|
| Precedente :: Successivo |
| Autore |
Messaggio |
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
 Inviato: 31 Mag 2008 15:41 Oggetto: iexplore.exe |
 |
|
Ciao a tutti!
Chiedo aiuto a qualcuno di voi per risolvere questo problema,visto che io di computer ne capisco veramente poco..
Quando sono connesso ad internet,si aprono in continuazione delle pagine di pubblicita' di qualsiasi tipo. Ho visitato diversi forum e da quanto ne ho capito,sembra un problema causato da iexplore.exe...credo..
In oltre quando spengo il pc si apre la finestra del termine programma iexplore.exe. Il sistema operativo che uso e' windows xp 2002 service pack 2. Come antivirus ho avg 8.0 che faciendo la scansione non trova nessuna infezione. Di seguito riporto il log della scansione che ho fatto con hijackthis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.03.55, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\SiteAdvisor\6261\SiteAdv.exe
C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\Programmi\Lexmark 4300 Series\lxcemon.exe
C:\Programmi\Lexmark 4300 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Utente\Documenti\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/indexbb.html?pmk=TSspo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://*.mrk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Programmi\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Programmi\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Programmi\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Date Army Wma SPAM] C:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army\gram data.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [01new] C:\DOCUME~1\Utente\DATIAP~1\BLEHUP~1\multi dog regs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programmi\SiteAdvisor\6261\SAService.exe
--
End of file - 10322 bytes
Spero che qualcuno possa aiutarmi........ |
|
| Top |
|
 |
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 31 Mag 2008 18:36 Oggetto: |
|
|
Ciao ALEK-J  e benvenuto...
Si tratta del famoso CID;
fai girare questi:
CCleaner;
Combofix;
Virit;
Hijackthis;
Avvia Hijack, seleziona queste righe se presenti e clicca poi su fix Cheched:
| Citazione: | O4 - HKLM\..\Run: [Date Army Wma SPAM] C:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army\gram data.exe
O4 - HKCU\..\Run: [01new] C:\DOCUME~1\Utente\DATIAP~1\BLEHUP~1\multi dog regs.exe
|
Riavvia il PC e posta un nuovo log di Hijack... |
|
| Top |
|
|
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
| Inviato: 02 Giu 2008 16:30 Oggetto: |
|
|
ciao! ho fatto girare i progammi che mi hai consigliato ma il problema persiste.. ecco il nuovo log di Combofix:
ComboFix 08-06-01.6 - Utente 2008-06-02 14.26.44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.295 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\COMBO-FIX.EXE
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-05-02 al 2008-06-02 )))))))))))))))))))))))))))))))))))
.
2008-06-02 13:35 . 2008-06-02 13:35 <DIR> d-------- C:\Programmi\CCleaner
2008-05-31 17:49 . 2008-06-02 14:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-27 10:35 . 2008-05-27 10:35 <DIR> d-------- C:\Programmi\blehupload
2008-05-20 12:08 . 2008-05-20 12:15 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-17 10:26 . 2008-05-17 10:26 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-05-17 10:23 . 2008-05-17 10:23 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-17 10:23 . 2008-05-17 10:24 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 20:05 . 2008-05-20 22:09 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-16 19:57 . 2008-06-01 20:08 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-16 19:38 . 2008-05-16 19:38 <DIR> d-------- C:\Programmi\Avant Browser
2008-05-16 19:38 . 2008-05-16 19:38 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Avant Profiles
2008-05-16 19:20 . 2008-06-02 10:52 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-16 19:20 . 2008-05-16 19:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-16 19:20 . 2008-05-16 19:23 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-16 19:20 . 2008-05-16 19:20 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-16 19:20 . 2008-05-16 19:28 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-16 19:19 . 2008-05-16 19:19 <DIR> d-------- C:\Programmi\AVG
2008-05-16 19:19 . 2008-05-16 19:40 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\AVGTOOLBAR
2008-05-16 19:19 . 2008-05-16 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-05-16 19:05 . 2008-05-16 19:05 <DIR> d-------- C:\Programmi\Nero
2008-05-16 18:53 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-05-16 18:53 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-05-16 18:53 . 2008-05-16 18:53 0 --a------ C:\WINDOWS\Irremote.ini
2008-05-12 21:31 . 2008-05-12 21:31 <DIR> d-------- C:\Programmi\File comuni\Motive
2008-05-11 16:03 . 2008-05-11 16:03 <DIR> d-------- C:\Programmi\Abbyy FineReader 6.0 Sprint
2008-05-11 15:59 . 2008-05-11 18:12 <DIR> d-------- C:\Programmi\Lexmark 4300 Series
2008-05-10 00:48 . 2008-05-10 00:10 2,486,784 --a------ C:\WINDOWS\system32\AnipUninst1.exe
2008-05-10 00:10 . 2008-05-10 00:49 <DIR> d-------- C:\Program Files
2008-05-08 21:45 . 2008-05-08 21:45 <DIR> d-------- C:\Programmi\torrent_search
2008-05-08 21:45 . 2008-05-27 10:37 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\blehupload
2008-05-08 21:45 . 2008-05-27 10:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army
2008-05-08 21:44 . 2008-05-08 21:59 <DIR> d-------- C:\Programmi\BitDownload
2008-05-06 16:10 . 2008-05-06 16:10 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Lexmark Productivity Studio
2008-05-06 16:07 . 2008-05-08 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Lx_cats
2008-05-06 16:05 . 2008-05-06 16:05 <DIR> d-------- C:\logs
2008-05-06 15:55 . 2008-05-06 15:56 548,405 --a------ C:\lxceUNST.000
2008-05-06 15:55 . 2008-05-11 15:54 548,148 --a------ C:\lxceUNST.csv
2008-05-05 12:39 . 2008-05-09 19:17 <DIR> d-------- C:\Programmi\BitTorrent Fastest Tool
2008-05-03 17:35 . 2008-05-03 17:35 106 --a------ C:\WINDOWS\wininit.ini
2008-05-02 18:14 . 2008-05-02 18:14 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Motive
2008-05-02 17:59 . 2008-05-02 17:59 <DIR> d-------- C:\Programmi\IObit
2008-05-02 17:49 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-02 17:49 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-02 17:49 . 2007-03-08 07:11 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-02 17:49 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-02 17:49 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-02 17:49 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-02 17:49 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-02 17:49 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-02 17:49 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-02 17:48 . 2008-05-02 17:50 <DIR> d-------- C:\WINDOWS\system32\it-it
2008-05-02 17:31 . 2008-05-02 17:31 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-05-02 17:30 . 2008-05-02 17:30 <DIR> d-------- C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-05-02 16:49 . 2008-05-02 16:49 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\FaxCtr
2008-05-02 16:43 . 2008-05-02 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\FaxCtr
2008-05-02 16:43 . 2003-03-11 19:26 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-05-02 16:43 . 2003-03-11 19:26 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-05-02 16:43 . 2003-03-11 19:26 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-05-02 16:43 . 2003-03-11 19:26 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-05-02 16:43 . 2003-03-11 19:26 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-05-02 16:43 . 2007-11-01 16:29 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-05-02 16:43 . 2007-11-01 16:28 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-05-02 16:43 . 2005-07-12 11:37 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-05-02 16:42 . 2008-05-06 16:03 <DIR> d-------- C:\Programmi\Lexmark Fax Solutions
2008-05-02 16:42 . 2008-05-11 16:03 35,119 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-05-02 16:41 . 2008-06-01 08:17 <DIR> d-------- C:\Programmi\Lx_cats
2008-05-02 16:41 . 2008-05-16 19:07 <DIR> d-------- C:\Programmi\File comuni\Nero
2008-05-02 16:41 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-02 16:41 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-02 16:40 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-02 16:40 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-02 16:39 . 2008-05-11 18:12 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-05-02 16:39 . 2008-05-27 20:13 <DIR> d-------- C:\Temp
2008-05-02 16:39 . 2001-08-30 23:08 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-05-02 16:39 . 2001-08-30 23:08 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-02 16:39 . 2008-05-11 15:59 882 --a------ C:\LXCEINST.csv
2008-05-02 16:39 . 2008-05-10 20:43 882 --a------ C:\LXCEINST.001
2008-05-02 16:39 . 2008-05-02 16:40 882 --a------ C:\LXCEINST.000
2008-05-02 16:39 . 2008-05-11 15:59 0 --a------ C:\lxcefire.csv
2008-05-02 16:39 . 2008-05-10 20:43 0 --a------ C:\lxcefire.001
2008-05-02 16:39 . 2008-05-02 16:39 0 --a------ C:\lxcefire.000
2008-05-02 16:34 . 2008-05-02 16:34 <DIR> d--hs---- C:\Documents and Settings\Utente\UserData
2008-05-02 16:32 . 2008-05-02 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2008-05-02 16:11 . 2008-05-24 19:18 <DIR> d-------- C:\Programmi\eMule
2008-05-02 15:14 . 2008-05-02 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\LightScribe
2008-05-02 15:10 . 2008-05-02 15:10 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Nero
2008-05-02 15:09 . 2008-05-16 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-05-02 15:02 . 2008-05-31 15:02 <DIR> d-------- C:\Programmi\SiteAdvisor
2008-05-02 15:02 . 2008-05-17 19:34 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\SiteAdvisor
2008-05-02 15:02 . 2008-05-02 15:02 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\SiteAdvisor
2008-05-02 15:02 . 2008-05-03 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-05-02 15:02 . 2008-05-02 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-05-02 14:55 . 2008-05-02 14:56 <DIR> d-------- C:\Programmi\AnswerWorks 4.0
2008-05-02 14:47 . 2008-05-02 14:57 <DIR> d-------- C:\Programmi\AutoCAD 2007
2008-05-02 14:47 . 2008-05-02 14:59 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Autodesk
2008-05-02 14:47 . 2008-05-02 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-05-02 14:44 . 2008-05-02 14:57 <DIR> d-------- C:\Programmi\File comuni\Autodesk Shared
2008-05-02 14:44 . 2008-05-02 14:44 <DIR> d-------- C:\Programmi\Autodesk
2008-05-02 14:39 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-02 14:39 . 2008-05-02 14:41 424 --a------ C:\WINDOWS\ODBC.INI
2008-05-02 14:37 . 2008-05-02 14:38 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-02 14:37 . 2008-05-02 17:33 <DIR> d-------- C:\Programmi\Microsoft Works
2008-05-02 14:35 . 2008-05-02 14:35 <DIR> dr-h----- C:\MSOCache
2008-05-02 14:24 . 2008-05-02 14:24 <DIR> d-------- C:\Programmi\Alwil Software
2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Programmi\Google
2008-05-02 14:18 . 2008-06-02 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-05-02 14:02 . 2008-05-02 14:02 <DIR> d-------- C:\Programmi\ZyDAS
2008-05-02 14:02 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.dll
2008-05-02 14:02 . 2004-04-28 16:32 81,920 --a------ C:\WINDOWS\system32\ZDBRGDLL.dll
2008-05-02 14:02 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-05-02 14:02 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-05-02 14:02 . 2004-06-30 13:54 19,200 --a------ C:\WINDOWS\system32\ZDBRGSYS.sys
2008-05-02 14:02 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 10:14 --------- d-----w C:\Programmi\Alice ti aiuta
2008-05-10 18:53 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-05-02 17:40 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-02 17:40 --------- d-----w C:\Programmi\Telecom Italia
2008-05-02 16:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Motive
2008-05-02 11:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-05-02 11:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-01 09:09 --------- d-----w C:\Programmi\Motive
2008-05-01 09:09 --------- d-----w C:\Programmi\Common Files
2008-05-01 09:08 155,995 ----a-w C:\WINDOWS\java\Packages\PZ3PVPFV.ZIP
2008-04-30 06:38 --------- d-----w C:\Programmi\Yahoo!
2008-04-30 06:38 --------- d-----w C:\Programmi\Microsoft SQL Server
2008-04-30 06:34 --------- d-----w C:\Programmi\commercial
2008-04-30 06:31 --------- d-----w C:\Programmi\Servizi in linea
2008-04-30 06:31 --------- d-----w C:\Programmi\Oca History Tool
2008-04-30 06:31 --------- d-----w C:\Programmi\NewTech Infosystems
2008-04-30 06:31 --------- d-----w C:\Programmi\Microsoft.NET
2008-04-30 06:30 --------- d-----w C:\Programmi\microsoft frontpage
2008-04-30 06:30 --------- d-----w C:\Programmi\Java
2008-04-30 06:30 --------- d-----w C:\Programmi\File comuni\NewTech Infosystems
2008-04-30 06:30 --------- d-----w C:\Programmi\File comuni\muvee Technologies
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\Java
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\Adobe
2008-04-30 06:29 --------- d-----w C:\Programmi\CyberLink
2008-04-30 06:28 --------- d-----w C:\Programmi\Microsoft Small Business
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Avocent AdminWorks
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\eSobi
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avocent AdminWorks
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Avocent AdminWorks
2008-04-29 21:46 --------- d-----w C:\Programmi\Realtek
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-16 19:23 2051328 --a------ C:\Programmi\AVG\AVG8\avgtoolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\Programmi\AVG\AVG8\avgtoolbar.dll" [2008-05-16 19:23 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\Programmi\AVG\AVG8\avgtoolbar.dll [2008-05-16 19:23 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-02 14:18 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 07:00 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"01new"="C:\DOCUME~1\Utente\DATIAP~1\BLEHUP~1\multi dog regs.exe" [2008-05-27 10:35 407552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-19 07:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-19 07:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 07:00 455168]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 17:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"SiteAdvisor"="C:\Programmi\SiteAdvisor\6261\SiteAdv.exe" [2007-02-03 20:25 36904]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"FaxCenterServer"="C:\Programmi\Lexmark Fax Solutions\fm3032.exe" [2007-12-17 11:55 320168]
"SmartDefrag"="C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-04-17 14:51 1870592]
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe" [2006-11-21 16:26 936960]
"lxcemon.exe"="C:\Programmi\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 19:46 192512]
"EzPrint"="C:\Programmi\Lexmark 4300 Series\ezprint.exe" [2005-07-26 14:17 94208]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 15:46 73728]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-16 19:23 1177368]
"Date Army Wma SPAM"="C:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army\gram data.exe" [2008-06-02 14:13 2331648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 07:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-05-01 11:09:00 217088]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-05-02 14:18:06 124400]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 14:43:54 11000]
ZDWlan.lnk - C:\Programmi\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe [2008-05-02 14:02:37 438272]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Autodesk\\Autodesk DWF Viewer\\DWFViewer.exe"=
"C:\\Programmi\\eMule\\eMule.exe"=
"C:\\Programmi\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Programmi\\Lexmark Fax Solutions\\FaxCtr.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Programmi\\Avant Browser\\avant.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
"4662:UDP"= 4662:UDP:eMule_UDP_Port
"4672:TCP"= 4672:TCP:eMule_TCP_Port
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-16 19:20]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-16 19:20]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-16 19:23]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-16 19:23]
R2 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 18:06]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
S2 netlimiter;netlimiter;C:\WINDOWS\system32\drivers\netlimiter.sys []
S2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys []
S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\system32\ZDBRGSYS.SYS [2004-06-30 13:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f6cc271-1845-11dd-a3bc-000272523120}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-02 12:00:04 C:\WINDOWS\Tasks\AE811873918A8EF3.job"
- c:\docume~1\utente\datiap~1\blehup~1\sizeextrabase.exe
"2008-06-01 20:00:00 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.ex
- C:\Programmi\IObit\IObit SmartDefrag\.Utente
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 14:27:42
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-06-02 14.28.14
ComboFix-quarantined-files.txt 2008-06-02 12:28:11
15 Directory 54,542,782,464 byte disponibili
19 Directory 54,539,603,968 byte disponibili
278 --- E O F --- 2008-05-28 01:03
Qui a seguito ti riporto anche il nuovo log effettuato con Hijakhtis...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.07.02, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\SiteAdvisor\6261\SiteAdv.exe
C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\Programmi\Lexmark 4300 Series\lxcemon.exe
C:\Programmi\Lexmark 4300 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/indexbb.html?pmk=TSspo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://*.mrk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Programmi\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Programmi\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Programmi\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [01new] C:\DOCUME~1\Utente\DATIAP~1\BLEHUP~1\multi dog regs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programmi\SiteAdvisor\6261\SAService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 10098 bytes
 VI PREGO ..HELP... |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 02 Giu 2008 16:51 Oggetto: |
|
|
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria;
Avvia Hijack e fixa questa riga:
| Citazione: | | O4 - HKCU\..\Run: [01new] C:\DOCUME~1\Utente\DATIAP~1\BLEHUP~1\multi dog regs.exe |
Sempre in modalità provvisoria, portati in C:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army\gram data.exe ed elimina il file in grassetto; compresa anche la cartella Peak ooze date army;
Tieni presente che la cartella Dati Applicazioni è nascosta, quindi dovrai abilitare la visualizzazione dei file nascosti e di sistema;
Riavvia il PC alla modalità normale e rifai il log di Hijackthis;
Non dimenticare di fare girare anche VirIT... |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 02 Giu 2008 23:25 Oggetto: |
|
|
Scusate se mi intrometto, 
Crea un file di testo con le seguenti istruzioni:
| Codice: | File::
C:\DOCUME~1\Utente\DATIAP~1\BLEHUP~1\multi dog regs.exe
C:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army\gram data.exe
2008-06-02 12:00:04 C:\WINDOWS\Tasks\AE811873918A8EF3.job
c:\docume~1\utente\datiap~1\blehup~1\sizeextrabase.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"01new"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Date Army Wma SPAM"=- |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. 
Posta i logs aggiornati di combofix e di hijackthis e fai la scansione con VirIT come consigliato da Sante. |
|
| Top |
|
|
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
| Inviato: 04 Giu 2008 00:43 Oggetto: |
|
|
Ho seguito passo per passo il consiglio di sante62,ma non mi e' stato possibile eliminare il file in grassetto "gram data.exe" e neanche la cartella "pack ooze data army" perche mi dice che il file e' gia in uso.. Quindi ho seguito anche la procedura indicatami da bdoriano.
Ecco il nuovo log aggiornato di hijakthis e di combofix.... VI RINGRZIO PER L'AIUTO CHE MI STATE PRESTANDO... 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.24.39, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\SiteAdvisor\6261\SiteAdv.exe
C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\Programmi\Lexmark 4300 Series\lxcemon.exe
C:\Programmi\Lexmark 4300 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Programmi\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/indexbb.html?pmk=TSspo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://*.mrk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Programmi\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Programmi\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Programmi\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [01new] C:\DOCUME~1\Utente\DATIAP~1\BLEHUP~1\multi dog regs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programmi\SiteAdvisor\6261\SAService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 10097 bytes
ComboFix 08-06-01.6 - Utente 2008-06-03 23.59.13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.310 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\COMBO-FIX.EXE
Command switches used :: C:\Documents and Settings\Utente\Desktop\CFScript.txt.doc
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-05-03 al 2008-06-03 )))))))))))))))))))))))))))))))))))
.
2008-06-02 15:35 . 2008-06-02 15:35 <DIR> d-------- C:\Programmi\Trend Micro
2008-06-02 14:36 . 2008-06-02 15:13 <DIR> d-------- C:\VEXPLITE
2008-06-02 14:36 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-02 13:35 . 2008-06-02 13:35 <DIR> d-------- C:\Programmi\CCleaner
2008-05-31 17:49 . 2008-06-02 14:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-27 10:35 . 2008-05-27 10:35 <DIR> d-------- C:\Programmi\blehupload
2008-05-20 12:08 . 2008-05-20 12:15 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-17 10:26 . 2008-05-17 10:26 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-05-17 10:23 . 2008-05-17 10:23 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-17 10:23 . 2008-05-17 10:24 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 20:05 . 2008-05-20 22:09 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-16 19:57 . 2008-06-03 22:14 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-16 19:38 . 2008-05-16 19:38 <DIR> d-------- C:\Programmi\Avant Browser
2008-05-16 19:38 . 2008-05-16 19:38 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Avant Profiles
2008-05-16 19:20 . 2008-06-03 22:52 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-16 19:20 . 2008-05-16 19:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-16 19:20 . 2008-05-16 19:23 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-16 19:20 . 2008-05-16 19:20 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-16 19:20 . 2008-05-16 19:28 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-16 19:19 . 2008-05-16 19:19 <DIR> d-------- C:\Programmi\AVG
2008-05-16 19:19 . 2008-05-16 19:40 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\AVGTOOLBAR
2008-05-16 19:19 . 2008-05-16 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-05-16 19:05 . 2008-05-16 19:05 <DIR> d-------- C:\Programmi\Nero
2008-05-16 18:53 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-05-16 18:53 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-05-16 18:53 . 2008-05-16 18:53 0 --a------ C:\WINDOWS\Irremote.ini
2008-05-12 21:31 . 2008-05-12 21:31 <DIR> d-------- C:\Programmi\File comuni\Motive
2008-05-11 16:03 . 2008-05-11 16:03 <DIR> d-------- C:\Programmi\Abbyy FineReader 6.0 Sprint
2008-05-11 15:59 . 2008-05-11 18:12 <DIR> d-------- C:\Programmi\Lexmark 4300 Series
2008-05-10 00:48 . 2008-05-10 00:10 2,486,784 --a------ C:\WINDOWS\system32\AnipUninst1.exe
2008-05-10 00:10 . 2008-05-10 00:49 <DIR> d-------- C:\Program Files
2008-05-08 21:45 . 2008-05-08 21:45 <DIR> d-------- C:\Programmi\torrent_search
2008-05-08 21:45 . 2008-05-27 10:37 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\blehupload
2008-05-08 21:45 . 2008-05-27 10:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army
2008-05-08 21:44 . 2008-05-08 21:59 <DIR> d-------- C:\Programmi\BitDownload
2008-05-06 16:10 . 2008-05-06 16:10 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Lexmark Productivity Studio
2008-05-06 16:07 . 2008-05-08 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Lx_cats
2008-05-06 16:05 . 2008-05-06 16:05 <DIR> d-------- C:\logs
2008-05-06 15:55 . 2008-05-06 15:56 548,405 --a------ C:\lxceUNST.000
2008-05-06 15:55 . 2008-05-11 15:54 548,148 --a------ C:\lxceUNST.csv
2008-05-05 12:39 . 2008-06-02 15:00 <DIR> d-------- C:\Programmi\BitTorrent Fastest Tool
2008-05-03 17:35 . 2008-05-03 17:35 106 --a------ C:\WINDOWS\wininit.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 21:22 --------- d-----w C:\Programmi\Lx_cats
2008-06-03 20:11 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-05-31 13:02 --------- d-----w C:\Programmi\SiteAdvisor
2008-05-24 17:18 --------- d-----w C:\Programmi\eMule
2008-05-17 17:34 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\SiteAdvisor
2008-05-16 17:07 --------- d-----w C:\Programmi\File comuni\Nero
2008-05-16 17:05 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-05-11 10:14 --------- d-----w C:\Programmi\Alice ti aiuta
2008-05-10 18:53 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-05-06 14:03 --------- d-----w C:\Programmi\Lexmark Fax Solutions
2008-05-02 22:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-05-02 17:40 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-02 17:40 --------- d-----w C:\Programmi\Telecom Italia
2008-05-02 16:14 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Motive
2008-05-02 16:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Motive
2008-05-02 15:59 --------- d-----w C:\Programmi\IObit
2008-05-02 15:33 --------- d-----w C:\Programmi\Microsoft Works
2008-05-02 15:31 --------- d-----w C:\Programmi\MSXML 6.0
2008-05-02 15:30 --------- d-----w C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-05-02 14:49 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\FaxCtr
2008-05-02 14:43 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\FaxCtr
2008-05-02 14:32 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2008-05-02 13:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\LightScribe
2008-05-02 13:10 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Nero
2008-05-02 13:02 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\SiteAdvisor
2008-05-02 13:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-05-02 12:59 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Autodesk
2008-05-02 12:57 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2008-05-02 12:57 --------- d-----w C:\Programmi\AutoCAD 2007
2008-05-02 12:56 --------- d-----w C:\Programmi\AnswerWorks 4.0
2008-05-02 12:47 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-05-02 12:44 --------- d-----w C:\Programmi\Autodesk
2008-05-02 12:24 --------- d-----w C:\Programmi\Alwil Software
2008-05-02 12:18 --------- d-----w C:\Programmi\Google
2008-05-02 12:02 --------- d-----w C:\Programmi\ZyDAS
2008-05-02 11:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-05-02 11:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-01 09:09 --------- d-----w C:\Programmi\Motive
2008-05-01 09:09 --------- d-----w C:\Programmi\Common Files
2008-05-01 09:08 155,995 ----a-w C:\WINDOWS\java\Packages\PZ3PVPFV.ZIP
2008-04-30 06:38 --------- d-----w C:\Programmi\Yahoo!
2008-04-30 06:38 --------- d-----w C:\Programmi\Microsoft SQL Server
2008-04-30 06:34 --------- d-----w C:\Programmi\commercial
2008-04-30 06:31 --------- d-----w C:\Programmi\Servizi in linea
2008-04-30 06:31 --------- d-----w C:\Programmi\Oca History Tool
2008-04-30 06:31 --------- d-----w C:\Programmi\NewTech Infosystems
2008-04-30 06:31 --------- d-----w C:\Programmi\Microsoft.NET
2008-04-30 06:30 --------- d-----w C:\Programmi\microsoft frontpage
2008-04-30 06:30 --------- d-----w C:\Programmi\Java
2008-04-30 06:30 --------- d-----w C:\Programmi\File comuni\NewTech Infosystems
2008-04-30 06:30 --------- d-----w C:\Programmi\File comuni\muvee Technologies
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\Java
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\Adobe
2008-04-30 06:29 --------- d-----w C:\Programmi\CyberLink
2008-04-30 06:28 --------- d-----w C:\Programmi\Microsoft Small Business
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Avocent AdminWorks
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\eSobi
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avocent AdminWorks
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Avocent AdminWorks
2008-04-29 21:46 --------- d-----w C:\Programmi\Realtek
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-02_14.28.03,28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 06:16:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-03 21:21:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-16 19:23 2051328 --a------ C:\Programmi\AVG\AVG8\avgtoolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\Programmi\AVG\AVG8\avgtoolbar.dll" [2008-05-16 19:23 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\Programmi\AVG\AVG8\avgtoolbar.dll [2008-05-16 19:23 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-02 14:18 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 07:00 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-19 07:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-19 07:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 07:00 455168]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 17:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"SiteAdvisor"="C:\Programmi\SiteAdvisor\6261\SiteAdv.exe" [2007-02-03 20:25 36904]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"FaxCenterServer"="C:\Programmi\Lexmark Fax Solutions\fm3032.exe" [2007-12-17 11:55 320168]
"SmartDefrag"="C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-04-17 14:51 1870592]
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe" [2006-11-21 16:26 936960]
"lxcemon.exe"="C:\Programmi\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 19:46 192512]
"EzPrint"="C:\Programmi\Lexmark 4300 Series\ezprint.exe" [2005-07-26 14:17 94208]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 15:46 73728]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-16 19:23 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 07:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-05-01 11:09:00 217088]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-05-02 14:18:06 124400]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 14:43:54 11000]
ZDWlan.lnk - C:\Programmi\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe [2008-05-02 14:02:37 438272]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Autodesk\\Autodesk DWF Viewer\\DWFViewer.exe"=
"C:\\Programmi\\eMule\\eMule.exe"=
"C:\\Programmi\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Programmi\\Lexmark Fax Solutions\\FaxCtr.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Programmi\\Avant Browser\\avant.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
"4662:UDP"= 4662:UDP:eMule_UDP_Port
"4672:TCP"= 4672:TCP:eMule_TCP_Port
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-16 19:20]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-16 19:20]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-16 19:23]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-16 19:23]
R2 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 18:06]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-06-02 14:38]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
S2 netlimiter;netlimiter;C:\WINDOWS\system32\drivers\netlimiter.sys []
S2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys []
S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\system32\ZDBRGSYS.SYS [2004-06-30 13:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f6cc271-1845-11dd-a3bc-000272523120}]
\Shell\AutoRun\command - setupSNK.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-03 22:00:04 C:\WINDOWS\Tasks\AE811873918A8EF3.job"
- c:\docume~1\utente\datiap~1\blehup~1\sizeextrabase.exe
"2008-06-01 20:00:00 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.ex
- C:\Programmi\IObit\IObit SmartDefrag\.Utente
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 00:00:34
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-06-04 0.01.07
ComboFix-quarantined-files.txt 2008-06-03 22:01:05
ComboFix2.txt 2008-06-02 12:28:15
16 Directory 58,636,423,168 byte disponibili
20 Directory 58,682,904,576 byte disponibili
243 --- E O F --- 2008-05-28 01:03:19 |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 12 Giu 2008 20:21 Oggetto: |
|
|
| ALEK-J ha scritto: | Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.02.38, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\SiteAdvisor\6261\SiteAdv.exe
C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\Programmi\Lexmark 4300 Series\lxcemon.exe
C:\Programmi\Lexmark 4300 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/indexbb.html?pmk=TSspo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://*.mrk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Programmi\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Programmi\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Programmi\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [01new] C:\DOCUME~1\Utente\DATIAP~1\BLEHUP~1\multi dog regs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programmi\SiteAdvisor\6261\SAService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 10099 bytes
ComboFix 08-06-01.6 - Utente 2008-06-12 19.59.05.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.324 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\COMBO-FIX.EXE
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-05-12 al 2008-06-12 )))))))))))))))))))))))))))))))))))
.
2008-06-10 22:09 . 2008-06-10 22:09 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-10 22:04 . 2008-04-14 17:51 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 22:04 . 2008-04-14 17:51 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-02 15:35 . 2008-06-02 15:35 <DIR> d-------- C:\Programmi\Trend Micro
2008-06-02 14:36 . 2008-06-02 15:13 <DIR> d-------- C:\VEXPLITE
2008-06-02 14:36 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-02 13:35 . 2008-06-02 13:35 <DIR> d-------- C:\Programmi\CCleaner
2008-05-31 17:49 . 2008-06-02 14:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-27 10:35 . 2008-05-27 10:35 <DIR> d-------- C:\Programmi\blehupload
2008-05-20 12:08 . 2008-05-20 12:15 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-17 10:26 . 2008-05-17 10:26 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-05-17 10:23 . 2008-05-17 10:23 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-17 10:23 . 2008-05-17 10:24 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 20:05 . 2008-05-20 22:09 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-16 19:57 . 2008-06-12 17:31 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-16 19:38 . 2008-05-16 19:38 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Avant Profiles
2008-05-16 19:20 . 2008-06-12 10:52 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-16 19:20 . 2008-05-16 19:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-16 19:20 . 2008-05-16 19:23 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-16 19:20 . 2008-05-16 19:20 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-16 19:20 . 2008-05-16 19:28 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-16 19:19 . 2008-05-16 19:19 <DIR> d-------- C:\Programmi\AVG
2008-05-16 19:19 . 2008-05-16 19:40 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\AVGTOOLBAR
2008-05-16 19:19 . 2008-05-16 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-05-16 19:05 . 2008-05-16 19:05 <DIR> d-------- C:\Programmi\Nero
2008-05-16 18:53 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-05-16 18:53 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-05-16 18:53 . 2008-05-16 18:53 0 --a------ C:\WINDOWS\Irremote.ini
2008-05-12 21:31 . 2008-05-12 21:31 <DIR> d-------- C:\Programmi\File comuni\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 17:47 --------- d-----w C:\Programmi\Lx_cats
2008-06-11 21:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-06-02 13:00 --------- d-----w C:\Programmi\BitTorrent Fastest Tool
2008-05-31 13:02 --------- d-----w C:\Programmi\SiteAdvisor
2008-05-27 08:37 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\blehupload
2008-05-27 08:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army
2008-05-24 17:18 --------- d-----w C:\Programmi\eMule
2008-05-17 17:34 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\SiteAdvisor
2008-05-16 17:07 --------- d-----w C:\Programmi\File comuni\Nero
2008-05-16 17:05 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-05-11 16:12 --------- d-----w C:\Programmi\Lexmark 4300 Series
2008-05-11 14:03 --------- d-----w C:\Programmi\Abbyy FineReader 6.0 Sprint
2008-05-11 10:14 --------- d-----w C:\Programmi\Alice ti aiuta
2008-05-10 18:53 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-05-09 22:10 2,486,784 ----a-w C:\WINDOWS\system32\AnipUninst1.exe
2008-05-08 19:59 --------- d-----w C:\Programmi\BitDownload
2008-05-08 19:45 --------- d-----w C:\Programmi\torrent_search
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 14:10 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Lexmark Productivity Studio
2008-05-06 14:03 --------- d-----w C:\Programmi\Lexmark Fax Solutions
2008-05-02 22:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-05-02 17:40 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-02 17:40 --------- d-----w C:\Programmi\Telecom Italia
2008-05-02 16:14 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Motive
2008-05-02 16:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Motive
2008-05-02 15:59 --------- d-----w C:\Programmi\IObit
2008-05-02 15:33 --------- d-----w C:\Programmi\Microsoft Works
2008-05-02 15:31 --------- d-----w C:\Programmi\MSXML 6.0
2008-05-02 15:30 --------- d-----w C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-05-02 14:49 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\FaxCtr
2008-05-02 14:43 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\FaxCtr
2008-05-02 14:32 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2008-05-02 13:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\LightScribe
2008-05-02 13:10 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Nero
2008-05-02 13:02 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\SiteAdvisor
2008-05-02 13:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-05-02 12:59 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Autodesk
2008-05-02 12:57 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2008-05-02 12:57 --------- d-----w C:\Programmi\AutoCAD 2007
2008-05-02 12:56 --------- d-----w C:\Programmi\AnswerWorks 4.0
2008-05-02 12:47 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-05-02 12:44 --------- d-----w C:\Programmi\Autodesk
2008-05-02 12:24 --------- d-----w C:\Programmi\Alwil Software
2008-05-02 12:18 --------- d-----w C:\Programmi\Google
2008-05-02 12:02 --------- d-----w C:\Programmi\ZyDAS
2008-05-02 11:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-05-02 11:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-01 09:09 --------- d-----w C:\Programmi\Motive
2008-05-01 09:09 --------- d-----w C:\Programmi\Common Files
2008-05-01 09:08 155,995 ----a-w C:\WINDOWS\java\Packages\PZ3PVPFV.ZIP
2008-04-30 06:38 --------- d-----w C:\Programmi\Yahoo!
2008-04-30 06:38 --------- d-----w C:\Programmi\Microsoft SQL Server
2008-04-30 06:34 --------- d-----w C:\Programmi\commercial
2008-04-30 06:31 --------- d-----w C:\Programmi\Servizi in linea
2008-04-30 06:31 --------- d-----w C:\Programmi\Oca History Tool
2008-04-30 06:31 --------- d-----w C:\Programmi\NewTech Infosystems
2008-04-30 06:31 --------- d-----w C:\Programmi\Microsoft.NET
2008-04-30 06:30 --------- d-----w C:\Programmi\microsoft frontpage
2008-04-30 06:30 --------- d-----w C:\Programmi\Java
2008-04-30 06:30 --------- d-----w C:\Programmi\File comuni\NewTech Infosystems
2008-04-30 06:30 --------- d-----w C:\Programmi\File comuni\muvee Technologies
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\Java
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\Adobe
2008-04-30 06:29 --------- d-----w C:\Programmi\CyberLink
2008-04-30 06:28 --------- d-----w C:\Programmi\Microsoft Small Business
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Avocent AdminWorks
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\eSobi
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avocent AdminWorks
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Avocent AdminWorks
2008-04-29 21:46 --------- d-----w C:\Programmi\Realtek
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-02_14.28.03,28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 06:16:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 17:46:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-01 12:58:24 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 12:58:25 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 12:58:25 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 12:58:25 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 12:58:25 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:57:16 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 12:58:25 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 12:58:26 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 12:58:26 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 12:58:26 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 12:58:28 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 12:58:28 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 12:58:28 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:57:30 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 12:58:29 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 12:58:30 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 12:58:30 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 16:28:32 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 12:58:32 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 12:58:32 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 12:58:32 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 12:58:32 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 12:58:32 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:48:14 215,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:49:24 390,880 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 12:58:32 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 12:58:32 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 12:58:33 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 12:58:33 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-05-14 17:35:40 593,920 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-06-10 20:10:16 593,920 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-05-14 17:35:40 12,288 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-10 20:10:16 12,288 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-05-14 17:35:40 86,016 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-06-10 20:10:16 86,016 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-05-14 17:35:40 135,168 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-10 20:10:16 135,168 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-05-14 17:35:40 11,264 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-10 20:10:16 11,264 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-05-14 17:35:40 27,136 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-10 20:10:17 27,136 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-05-14 17:35:40 4,096 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-10 20:10:17 4,096 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-05-14 17:35:40 794,624 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-10 20:10:17 794,624 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-05-14 17:35:40 249,856 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-06-10 20:10:16 249,856 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-05-14 17:35:40 61,440 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-06-10 20:10:16 61,440 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-05-14 17:35:40 23,040 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-10 20:10:17 23,040 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-05-14 17:35:40 286,720 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-10 20:10:16 286,720 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-05-14 17:35:39 409,600 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-10 20:10:16 409,600 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-01 12:58:24 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:29 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 12:58:24 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:29 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 12:58:25 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:29 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 12:58:25 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:29 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 12:58:25 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:29 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 12:58:25 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:29 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:57:16 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:42:21 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 12:58:25 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:29 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 12:58:26 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:29 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 12:58:26 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 12:58:26 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 12:58:28 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:30 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 12:58:28 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:30 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 12:58:28 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:30 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:57:30 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:42:39 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 12:58:29 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:30 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-03-01 12:58:30 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:30 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 12:58:30 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:30 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 16:28:32 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 20:16:32 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 12:58:32 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:31 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 12:58:32 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:31 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 12:58:32 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:31 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 12:58:32 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:31 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 12:58:32 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:31 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:42:50 1,292,800 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:14:42 1,292,800 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 12:58:32 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:31 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 12:58:32 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:31 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 12:58:33 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:31 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 12:58:33 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:31 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-03-01 12:58:25 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:29 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 12:58:25 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:29 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 12:58:25 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:29 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 12:58:25 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:29 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:57:16 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:42:21 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 12:58:25 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:29 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 12:58:26 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:29 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 12:58:26 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 12:58:26 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:29 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 12:58:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:30 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 12:58:28 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:30 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 12:58:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 12:58:29 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:30 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-03-01 12:58:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 12:58:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 16:28:32 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 20:16:32 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 12:58:32 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:31 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 12:58:32 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:31 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 12:58:32 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:31 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 12:58:32 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:31 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-03-01 12:58:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:31 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-09-25 15:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:29 18,808 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-01 12:58:32 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:31 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 12:58:32 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:31 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 12:58:33 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:31 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-16 19:23 2051328 --a------ C:\Programmi\AVG\AVG8\avgtoolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\Programmi\AVG\AVG8\avgtoolbar.dll" [2008-05-16 19:23 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\Programmi\AVG\AVG8\avgtoolbar.dll [2008-05-16 19:23 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-02 14:18 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 07:00 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"01new"="C:\DOCUME~1\Utente\DATIAP~1\BLEHUP~1\multi dog regs.exe" [2008-05-27 10:35 407552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-19 07:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-19 07:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 07:00 455168]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 17:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"SiteAdvisor"="C:\Programmi\SiteAdvisor\6261\SiteAdv.exe" [2007-02-03 20:25 36904]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"FaxCenterServer"="C:\Programmi\Lexmark Fax Solutions\fm3032.exe" [2007-12-17 11:55 320168]
"SmartDefrag"="C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-04-17 14:51 1870592]
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe" [2006-11-21 16:26 936960]
"lxcemon.exe"="C:\Programmi\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 19:46 192512]
"EzPrint"="C:\Programmi\Lexmark 4300 Series\ezprint.exe" [2005-07-26 14:17 94208]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 15:46 73728]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-16 19:23 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 07:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-05-01 11:09:00 217088]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-05-02 14:18:06 124400]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 14:43:54 11000]
ZDWlan.lnk - C:\Programmi\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe [2008-05-02 14:02:37 438272]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Autodesk\\Autodesk DWF Viewer\\DWFViewer.exe"=
"C:\\Programmi\\eMule\\eMule.exe"=
"C:\\Programmi\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Programmi\\Lexmark Fax Solutions\\FaxCtr.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
"4662:UDP"= 4662:UDP:eMule_UDP_Port
"4672:TCP"= 4672:TCP:eMule_TCP_Port
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-16 19:20]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-16 19:20]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-16 19:23]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-16 19:23]
R2 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 18:06]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-06-02 14:38]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
S2 netlimiter;netlimiter;C:\WINDOWS\system32\drivers\netlimiter.sys []
S2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys []
S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\system32\ZDBRGSYS.SYS [2004-06-30 13:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f6cc271-1845-11dd-a3bc-000272523120}]
\Shell\AutoRun\command - setupSNK.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-12 18:00:04 C:\WINDOWS\Tasks\AE811873918A8EF3.job"
- c:\docume~1\utente\datiap~1\blehup~1\sizeextrabase.exe
"2008-06-01 20:00:00 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.ex
- C:\Programmi\IObit\IObit SmartDefrag\.Utente
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 20:00:52
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-06-12 20.01.32
ComboFix-quarantined-files.txt 2008-06-12 18:01:28
ComboFix2.txt 2008-06-03 22:01:08
ComboFix3.txt 2008-06-02 12:28:15
16 Directory 56,025,161,728 byte disponibili
20 Directory 56,194,416,640 byte disponibili
420 --- E O F --- 2008-06-10 20:12:07 |
|
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 12 Giu 2008 20:30 Oggetto: |
|
|
Stranamente ci sono ancora delle voci da eliminare... 
Riproviamoci, crea un file di testo con le seguenti istruzioni:
| Codice: | File::
C:\WINDOWS\Tasks\AE811873918A8EF3.job
c:\docume~1\utente\datiap~1\blehup~1\sizeextrabase.exe
C:\DOCUME~1\Utente\DATIAP~1\BLEHUP~1\multi dog regs.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"01new"=- |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix |
|
| Top |
|
|
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
| Inviato: 13 Giu 2008 20:14 Oggetto: |
|
|
Ecco il nuovo log aggiornato di combofix... speriamo sia la volta buona... 
ComboFix 08-06-11.7 - Utente 2008-06-13 20.04.37.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.291 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\COMBO-FIX.EXE.EXE
Command switches used :: C:\Documents and Settings\Utente\Desktop\CFScript.txt.doc
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-05-13 al 2008-06-13 )))))))))))))))))))))))))))))))))))
.
2008-06-13 18:59 . 2008-06-13 19:01 <DIR> d-------- C:\ComboFix
2008-06-13 18:43 . 2008-06-13 18:43 <DIR> d-------- C:\COMBO-FIX
2008-06-10 22:04 . 2008-04-14 17:51 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 22:04 . 2008-04-14 17:51 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-02 15:35 . 2008-06-02 15:35 <DIR> d-------- C:\Programmi\Trend Micro
2008-06-02 14:36 . 2008-06-02 15:13 <DIR> d-------- C:\VEXPLITE
2008-06-02 14:36 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-02 13:35 . 2008-06-02 13:35 <DIR> d-------- C:\Programmi\CCleaner
2008-05-31 17:49 . 2008-06-02 14:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-27 10:35 . 2008-05-27 10:35 <DIR> d-------- C:\Programmi\blehupload
2008-05-20 12:08 . 2008-05-20 12:15 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-17 10:26 . 2008-05-17 10:26 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-05-17 10:23 . 2008-05-17 10:23 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-17 10:23 . 2008-05-17 10:24 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 20:05 . 2008-05-20 22:09 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-16 19:57 . 2008-06-12 22:11 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-16 19:38 . 2008-05-16 19:38 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Avant Profiles
2008-05-16 19:20 . 2008-06-13 18:12 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-16 19:20 . 2008-05-16 19:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-16 19:20 . 2008-05-16 19:23 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-16 19:20 . 2008-05-16 19:20 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-16 19:20 . 2008-05-16 19:28 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-16 19:19 . 2008-05-16 19:19 <DIR> d-------- C:\Programmi\AVG
2008-05-16 19:19 . 2008-05-16 19:40 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\AVGTOOLBAR
2008-05-16 19:19 . 2008-05-16 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-05-16 19:05 . 2008-05-16 19:05 <DIR> d-------- C:\Programmi\Nero
2008-05-16 18:53 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-05-16 18:53 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-05-16 18:53 . 2008-05-16 18:53 0 --a------ C:\WINDOWS\Irremote.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 16:23 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-06-13 16:10 --------- d-----w C:\Programmi\Lx_cats
2008-06-02 13:00 --------- d-----w C:\Programmi\BitTorrent Fastest Tool
2008-05-31 13:02 --------- d-----w C:\Programmi\SiteAdvisor
2008-05-27 08:37 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\blehupload
2008-05-27 08:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army
2008-05-24 17:18 --------- d-----w C:\Programmi\eMule
2008-05-17 17:34 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\SiteAdvisor
2008-05-16 17:07 --------- d-----w C:\Programmi\File comuni\Nero
2008-05-16 17:05 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-05-12 19:31 --------- d-----w C:\Programmi\File comuni\Motive
2008-05-11 16:12 --------- d-----w C:\Programmi\Lexmark 4300 Series
2008-05-11 14:03 --------- d-----w C:\Programmi\Abbyy FineReader 6.0 Sprint
2008-05-11 10:14 --------- d-----w C:\Programmi\Alice ti aiuta
2008-05-10 18:53 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-05-09 22:10 2,486,784 ----a-w C:\WINDOWS\system32\AnipUninst1.exe
2008-05-08 19:59 --------- d-----w C:\Programmi\BitDownload
2008-05-08 19:45 --------- d-----w C:\Programmi\torrent_search
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 14:10 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Lexmark Productivity Studio
2008-05-06 14:03 --------- d-----w C:\Programmi\Lexmark Fax Solutions
2008-05-02 22:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-05-02 17:40 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-02 17:40 --------- d-----w C:\Programmi\Telecom Italia
2008-05-02 16:14 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Motive
2008-05-02 16:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Motive
2008-05-02 15:59 --------- d-----w C:\Programmi\IObit
2008-05-02 15:33 --------- d-----w C:\Programmi\Microsoft Works
2008-05-02 15:31 --------- d-----w C:\Programmi\MSXML 6.0
2008-05-02 15:30 --------- d-----w C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-05-02 14:49 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\FaxCtr
2008-05-02 14:43 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\FaxCtr
2008-05-02 14:32 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2008-05-02 13:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\LightScribe
2008-05-02 13:10 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Nero
2008-05-02 13:02 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\SiteAdvisor
2008-05-02 13:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-05-02 12:59 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Autodesk
2008-05-02 12:57 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2008-05-02 12:57 --------- d-----w C:\Programmi\AutoCAD 2007
2008-05-02 12:56 --------- d-----w C:\Programmi\AnswerWorks 4.0
2008-05-02 12:47 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-05-02 12:44 --------- d-----w C:\Programmi\Autodesk
2008-05-02 12:24 --------- d-----w C:\Programmi\Alwil Software
2008-05-02 12:18 --------- d-----w C:\Programmi\Google
2008-05-02 12:02 --------- d-----w C:\Programmi\ZyDAS
2008-05-02 11:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-05-02 11:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-01 09:09 --------- d-----w C:\Programmi\Motive
2008-05-01 09:09 --------- d-----w C:\Programmi\Common Files
2008-05-01 09:08 155,995 ----a-w C:\WINDOWS\java\Packages\PZ3PVPFV.ZIP
2008-04-30 06:38 --------- d-----w C:\Programmi\Yahoo!
2008-04-30 06:38 --------- d-----w C:\Programmi\Microsoft SQL Server
2008-04-30 06:34 --------- d-----w C:\Programmi\commercial
2008-04-30 06:31 --------- d-----w C:\Programmi\Servizi in linea
2008-04-30 06:31 --------- d-----w C:\Programmi\Oca History Tool
2008-04-30 06:31 --------- d-----w C:\Programmi\NewTech Infosystems
2008-04-30 06:31 --------- d-----w C:\Programmi\Microsoft.NET
2008-04-30 06:30 --------- d-----w C:\Programmi\microsoft frontpage
2008-04-30 06:30 --------- d-----w C:\Programmi\Java
2008-04-30 06:30 --------- d-----w C:\Programmi\File comuni\NewTech Infosystems
2008-04-30 06:30 --------- d-----w C:\Programmi\File comuni\muvee Technologies
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\Java
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\Adobe
2008-04-30 06:29 --------- d-----w C:\Programmi\CyberLink
2008-04-30 06:28 --------- d-----w C:\Programmi\Microsoft Small Business
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Avocent AdminWorks
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\eSobi
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avocent AdminWorks
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Avocent AdminWorks
2008-04-29 21:46 --------- d-----w C:\Programmi\Realtek
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((( snapshot_2008-06-12_20.01.16,15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 17:46:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 16:09:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-02 14:18 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 07:00 15360]
"01new"="C:\DOCUME~1\Utente\DATIAP~1\BLEHUP~1\multi dog regs.exe" [2008-05-27 10:35 407552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-19 07:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-19 07:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 07:00 455168]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 17:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"SiteAdvisor"="C:\Programmi\SiteAdvisor\6261\SiteAdv.exe" [2007-02-03 20:25 36904]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"FaxCenterServer"="C:\Programmi\Lexmark Fax Solutions\fm3032.exe" [2007-12-17 11:55 320168]
"SmartDefrag"="C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-04-17 14:51 1870592]
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe" [2006-11-21 16:26 936960]
"lxcemon.exe"="C:\Programmi\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 19:46 192512]
"EzPrint"="C:\Programmi\Lexmark 4300 Series\ezprint.exe" [2005-07-26 14:17 94208]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 15:46 73728]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-16 19:23 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 07:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-05-01 11:09:00 217088]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-05-02 14:18:06 124400]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 14:43:54 11000]
ZDWlan.lnk - C:\Programmi\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe [2008-05-02 14:02:37 438272]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Autodesk\\Autodesk DWF Viewer\\DWFViewer.exe"=
"C:\\Programmi\\eMule\\eMule.exe"=
"C:\\Programmi\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Programmi\\Lexmark Fax Solutions\\FaxCtr.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
"4662:UDP"= 4662:UDP:eMule_UDP_Port
"4672:TCP"= 4672:TCP:eMule_TCP_Port
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-16 19:20]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-16 19:20]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-16 19:23]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-16 19:23]
R2 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 18:06]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-06-02 14:38]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
S2 netlimiter;netlimiter;C:\WINDOWS\system32\drivers\netlimiter.sys []
S2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys []
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\system32\ZDBRGSYS.SYS [2004-06-30 13:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f6cc271-1845-11dd-a3bc-000272523120}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-13 18:00:04 C:\WINDOWS\Tasks\AE811873918A8EF3.job"
- c:\docume~1\utente\datiap~1\blehup~1\sizeextrabase.exe
"2008-06-01 20:00:00 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.ex
- C:\Programmi\IObit\IObit SmartDefrag\.Utente
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 20:05:38
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-06-13 20.06.06
ComboFix-quarantined-files.txt 2008-06-13 18:06:01
ComboFix2.txt 2008-06-13 17:01:20
ComboFix3.txt 2008-06-13 16:56:18
ComboFix4.txt 2008-06-12 18:01:33
ComboFix5.txt 2008-06-03 22:01:08
18 Directory 56,123,392,000 byte disponibili
22 Directory 56,116,473,856 byte disponibili
234 --- E O F --- 2008-06-10 20:12:07 |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 14 Giu 2008 09:21 Oggetto: |
|
|
Le voci sono ancora al loro posto... e il log mi dice che l'operazione che ti ho indicato non è stata fatta...
Vediamo se riesco a essere più chiaro (se c'è qualcosa nei passaggi che ti indico che non comprendi, dimmelo):
| bdoriano ha scritto: | - crea un file di testo contenente le seguenti istruzioni:
| Codice: | File::
C:\WINDOWS\Tasks\AE811873918A8EF3.job
c:\docume~1\utente\datiap~1\blehup~1\sizeextrabase.exe
C:\DOCUME~1\Utente\DATIAP~1\BLEHUP~1\multi dog regs.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"01new"=- |
- Salva il file sul desktop con il nome CFScript.txt
- Disabilita temporaneamente il tuo antivirus (forse è lui che impedisce il corretto funzionamento?)
- Trascina il file appena creato sull'icona di ComboFix, come indicato in seguito:
- Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
- Posta il log aggiornato appena creato da combofix
|
|
|
| Top |
|
|
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
| Inviato: 14 Giu 2008 10:58 Oggetto: |
|
|
Ciao Bdoriano,in tanto ti ringrazio per l'aiuto.. 
Vediamo se questa volta ho fatto tutti i passaggi giusti.
Ho copiato il file di testo su una nuova pagina di microsoft office word,poi l'ho salvato sul desktop con il nome che mi hai indicato. Quando trascino il file sull'icona di ComboFix mi chiede sempre di eseguire il file...e' normale? Eseguo il file,si apre la pagina di ComboFix,clicco 1 ed invio per continuare e parte la scansione.
Ti rimando il log.. Dimenticavo, questa volta ho disattivato avg 8.0
ComboFix 08-06-11.7 - Utente 2008-06-14 10.35.30.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.258 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\COMBO-FIX.EXE.EXE
Command switches used :: C:\Documents and Settings\Utente\Desktop\CFScript.txt.doc
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-05-14 al 2008-06-14 )))))))))))))))))))))))))))))))))))
.
2008-06-13 18:59 . 2008-06-13 19:01 <DIR> d-------- C:\ComboFix
2008-06-13 18:43 . 2008-06-13 18:43 <DIR> d-------- C:\COMBO-FIX
2008-06-10 22:04 . 2008-04-14 17:51 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 22:04 . 2008-04-14 17:51 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-02 15:35 . 2008-06-02 15:35 <DIR> d-------- C:\Programmi\Trend Micro
2008-06-02 14:36 . 2008-06-14 08:53 <DIR> d-------- C:\VEXPLITE
2008-06-02 14:36 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-02 13:35 . 2008-06-02 13:35 <DIR> d-------- C:\Programmi\CCleaner
2008-05-31 17:49 . 2008-06-02 14:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-27 10:35 . 2008-05-27 10:35 <DIR> d-------- C:\Programmi\blehupload
2008-05-20 12:08 . 2008-05-20 12:15 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-17 10:26 . 2008-05-17 10:26 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-05-17 10:23 . 2008-05-17 10:23 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-17 10:23 . 2008-05-17 10:24 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 20:05 . 2008-05-20 22:09 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-16 19:57 . 2008-06-12 22:11 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-16 19:38 . 2008-05-16 19:38 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Avant Profiles
2008-05-16 19:20 . 2008-06-14 08:55 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-16 19:20 . 2008-05-16 19:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-16 19:20 . 2008-05-16 19:23 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-16 19:20 . 2008-05-16 19:20 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-16 19:20 . 2008-05-16 19:28 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-16 19:19 . 2008-05-16 19:19 <DIR> d-------- C:\Programmi\AVG
2008-05-16 19:19 . 2008-05-16 19:40 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\AVGTOOLBAR
2008-05-16 19:19 . 2008-05-16 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-05-16 19:05 . 2008-05-16 19:05 <DIR> d-------- C:\Programmi\Nero
2008-05-16 18:53 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-05-16 18:53 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-05-16 18:53 . 2008-05-16 18:53 0 --a------ C:\WINDOWS\Irremote.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 06:54 --------- d-----w C:\Programmi\Lx_cats
2008-06-13 16:23 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-06-02 13:00 --------- d-----w C:\Programmi\BitTorrent Fastest Tool
2008-05-31 13:02 --------- d-----w C:\Programmi\SiteAdvisor
2008-05-27 08:37 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\blehupload
2008-05-27 08:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army
2008-05-24 17:18 --------- d-----w C:\Programmi\eMule
2008-05-17 17:34 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\SiteAdvisor
2008-05-16 17:07 --------- d-----w C:\Programmi\File comuni\Nero
2008-05-16 17:05 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-05-12 19:31 --------- d-----w C:\Programmi\File comuni\Motive
2008-05-11 16:12 --------- d-----w C:\Programmi\Lexmark 4300 Series
2008-05-11 14:03 --------- d-----w C:\Programmi\Abbyy FineReader 6.0 Sprint
2008-05-11 10:14 --------- d-----w C:\Programmi\Alice ti aiuta
2008-05-10 18:53 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-05-09 22:10 2,486,784 ----a-w C:\WINDOWS\system32\AnipUninst1.exe
2008-05-08 19:59 --------- d-----w C:\Programmi\BitDownload
2008-05-08 19:45 --------- d-----w C:\Programmi\torrent_search
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 14:10 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Lexmark Productivity Studio
2008-05-06 14:03 --------- d-----w C:\Programmi\Lexmark Fax Solutions
2008-05-02 22:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-05-02 17:40 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-02 17:40 --------- d-----w C:\Programmi\Telecom Italia
2008-05-02 16:14 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Motive
2008-05-02 16:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Motive
2008-05-02 15:59 --------- d-----w C:\Programmi\IObit
2008-05-02 15:33 --------- d-----w C:\Programmi\Microsoft Works
2008-05-02 15:31 --------- d-----w C:\Programmi\MSXML 6.0
2008-05-02 15:30 --------- d-----w C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-05-02 14:49 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\FaxCtr
2008-05-02 14:43 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\FaxCtr
2008-05-02 14:32 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2008-05-02 13:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\LightScribe
2008-05-02 13:10 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Nero
2008-05-02 13:02 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\SiteAdvisor
2008-05-02 13:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-05-02 12:59 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Autodesk
2008-05-02 12:57 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2008-05-02 12:57 --------- d-----w C:\Programmi\AutoCAD 2007
2008-05-02 12:56 --------- d-----w C:\Programmi\AnswerWorks 4.0
2008-05-02 12:47 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-05-02 12:44 --------- d-----w C:\Programmi\Autodesk
2008-05-02 12:24 --------- d-----w C:\Programmi\Alwil Software
2008-05-02 12:18 --------- d-----w C:\Programmi\Google
2008-05-02 12:02 --------- d-----w C:\Programmi\ZyDAS
2008-05-02 11:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-05-02 11:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-01 09:09 --------- d-----w C:\Programmi\Motive
2008-05-01 09:09 --------- d-----w C:\Programmi\Common Files
2008-05-01 09:08 155,995 ----a-w C:\WINDOWS\java\Packages\PZ3PVPFV.ZIP
2008-04-30 06:38 --------- d-----w C:\Programmi\Yahoo!
2008-04-30 06:38 --------- d-----w C:\Programmi\Microsoft SQL Server
2008-04-30 06:34 --------- d-----w C:\Programmi\commercial
2008-04-30 06:31 --------- d-----w C:\Programmi\Servizi in linea
2008-04-30 06:31 --------- d-----w C:\Programmi\Oca History Tool
2008-04-30 06:31 --------- d-----w C:\Programmi\NewTech Infosystems
2008-04-30 06:31 --------- d-----w C:\Programmi\Microsoft.NET
2008-04-30 06:30 --------- d-----w C:\Programmi\microsoft frontpage
2008-04-30 06:30 --------- d-----w C:\Programmi\Java
2008-04-30 06:30 --------- d-----w C:\Programmi\File comuni\NewTech Infosystems
2008-04-30 06:30 --------- d-----w C:\Programmi\File comuni\muvee Technologies
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\Java
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-04-30 06:29 --------- d-----w C:\Programmi\File comuni\Adobe
2008-04-30 06:29 --------- d-----w C:\Programmi\CyberLink
2008-04-30 06:28 --------- d-----w C:\Programmi\Microsoft Small Business
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Avocent AdminWorks
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\eSobi
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avocent AdminWorks
2008-04-30 06:28 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Avocent AdminWorks
2008-04-29 21:46 --------- d-----w C:\Programmi\Realtek
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((( snapshot_2008-06-12_20.01.16,15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 17:46:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 06:53:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-02 14:18 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 07:00 15360]
"01new"="C:\DOCUME~1\Utente\DATIAP~1\BLEHUP~1\multi dog regs.exe" [2008-05-27 10:35 407552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-19 07:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-19 07:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 07:00 455168]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 17:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"SiteAdvisor"="C:\Programmi\SiteAdvisor\6261\SiteAdv.exe" [2007-02-03 20:25 36904]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"FaxCenterServer"="C:\Programmi\Lexmark Fax Solutions\fm3032.exe" [2007-12-17 11:55 320168]
"SmartDefrag"="C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-04-17 14:51 1870592]
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe" [2006-11-21 16:26 936960]
"lxcemon.exe"="C:\Programmi\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 19:46 192512]
"EzPrint"="C:\Programmi\Lexmark 4300 Series\ezprint.exe" [2005-07-26 14:17 94208]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 15:46 73728]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-16 19:23 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 07:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-05-01 11:09:00 217088]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-05-02 14:18:06 124400]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 14:43:54 11000]
ZDWlan.lnk - C:\Programmi\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe [2008-05-02 14:02:37 438272]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Autodesk\\Autodesk DWF Viewer\\DWFViewer.exe"=
"C:\\Programmi\\eMule\\eMule.exe"=
"C:\\Programmi\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Programmi\\Lexmark Fax Solutions\\FaxCtr.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
"4662:UDP"= 4662:UDP:eMule_UDP_Port
"4672:TCP"= 4672:TCP:eMule_TCP_Port
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-16 19:20]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-16 19:20]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-16 19:23]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-16 19:23]
R2 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 18:06]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-06-13 21:24]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
S2 netlimiter;netlimiter;C:\WINDOWS\system32\drivers\netlimiter.sys []
S2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys []
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\system32\ZDBRGSYS.SYS [2004-06-30 13:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f6cc271-1845-11dd-a3bc-000272523120}]
\Shell\AutoRun\command - setupSNK.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-14 08:00:04 C:\WINDOWS\Tasks\AE811873918A8EF3.job"
- c:\docume~1\utente\datiap~1\blehup~1\sizeextrabase.exe
"2008-06-01 20:00:00 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.ex
- C:\Programmi\IObit\IObit SmartDefrag\.Utente
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 10:37:02
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-06-14 10.37.49
ComboFix-quarantined-files.txt 2008-06-14 08:37:40
ComboFix2.txt 2008-06-13 18:06:07
ComboFix3.txt 2008-06-13 17:01:20
ComboFix4.txt 2008-06-13 16:56:18
ComboFix5.txt 2008-06-12 18:01:33
18 Directory 55,965,683,712 byte disponibili
22 Directory 56,072,540,160 byte disponibili
233 --- E O F --- 2008-06-10 20:12:07 |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 14 Giu 2008 11:48 Oggetto: |
|
|
| ALEK-J ha scritto: | Ciao Bdoriano,in tanto ti ringrazio per l'aiuto..
Vediamo se questa volta ho fatto tutti i passaggi giusti.
Ho copiato il file di testo su una nuova pagina di microsoft office word |
Svelato l'arcano!!!
NON USARE WORD per creare il file di testo. Utilizza il semplicissimo Notepad (Start - Programmi - Accessori - Blocco note).
E ripeti i passaggi che ti ho indicato prima. |
|
| Top |
|
|
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
| Inviato: 15 Giu 2008 10:06 Oggetto: |
|
|
OK!!! ABBIAMO RISOLTO IL PROBLEMA!!!
QUELLE MALEDETTE PUBBLICITA' NON COMPAIONO PIU'...
GRAZIE BDORIANO!!!! |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 15 Giu 2008 10:33 Oggetto: |
 |
|
Giusto per sicurezza:
- Disabilita il tuo antivirus
- Collegati a BitDefender (con IE) e fai la scansione completa.
- Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato TXT), carica il file su WikiSend e posta qui il Forum Link che ti viene assegnato.
|
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
