:11 79776 ----a-w- c:\documents and settings\6750\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-11 08:57 . 2009-05-23 14:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\muvee Technologies
2010-03-11 08:56 . 2009-05-23 14:59 -------- d-----w- c:\programmi\File comuni\muvee Technologies
2010-03-11 08:56 . 2009-11-16 15:53 79776 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-11 08:56 . 2009-05-23 14:59 -------- d-----w- c:\programmi\muvee Technologies
2010-03-11 08:12 . 2010-01-11 16:20 -------- d-----w- c:\programmi\File comuni\Nikon
2010-03-11 08:11 . 2010-01-11 16:18 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2010-03-10 20:57 . 2009-11-19 18:58 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Winamp
2010-03-10 20:56 . 2009-11-19 18:58 -------- d-----w- c:\programmi\Winamp
2010-03-10 19:10 . 2009-04-21 21:25 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\DivX
2010-03-06 20:29 . 2010-01-11 16:34 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2010-03-04 07:36 . 2009-07-27 21:49 -------- d-----w- c:\programmi\Microsoft ActiveSync
2010-03-03 14:56 . 2009-10-29 09:27 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-27 07:58 . 2009-04-21 21:13 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Any Video Converter
2010-02-25 18:41 . 2009-05-01 14:07 -------- d-----w- c:\programmi\FileZilla FTP Client
2010-02-24 08:48 . 2009-11-30 15:51 66 ----a-w- c:\documents and settings\6750\Dati applicazioni\isfree4_1.tmp
2010-02-18 07:37 . 2010-01-21 22:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2010-02-16 21:28 . 2009-04-18 13:34 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\U3
2010-02-16 21:23 . 2010-01-05 12:21 -------- d-----w- c:\programmi\CA VMN Anti-Spyware
2010-02-14 18:46 . 2009-04-08 20:45 -------- d-----w- c:\programmi\microsoft frontpage
2010-02-14 15:15 . 2009-04-08 21:27 -------- d-----w- c:\programmi\Notepad++
2010-02-14 15:15 . 2009-04-08 21:27 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Notepad++
2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- c:\programmi\STEARsoft
2010-02-10 19:22 . 2009-12-16 19:29 798 ----a-w- c:\windows\unins000.dat
2010-02-10 10:12 . 2009-06-08 21:13 -------- d-----w- c:\programmi\MSECache
2010-02-07 23:02 . 2009-04-28 15:36 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-02-06 08:30 . 2010-02-06 08:25 -------- d-----w- c:\programmi\Grammatica32SG
2010-02-06 08:25 . 2009-05-13 14:19 253952 ------w- c:\windows\Setup1.exe
2010-02-06 08:23 . 2010-02-06 08:22 -------- d-----w- c:\programmi\linguavox
2010-02-06 08:22 . 2009-04-21 22:10 74752 ------w- c:\windows\ST6UNST.EXE
2010-02-03 14:47 . 2009-12-01 12:41 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\QuickScan
2010-01-31 12:21 . 2010-01-31 12:10 -------- d-----w- c:\programmi\Esplorando 3 Matematica per le medie inferiori
2010-01-31 12:10 . 2010-01-31 12:10 -------- d-----w- c:\programmi\Finson Live Update
2010-01-26 16:36 . 2010-01-26 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Cakewalk
2010-01-26 16:36 . 2010-01-26 16:34 -------- d-----w- c:\programmi\Cakewalk
2010-01-26 16:33 . 2010-01-26 16:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ableton
2010-01-26 16:33 . 2010-01-26 16:33 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\Ableton
2010-01-26 15:54 . 2010-01-26 15:54 -------- d-----w- c:\programmi\Ableton
2010-01-25 17:26 . 2010-01-25 17:26 -------- d-----w- c:\programmi\Oversoft
2010-01-24 22:27 . 2009-12-22 12:53 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\ACAMPREF
2010-01-23 19:32 . 2010-01-23 19:30 -------- d-----w- c:\programmi\EMC
2010-01-22 19:49 . 2009-04-24 19:24 -------- d-----w- c:\programmi\CyberLink
2010-01-22 12:11 . 2009-12-30 12:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\eBay
2010-01-22 12:11 . 2009-12-30 12:50 -------- d-----w- c:\documents and settings\6750\Dati applicazioni\eBay
2010-01-21 22:51 . 2010-01-21 22:51 -------- d-----w- c:\programmi\DVD Shrink
2010-01-21 22:15 . 2010-01-21 22:15 -------- d-----w- c:\programmi\DVD Decrypter
2010-01-20 16:45 . 2009-04-30 15:49 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-18 23:35 . 2010-01-18 23:34 -------- d-----w- c:\programmi\MagicDisc
2010-01-11 17:04 . 2010-01-11 17:00 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdw.DAT
2010-01-11 16:25 . 2010-01-11 16:25 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLck.DAT
2010-01-07 15:07 . 2009-08-02 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-08-02 16:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 17:33 . 2010-01-06 17:33 295424 ----a-w- c:\windows\system32\bwmedia1.dll
2010-01-06 17:33 . 2010-01-06 17:33 150016 ----a-w- c:\windows\system32\bwmedia.dll
2010-01-05 13:42 . 2001-08-31 12:00 80946 ----a-w- c:\windows\system32\perfc010.dat
2010-01-05 13:42 . 2001-08-31 12:00 481680 ----a-w- c:\windows\system32\perfh010.dat
2010-01-01 14:18 . 2010-01-01 14:18 44544 ------w- c:\windows\AWuninstall.exe
2009-12-31 16:50 . 2008-04-13 10:15 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-23 17:30 . 2010-01-26 15:57 368640 ----a-w- c:\windows\system32\ReWire.dll
2009-12-23 17:30 . 2010-01-26 15:57 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-12-22 16:05 . 2009-12-22 12:52 724 ----a-w- c:\windows\wacam.TMP
2009-12-22 12:52 . 2009-12-22 12:52 1409 ----a-w- c:\windows\Fonts\SToccata.fot
2009-12-21 19:06 . 2008-05-08 16:27 916480 ------w- c:\windows\system32\wininet.dll
2009-09-23 16:47 . 2009-09-23 16:47 28488 ----a-w- c:\programmi\mozilla firefox\plugins\atgpcdec.dll
2009-09-23 16:47 . 2009-09-23 16:47 185240 ----a-w- c:\programmi\mozilla firefox\plugins\atgpcext.dll
2009-09-23 16:50 . 2009-09-23 16:50 46408 ----a-w- c:\programmi\mozilla firefox\plugins\atmccli.dll
2009-09-23 16:47 . 2009-09-23 16:47 99224 ----a-w- c:\programmi\mozilla firefox\plugins\ieatgpc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-05-08 . 4ED067D8270174E777286A26FECDB3E8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-03-18_17.09.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-19 13:30 . 2010-03-19 13:30 16384 c:\windows\temp\Perflib_Perfdata_230.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"MaxBlastMonitor.exe"="c:\programmi\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-08-30 1190760]
"AcronisTimounterMonitor"="c:\programmi\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-08-30 1966376]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Maxtor\Schedule2\schedhlp.exe" [2007-08-30 148760]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"CAPON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2000-04-20 22528]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Nikon Transfer Monitor"="c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe" [2009-05-29 479232]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-02 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

c:\documents and settings\6750\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a html2pop3.exe (2).lnk - c:\documents and settings\6750\Desktop\html2pop3232win32\html2pop3.exe [2009-4-8 111104]
FastFX Trader.lnk - c:\programmi\FastFX Trader\terminal.exe [2009-5-14 2765520]
ibfx42l.exe.lnk - c:\programmi\Interbank42\terminal.exe [2009-7-10 2765520]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-25 113664]
Finestra di stato di Canon LBP-800.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2009-4-14 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-06-30 07:55 2329224 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [14/04/2009 16.58.59 40464]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17.29.38 33808]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [23/05/2009 16.50.46 15172]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [14/06/2008 18.02.12 17408]
R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [20/10/2009 20.36.34 23008]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [08/04/2009 22.06.14 39424]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 18.02.46 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 12.28.40 24592]
S2 FlexService;Remote Connections Service;c:\programmi\RapidBIT\cisvc.exe [17/05/2009 5.16.24 41984]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [15/03/2010 21.49.44 135664]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [22/12/2009 12.17.45 1527900]
S3 JTVNCProxy_10.0;JTVNCProxy;c:\programmi\Freedom Scientific\JAWS\10.0\JTVNCProxy.exe [22/10/2008 23.22.00 17176]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [22/05/2008 0.57.38 34576]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-19 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-08-24 14:09]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-03-15 20:49]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-03-15 20:49]

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1580818891-1801674531-1003Core.job
- c:\documents and settings\6750\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-17 19:18]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1580818891-1801674531-1003UA.job
- c:\documents and settings\6750\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-17 19:18]

2010-03-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

2010-03-19 c:\windows\Tasks\User_Feed_Synchronization-{BEB02B75-5635-4488-9403-B5782412E6A5}.job
- c:\windows\system32\msfeedssync.exe [2001-08-31 03:31]

2010-03-19 c:\windows\Tasks\User_Feed_Synchronization-{F10321DB-C234-4692-8587-F00FC7DCB7DF}.job
- c:\windows\system32\msfeedssync.exe [2001-08-31 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.igoogle.it/
uInternet Connection Wizard,ShellNext = hxxp://www.incredimail.com/app/?tag=page_app_welcome&lang=16&version=5853823&setup_id=16000002&aff_id=1&addon=IncrediMail
IE: &BOM hinzufügen - c:\\PROGRA~1\\BID-O-~1\\\\AddToBOM.hta
IE: Aggiungi al banner Blocco pubblicità - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ricerca - c:\programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Sothink SWF Catcher - c:\programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: {6B4864BE-E218-4265-A013-AD9896B69D39} = 151.99.125.1,195.110.128.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\6750\Dati applicazioni\Mozilla\Firefox\Profiles\n5stigdk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - www.igoogle.it
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\6750\Dati applicazioni\Mozilla\Firefox\Profiles\n5stigdk.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\6750\Dati applicazioni\Mozilla\Firefox\Profiles\n5stigdk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff30\gears.dll
FF - plugin: c:\documents and settings\6750\Dati applicazioni\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\6750\Dati applicazioni\Mozilla\Firefox\Profiles\n5stigdk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPMyrMus.dll
FF - plugin: c:\programmi\Musicnotes\GuitarGuru\npmusicn.dll
FF - plugin: c:\programmi\Opera\program\plugins\NPMyrMus.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-Ad-Watch - c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 14:41
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\klogon.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(1432)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(4928)
c:\windows\system32\WININET.dll
c:\programmi\Unlocker\UnlockerHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Maxtor\Schedule2\schedul2.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\xampp\mysql\bin\mysqld-nt.exe
c:\windows\system32\CAPRPCSK.EXE
c:\windows\system32\fxssvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\programmi\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\RapidBIT\cidaemon.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-19 14:47:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-19 13:42
ComboFix2.txt 2010-03-18 22:48
ComboFix3.txt 2010-03-18 17:19

Pre-Run: 76.411.465.728 byte disponibili
Post-Run: 76.329.799.680 byte disponibili

- - End Of File - - BB5B83284077474724BA0F93CD95F940
Torna in alto
 
r16
Inviato: Friday, March 19, 2010 3:03:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Tutto a posto?
Torna in alto
 
Utenti presenti in questo topic
Guest

5 pages: [1] 2 3 4 5

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Ho tolto tutti i virus???


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.