MALAWARE VUNDO DROP E ALTRI... - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » MALAWARE VUNDO DROP E ALTRI...

5 pages: 1 [2] 3 4 5

MALAWARE VUNDO DROP E ALTRI...

Opzioni

Topic Precedente · Topic Sucessivo

speedy63

Inviato: Friday, April 09, 2010 9:50:00 AM

Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 1,321

ciao unodeisenatori potresti togliere quei 2 riferimenti in hijackthis che non portano a nulla perchè non si trova il riferimento

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file
R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)

Torna in alto

meme1580

Inviato: Friday, April 09, 2010 9:53:23 AM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170

speedy sono già stati tolti, se controlli c'è un secondo log ;-)

Torna in alto

unodeisenatori

Inviato: Friday, April 09, 2010 10:49:48 AM

Rank: AiutAmico

Iscritto dal : 3/13/2009
Posts: 47

l'ultima parte non sono riuscita a farla..in modalità provvisoria sè bloccata la prima scansione rapida...

questo è il log di hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46, on 09/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\IncrediMail\bin\IMApp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MplSetUp] C:\Programmi\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Programmi\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Programmi\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [crntcore32srv] C:\Documents and Settings\responsabile\Dati applicazioni\crntcore32srv\crntcore32srv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ricerca - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: fbtoolbar Sidebar - {4CE39EE9-5365-44A1-9F63-CBE250BF731A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) -
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = umbriaservizi.locale
O17 - HKLM\Software\..\Telephony: DomainName = umbriaservizi.locale
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = umbriaservizi.locale
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 8473 bytes

Torna in alto

unodeisenatori

Inviato: Friday, April 09, 2010 10:50:41 AM

Rank: AiutAmico

Iscritto dal : 3/13/2009
Posts: 47

queste le ads che non ha cancellato

C:\Documents and Settings\responsabile\Impostazioni locali\Dati applicazioni\IM\Identities\{2CD32A99-87B6-4142-81D6-9204C1F3A966}\Message Store\Attachments\LOGO TONDO .JPG : Q30lsldxJoudresxAaaqpcawXc (9056 bytes)
C:\Documents and Settings\responsabile\Impostazioni locali\Dati applicazioni\IM\Identities\{2CD32A99-87B6-4142-81D6-9204C1F3A966}\Message Store\Attachments\Striscione Umbria servizi.bmp : Q30lsldxJoudresxAaaqpcawXc (3868 bytes)
C:\Documents and Settings\responsabile\Impostazioni locali\Dati applicazioni\IM\Identities\{2CD32A99-87B6-4142-81D6-9204C1F3A966}\Message Store\Attachments\_0122180452_001.tif : Q30lsldxJoudresxAaaqpcawXc (3392 bytes)
C:\Documents and Settings\responsabile\Impostazioni locali\Dati applicazioni\IM\Identities\{2CD32A99-87B6-4142-81D6-9204C1F3A966}\Message Store\Attachments\{4EA51BE1-5CB3-4120-96A5-DEB2AEBE0930}\Striscione Umbria servizi.jpg : Q30lsldxJoudresxAaaqpcawXc (3848 bytes)
C:\Documents and Settings\responsabile\Impostazioni locali\Dati applicazioni\IM\Identities\{2CD32A99-87B6-4142-81D6-9204C1F3A966}\Message Store\Attachments\{940A75BC-8B85-42CE-A73E-011EFE31C633}\NUOVO LOGO ultima revisione.JPG : Q30lsldxJoudresxAaaqpcawXc (9872 bytes)
C:\Documents and Settings\responsabile\Impostazioni locali\Dati applicazioni\IM\Identities\{2CD32A99-87B6-4142-81D6-9204C1F3A966}\Message Store\Attachments\{94F6130F-B74F-4123-B1D1-53590CA2B98F}\Striscione Umbria servizi.bmp : Q30lsldxJoudresxAaaqpcawXc (3868 bytes)

questo il log di mbr

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Torna in alto

meme1580

Inviato: Friday, April 09, 2010 10:58:02 AM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170

Solitamente quando drweb fa riavviare il pc è segno di infezione del MBR ma dal log sembra pulito.

Prova a usare STINGER (è portable quindi come drweb non richiede installazione)
http://download.nai.com/products/mcafee-avert/stinger1010838.exe

Prima di premere su scan now vai su preferences e metti la spunta su boot sectors

Torna in alto

unodeisenatori

Inviato: Friday, April 09, 2010 11:13:26 AM

Rank: AiutAmico

Iscritto dal : 3/13/2009
Posts: 47

mik tinite pronto stasera cè da fa i straordinari con me!!!!

Torna in alto

unodeisenatori

Inviato: Friday, April 09, 2010 11:26:00 AM

Rank: AiutAmico

Iscritto dal : 3/13/2009
Posts: 47

C:\DOCUME~1\RESPON~1\DATIAP~1\CRNTCO~1\tjebqtpgghgk.dll

è su questo file che avast mi segnala il vundodrop

Torna in alto

unodeisenatori

Inviato: Friday, April 09, 2010 12:02:49 PM

Rank: AiutAmico

Iscritto dal : 3/13/2009
Posts: 47

ComboFix 09-05-06.05 - responsabile 09/04/2010 11:55.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2030.1584 [GMT 2:00]
Eseguito da: c:\documents and settings\responsabile\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100409-0] *On-access scanning disabled* (Updated)
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((( Files Creati Da 2010-03-09 al 2010-04-09 )))))))))))))))))))))))))))))))))))
.

2010-04-09 09:44 . 2010-04-09 09:44 16384 ----atw c:\temp\Perflib_Perfdata_7e4.dat
2010-04-09 09:43 . 2010-04-09 09:43 16384 ----atw c:\temp\Perflib_Perfdata_59c.dat
2010-04-09 09:40 . 2010-04-09 09:55 -------- d-----w c:\temp\Rar$EX00.547
2010-04-09 09:40 . 2010-04-09 09:40 -------- d-----w c:\temp\__SkypeIEToolbar_Cache
2010-04-09 09:16 . 2010-04-09 09:16 -------- d-----w c:\temp\msohtml
2010-04-09 09:16 . 2010-04-09 09:16 -------- d-----w c:\temp\msohtml1
2010-04-09 09:13 . 2010-04-09 09:55 -------- d-----w c:\temp\MessengerCache
2010-04-09 09:04 . 2010-04-09 09:55 -------- d-----w c:\temp\IM
2010-04-09 08:49 . 2010-04-09 09:55 -------- d-----w c:\temp\VBE
2010-04-09 08:29 . 2010-04-09 08:29 -------- d-----w c:\documents and settings\responsabile\DoctorWeb
2010-04-09 08:29 . 2010-04-09 09:55 -------- d-----w c:\temp\RarSFX0
2010-04-09 08:26 . 2010-04-09 09:53 -------- d-----w c:\temp\_avast4_
2010-04-09 08:02 . 2010-04-09 08:02 77312 ----a-w C:\mbr.exe
2010-04-08 06:13 . 2009-10-25 04:11 77312 ----a-w c:\windows\MBR.exe
2010-04-08 06:13 . 2010-03-12 16:02 261632 ----a-w c:\windows\PEV.exe
2010-04-06 08:40 . 2010-04-06 08:40 -------- d-----w c:\documents and settings\responsabile\Dati applicazioni\Facebook
2010-04-06 08:30 . 2010-04-06 08:30 -------- d-----w c:\programmi\NCH Software
2010-04-02 10:19 . 2010-04-02 10:19 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\NCH Swift Sound
2010-04-02 09:01 . 2010-04-02 09:01 -------- d-----w c:\programmi\Audacity
2010-03-15 07:18 . 2010-03-29 06:57 -------- d-----w c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\Abelssoft
2010-03-15 07:18 . 2010-03-29 06:56 -------- d-----w c:\programmi\CheckDrive
2010-03-11 09:39 . 2010-03-11 09:41 -------- d-----w c:\documents and settings\responsabile\Dati applicazioni\XnView
2010-03-10 23:12 . 2009-10-23 15:28 3558912 -c----w c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 06:31 . 2007-05-11 15:55 -------- d-----w c:\programmi\CCleaner
2010-04-07 08:45 . 2009-03-31 06:38 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2010-04-07 08:39 . 2010-03-05 10:00 -------- d-----w c:\programmi\fb-toolbar
2010-03-31 06:13 . 2007-05-31 09:21 -------- d-----w c:\programmi\File comuni\Java
2010-03-31 06:12 . 2007-05-31 09:21 -------- d-----w c:\programmi\Java
2010-03-31 06:12 . 2006-03-02 12:00 84156 ----a-w c:\windows\system32\perfc010.dat
2010-03-31 06:12 . 2006-03-02 12:00 489410 ----a-w c:\windows\system32\perfh010.dat
2010-03-29 22:46 . 2009-03-31 06:38 38224 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-03-31 06:38 20824 ----a-w c:\windows\system32\drivers\mbam.sys
2010-03-10 11:16 . 2009-03-13 11:34 -------- d-----w c:\programmi\FindyKill
2010-03-09 02:28 . 2008-12-22 07:56 411368 ----a-w c:\windows\system32\deploytk.dll
2010-02-25 06:16 . 2006-03-02 12:00 916480 ------w c:\windows\system32\wininet.dll
2010-02-21 07:19 . 2010-02-21 07:19 413696 ----a-w c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\tbantahn.exe
2010-01-27 10:03 . 2007-05-11 15:43 123 ----a-w c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-01-25 22:25 . 2010-01-25 22:25 308736 ----a-w c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\dukbrh.exe
2007-04-23 10:48 . 2007-06-25 07:08 7168 ----a-w c:\programmi\mozilla firefox\plugins\libcomm.dll
2007-05-17 10:01 . 2007-06-25 07:08 35008 ----a-w c:\programmi\mozilla firefox\plugins\NanoInst.dll
2007-05-03 10:33 . 2007-06-25 07:08 53248 ----a-w c:\programmi\mozilla firefox\plugins\PSComm.dll
2007-05-17 10:01 . 2007-06-25 07:08 130152 ----a-w c:\programmi\mozilla firefox\plugins\PSNAdBrk.dll
2002-07-31 18:55 . 2008-01-30 07:57 104 --sh--w c:\windows\WSYS049.SYS
2008-12-05 16:45 . 2008-11-05 11:37 88 --sh--r c:\windows\system32\5F9242AA4D.sys
2009-02-26 16:21 . 2009-02-26 16:21 23 --sha-w c:\windows\system32\edacded0_x.dat
2008-12-05 16:45 . 2008-11-05 11:37 848 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-16 10:48 . 2009-03-13 15:25 12951584 --sha-w c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2009-01-27 251264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MplSetUp"="c:\programmi\RMClient\MplSetUp.exe" [2000-11-04 40960]
"JobHisInit"="c:\programmi\RMClient\JobHisInit.exe" [2001-11-16 135168]
"IntelAudioStudio"="c:\programmi\Intel Audio Studio\IntelAudioStudio.exe" [2006-08-02 9134080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\Graphisoft1\\ArchiCAD 10\\ArchiCAD.exe"=
"c:\\Programmi\\B2BPOKER\\GoldWin\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/04/2009 10:21 114768]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [18/05/2007 16:05 24786]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/04/2009 10:21 20560]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [21/01/2008 11:56 45534]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S2 cpwnt;cpwnt; [x]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\16.tmp --> c:\windows\system32\16.tmp [?]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [31/07/2008 09:05 64640]
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-09 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 15:17]

2010-04-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 15:17]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.alice.it/
mWindow Title =
uInternet Settings,ProxyOverride = <local>
IE: Download all with Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ricerca - c:\programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: {{4CE39EE9-5365-44A1-9F63-CBE250BF731A} - {4CE39EE9-5365-44A1-9F63-CBE250BF731A} -
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA}
DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\responsabile\Dati applicazioni\Mozilla\Firefox\Profiles\btqsx0uh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.alice.it/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={FD782851-C8B8-AE56-9826-2759C71BD527}&q=
FF - component: c:\programmi\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\responsabile\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPBREAKOUT.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPPOKER.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 11:56
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\16.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(768)
c:\programmi\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(1076)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Ora fine scansione: 2010-04-09 11:57
ComboFix-quarantined-files.txt 2010-04-09 09:57

Pre-Run: 205,275,357,184 byte disponibili
Post-Run: 205,589,618,688 byte disponibili

283 --- E O F --- 2010-03-31 07:56

Torna in alto

unodeisenatori

Inviato: Friday, April 09, 2010 2:30:10 PM

Rank: AiutAmico

Iscritto dal : 3/13/2009
Posts: 47

McAfee® Stinger Version 10.0.1.838 built on Apr 8 2010

Copyright © 2010 McAfee, Inc. All Rights Reserved.

Virus data file v1000 created on Apr 8 2010.

Ready to scan for 1638 viruses, trojans and variants.

Scan initiated on Fri Apr 09 12:10:31 2010

C:\Programmi\eMule\Incoming\Adobe Illustrator Update 9.0.2(1).zip\crac.exe

Found the Artemis!CD086D5C0AB2 trojan !!!

C:\Programmi\eMule\Incoming\Adobe Illustrator Update 9.0.2(1).zip\crac.exe has been deleted.

C:\Programmi\eMule\Incoming\Adobe Illustrator Update 9.0.2.zip\crac.exe

Found the W32/Bagle.dldr virus !!!

C:\Programmi\eMule\Incoming\Adobe Illustrator Update 9.0.2.zip\crac.exe has been deleted.

Number of clean files: 637717

Number of infected files: 1

Number of Trojans: 1

Number of files deleted: 2

Torna in alto

r16

Inviato: Friday, April 09, 2010 3:35:02 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:

KillAll::
File::
c:\documents and settings\responsabile\Dati applicazioni\crntcore32srv\tjebqtpgghgk.dll
c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\tbantahn.exe
c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\dukbrh.exe
c:\windows\system32\16.tmp

Folder::
c:\documents and settings\responsabile\Dati applicazioni\crntcore32srv
c:\programmi\FindyKill
c:\documents and settings\responsabile\DoctorWeb

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

Driver::
pavboot
cpwnt
MEMSWEEP2

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

Torna in alto

meme1580

Inviato: Friday, April 09, 2010 3:44:38 PM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170

certo che eri pieno di caccole, oltre al vundo anche una variente di beagle!!

Dopo aver usato lo script di R16 e ripostato il nuovo log di combofix sarebbe opportuno fare un po' di pulizia:

disattiva il ripristino configurazione di sistema
start,pannello di controllo,sistema,configurazione di sistema,metti la spunta a
"disattiva ripristino configurazione di sistema su tutte le unita'",applica,ok.

Scaricare OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Cliccare su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Dare una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, cliccare su Opzioni e poi Avanzate, togliere il segno di spunta
a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi eseguire le pulizie),
registro compreso.
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp.
(non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows,
aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci
conservate al suo interno ( non eliminare la cartella )
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su
Remove selected

Scarica atf cleaner lancialo metti la supunta su select all e poi premi su empty selected.
Fallo anche per firefox scegliendolo in alto sulla schermata principale di ATF.

riavvia e riattiva il ripristino.

Per una curiosità prova a rilanciare drweb cureit!

ciao mik e facci sapere come va

Torna in alto

unodeisenatori

Inviato: Friday, April 09, 2010 3:55:44 PM

Rank: AiutAmico

Iscritto dal : 3/13/2009
Posts: 47

per ora vi ringrazio....appena posso faccio lo script...e la pulizia...buon week a tutti!!!!!

Torna in alto

unodeisenatori

Inviato: Friday, April 09, 2010 4:59:52 PM

Rank: AiutAmico

Iscritto dal : 3/13/2009
Posts: 47

ComboFix 10-04-08.02 - responsabile 09/04/2010 16:44:14.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2030.1511 [GMT 2:00]
Eseguito da: c:\documents and settings\responsabile\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\responsabile\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100409-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\responsabile\Dati applicazioni\crntcore32srv\tjebqtpgghgk.dll"
"c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\dukbrh.exe"
"c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\tbantahn.exe"
"c:\windows\system32\16.tmp"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\responsabile\DoctorWeb
c:\documents and settings\responsabile\DoctorWeb\CureIt.log
c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\dukbrh.exe
c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\tbantahn.exe
c:\programmi\FindyKill
c:\programmi\FindyKill\FindyKill.cmd
c:\programmi\FindyKill\tmp4.txt
c:\programmi\FindyKill\Tools\FixSrosa.reg
c:\programmi\FindyKill\Tools\icob.ico
c:\programmi\FindyKill\Tools\Kill.exe
c:\programmi\FindyKill\Tools\Proc.exe
c:\programmi\FindyKill\Tools\Process.exe
c:\programmi\FindyKill\Tools\SP2.reg
c:\programmi\FindyKill\Tools\SP3.reg
c:\programmi\FindyKill\Tools\swreg.exe
c:\programmi\FindyKill\Tools\Vista.reg
c:\programmi\FindyKill\Uninstal.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPWNT
-------\Legacy_MEMSWEEP2
-------\Service_cpwnt
-------\Service_pavboot

((((((((((((((((((((((((( Files Creati Da 2010-03-09 al 2010-04-09 )))))))))))))))))))))))))))))))))))
.

2010-04-09 14:51 . 2010-04-09 14:51 -------- d-----w- c:\temp\WPDNSE
2010-04-09 14:51 . 2010-04-09 14:51 53248 ----a-w- c:\temp\catchme.dll
2010-04-09 14:50 . 2010-04-09 14:50 16384 ----atw- c:\temp\Perflib_Perfdata_7c8.dat
2010-04-09 14:50 . 2010-04-09 14:50 16384 ----atw- c:\temp\Perflib_Perfdata_5e0.dat
2010-04-09 14:40 . 2010-04-09 14:40 398336 ----a-w- c:\windows\system32\CF7649.exe
2010-04-09 14:39 . 2010-04-09 14:38 398336 ----a-w- c:\windows\system32\CF7397.exe
2010-04-09 13:55 . 2010-04-09 14:47 -------- d-----w- c:\temp\Excel8.0
2010-04-09 08:26 . 2010-04-09 14:50 -------- d-----w- c:\temp\_avast4_
2010-04-09 08:02 . 2010-04-09 08:02 77312 ----a-w- C:\mbr.exe
2010-04-07 08:43 . 2010-04-07 08:43 5918775 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-06 08:40 . 2010-04-06 08:40 50354 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Facebook\uninstall.exe
2010-04-06 08:40 . 2010-04-06 08:40 -------- d-----w- c:\documents and settings\responsabile\Dati applicazioni\Facebook
2010-04-06 08:30 . 2010-04-06 08:30 -------- d-----w- c:\programmi\NCH Software
2010-04-02 10:19 . 2010-04-02 10:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NCH Swift Sound
2010-03-31 06:12 . 2010-03-31 06:12 503808 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d683c9b-n\msvcp71.dll
2010-03-31 06:12 . 2010-03-31 06:12 499712 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d683c9b-n\jmc.dll
2010-03-31 06:12 . 2010-03-31 06:12 348160 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d683c9b-n\msvcr71.dll
2010-03-31 06:12 . 2010-03-31 06:12 61440 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3ccb3800-n\decora-sse.dll
2010-03-31 06:12 . 2010-03-31 06:12 12800 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3ccb3800-n\decora-d3d.dll
2010-03-15 07:18 . 2010-03-29 06:57 -------- d-----w- c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\Abelssoft
2010-03-15 07:18 . 2010-03-29 06:56 -------- d-----w- c:\programmi\CheckDrive
2010-03-11 09:39 . 2010-03-11 09:41 -------- d-----w- c:\documents and settings\responsabile\Dati applicazioni\XnView
2010-03-10 23:12 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 13:56 . 2007-05-11 15:43 118232 ----a-w- c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-09 10:18 . 2010-01-28 09:26 -------- d-----w- c:\documents and settings\responsabile\Dati applicazioni\uTorrent
2010-04-09 10:17 . 2010-03-05 10:00 -------- d-----w- c:\programmi\fb-toolbar
2010-04-08 06:31 . 2007-05-11 15:55 -------- d-----w- c:\programmi\CCleaner
2010-04-07 08:45 . 2009-03-31 06:38 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-06 10:27 . 2009-03-26 13:34 -------- d-----w- c:\documents and settings\responsabile\Dati applicazioni\Skype
2010-04-06 10:08 . 2009-03-26 13:38 -------- d-----w- c:\documents and settings\responsabile\Dati applicazioni\skypePM
2010-03-31 06:13 . 2007-05-31 09:21 -------- d-----w- c:\programmi\File comuni\Java
2010-03-31 06:12 . 2007-05-31 09:21 -------- d-----w- c:\programmi\Java
2010-03-31 06:12 . 2006-03-02 12:00 84156 ----a-w- c:\windows\system32\perfc010.dat
2010-03-31 06:12 . 2006-03-02 12:00 489410 ----a-w- c:\windows\system32\perfh010.dat
2010-03-30 10:41 . 2010-01-20 08:10 -------- d-----w- c:\documents and settings\responsabile\Dati applicazioni\Free Download Manager
2010-03-29 22:46 . 2009-03-31 06:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-03-31 06:38 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-09 02:28 . 2008-12-22 07:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
2010-02-25 06:16 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2010-01-27 10:03 . 2007-05-11 15:43 123 ----a-w- c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-01-15 09:03 . 2010-01-15 09:03 1956528 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player_ax.exe
2007-04-23 10:48 . 2007-06-25 07:08 7168 ----a-w- c:\programmi\mozilla firefox\plugins\libcomm.dll
2007-05-17 10:01 . 2007-06-25 07:08 35008 ----a-w- c:\programmi\mozilla firefox\plugins\NanoInst.dll
2007-05-03 10:33 . 2007-06-25 07:08 53248 ----a-w- c:\programmi\mozilla firefox\plugins\PSComm.dll
2007-05-17 10:01 . 2007-06-25 07:08 130152 ----a-w- c:\programmi\mozilla firefox\plugins\PSNAdBrk.dll
2002-07-31 18:55 . 2008-01-30 07:57 104 --sh--w- c:\windows\WSYS049.SYS
2008-12-05 16:45 . 2008-11-05 11:37 88 --sh--r- c:\windows\system32\5F9242AA4D.sys
2009-02-26 16:21 . 2009-02-26 16:21 23 --sha-w- c:\windows\system32\edacded0_x.dat
2008-12-05 16:45 . 2008-11-05 11:37 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-03-16 10:48 . 2009-03-13 15:25 12951584 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-04-09_09.56.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-02 10:40 . 2009-02-02 10:40 83456 c:\windows\Installer\c7eec3.msi
+ 2008-07-29 19:07 . 2008-07-29 19:07 23040 c:\windows\Installer\937bc6e.msp
+ 2009-08-06 01:02 . 2009-08-06 01:02 88576 c:\windows\Installer\9347550.msi
+ 2009-10-28 08:37 . 2009-10-28 08:37 27136 c:\windows\Installer\8f81a83.msi
+ 2009-10-28 08:37 . 2009-10-28 08:37 58880 c:\windows\Installer\8f81a78.msi
+ 2008-07-18 07:06 . 2008-07-18 07:06 33280 c:\windows\Installer\5278d0.msi
+ 2008-09-08 15:47 . 2008-09-08 15:47 55296 c:\windows\Installer\20bf699.msi
+ 2009-08-27 15:15 . 2009-08-27 15:15 23552 c:\windows\Installer\1efe62c.msi
+ 2009-08-27 15:13 . 2009-08-27 15:13 26112 c:\windows\Installer\1efe5f4.msi
+ 2009-08-06 01:05 . 2009-08-06 01:05 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2006-10-31 08:10 . 2006-10-31 08:10 282624 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\IT\WF_Langpack_x86.msi
+ 2006-10-31 07:52 . 2006-10-31 07:52 507904 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Italian Language Pack\vs_setup.msi
+ 2009-02-23 07:29 . 2009-02-23 07:29 140288 c:\windows\Installer\ff1d3.msi
+ 2009-02-23 07:28 . 2009-02-23 07:28 152576 c:\windows\Installer\ff1c4.msi
+ 2008-12-12 11:17 . 2008-12-12 11:17 968192 c:\windows\Installer\e0c322.msi
+ 2009-02-02 10:40 . 2009-02-02 10:40 202752 c:\windows\Installer\c7eecd.msi
+ 2009-02-02 10:40 . 2009-02-02 10:40 107008 c:\windows\Installer\c7eeb9.msi
+ 2009-02-02 10:40 . 2009-02-02 10:40 301056 c:\windows\Installer\c7eeb4.msi
+ 2009-02-05 16:57 . 2009-02-05 16:57 457216 c:\windows\Installer\b0d6b8.msi
+ 2009-02-05 16:57 . 2009-02-05 16:57 831488 c:\windows\Installer\b0d6b3.msi
+ 2009-02-05 16:56 . 2009-02-05 16:56 458240 c:\windows\Installer\b0d6a5.msi
+ 2009-02-05 16:54 . 2009-02-05 16:54 520704 c:\windows\Installer\b0d69a.msi
+ 2009-02-05 16:54 . 2009-02-05 16:54 459264 c:\windows\Installer\b0d695.msi
+ 2009-02-05 16:54 . 2009-02-05 16:54 651776 c:\windows\Installer\b0d690.msi
+ 2007-05-31 09:21 . 2007-05-31 09:21 268800 c:\windows\Installer\aafa84.msi
+ 2007-07-23 06:19 . 2007-07-23 06:19 282624 c:\windows\Installer\9652e.msi
+ 2008-12-13 07:58 . 2008-12-13 07:58 754688 c:\windows\Installer\938d208.msp
+ 2009-08-06 01:06 . 2009-08-06 01:06 648192 c:\windows\Installer\938d1e5.msi
+ 2008-07-29 19:23 . 2008-07-29 19:23 250880 c:\windows\Installer\937bc77.msp
+ 2008-07-29 19:28 . 2008-07-29 19:28 278016 c:\windows\Installer\937bc75.msp
+ 2008-07-29 17:40 . 2008-07-29 17:40 291840 c:\windows\Installer\937bc73.msp
+ 2009-08-06 01:05 . 2009-08-06 01:05 137728 c:\windows\Installer\937bc6d.msi
+ 2008-07-29 15:35 . 2008-07-29 15:35 553472 c:\windows\Installer\9347555.msp
+ 2008-07-29 15:33 . 2008-07-29 15:33 506368 c:\windows\Installer\9347553.msp
+ 2008-07-29 15:37 . 2008-07-29 15:37 911360 c:\windows\Installer\9347552.msp
+ 2009-10-28 08:38 . 2009-10-28 08:38 430080 c:\windows\Installer\8f81aad.msi
+ 2009-10-28 08:37 . 2009-10-28 08:37 155648 c:\windows\Installer\8f81a8f.msi
+ 2008-03-20 15:12 . 2008-03-20 15:13 289792 c:\windows\Installer\6e20770.msi
+ 2009-03-25 09:09 . 2009-03-25 09:09 176640 c:\windows\Installer\6c3b3a.msi
+ 2008-07-21 06:21 . 2008-07-21 06:21 289792 c:\windows\Installer\612e6.msi
+ 2008-01-16 10:59 . 2008-01-16 10:59 331264 c:\windows\Installer\60135b6.msi
+ 2008-03-11 08:50 . 2008-03-11 08:50 691200 c:\windows\Installer\581ff3.msi
+ 2010-01-20 08:37 . 2010-01-20 08:37 169472 c:\windows\Installer\572427f.msi
+ 2009-11-25 08:09 . 2009-11-25 08:09 429568 c:\windows\Installer\559cb8f.msi
+ 2008-09-22 07:36 . 2008-09-22 07:36 532992 c:\windows\Installer\53de99.msi
+ 2007-05-11 11:50 . 2007-05-11 11:50 428544 c:\windows\Installer\51f441.msi
+ 2007-05-11 11:49 . 2007-05-11 11:49 427008 c:\windows\Installer\51f43a.msi
+ 2007-05-11 11:49 . 2007-05-11 11:49 117760 c:\windows\Installer\51f435.msi
+ 2007-05-11 11:49 . 2007-05-11 11:49 494592 c:\windows\Installer\51f430.msi
+ 2007-05-25 08:13 . 2007-05-25 08:13 243712 c:\windows\Installer\4909d4.msi
+ 2009-07-29 01:00 . 2009-07-29 01:00 248832 c:\windows\Installer\40c7c78.msi
+ 2009-03-20 09:48 . 2009-03-20 09:48 183808 c:\windows\Installer\40081.msp
+ 2010-03-31 06:13 . 2010-03-31 06:13 180224 c:\windows\Installer\2e1eca42.msi
+ 2009-02-02 16:41 . 2009-02-02 16:41 874496 c:\windows\Installer\212db14.msi
+ 2007-05-11 09:53 . 2007-05-11 09:53 390656 c:\windows\Installer\20e28.msi
+ 2007-05-11 09:49 . 2007-05-11 09:49 265216 c:\windows\Installer\20e23.msi
+ 2009-06-10 10:16 . 2009-06-10 10:16 331264 c:\windows\Installer\1f2d2b8.msi
+ 2008-01-21 16:43 . 2008-01-21 16:43 282624 c:\windows\Installer\1f1d4ac.msi
+ 2008-11-04 15:28 . 2008-11-04 15:28 133632 c:\windows\Installer\1ca7bad.msi
+ 2008-11-04 15:28 . 2008-11-04 15:28 123904 c:\windows\Installer\1ca7ba8.msi
+ 2009-09-03 10:37 . 2009-09-03 10:37 629248 c:\windows\Installer\19e1de.msp
+ 2007-10-06 06:44 . 2007-10-06 06:44 202752 c:\windows\Installer\18dd324.msp
+ 2008-01-23 15:02 . 2008-01-23 15:02 812544 c:\windows\Installer\18dd2f5.msp
+ 2008-07-28 12:40 . 2008-07-28 12:40 161792 c:\windows\Installer\18dd2e1.msp
+ 2007-05-11 10:42 . 2007-05-11 10:42 692224 c:\windows\Installer\18b9bb.msi
+ 2009-02-17 10:39 . 2009-02-17 10:39 377344 c:\windows\Installer\1822c8.msi
+ 2007-05-11 10:01 . 2007-05-11 10:01 181248 c:\windows\Installer\17ea5.msi
+ 2007-05-21 15:35 . 2007-05-21 15:35 409600 c:\windows\Installer\177f1a1.msi
+ 2007-08-20 16:02 . 2007-08-20 16:02 871424 c:\windows\Installer\1751071.msi
+ 2007-08-20 16:01 . 2007-08-20 16:01 431104 c:\windows\Installer\175106b.msi
+ 2007-05-11 10:37 . 2007-05-11 10:37 261120 c:\windows\Installer\14e3bb.msi
+ 2008-07-16 06:31 . 2008-07-16 06:31 142848 c:\windows\Installer\11c0b4.msi
+ 2008-07-16 06:30 . 2008-07-16 06:30 176640 c:\windows\Installer\11c0a3.msi
+ 2009-09-04 15:30 . 2009-09-04 15:30 355328 c:\windows\Installer\1179f302.msi
+ 2007-05-15 13:08 . 2007-05-15 13:08 426496 c:\windows\Installer\112ce3b.msi
+ 2009-02-17 10:39 . 2004-07-19 13:33 614912 c:\windows\Downloaded Installations\HTMLSlideShow.msi
+ 2006-03-02 12:00 . 2006-03-02 12:00 1354240 c:\windows\system32\webfldrs.msi
+ 2008-02-27 10:17 . 2008-02-27 10:18 3120640 c:\windows\system32\Macromed\Shockwave 10\gt.msi
+ 2009-03-18 08:23 . 2007-01-01 06:38 1354240 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2006-10-31 08:10 . 2006-10-31 08:10 1417216 c:\windows\Microsoft.NET\Framework\v3.0\WPF\it\wpflangpack.msi
+ 2007-05-11 11:49 . 2007-05-11 11:49 1228800 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation Language Pack - ITA\langpack.msi
+ 2006-01-07 07:34 . 2006-01-07 07:34 1968640 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ITA\langpack.msi
+ 2007-05-11 15:42 . 2007-05-11 15:42 3693056 c:\windows\Installer\fb14b.msi
+ 2008-04-18 12:26 . 2008-04-18 12:26 5518336 c:\windows\Installer\e104a.msp
+ 2008-10-05 03:12 . 2008-10-05 03:12 4784128 c:\windows\Installer\dd612e.msp
+ 2005-10-26 13:59 . 2005-10-26 13:59 2883072 c:\windows\Installer\ca23c62.msp
+ 2008-01-25 14:29 . 2008-01-25 14:29 5514752 c:\windows\Installer\ca23c4d.msp
+ 2009-02-05 16:56 . 2009-02-05 16:56 1551872 c:\windows\Installer\b0d6a0.msi
+ 2008-02-29 09:58 . 2008-02-29 09:59 8799232 c:\windows\Installer\aecf873.msi
+ 2007-10-09 15:34 . 2007-10-09 15:34 3384832 c:\windows\Installer\9dfad2.msi
+ 2010-01-15 08:25 . 2010-01-15 08:25 4321792 c:\windows\Installer\99768b3.msi
+ 2009-01-27 10:30 . 2009-01-27 10:30 1263616 c:\windows\Installer\9963ae.msi
+ 2009-05-12 11:01 . 2009-05-12 11:01 6818816 c:\windows\Installer\93e6b94.msp
+ 2009-05-28 10:32 . 2009-05-28 10:32 5518848 c:\windows\Installer\93e6b7f.msp
+ 2009-04-23 15:57 . 2009-04-23 15:57 7672832 c:\windows\Installer\93e6b6b.msp
+ 2008-12-13 07:57 . 2008-12-13 07:57 8397824 c:\windows\Installer\938d1f3.msp
+ 2008-07-29 17:26 . 2008-07-29 17:26 1043456 c:\windows\Installer\937bc76.msp
+ 2008-07-29 18:37 . 2008-07-29 18:37 2679808 c:\windows\Installer\937bc74.msp
+ 2008-07-29 19:15 . 2008-07-29 19:15 3697664 c:\windows\Installer\937bc72.msp
+ 2008-07-29 17:34 . 2008-07-29 17:34 1448448 c:\windows\Installer\937bc71.msp
+ 2008-07-29 18:22 . 2008-07-29 18:22 4137984 c:\windows\Installer\937bc70.msp
+ 2008-07-29 17:18 . 2008-07-29 17:18 3376640 c:\windows\Installer\937bc6f.msp
+ 2009-10-22 11:46 . 2009-10-22 11:46 6821888 c:\windows\Installer\937182e.msp
+ 2009-08-18 11:58 . 2009-08-18 11:58 8301056 c:\windows\Installer\9371819.msp
+ 2009-10-06 17:40 . 2009-10-06 17:40 7681024 c:\windows\Installer\9371811.msp
+ 2009-10-22 11:28 . 2009-10-22 11:28 5521408 c:\windows\Installer\93717fc.msp
+ 2008-07-29 15:45 . 2008-07-29 15:45 2543616 c:\windows\Installer\9347559.msp
+ 2008-07-29 15:29 . 2008-07-29 15:29 2926080 c:\windows\Installer\9347558.msp
+ 2008-07-29 15:41 . 2008-07-29 15:41 6487040 c:\windows\Installer\9347557.msp
+ 2008-07-29 15:39 . 2008-07-29 15:39 3403264 c:\windows\Installer\9347556.msp
+ 2008-07-29 15:43 . 2008-07-29 15:43 1013248 c:\windows\Installer\9347554.msp
+ 2008-07-29 15:31 . 2008-07-29 15:31 6083072 c:\windows\Installer\9347551.msp
+ 2009-06-30 09:30 . 2009-06-30 09:30 5520384 c:\windows\Installer\93163c8.msp
+ 2009-12-16 21:58 . 2009-12-16 21:58 5382144 c:\windows\Installer\92f18.msp
+ 2009-12-17 07:38 . 2009-12-17 07:38 1550848 c:\windows\Installer\8c61b.msi
+ 2010-01-19 16:51 . 2010-01-19 16:51 5524480 c:\windows\Installer\6a9a9.msp
+ 2010-01-19 17:29 . 2010-01-19 17:29 5050368 c:\windows\Installer\6a995.msp
+ 2008-11-07 08:54 . 2008-11-07 08:54 1652224 c:\windows\Installer\5b3b44.msi
+ 2008-11-07 08:53 . 2008-11-07 08:53 8990208 c:\windows\Installer\5b3b3f.msi
+ 2008-11-07 08:52 . 2008-11-07 08:52 1549312 c:\windows\Installer\5b3910.msi
+ 2008-07-16 08:39 . 2008-07-16 08:39 5519360 c:\windows\Installer\5aa63c0.msp
+ 2008-02-21 08:58 . 2008-02-21 08:58 3385344 c:\windows\Installer\58c24d6.msi
+ 2008-06-19 16:28 . 2008-06-19 16:28 1573376 c:\windows\Installer\55408d.msp
+ 2007-07-21 11:26 . 2007-07-21 11:26 7574016 c:\windows\Installer\554074.msp
+ 2008-10-20 08:18 . 2008-10-20 08:18 6474240 c:\windows\Installer\55406d.msp
+ 2009-12-11 09:29 . 2009-12-11 09:29 5521408 c:\windows\Installer\55042b.msp
+ 2007-05-11 10:02 . 2007-05-11 10:02 3419136 c:\windows\Installer\53e2.msi
+ 2008-12-12 10:09 . 2008-12-12 10:09 5517824 c:\windows\Installer\5295f8e.msp
+ 2007-05-11 11:49 . 2007-05-11 11:49 1115648 c:\windows\Installer\51f42b.msi
+ 2007-05-11 11:45 . 2007-05-11 11:45 1142784 c:\windows\Installer\51f41c.msi
+ 2007-05-11 15:26 . 2007-05-11 15:26 5804544 c:\windows\Installer\515a0.msi
+ 2010-02-19 08:59 . 2010-02-19 08:59 2901504 c:\windows\Installer\485499.msp
+ 2008-11-05 13:25 . 2008-11-05 13:25 5518336 c:\windows\Installer\436afb.msp
+ 2009-01-14 14:43 . 2009-01-14 14:43 5520384 c:\windows\Installer\4222d.msp
+ 2009-05-01 13:49 . 2009-05-01 13:49 4328960 c:\windows\Installer\40cf9e6.msp
+ 2009-08-25 12:57 . 2009-08-25 12:57 5518336 c:\windows\Installer\4092ee8.msp
+ 2007-05-15 09:16 . 2007-05-15 09:16 3383808 c:\windows\Installer\3dcb7a.msi
+ 2010-02-04 17:11 . 2010-02-04 17:11 5526528 c:\windows\Installer\32ccd83.msp
+ 2010-01-27 16:53 . 2010-01-27 16:53 6820864 c:\windows\Installer\32ccd6f.msp
+ 2010-02-21 00:00 . 2010-02-21 00:00 8480768 c:\windows\Installer\32ccd5a.msp
+ 2009-08-21 08:14 . 2009-08-21 08:14 8363008 c:\windows\Installer\27f83ad.msp
+ 2009-08-20 03:02 . 2009-08-20 03:02 5204992 c:\windows\Installer\27f8399.msp
+ 2009-09-29 07:08 . 2009-09-29 07:08 6747648 c:\windows\Installer\27f837c.msp
+ 2009-09-21 14:53 . 2009-09-21 14:53 5518848 c:\windows\Installer\27f8367.msp
+ 2008-06-10 12:09 . 2008-06-10 12:09 5517312 c:\windows\Installer\2364e11.msp
+ 2008-08-14 13:01 . 2008-08-14 13:01 5517312 c:\windows\Installer\22a9dc2.msp
+ 2008-09-05 11:08 . 2008-09-05 11:08 5515776 c:\windows\Installer\21bb819.msp
+ 2009-02-02 16:41 . 2009-02-02 16:41 3207680 c:\windows\Installer\212db0f.msi
+ 2008-05-15 07:50 . 2008-05-15 07:50 5515776 c:\windows\Installer\20ed68d.msp
+ 2008-07-15 21:12 . 2008-07-15 21:12 1298432 c:\windows\Installer\20bf69f.msp
+ 2009-04-06 15:00 . 2009-04-06 15:00 5518336 c:\windows\Installer\208b816.msp
+ 2009-01-15 02:35 . 2009-01-15 02:35 4830720 c:\windows\Installer\1fc85e7.msp
+ 2009-05-04 05:46 . 2009-05-04 05:46 8299008 c:\windows\Installer\1f488fa.msp
+ 2009-04-24 10:31 . 2009-04-24 10:31 1425920 c:\windows\Installer\1f488f1.msp
+ 2009-04-24 10:30 . 2009-04-24 10:30 2583552 c:\windows\Installer\1f488e7.msp
+ 2009-07-27 02:31 . 2009-07-27 02:31 3738624 c:\windows\Installer\1f488dd.msp
+ 2009-06-10 10:15 . 2009-06-10 10:15 1500160 c:\windows\Installer\1f2d297.msi
+ 2008-03-16 15:11 . 2008-03-16 15:11 5512704 c:\windows\Installer\1f04bb4.msp
+ 2009-08-27 15:18 . 2009-08-27 15:18 3573248 c:\windows\Installer\1efe660.msi
+ 2009-08-27 15:17 . 2009-08-27 15:17 3085824 c:\windows\Installer\1efe65b.msi
+ 2009-08-27 15:17 . 2009-08-27 15:17 3285504 c:\windows\Installer\1efe655.msi
+ 2009-08-27 15:16 . 2009-08-27 15:16 3174400 c:\windows\Installer\1efe650.msi
+ 2009-08-27 15:16 . 2009-08-27 15:16 3096064 c:\windows\Installer\1efe64b.msi
+ 2009-08-27 15:16 . 2009-08-27 15:16 4908544 c:\windows\Installer\1efe645.msi
+ 2009-08-27 15:15 . 2009-08-27 15:15 4915200 c:\windows\Installer\1efe63b.msi
+ 2009-08-27 15:15 . 2009-08-27 15:15 3076608 c:\windows\Installer\1efe636.msi
+ 2009-08-27 15:15 . 2009-08-27 15:15 3076608 c:\windows\Installer\1efe631.msi
+ 2009-08-27 15:15 . 2009-08-27 15:15 3117056 c:\windows\Installer\1efe621.msi
+ 2009-08-27 15:14 . 2009-08-27 15:14 3095552 c:\windows\Installer\1efe61c.msi
+ 2009-08-27 15:14 . 2009-08-27 15:14 3831808 c:\windows\Installer\1efe617.msi
+ 2009-08-27 15:13 . 2009-08-27 15:13 3073024 c:\windows\Installer\1efe612.msi
+ 2009-08-27 15:13 . 2009-08-27 15:13 3074048 c:\windows\Installer\1efe60d.msi
+ 2009-08-27 15:13 . 2009-08-27 15:13 3074048 c:\windows\Installer\1efe607.msi
+ 2009-08-27 15:13 . 2009-08-27 15:13 3074048 c:\windows\Installer\1efe601.msi
+ 2009-08-27 15:13 . 2009-08-27 15:13 3073536 c:\windows\Installer\1efe5fb.msi
+ 2009-08-27 15:13 . 2009-08-27 15:13 3075072 c:\windows\Installer\1efe5ef.msi
+ 2009-08-27 15:12 . 2009-08-27 15:12 3089408 c:\windows\Installer\1efe5ea.msi
+ 2009-08-27 15:12 . 2009-08-27 15:12 3078656 c:\windows\Installer\1efe5e5.msi
+ 2009-08-27 15:12 . 2009-08-27 15:12 3146240 c:\windows\Installer\1efe5e0.msi
+ 2009-08-27 15:12 . 2009-08-27 15:12 3150848 c:\windows\Installer\1efe5db.msi
+ 2009-08-27 15:12 . 2009-08-27 15:12 3083776 c:\windows\Installer\1efe5d6.msi
+ 2009-08-27 15:11 . 2009-08-27 15:11 3076096 c:\windows\Installer\1efe5d1.msi
+ 2009-08-27 15:11 . 2009-08-27 15:11 3079680 c:\windows\Installer\1efe5cc.msi
+ 2009-08-27 15:11 . 2009-08-27 15:11 3087360 c:\windows\Installer\1efe5c7.msi
+ 2009-08-27 15:11 . 2009-08-27 15:11 3094016 c:\windows\Installer\1efe5c2.msi
+ 2009-08-27 15:11 . 2009-08-27 15:11 3273216 c:\windows\Installer\1efe5bd.msi
+ 2009-08-27 15:10 . 2009-08-27 15:10 3186176 c:\windows\Installer\1efe5b8.msi
+ 2009-08-27 15:10 . 2009-08-27 15:10 3073024 c:\windows\Installer\1efe5b3.msi
+ 2009-08-27 15:10 . 2009-08-27 15:10 3110912 c:\windows\Installer\1efe5ad.msi
+ 2009-08-27 15:09 . 2009-08-27 15:09 3178496 c:\windows\Installer\1efe5a8.msi
+ 2009-08-27 15:09 . 2009-08-27 15:09 3228160 c:\windows\Installer\1efe5a3.msi
+ 2009-08-27 15:09 . 2009-08-27 15:09 3070976 c:\windows\Installer\1efe59e.msi
+ 2009-08-27 15:07 . 2009-08-27 15:07 3174400 c:\windows\Installer\1efe599.msi
+ 2009-01-27 16:26 . 2009-01-27 16:26 1070080 c:\windows\Installer\1df83df.msi
+ 2009-03-26 14:50 . 2009-03-26 14:50 1633792 c:\windows\Installer\1a66ebe.msi
+ 2009-11-20 14:00 . 2009-11-20 14:00 5521408 c:\windows\Installer\19e1f2.msp
+ 2008-06-11 13:05 . 2008-06-11 13:05 9994240 c:\windows\Installer\18dd3a2.msp
+ 2008-04-01 12:33 . 2008-04-01 12:33 5479936 c:\windows\Installer\18dd379.msp
+ 2008-01-31 08:30 . 2008-01-31 08:30 9947648 c:\windows\Installer\18dd34c.msp
+ 2008-01-14 14:53 . 2008-01-14 14:53 5213696 c:\windows\Installer\18dd338.msp
+ 2008-07-08 09:27 . 2008-07-08 09:27 8436736 c:\windows\Installer\18dd30a.msp
+ 2007-11-14 14:02 . 2007-11-14 14:02 4102144 c:\windows\Installer\18dd2b8.msp
+ 2007-05-25 15:02 . 2007-05-25 15:02 3383808 c:\windows\Installer\1626ea3.msi
+ 2009-03-26 13:34 . 2009-03-26 13:34 1602048 c:\windows\Installer\16144e7.msi
+ 2009-08-05 00:11 . 2009-08-05 00:11 5518848 c:\windows\Installer\14f603.msp
+ 2009-07-01 11:21 . 2009-07-01 11:21 8891904 c:\windows\Installer\14f5ee.msp
+ 2009-03-05 13:40 . 2009-03-05 13:40 6819840 c:\windows\Installer\149d1c.msp
+ 2007-05-11 10:37 . 2007-05-11 10:37 3454464 c:\windows\Installer\140c76.msi
+ 2009-02-11 14:02 . 2009-02-11 14:02 5519872 c:\windows\Installer\134ae9.msp
+ 2008-07-16 06:34 . 2008-07-16 06:34 5078016 c:\windows\Installer\11c14e.msi
+ 2008-07-16 06:31 . 2008-07-16 06:31 2575872 c:\windows\Installer\11c0bb.msi
+ 2007-11-08 11:40 . 2007-11-08 11:40 8638464 c:\windows\Downloaded Installations\{3E547985-AA94-4B1B-8ADD-21E060E5E31F}\Adobe Photoshop Album 3.2 SE.msi
+ 2007-07-25 16:30 . 2003-11-04 05:42 2262216 c:\windows\Cache\Adobe Reader 6.0.1\ITAMIN\Adobe Reader 6.0.1 - Italiano.msi
+ 2007-05-25 08:23 . 2003-11-04 05:35 2270720 c:\windows\Cache\Adobe Reader 6.0.1\ITABIG\Adobe Reader 6.0.1 - Italiano.msi
+ 2006-10-30 02:05 . 2006-10-30 02:05 11390464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpf.msi
+ 2007-05-11 15:58 . 2007-01-19 11:21 16768512 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2007-07-23 06:27 . 2006-07-29 18:39 15660032 c:\windows\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi
+ 2008-12-13 08:21 . 2008-12-13 08:21 10473472 c:\windows\Installer\938d1fd.msp
+ 2008-08-11 09:51 . 2008-08-11 09:51 15916544 c:\windows\Installer\554095.msp
+ 2008-09-24 10:05 . 2008-09-24 10:05 16381440 c:\windows\Installer\554084.msp
+ 2009-02-25 17:07 . 2009-02-25 17:07 11646464 c:\windows\Installer\55407c.msp
+ 2009-07-31 06:16 . 2009-07-31 06:16 15705600 c:\windows\Installer\5323a78.msp
+ 2009-09-09 01:01 . 2009-09-09 01:01 15709696 c:\windows\Installer\4092ed5.msp
+ 2007-10-14 21:33 . 2007-10-14 21:33 26646016 c:\windows\Installer\3fbf638.msp
+ 2009-08-14 18:32 . 2009-08-14 18:32 11110912 c:\windows\Installer\27f83b6.msp
+ 2008-08-11 09:49 . 2008-08-11 09:49 22457344 c:\windows\Installer\27f8384.msp
+ 2008-07-30 06:50 . 2008-07-30 06:50 12506112 c:\windows\Installer\22a9dec.msp
+ 2008-06-04 11:29 . 2008-06-04 11:29 16905728 c:\windows\Installer\22a9dd7.msp
+ 2008-08-13 12:49 . 2008-08-13 12:49 11816960 c:\windows\Installer\21bb82e.msp
+ 2008-07-08 08:09 . 2008-07-08 08:09 11887616 c:\windows\Installer\18dd38e.msp
+ 2008-02-29 20:09 . 2008-02-29 20:09 16907776 c:\windows\Installer\18dd361.msp
+ 2008-01-14 13:24 . 2008-01-14 13:24 10721280 c:\windows\Installer\18dd31e.msp
+ 2008-07-01 07:25 . 2008-07-01 07:25 11814912 c:\windows\Installer\18dd2cd.msp
+ 2009-04-04 06:35 . 2009-04-04 06:35 38325760 c:\windows\Installer\18cab7.msp
+ 2009-07-01 11:19 . 2009-07-01 11:19 10607104 c:\windows\Installer\14f5ef.msp
+ 2007-05-22 06:30 . 2007-05-22 06:30 10418176 c:\windows\Downloaded Installations\{68358CF7-C577-4B3B-B854-99BFE8694626}\Turbo Lister 2.msi
+ 2009-02-05 16:56 . 2009-02-05 16:56 13180416 c:\windows\Downloaded Installations\{35BF549A-60EB-43E2-8914-F33C0D7689E4}\Nokia Software Launcher.msi
+ 2007-07-27 06:47 . 2007-07-27 06:47 131022336 c:\windows\Installer\243469e.msp
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2009-01-27 251264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"MplSetUp"="c:\programmi\RMClient\MplSetUp.exe" [2000-11-04 40960]
"JobHisInit"="c:\programmi\RMClient\JobHisInit.exe" [2001-11-16 135168]
"IntelAudioStudio"="c:\programmi\Intel Audio Studio\IntelAudioStudio.exe" [2006-08-02 9134080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\Graphisoft1\\ArchiCAD 10\\ArchiCAD.exe"=
"c:\\Programmi\\B2BPOKER\\GoldWin\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/04/2009 10:21 114768]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [18/05/2007 16:05 24786]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/04/2009 10:21 20560]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [21/01/2008 11:56 45534]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [31/07/2008 09:05 64640]
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-09 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 15:17]

2010-04-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 15:17]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.alice.it/
mWindow Title =
uInternet Settings,ProxyOverride = <local>
IE: Download all with Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ricerca - c:\programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: {{4CE39EE9-5365-44A1-9F63-CBE250BF731A} - {4CE39EE9-5365-44A1-9F63-CBE250BF731A} -
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA}
DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1}
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
FF - ProfilePath - c:\documents and settings\responsabile\Dati applicazioni\Mozilla\Firefox\Profiles\btqsx0uh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.alice.it/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={FD782851-C8B8-AE56-9826-2759C71BD527}&q=
FF - component: c:\programmi\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\responsabile\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPBREAKOUT.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPPOKER.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-FindyKill - c:\programmi\FindyKill\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 16:51
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(768)
c:\programmi\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(956)
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\programmi\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\UStorSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\IncrediMail\bin\IMApp.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-09 16:55:35 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-09 14:55
ComboFix2.txt 2010-04-09 09:57

Pre-Run: 205,510,246,400 byte disponibili
Post-Run: 205,474,344,960 byte disponibili

- - End Of File - - E4697A25D310CC921E513814A7E0F080

Torna in alto

r16

Inviato: Friday, April 09, 2010 5:21:43 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Da Installazione Applicazioni, disinstalla TUTTE le versioni JAVA che vedi.
Fai una pulizia con CCleaner, (registro compreso).
Riavvia il pc.

Installa questa versione:
http://www.aiutamici.com/software?ID=11134
Fai attenzione, in fase di scaricamento a NON installare la Toolbar di Yahoo!

Quando hai finito posta un log aggiornato di HJT.

Torna in alto

meme1580

Inviato: Friday, April 09, 2010 5:37:21 PM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170

Se posso permettermi, visto che la disinstallazione classica non eliminera tutti i file che riguardano java, consiglierei, una volta eseguite le operazioni scritte da r16, di fare una pulizia con JAVARA
http://downloads.sourceforge.net/project/javara/javara/JavaRa/JavaRa.zip?use_mirror=mesh
se il download non parte in automatico premi su direct link

Scegli la lingua e poi premi su Rimuovere Versioni Vecchie

Torna in alto

unodeisenatori

Inviato: Monday, April 12, 2010 9:00:55 AM

Rank: AiutAmico

Iscritto dal : 3/13/2009
Posts: 47

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:57, on 12/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\IncrediMail\bin\IMApp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MplSetUp] C:\Programmi\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Programmi\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Programmi\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ricerca - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: fbtoolbar Sidebar - {4CE39EE9-5365-44A1-9F63-CBE250BF731A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) -
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = umbriaservizi.locale
O17 - HKLM\Software\..\Telephony: DomainName = umbriaservizi.locale
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = umbriaservizi.locale
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 7801 bytes

Torna in alto

r16

Inviato: Monday, April 12, 2010 1:25:32 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Da Installazione Applicazioni, disinstalla la versione di Abobe Reader.

Dopo la disinstallazione, installa la versione aggiornata di:
Adobe Reader:
http://www.adobe.com/it/products/acrobat/readstep2.html
Una volta installato Adobe Reader lancialo e:
nella barra degli strumenti clicca sul ?
clicca su Ricerca aggiornamenti ed esegui gli aggioramenti che veranno proposti.

Hai una versione vecchia di Avast!
Per disistallare Avast!:
Cessane l'esecuzione dalla Tray bar. (vicino all'orologio)
Scarica questo Tooll specifico sul Desktop:
http://files.avast.com/files/eng/aswclear.exe
Lo si deve eseguire in Modalità provvisoria.
Ecco la pagina con le istruzioni:
http://www.avast.com/eng/avast-uninstall-utility.html
Riavvia in Modalità normale. (sconnesso da internet)

Installa l'ultima versione:
http://www.aiutamici.com/software?ID=80367
Fai una scansione completa.

Se non rileva niente abbiamo finito.

Torna in alto

unodeisenatori

Inviato: Tuesday, April 13, 2010 9:12:44 AM

Rank: AiutAmico

Iscritto dal : 3/13/2009
Posts: 47

gente cè qualcosa che non va...il pc dopo 5 minuti di utilizzo si inceppa e si riavvia da solo....l'ultimo passaggio non l'ho esguito....

ditemi che devo fare...è il pc del lavoro sono messo maluccio!!!

Torna in alto

maopapof

Inviato: Tuesday, April 13, 2010 11:00:05 AM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,185

Quando il PC va in blocco dopo pochi minuti, o dà frequentemente strani errori, la prima cosa da fare per ricercare la soluzione è eliminare qualsiasi overclock, di scheda video, processore, ram e quant'altro, riportando ogni componente del PC ai settaggi standard

spero che ti eri fatto un punto dei ripristino oppure ti eri conservato un bk dei dati di ufficio :O) .... il pc ha impostato il ravvio in automatico ?

Torna in alto

unodeisenatori

Inviato: Tuesday, April 13, 2010 11:19:23 AM

Rank: AiutAmico

Iscritto dal : 3/13/2009
Posts: 47

non ho fatto nulla...cmq i dati non sono all'interno di questo pc ma in un server...ho solamente esguito tutte le istruzioni...non ho idea di cosa fare!!!!

Torna in alto

Utenti presenti in questo topic

Guest

5 pages: 1 [2] 3 4 5

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » MALAWARE VUNDO DROP E ALTRI...

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded