Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il log

2 pages: [1] 2
Mi controllate il log Opzioni
Topic Precedente · Topic Sucessivo
black02
Inviato: Sunday, June 27, 2010 9:57:33 AM

Rank: AiutAmico

Iscritto dal : 8/23/2007
Posts: 1,637
Per cortesia mi controllate il log, perchè:

pur avendo una velocità di ricezione dal modem , mi sono accorto una strana lentezza, ho fatto una serie di test con questi risultati: , , .

In questi ultimi giorni ho sostituito AVG IS, con Avira IS, e ieri ho aggiornato mozilla alla versione 3.64, non avendo fatto altro mi viene il sospetto che qualcosa si sia inserito nel mio pc, magari con la mia complicità involontaria.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:43:35, on 27/06/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
F:\programmi\MemoRex\MemoRex.exe
C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCview.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - (no file)
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 14\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [MemoREX] "F:\programmi\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator 14\LogoMedia TranslateDotNet Server.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

--
End of file - 9016 bytes

grazie
Torna in alto
 
Sponsor
Inviato: Sunday, June 27, 2010 9:57:33 AM

 
Torna in alto
 
paolopa
Inviato: Sunday, June 27, 2010 12:36:17 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
apri hijack,clicca su do a system scan only,seleziona le seguenti voci e,con tutte le applicazioni chiuse e disconnesso da internet premi fix checked:
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
fai tutto con calma e senza fretta,poi:
guarda da pannello di controllo,istallazione applicazioni,disinstalla pdfforge toolbar,poi:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
se trova infezioni posta il log che ti rilascera'.
Torna in alto
 
black02
Inviato: Sunday, June 27, 2010 2:32:19 PM

Rank: AiutAmico

Iscritto dal : 8/23/2007
Posts: 1,637
ciao paolopa,
eccco il risultato di malwarebytes che io non ho eliminato.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4245

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/06/2010 14:26:01
mbam-log-2010-06-27 (14-26-01).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 211060
Tempo trascorso: 30 minuti, 39 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 14
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)


grazie
Torna in alto
 
r16
Inviato: Sunday, June 27, 2010 3:15:30 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina i file infetti trovati da Malwarebytes.

Poi:
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )


E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
paolopa
Inviato: Sunday, June 27, 2010 3:24:12 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
elimina cio' che ha trovato malwarebytes,hai un infezione rognosa,scarica questo software: http://www.atribune.org/ccount/click.php?id=4
doppio click per eseguirlo,scegli "scan for vundo",fara' una scansione al termine della quale devi scegliere "remove vundo"
Torna in alto
 
paolopa
Inviato: Sunday, June 27, 2010 3:25:40 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
come non detto,stavo scrivendo e non mi ero accorto che era intervenuto r16.segui le sue indicazioni tranquillamente.
@r16:ciao,stavo scrivendo,pensaci tu che è meglio!!!
Torna in alto
 
r16
Inviato: Sunday, June 27, 2010 3:30:30 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao Paolo..Vundo...Drool
Quel software non funziona più bene da qualche anno.
Torna in alto
 
paolopa
Inviato: Sunday, June 27, 2010 3:33:38 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
ciao r16,mi sono fidato di mbam,facevo male?in ogni caso sono contento che ci sei perchè sudavo,e non per il caldo....
Torna in alto
 
r16
Inviato: Sunday, June 27, 2010 3:36:21 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
No, hai fatto bene.
Malwarebytes, è più efficace del Tool specifico.
Sarà un paio d'anni che non lo aggiornano.Whistle
Infatti, non trova mai niente.
Torna in alto
 
paolopa
Inviato: Sunday, June 27, 2010 3:37:03 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
non lo sapevo,in ogni caso dopo avrei fatto eseguire combofix e superantispyware...se sbaglio dimmelo tranquillamente,sai che mi fa solo piacere.
Torna in alto
 
r16
Inviato: Sunday, June 27, 2010 3:39:46 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
paolopa ha scritto:
non lo sapevo,in ogni caso dopo avrei fatto eseguire combofix e superantispyware...se sbaglio dimmelo tranquillamente,sai che mi fa solo piacere.

Non ti preoccupare amico, sono solo intervenuto, perche c'era urgenza di eliminare le voci di Mbam.
Non volevo che l'infezione si espandesse ulteriormente.
Ciao.
Torna in alto
 
black02
Inviato: Sunday, June 27, 2010 6:30:57 PM

Rank: AiutAmico

Iscritto dal : 8/23/2007
Posts: 1,637
Intanto ringrazio entrambi per la disponibilità.
Nel frattemòpo io avevo anche fatto una scansione con SuperAntispyware, che mi ha trovato qualcosa, poi ho fatto il test dal sito di Alice e dopo il test mi è stato consigliato di aprire una segnalazione, cosa che ho fatto chiamando il 187 x la 2^ volta, quando si chiamno i call center occorre molta fortuna, e mentre la 1^ è andata male, la 2^ bene, l'operatore ha fatto una serie di diagnosi e mi ha detto che c'è un problema nella centrale e quindi verrà risolto.
Con tutte le scansioni che ho fatto, e con tutto quello che ho trovato, mi sorge un dubbio, ma AVIRA che l'ho installato da qualche giorno e valido oppure e meglio che reinstalli AVG.

Questo è il log di combix

ComboFix 10-06-26.03 - Administrator 27/06/2010 18:12:39.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.2038.982 [GMT 2:00]
Eseguito da: c:\users\Administrator\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Administrator\AppData\Roaming\Desktopicon
c:\users\Administrator\AppData\Roaming\Desktopicon\eBay.ico
C:\Win.Msi
c:\windows\system32\system

.
((((((((((((((((((((((((( Files Creati Da 2010-05-27 al 2010-06-27 )))))))))))))))))))))))))))))))))))
.

2010-06-27 14:22 . 2010-06-27 14:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-27 11:47 . 2010-06-27 11:47 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-06-27 11:46 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-27 11:46 . 2010-06-27 11:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 11:46 . 2010-06-27 11:46 -------- d-----w- c:\programdata\Malwarebytes
2010-06-27 11:46 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-27 07:43 . 2010-06-27 07:43 -------- d-----w- c:\program files\Trend Micro
2010-06-26 10:08 . 2010-06-26 10:09 -------- d-----w- c:\users\Administrator\AppData\Local\Abelssoft
2010-06-26 10:08 . 2010-06-26 10:08 -------- d-----w- c:\program files\CheckDrive
2010-06-26 08:54 . 2010-06-26 17:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\vlc
2010-06-25 21:39 . 2010-06-25 21:39 -------- d-----w- c:\users\Administrator\AppData\Local\Xenocode
2010-06-25 21:39 . 2010-06-25 21:39 -------- d-----w- c:\program files\Xenocode
2010-06-24 21:51 . 2010-06-24 21:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\FDRLab
2010-06-24 21:38 . 2010-06-24 21:38 -------- d-----w- C:\Cybia
2010-06-23 07:18 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 07:18 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 07:18 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 07:18 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 07:18 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-22 15:28 . 2010-06-22 15:28 -------- d-----w- c:\users\Administrator\AppData\Roaming\Avira
2010-06-22 15:18 . 2010-06-22 15:31 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2010-06-22 15:18 . 2010-06-22 15:31 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-22 15:18 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-22 15:18 . 2009-02-24 11:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2010-06-22 15:18 . 2010-06-22 15:18 -------- d-----w- c:\programdata\Avira
2010-06-22 15:18 . 2010-06-22 15:18 -------- d-----w- c:\program files\Avira
2010-06-20 07:44 . 2010-06-20 07:44 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-20 07:44 . 2010-06-20 07:44 -------- d-----w- c:\program files\Microsoft.NET
2010-06-20 07:41 . 2010-06-20 07:41 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-06-20 07:40 . 2010-06-20 07:40 -------- d-----r- C:\MSOCache
2010-06-19 15:04 . 2010-06-24 12:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\uTorrent
2010-06-16 18:10 . 2010-06-16 18:10 -------- d-----w- c:\users\Administrator\AppData\Roaming\dvdcss
2010-06-15 07:35 . 2010-06-23 21:40 -------- d-----w- c:\users\Administrator\AppData\Roaming\Nitro PDF
2010-06-15 07:34 . 2010-06-07 13:37 17712 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-06-15 07:34 . 2010-06-07 13:37 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-06-15 07:34 . 2010-06-15 07:34 -------- d-----w- c:\programdata\Nitro PDF
2010-06-15 07:34 . 2010-06-15 07:34 -------- d-----w- c:\program files\Common Files\Nitro PDF
2010-06-15 07:34 . 2010-06-15 07:34 -------- d-----w- c:\program files\Nitro PDF
2010-06-15 07:33 . 2010-06-15 07:33 -------- d-----w- c:\users\Administrator\AppData\Roaming\Downloaded Installations
2010-06-14 13:41 . 2007-08-31 10:52 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-06-14 13:41 . 2007-08-31 10:52 33968 ----a-w- c:\windows\system32\anim.dll
2010-06-14 13:41 . 2004-12-07 08:11 258352 ----a-w- c:\windows\system32\unicows.dll
2010-06-14 13:41 . 2001-08-24 06:25 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-06-14 13:41 . 1999-11-22 13:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-06-14 13:41 . 1999-11-22 13:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-06-14 12:50 . 2010-06-14 12:50 -------- d-----w- c:\users\Administrator\AppData\Roaming\Tracker Software
2010-06-12 15:22 . 2010-06-12 15:22 -------- d-----w- c:\windows\Sun
2010-06-12 15:06 . 2010-06-12 15:19 -------- d-----w- c:\users\Administrator\AppData\Roaming\freeTVRadio
2010-06-12 15:06 . 2010-06-27 14:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\OfferBox
2010-06-12 07:34 . 2010-06-12 07:34 -------- d-----w- c:\users\Administrator\AppData\Local\NeoSmart_Technologies
2010-06-12 07:34 . 2010-06-12 07:34 -------- d-----w- c:\program files\NeoSmart Technologies
2010-06-09 09:04 . 2010-06-25 21:39 -------- d-----w- c:\windows\XSxS
2010-06-09 07:58 . 2010-06-16 15:37 -------- d-----w- c:\users\Administrator\AppData\Roaming\Thinstall
2010-06-09 07:58 . 2010-06-09 07:58 -------- d-----w- c:\users\Administrator\AppData\Local\Thinstall
2010-06-09 07:00 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 07:00 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 07:00 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 07:00 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 07:00 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-03 09:07 . 2010-06-03 09:07 -------- d-----w- c:\users\Administrator\AppData\Roaming\Nero
2010-06-03 08:29 . 2010-06-03 08:29 -------- d-----w- c:\program files\Common Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-27 16:10 . 2009-12-15 13:32 -------- d-----w- c:\program files\cFosSpeed
2010-06-27 13:58 . 2009-07-14 08:21 691004 ----a-w- c:\windows\system32\perfh010.dat
2010-06-27 13:58 . 2009-07-14 08:21 125044 ----a-w- c:\windows\system32\perfc010.dat
2010-06-26 14:40 . 2009-12-15 13:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\SolidDocuments
2010-06-25 15:32 . 2009-12-14 15:55 -------- d-----w- c:\programdata\Microsoft Help
2010-06-24 12:31 . 2010-05-17 13:46 -------- d-----w- c:\program files\Power Translator 14
2010-06-24 12:28 . 2009-12-14 15:55 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-24 12:28 . 2009-12-14 15:13 -------- d-----w- c:\programdata\avg9
2010-06-22 07:34 . 2010-04-29 20:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-21 07:53 . 2009-12-15 13:12 -------- d-----w- c:\users\Administrator\AppData\Roaming\VSO
2010-06-20 07:54 . 2009-12-14 14:31 111576 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-20 07:44 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-06-20 07:44 . 2010-04-24 17:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-16 14:09 . 2010-05-22 15:38 -------- d-----w- c:\program files\VDownloader
2010-06-14 15:56 . 2009-12-14 16:19 -------- d-----w- c:\program files\EPSON
2010-06-14 15:56 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-06-05 06:54 . 2010-04-24 16:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 16:46 . 2009-12-14 14:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\IObit
2010-05-30 16:45 . 2010-05-17 13:10 -------- d-----w- c:\program files\IncrediMail
2010-05-30 15:15 . 2010-04-24 14:46 -------- d-----w- c:\program files\CCleaner
2010-05-26 16:50 . 2010-05-26 16:49 -------- d-----w- c:\program files\EasyPicture2Icon
2010-05-26 07:16 . 2010-04-24 17:00 -------- d-----w- c:\program files\Microsoft
2010-05-22 22:07 . 2010-05-22 22:07 -------- d-----w- c:\program files\Windows Mail
2010-05-22 22:07 . 2010-05-22 22:07 -------- d-----w- c:\program files\Windows Mail.old
2010-05-22 16:21 . 2010-05-22 16:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-05-22 16:21 . 2010-05-22 16:21 -------- d-----w- c:\program files\Java
2010-05-22 15:59 . 2010-05-22 15:52 -------- d-----w- c:\users\Administrator\AppData\Roaming\Orbit
2010-05-22 15:52 . 2010-05-22 15:52 -------- d-----w- c:\users\Administrator\AppData\Roaming\GrabPro
2010-05-22 14:14 . 2009-09-13 19:23 811520 ----a-w- c:\windows\system32\user32.dll
2010-05-22 13:25 . 2010-05-24 16:01 52224 ----a-w- c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f9nxwhaw.default\extensions\{681322c2-653e-4791-9ba1-c10a20c3c793}\components\FFExternalAlert.dll
2010-05-22 13:25 . 2010-05-24 16:01 101376 ----a-w- c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f9nxwhaw.default\extensions\{681322c2-653e-4791-9ba1-c10a20c3c793}\components\RadioWMPCore.dll
2010-05-21 12:14 . 2009-10-30 14:12 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-17 14:26 . 2010-05-17 14:26 63488 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-17 14:26 . 2010-04-29 20:01 117760 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-17 14:15 . 2010-05-17 14:15 -------- d-----w- c:\program files\EASEUS
2010-05-17 13:46 . 2010-05-17 13:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\LEC
2010-05-17 12:32 . 2009-12-15 17:26 -------- d-----w- c:\program files\VS Revo Group
2010-05-17 12:21 . 2010-05-17 12:21 43646 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_D707CE1C009F1381803C2C.exe
2010-05-17 12:21 . 2010-05-17 12:21 43646 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_33E47820CFD4F5D3775329.exe
2010-05-17 12:21 . 2010-05-17 12:21 43646 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_25E0DDF4BB5DA2E0BB26B4.exe
2010-05-17 12:21 . 2010-05-17 12:21 43646 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_21F3885A18D238E15AAE81.exe
2010-05-17 12:21 . 2010-05-17 12:21 29926 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_EABE28F7A0A98A84188A78.exe
2010-05-17 12:21 . 2010-05-17 12:21 109534 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_6FEFF9B68218417F98F549.exe
2010-05-17 12:21 . 2010-05-17 12:21 -------- d-----w- c:\program files\Macrium
2010-04-29 20:01 . 2010-04-29 20:01 52224 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-29 20:00 . 2010-04-29 20:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2010-04-29 19:59 . 2010-04-29 19:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-26 20:10 . 2010-05-17 14:15 1718912 ----a-w- c:\windows\system32\BootMan.exe
2010-04-23 07:13 . 2010-05-26 07:16 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-10 02:18 . 2010-05-22 15:38 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-05-22 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 00:20 561552 ----a-w- c:\progra~1\Microsoft Office\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-02-25 243072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"MemoREX"="f:\programmi\MemoRex\MemoRexStart.exe" [2003-07-29 332288]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2007-08-22 854992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-10-13 49152]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-02-23 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-02-23 8456]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2010-03-17 44512]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-05-17 12872]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2010-03-17 15328]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-06-22 97608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-05-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-31 67656]
S2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2010-06-22 388865]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-06-22 194817]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-06-22 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-06-22 434945]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2010-06-07 196912]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-03-17 220128]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2009-02-24 69632]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]

.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f9nxwhaw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2637690&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Fissa
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f9nxwhaw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f9nxwhaw.default\extensions\{681322c2-653e-4791-9ba1-c10a20c3c793}\components\FFExternalAlert.dll
FF - component: c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f9nxwhaw.default\extensions\{681322c2-653e-4791-9ba1-c10a20c3c793}\components\RadioWMPCore.dll
FF - plugin: c:\progra~1\Microsoft Office\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\Microsoft Office\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Tracker Software\PDF-XChange Viewer\pdf-viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,65,69,8e,20,c2,79,4a,9d,b3,aa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,65,69,8e,20,c2,79,4a,9d,b3,aa,\

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\PDFXCview.exe"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Word.Document.8"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\POWERPNT.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2010-06-27 18:20:08
ComboFix-quarantined-files.txt 2010-06-27 16:20

Pre-Run: 36.315.516.928 byte disponibili
Post-Run: 36.229.238.784 byte disponibili

- - End Of File - - B315D11D589B75B6092FCBFB49A919F1


GRAZIE ANCORA
Torna in alto
 
paolopa
Inviato: Sunday, June 27, 2010 6:48:20 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
bè,è propio vero che non sempre tutto il male viene per nuocere:il malfunzionamento in centrale ti ha spinto a chiedere aiuto ed è stato un bene direi.se puoi invia anche il report di superantispyware,magari puo' essere utile,poi aspetta che r16 ti controlli il log di combo(che ti ha eliminato altre cose)e ti faccia,se è il caso,eseguire un script.ciao.
Torna in alto
 
r16
Inviato: Sunday, June 27, 2010 10:20:40 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

N.B:
Non copiare\incollare la parola Code.

Code:
KillAll::
RegLock::
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asp\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
[HKEY_USERS\S-1-5-21-1174984806-3160417468-2533817474-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia automaticamente, riavvialo tu.
Posta il log aggiornato di combofix
Torna in alto
 
black02
Inviato: Sunday, June 27, 2010 11:01:31 PM

Rank: AiutAmico

Iscritto dal : 8/23/2007
Posts: 1,637
ciao r16, ecco il log

ComboFix 10-06-26.03 - Administrator 27/06/2010 22:50:44.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.2038.1185 [GMT 2:00]
Eseguito da: c:\users\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Administrator\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2010-05-27 al 2010-06-27 )))))))))))))))))))))))))))))))))))
.

2010-06-27 20:54 . 2010-06-27 20:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-27 14:22 . 2010-06-27 14:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-27 11:47 . 2010-06-27 11:47 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-06-27 11:46 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-27 11:46 . 2010-06-27 11:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 11:46 . 2010-06-27 11:46 -------- d-----w- c:\programdata\Malwarebytes
2010-06-27 11:46 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-27 07:43 . 2010-06-27 07:43 -------- d-----w- c:\program files\Trend Micro
2010-06-26 10:08 . 2010-06-26 10:09 -------- d-----w- c:\users\Administrator\AppData\Local\Abelssoft
2010-06-26 10:08 . 2010-06-26 10:08 -------- d-----w- c:\program files\CheckDrive
2010-06-26 08:54 . 2010-06-26 17:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\vlc
2010-06-25 21:39 . 2010-06-25 21:39 -------- d-----w- c:\users\Administrator\AppData\Local\Xenocode
2010-06-25 21:39 . 2010-06-25 21:39 -------- d-----w- c:\program files\Xenocode
2010-06-24 21:51 . 2010-06-24 21:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\FDRLab
2010-06-24 21:38 . 2010-06-24 21:38 -------- d-----w- C:\Cybia
2010-06-23 07:18 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 07:18 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 07:18 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 07:18 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 07:18 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-22 15:28 . 2010-06-22 15:28 -------- d-----w- c:\users\Administrator\AppData\Roaming\Avira
2010-06-22 15:18 . 2010-06-22 15:31 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2010-06-22 15:18 . 2010-06-22 15:31 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-22 15:18 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-22 15:18 . 2009-02-24 11:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2010-06-22 15:18 . 2010-06-22 15:18 -------- d-----w- c:\programdata\Avira
2010-06-22 15:18 . 2010-06-22 15:18 -------- d-----w- c:\program files\Avira
2010-06-20 07:44 . 2010-06-20 07:44 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-20 07:44 . 2010-06-20 07:44 -------- d-----w- c:\program files\Microsoft.NET
2010-06-20 07:41 . 2010-06-20 07:41 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-06-20 07:40 . 2010-06-20 07:40 -------- d-----r- C:\MSOCache
2010-06-19 15:04 . 2010-06-24 12:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\uTorrent
2010-06-16 18:10 . 2010-06-16 18:10 -------- d-----w- c:\users\Administrator\AppData\Roaming\dvdcss
2010-06-15 07:35 . 2010-06-23 21:40 -------- d-----w- c:\users\Administrator\AppData\Roaming\Nitro PDF
2010-06-15 07:34 . 2010-06-07 13:37 17712 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-06-15 07:34 . 2010-06-07 13:37 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-06-15 07:34 . 2010-06-15 07:34 -------- d-----w- c:\programdata\Nitro PDF
2010-06-15 07:34 . 2010-06-15 07:34 -------- d-----w- c:\program files\Common Files\Nitro PDF
2010-06-15 07:34 . 2010-06-15 07:34 -------- d-----w- c:\program files\Nitro PDF
2010-06-15 07:33 . 2010-06-15 07:33 -------- d-----w- c:\users\Administrator\AppData\Roaming\Downloaded Installations
2010-06-14 13:41 . 2007-08-31 10:52 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-06-14 13:41 . 2007-08-31 10:52 33968 ----a-w- c:\windows\system32\anim.dll
2010-06-14 13:41 . 2004-12-07 08:11 258352 ----a-w- c:\windows\system32\unicows.dll
2010-06-14 13:41 . 2001-08-24 06:25 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-06-14 13:41 . 1999-11-22 13:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-06-14 13:41 . 1999-11-22 13:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-06-14 12:50 . 2010-06-14 12:50 -------- d-----w- c:\users\Administrator\AppData\Roaming\Tracker Software
2010-06-12 15:22 . 2010-06-12 15:22 -------- d-----w- c:\windows\Sun
2010-06-12 15:06 . 2010-06-12 15:19 -------- d-----w- c:\users\Administrator\AppData\Roaming\freeTVRadio
2010-06-12 15:06 . 2010-06-27 14:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\OfferBox
2010-06-12 07:34 . 2010-06-12 07:34 -------- d-----w- c:\users\Administrator\AppData\Local\NeoSmart_Technologies
2010-06-12 07:34 . 2010-06-12 07:34 -------- d-----w- c:\program files\NeoSmart Technologies
2010-06-09 09:04 . 2010-06-25 21:39 -------- d-----w- c:\windows\XSxS
2010-06-09 07:58 . 2010-06-16 15:37 -------- d-----w- c:\users\Administrator\AppData\Roaming\Thinstall
2010-06-09 07:58 . 2010-06-09 07:58 -------- d-----w- c:\users\Administrator\AppData\Local\Thinstall
2010-06-09 07:00 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 07:00 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 07:00 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 07:00 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 07:00 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-03 09:07 . 2010-06-03 09:07 -------- d-----w- c:\users\Administrator\AppData\Roaming\Nero
2010-06-03 08:29 . 2010-06-03 08:29 -------- d-----w- c:\program files\Common Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-27 20:56 . 2009-12-15 13:32 -------- d-----w- c:\program files\cFosSpeed
2010-06-27 13:58 . 2009-07-14 08:21 691004 ----a-w- c:\windows\system32\perfh010.dat
2010-06-27 13:58 . 2009-07-14 08:21 125044 ----a-w- c:\windows\system32\perfc010.dat
2010-06-26 14:40 . 2009-12-15 13:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\SolidDocuments
2010-06-25 15:32 . 2009-12-14 15:55 -------- d-----w- c:\programdata\Microsoft Help
2010-06-24 12:31 . 2010-05-17 13:46 -------- d-----w- c:\program files\Power Translator 14
2010-06-24 12:28 . 2009-12-14 15:55 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-24 12:28 . 2009-12-14 15:13 -------- d-----w- c:\programdata\avg9
2010-06-22 07:34 . 2010-04-29 20:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-21 07:53 . 2009-12-15 13:12 -------- d-----w- c:\users\Administrator\AppData\Roaming\VSO
2010-06-20 07:54 . 2009-12-14 14:31 111576 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-20 07:44 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-06-20 07:44 . 2010-04-24 17:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-16 14:09 . 2010-05-22 15:38 -------- d-----w- c:\program files\VDownloader
2010-06-14 15:56 . 2009-12-14 16:19 -------- d-----w- c:\program files\EPSON
2010-06-14 15:56 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-06-05 06:54 . 2010-04-24 16:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 16:46 . 2009-12-14 14:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\IObit
2010-05-30 16:45 . 2010-05-17 13:10 -------- d-----w- c:\program files\IncrediMail
2010-05-30 15:15 . 2010-04-24 14:46 -------- d-----w- c:\program files\CCleaner
2010-05-26 16:50 . 2010-05-26 16:49 -------- d-----w- c:\program files\EasyPicture2Icon
2010-05-26 07:16 . 2010-04-24 17:00 -------- d-----w- c:\program files\Microsoft
2010-05-22 22:07 . 2010-05-22 22:07 -------- d-----w- c:\program files\Windows Mail
2010-05-22 22:07 . 2010-05-22 22:07 -------- d-----w- c:\program files\Windows Mail.old
2010-05-22 16:21 . 2010-05-22 16:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-05-22 16:21 . 2010-05-22 16:21 -------- d-----w- c:\program files\Java
2010-05-22 15:59 . 2010-05-22 15:52 -------- d-----w- c:\users\Administrator\AppData\Roaming\Orbit
2010-05-22 15:52 . 2010-05-22 15:52 -------- d-----w- c:\users\Administrator\AppData\Roaming\GrabPro
2010-05-22 14:14 . 2009-09-13 19:23 811520 ----a-w- c:\windows\system32\user32.dll
2010-05-22 13:25 . 2010-05-24 16:01 52224 ----a-w- c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f9nxwhaw.default\extensions\{681322c2-653e-4791-9ba1-c10a20c3c793}\components\FFExternalAlert.dll
2010-05-22 13:25 . 2010-05-24 16:01 101376 ----a-w- c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f9nxwhaw.default\extensions\{681322c2-653e-4791-9ba1-c10a20c3c793}\components\RadioWMPCore.dll
2010-05-21 12:14 . 2009-10-30 14:12 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-17 14:26 . 2010-05-17 14:26 63488 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-17 14:26 . 2010-04-29 20:01 117760 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-17 14:15 . 2010-05-17 14:15 -------- d-----w- c:\program files\EASEUS
2010-05-17 13:46 . 2010-05-17 13:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\LEC
2010-05-17 12:32 . 2009-12-15 17:26 -------- d-----w- c:\program files\VS Revo Group
2010-05-17 12:21 . 2010-05-17 12:21 43646 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_D707CE1C009F1381803C2C.exe
2010-05-17 12:21 . 2010-05-17 12:21 43646 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_33E47820CFD4F5D3775329.exe
2010-05-17 12:21 . 2010-05-17 12:21 43646 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_25E0DDF4BB5DA2E0BB26B4.exe
2010-05-17 12:21 . 2010-05-17 12:21 43646 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_21F3885A18D238E15AAE81.exe
2010-05-17 12:21 . 2010-05-17 12:21 29926 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_EABE28F7A0A98A84188A78.exe
2010-05-17 12:21 . 2010-05-17 12:21 109534 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_6FEFF9B68218417F98F549.exe
2010-05-17 12:21 . 2010-05-17 12:21 -------- d-----w- c:\program files\Macrium
2010-04-29 20:01 . 2010-04-29 20:01 52224 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-29 20:00 . 2010-04-29 20:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2010-04-29 19:59 . 2010-04-29 19:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-26 20:10 . 2010-05-17 14:15 1718912 ----a-w- c:\windows\system32\BootMan.exe
2010-04-23 07:13 . 2010-05-26 07:16 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-10 02:18 . 2010-05-22 15:38 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-05-22 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-27_16.17.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-12-14 14:15 . 2010-06-27 15:53 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-14 14:15 . 2010-06-27 20:56 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-14 14:15 . 2010-06-27 15:53 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-14 14:15 . 2010-06-27 20:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-06-27 15:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-06-27 20:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-27 13:51 . 2010-06-27 20:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-06-27 13:51 . 2010-06-27 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-06-27 13:51 . 2010-06-27 20:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-06-27 13:51 . 2010-06-27 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 00:20 561552 ----a-w- c:\progra~1\Microsoft Office\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-02-25 243072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"MemoREX"="f:\programmi\MemoRex\MemoRexStart.exe" [2003-07-29 332288]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2007-08-22 854992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-02-23 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-02-23 8456]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2010-03-17 44512]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-05-17 12872]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2010-03-17 15328]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-06-22 97608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-05-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-31 67656]
S2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2010-06-22 388865]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-06-22 194817]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-06-22 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-06-22 434945]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2010-06-07 196912]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-03-17 220128]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-10-13 49152]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2009-02-24 69632]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]

.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f9nxwhaw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2637690&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Fissa
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f9nxwhaw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f9nxwhaw.default\extensions\{681322c2-653e-4791-9ba1-c10a20c3c793}\components\FFExternalAlert.dll
FF - component: c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f9nxwhaw.default\extensions\{681322c2-653e-4791-9ba1-c10a20c3c793}\components\RadioWMPCore.dll
FF - plugin: c:\progra~1\Microsoft Office\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\Microsoft Office\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Tracker Software\PDF-XChange Viewer\pdf-viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\cFosSpeed\spd.exe
c:\program files\Power Translator 14\LogoMedia TranslateDotNet Server.exe
c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
f:\programmi\MemoRex\MemoRex.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-27 22:59:22 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-27 20:59
ComboFix2.txt 2010-06-27 16:20

Pre-Run: 36.236.599.296 byte disponibili
Post-Run: 36.095.160.320 byte disponibili

- - End Of File - - 8BD1D202268B2637796546D91D24D3C5

grazie
Torna in alto
 
black02
Inviato: Sunday, June 27, 2010 11:06:35 PM

Rank: AiutAmico

Iscritto dal : 8/23/2007
Posts: 1,637
Non so se è collegato al log, ma dopo averlo messo nel post e o chiuso, nel destkop mi sono trovato questo log:

Si è verificato un errore. Segnala questo codice di errore al nostro team di supporto.

MBAM_ERROR_NOT_REGISTERED (0, 0)
Torna in alto
 
r16
Inviato: Monday, June 28, 2010 12:02:48 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
black02 ha scritto:
Non so se è collegato al log, ma dopo averlo messo nel post e o chiuso, nel destkop mi sono trovato questo log:
Si è verificato un errore. Segnala questo codice di errore al nostro team di supporto.
MBAM_ERROR_NOT_REGISTERED (0, 0)

No, non centra niente con il log.
Se noti disfunzioni con Malwarebytes, lo disistalli, fai una pulizia (registro compreso) con CCleaner, Riavvii il pc, e lo reistalli.
Come funziona il Pc?
Torna in alto
 
black02
Inviato: Monday, June 28, 2010 9:01:51 AM

Rank: AiutAmico

Iscritto dal : 8/23/2007
Posts: 1,637
r16 ha scritto:

Se noti disfunzioni con Malwarebytes, lo disistalli, fai una pulizia (registro compreso) con CCleaner, Riavvii il pc, e lo reistalli.
Come funziona il Pc?



Non ho notato nessuna disfunzione in Malwa., le pulizie che mi suggerisci le ho già fatte, il pc funziona bene.

grazie di tutto
Torna in alto
 
r16
Inviato: Monday, June 28, 2010 12:07:37 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Di niente.
Ciao.
Un grazie anche a paolopa per il supporto.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.