Pagina 1 di 2 12 UltimoUltimo
Mostra risultati da 1 a 10 di 11

Discussione: Vdibej..virus..??..

  1. #1
    Data registrazione
    Jan 2010
    Messaggi
    1,628
    Grazie dati 
    1,374
    Grazie ricevuti 
    95
    Ringraziato in
    75 post

    Vdibej..virus..??..

    ciao

    ..mi sono appena accorto,con ccleaner,che nei programmi di avvio-start up mi e' apparso:

    HKCU:Run Vdibej rundll32.exe "C:\WINDOWS\putlmi.dll",Startup

    ed anche:

    HKLM:Run awkqzcmhekpkaql C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\pavqlaormpxlux.dll"

    io non li ho mai scaricati..

    inoltre antivir mi troverebbe dei trojian in c\doc settings\admin\impostazioni locali\temp..sono o file svchost.exe..oppure file dal nome strano tipo 6.exe o 1.exe..

    ho provato ad andare nel registro sistema di win e cancellare le chiavi in hk current user software microsoft windows current version run..ma si ricreano..
    ..anche se uso regseeker per eliminare..si ricreano..

    ecco il log di hijackthis..mi aiutereste..??!!

    grazie in anticipo!!

    luca

     
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11.29.20, on 01/08/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\DOCUME~1\ADMINI~2\IMPOST~1\Temp\svchost.exe
    C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
    C:\Programmi\The Weather Channel FW\Desktop\DesktopWeather.exe
    C:\Programmi\uTorrent\uTorrent.exe
    C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Programmi\isposure\IsposureAgent.exe
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\Nitro PDF\Professional\NitroPDFDriverService.exe
    C:\WINDOWS\system32\NLSSRV32.EXE
    C:\Programmi\Spyware Terminator\sp_rsser.exe
    C:\Programmi\isposure\IsposureAgent.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\Programmi\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Windows Live\Toolbar\wltuser.exe
    C:\Programmi\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Programmi\CCleaner\CCleaner.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\taskmgr.exe
    C:\Programmi\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrator\Desktop\PROCESS EXPLORER\procexp.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\I E\rpbrowserrecordplugin.dll
    O2 - BHO: cashtitan browser enhancer - {3B8080AF-C70B-C997-CBDA-04D275B43B91} - C:\WINDOWS\system32\pavqlaormpxlux.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [DW6] "C:\Programmi\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe"
    O4 - HKCU\..\Run: [Vdibej] rundll32.exe "C:\WINDOWS\putlmi.dll",Startup
    O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1235630691343
    O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://www.telepace.it/scripts/sopcore.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O21 - SSODL: PSFactoryBuffer - {38c8f34e-2cc7-4b04-9b75-1a35043970f8} - C:\Programmi\File comuni\PSFactoryBuffer\PSFactoryBuffer.dll
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - C:\Programmi\isposure\IsposureAgent.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Programmi\Nitro PDF\Professional\NitroPDFDriverService.exe
    O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programmi\WinPcap\rpcapd.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

    --
    End of file - 7915 bytes
    Ultima modifica di LadyHawke; 01-08-10 alle 21: 20. Motivo: Inserito log tra TAG "spoiler"

    Rispondi citando Rispondi citando

  2. # ADS
    Google Adsense Circuito Adsense
    Data registrazione
    da sempre
    Messaggi
    molti
     
  3. #2
    Data registrazione
    Jan 2010
    Sesso
    Uomo
    Località
    Una bolla di sapone in punta di spillo
    Messaggi
    33,400
    Grazie dati 
    11,495
    Grazie ricevuti 
    8,854
    Ringraziato in
    5,692 post

    Riferimento: Vdibej..virus..??..



    Non sono capace di leggerlo ma potresti caricarlo qui per una scansione

    Rispondi citando Rispondi citando Il mio PC

  4. #3
    Data registrazione
    Jan 2010
    Messaggi
    1,628
    Grazie dati 
    1,374
    Grazie ricevuti 
    95
    Ringraziato in
    75 post

    Riferimento: Vdibej..virus..??..

    ciao!

    ..ho fatto combofix..ecco il log..:

     
    ComboFix 10-07-31.04 - Administrator 01/08/2010 14.50.32.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1437 [GMT 2:00]
    Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012EE0C-E2C8-7C98-30EE-120028EE1200}
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012EE1C-EE8C-0012-58EF-120000000000}

    ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
    .

    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .

    c:\documents and settings\Administrator\Dati applicazioni\chrtmp
    c:\windows\system32\pavqlaormpxlux.dll
    c:\windows\Tasks\Acrobat Update.job

    .
    ((((((((((((((((((((((((( Files Creati Da 2010-07-01 al 2010-08-01 )))))))))))))))))))))))))))))))))))
    .

    2010-08-01 09:28 . 2010-08-01 09:28 388096 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-07-31 15:21 . 2010-07-31 15:21 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Restore
    2010-07-31 15:21 . 2010-08-01 08:48 584704 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\WMR.exe
    2010-07-31 15:21 . 2010-07-31 15:21 -------- d-----w- c:\programmi\Xenocode
    2010-07-31 15:21 . 2010-07-31 15:21 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Xenocode
    2010-07-31 14:53 . 2010-07-31 15:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
    2010-07-21 14:49 . 2010-07-21 14:50 -------- d-----w- C:\svabi
    2010-07-21 14:47 . 2010-07-21 14:48 -------- d-----w- C:\RTE-NE40
    2010-07-17 20:21 . 2010-07-17 20:21 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ProgSense
    2010-07-13 18:14 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-10 17:13 . 2010-07-11 06:29 -------- d-----w- c:\programmi\Notepad++
    2010-07-10 17:13 . 2010-07-10 17:14 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Notepad++
    2010-07-10 15:07 . 2010-07-10 15:07 -------- d-----w- c:\programmi\XnView
    2010-07-10 13:37 . 2010-07-10 13:37 -------- d-----w- c:\programmi\gs
    2010-07-10 13:30 . 2010-07-10 15:07 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\XnView
    2010-07-10 07:39 . 2010-07-10 07:39 503808 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 6\f84c6ae-5cc7ad2f-n\msvcp71.dll
    2010-07-10 07:39 . 2010-07-10 07:39 499712 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 6\f84c6ae-5cc7ad2f-n\jmc.dll
    2010-07-10 07:39 . 2010-07-10 07:39 348160 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 6\f84c6ae-5cc7ad2f-n\msvcr71.dll
    2010-07-10 07:39 . 2010-07-10 07:39 61440 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\5 0\5535ab32-592dff5e-n\decora-sse.dll
    2010-07-10 07:39 . 2010-07-10 07:39 12800 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\5 0\5535ab32-592dff5e-n\decora-d3d.dll
    2010-07-10 07:37 . 2010-07-10 07:37 56765 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DivXPlusShortcuts\Uninstaller.ex e
    2010-07-10 07:37 . 2010-07-10 07:37 57715 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Player\Uninstaller.exe
    2010-07-10 07:36 . 2010-07-10 07:36 54153 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DFXPlugin\Uninstaller.exe
    2010-07-06 17:59 . 2010-07-06 17:59 -------- d-----w- C:\Diskeeper
    2010-07-06 15:39 . 2010-07-06 15:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Diskeeper Corporation
    2010-07-04 14:39 . 2010-07-04 14:39 49152 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\F irefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-07-04 14:39 . 2010-07-04 14:39 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\T hinShims\rpnpshimwmp.dll
    2010-07-04 14:39 . 2010-07-04 14:39 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\T hinShims\rpnpshimswf.dll
    2010-07-04 14:39 . 2010-07-04 14:39 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\T hinShims\rpnpshimrp.dll
    2010-07-04 14:39 . 2010-07-04 14:39 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\T hinShims\rpnpshimqt.dll
    2010-07-04 14:39 . 2010-07-04 14:39 40960 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\C hrome\Hook\rpchromebrowserrecordhelper.dll
    2010-07-04 14:39 . 2010-07-04 14:39 308808 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\C ommon\rpmainbrowserrecordplugin.dll
    2010-07-04 14:39 . 2010-07-04 14:39 14848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\M ozillaPlugins\nprphtml5videoshim.dll
    2010-07-04 14:38 . 2010-07-04 14:38 -------- d-----w- c:\programmi\File comuni\xing shared

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    2010-08-01 12:46 . 2008-01-17 16:38 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
    2010-08-01 12:35 . 2009-12-25 09:10 -------- d-----w- c:\programmi\isposure
    2010-07-31 22:01 . 2009-12-25 09:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Epitiro
    2010-07-31 16:56 . 2008-01-16 17:55 -------- d-----w- c:\programmi\SpeedFan
    2010-07-31 16:56 . 2008-01-20 16:52 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Media Player Classic
    2010-07-31 09:41 . 2010-01-28 20:17 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Nitro PDF
    2010-07-30 15:14 . 2008-10-16 21:07 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Spyware Terminator
    2010-07-30 15:09 . 2008-10-16 21:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
    2010-07-29 15:45 . 2008-06-08 16:22 -------- d-----w- c:\programmi\Orbitdownloader
    2010-07-26 14:49 . 2008-01-16 19:02 -------- d-----w- c:\programmi\CCleaner
    2010-07-25 16:03 . 2008-10-14 11:58 1 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\ca che\stamp.sys
    2010-07-24 13:40 . 2008-01-17 16:46 -------- d-----w- c:\programmi\uTorrent
    2010-07-21 18:56 . 2009-09-16 20:20 201081 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
    2010-07-21 18:56 . 2009-09-16 20:20 385396 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
    2010-07-20 19:36 . 2009-09-16 20:20 1364346 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
    2010-07-20 19:36 . 2009-09-16 20:20 614772 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
    2010-07-20 19:36 . 2009-09-16 20:20 471414 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
    2010-07-20 19:36 . 2009-09-16 20:20 2793846 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
    2010-07-20 19:35 . 2009-09-16 20:20 242039 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
    2010-07-20 19:35 . 2009-09-16 20:20 192887 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
    2010-07-18 16:11 . 2008-01-24 06:39 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\dvdcss
    2010-07-17 20:37 . 2009-06-06 22:04 -------- d-----w- c:\programmi\Replay Media Catcher 3.02
    2010-07-17 20:35 . 2008-10-17 10:09 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
    2010-07-17 20:35 . 2008-10-17 10:09 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
    2010-07-17 20:35 . 2008-10-17 10:09 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
    2010-07-17 20:35 . 2009-10-26 21:53 -------- d-----w- c:\programmi\Replay Media Catcher 3.01
    2010-07-17 20:35 . 2009-10-26 22:54 -------- d-----w- c:\programmi\Replay Media Catcher 2.4
    2010-07-17 20:27 . 2008-01-16 22:47 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Orbit
    2010-07-17 20:21 . 2009-10-27 17:46 -------- d-----w- c:\programmi\Replay Media Catcher 3.03
    2010-07-17 16:00 . 2010-03-15 14:58 -------- d-----w- c:\programmi\WMR14.1
    2010-07-16 17:27 . 2009-11-24 19:09 -------- d-----w- c:\programmi\Recuva
    2010-07-16 06:35 . 2008-04-07 13:14 -------- d-----w- c:\programmi\SIW
    2010-07-16 06:31 . 2010-04-26 20:42 -------- d-----w- c:\programmi\Speccy
    2010-07-10 07:39 . 2008-01-28 22:22 -------- d-----w- c:\programmi\File comuni\Java
    2010-07-10 07:38 . 2010-04-15 19:35 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-10 07:37 . 2010-04-16 16:27 57344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-07-10 07:37 . 2010-03-23 17:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
    2010-07-10 07:37 . 2008-01-21 21:18 -------- d-----w- c:\programmi\DivX
    2010-07-10 07:36 . 2010-04-16 16:26 144696 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-07-10 07:36 . 2010-03-23 17:44 1062184 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\Resource.dll
    2010-07-08 15:59 . 2008-03-02 21:27 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
    2010-07-07 18:30 . 2010-03-23 17:44 895256 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\DivXSetup.exe
    2010-07-06 14:16 . 2008-01-16 23:23 -------- d-----w- c:\programmi\Unlocker
    2010-07-04 14:39 . 2010-02-19 22:57 341600 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\I E\rpbrowserrecordplugin.dll
    2010-07-04 14:39 . 2008-01-18 22:25 -------- d-----w- c:\programmi\File comuni\Real
    2010-07-04 14:38 . 2009-03-12 13:50 -------- d-----w- c:\programmi\Real
    2010-07-04 14:38 . 2009-02-25 07:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-07-04 14:38 . 2009-02-25 07:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-06-29 16:14 . 2008-01-16 11:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
    2010-06-29 14:00 . 2010-06-29 14:00 -------- d-----w- c:\programmi\Quicksys
    2010-06-29 13:46 . 2010-06-29 13:46 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Auslogics
    2010-06-29 13:30 . 2010-06-29 13:30 -------- d-----w- c:\programmi\Auslogics
    2010-06-29 13:28 . 2010-06-29 13:28 -------- d-----w- c:\programmi\File comuni\PSFactoryBuffer
    2010-06-29 05:34 . 2010-02-03 17:08 -------- d-----w- c:\programmi\Paint.NET
    2010-06-27 08:02 . 2008-01-17 23:34 -------- d-----w- c:\programmi\SpywareBlaster
    2010-06-24 05:45 . 2008-01-17 18:37 -------- d-----w- c:\programmi\Windows Media Connect 2
    2010-06-24 05:38 . 2004-08-19 12:00 79862 ----a-w- c:\windows\system32\perfc010.dat
    2010-06-24 05:38 . 2004-08-19 12:00 479512 ----a-w- c:\windows\system32\perfh010.dat
    2010-06-24 05:37 . 2010-04-15 21:12 -------- d-----w- c:\programmi\VS Revo Group
    2010-06-23 14:09 . 2010-05-27 15:56 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\MyGuitar
    2010-06-18 13:39 . 2010-04-15 19:32 79488 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\jre1.6.0_20\gtapi.dll
    2010-06-18 13:39 . 2010-04-15 19:32 152576 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\jre1.6.0_20\lzma.dll
    2010-06-15 13:13 . 2008-05-01 11:10 -------- d-----w- c:\programmi\Kantaris
    2010-06-15 05:34 . 2010-06-15 05:34 -------- d-----w- c:\programmi\PDFCreator
    2010-06-14 14:31 . 2008-01-16 09:30 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-11 20:33 . 2010-06-11 20:33 -------- d-----w- c:\programmi\Secunia
    2010-06-11 20:26 . 2008-11-24 22:34 -------- d-----w- c:\programmi\File comuni\Adobe AIR
    2010-06-11 20:26 . 2010-06-11 20:26 53632 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
    2010-06-05 15:31 . 2009-03-15 00:04 -------- d-----w- c:\programmi\File comuni\DivX Shared
    2010-06-05 15:31 . 2010-06-05 15:31 56997 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\WebPlayer\Uninstaller.exe
    2010-06-05 15:31 . 2010-06-05 15:31 53600 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Update\Uninstaller.exe
    2010-06-05 15:31 . 2010-06-05 15:31 54128 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Converter\Uninstaller.exe
    2010-06-05 15:31 . 2010-06-05 15:31 54644 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\TranscodeEngine\Uninstaller.exe
    2010-06-05 15:31 . 2010-06-05 15:31 54101 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\MPEG2Plugin\Uninstaller.exe
    2010-06-05 09:04 . 2008-01-16 21:46 90688 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
    2010-06-05 07:02 . 2008-10-14 11:54 -------- d-----w- c:\programmi\OpenOffice.org 3
    2010-06-04 12:48 . 2008-09-10 15:30 -------- d-----w- c:\programmi\Microsoft Silverlight
    2010-05-28 11:04 . 2010-05-28 11:04 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
    2010-05-27 16:18 . 2010-05-27 16:18 57409 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\ControlPanel\Uninstaller.exe
    2010-05-13 13:54 . 2009-09-16 20:20 127347 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
    2010-05-06 10:32 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2004-10-01 14:00 . 2008-01-16 10:59 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
    2008-01-21 20:53 . 2008-01-21 20:53 5 --sha-w- c:\windows\system32\ccacb6_d.dll
    2009-10-28 06:44 . 2009-10-28 06:44 23 --sha-w- c:\windows\system32\edacded0.dat
    2009-03-17 18:07 . 2009-03-17 18:07 23 --sha-w- c:\windows\system32\edacded0_x.dat
    2006-05-03 10:06 . 2010-02-12 17:41 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47 . 2010-02-12 17:41 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30 . 2010-02-12 17:41 216064 --sh--r- c:\windows\system32\nbDX.dll
    .

    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "DW6"="c:\programmi\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-11-10 818288]
    "uTorrent"="c:\programmi\uTorrent\uTorrent.exe " [2010-07-24 327984]
    "SpywareTerminatorUpdate"="c:\programmi\Spywar e Terminator\SpywareTerminatorUpdate.exe" [2009-12-09 3037696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-30 2176512]
    "avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\programmi\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
    "PSFactoryBuffer"= {38c8f34e-2cc7-4b04-9b75-1a35043970f8} - c:\programmi\File comuni\PSFactoryBuffer\PSFactoryBuffer.dll [2010-06-29 131072]

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Programmi\\Orbitdownloader\\orbitnet.exe" =
    "c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Programmi\\eMule\\emule.exe"=
    "c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Programmi\\Real\\RealPlayer\\realplay.exe "=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Programmi\\isposure\\IsposureAgent.exe"=
    "c:\\Programmi\\uTorrent\\uTorrent.exe"=
    "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "38188:TCP"= 38188:TCP:*:Disabled:utorrent
    "38188:UDP"= 38188:UDP:*:Disabled:utorrent
    "45871:TCP"= 45871:TCP:emule
    "53794:UDP"= 53794:UDP:emule

    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [16/10/2008 23.07.59 142592]
    R2 isposure_svc;IsposureAgent;c:\programmi\isposure\I sposureAgent.exe [18/06/2009 17.52.46 761856]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpoo l;c:\programmi\Nitro PDF\Professional\NitroPDFDriverService.exe [16/12/2009 11.09.04 188736]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [16/12/2009 11.11.06 65856]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 20.19.44 50704]
    R2 RVIEGVST;VSC VST Engine;c:\programmi\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [10/07/2009 13.16.24 188276]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [28/05/2010 13.04.52 14896]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\ TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contenuto della cartella 'Scheduled Tasks'

    2010-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

    2010-08-01 c:\windows\Tasks\emule.job
    - c:\programmi\eMule\emule.exe [2008-01-17 13:00]

    2010-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-436374069-616249376-725345543-500.job
    - c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

    2010-08-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-436374069-616249376-725345543-500.job
    - c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
    .
    .
    ------- Scansione supplementare -------
    .
    uStart Page = hxxp://www.yahoo.it/
    IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
    IE: E&sporta in Microsoft Excel
    FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\primo profilo 3.0\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.it
    FF - prefs.js: keyword.enabled - false
    FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\F irefox\Ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\primo profilo 3.0\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\M ozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava 1.dll
    FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\programmi\Mozilla Firefox\plugins\npagent.dll
    FF - plugin: c:\programmi\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\programmi\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
    FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
    FF - plugin: c:\programmi\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
    FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-01 14:55
    Windows 5.1.2600 Service Pack 3 NTFS

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0

    ************************************************** ************************
    .
    --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

    [HKEY_USERS\S-1-5-21-436374069-616249376-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,6b,5d ,c9,0a,98,3d,49,80,22,fa,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,1a,22 ,77,0f,2e,ca,4d,9e,e9,28,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,6b,5d ,c9,0a,98,3d,49,80,22,fa,\

    [HKEY_LOCAL_MACHINE\software\ATI Technologies Inc.\Driver ATI]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\Applications\A croRd32.exe\shell]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ UIPlugins\{292AE934-4F49-40bb-9E7E-6F6398ED9C31}]
    @DACL=(02 0000)
    "FriendlyName"="Nero Fast CD-Burning Plug-in"
    "Description"="Scrivere CD"
    "Capabilities"=dword:40000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Wind ows XP OOB\SP10\KB835221WXP\Filelist]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Setup\OOBE\CKPT]
    @DACL=(02 0000)
    "0"=dword:00000001
    "TOS"=dword:00000002
    "1"=dword:0000000a

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Setup\OOBE\Status]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\NeroBurnPlugin]
    @DACL=(02 0000)
    "ProgID"="MDNeroBurnPlugin.MDNeroBurnPlugin"

    [HKEY_LOCAL_MACHINE\software\REALTEK Semiconductor Corporation\REALTEK Gigabit and Fast Ethernet NIC Driver]
    @DACL=(02 0000)
    .
    --------------------- Dlls caricate dai processi in esecuzione ---------------------

    - - - - - - - > 'winlogon.exe'(876)
    c:\windows\system32\Ati2evxx.dll
    .
    Ora fine scansione: 2010-08-01 14:58:06
    ComboFix-quarantined-files.txt 2010-08-01 12:58
    ComboFix2.txt 2010-06-17 13:48

    Pre-Run: 69.197.770.752 byte disponibili
    Post-Run: 69.183.381.504 byte disponibili

    - - End Of File - - 55A305B16CA9BEEC9164F3D1F55BE572


    e nuovo hijackthis..:

     
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15.04.26, on 01/08/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Avira\AntiVir Desktop\sched.exe
    C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
    C:\Programmi\uTorrent\uTorrent.exe
    C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Programmi\isposure\IsposureAgent.exe
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\Nitro PDF\Professional\NitroPDFDriverService.exe
    C:\WINDOWS\system32\NLSSRV32.EXE
    C:\Programmi\Spyware Terminator\sp_rsser.exe
    C:\Programmi\isposure\IsposureAgent.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Programmi\Spyware Terminator\SpyWareTerminator.exe
    C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Programmi\Mozilla Firefox\plugin-container.exe
    C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\I E\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [DW6] "C:\Programmi\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe"
    O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1235630691343
    O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://www.telepace.it/scripts/sopcore.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O21 - SSODL: PSFactoryBuffer - {38c8f34e-2cc7-4b04-9b75-1a35043970f8} - C:\Programmi\File comuni\PSFactoryBuffer\PSFactoryBuffer.dll
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - C:\Programmi\isposure\IsposureAgent.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Programmi\Nitro PDF\Professional\NitroPDFDriverService.exe
    O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programmi\WinPcap\rpcapd.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

    --
    End of file - 7242 bytes
    Ultima modifica di LadyHawke; 01-08-10 alle 21: 25. Motivo: Inseriti tag [spoiler] [/spoiler]

    Rispondi citando Rispondi citando

  5. #4
    Data registrazione
    Aug 2009
    Sesso
    Donna
    Messaggi
    1,323
    Grazie dati 
    341
    Grazie ricevuti 
    1,798
    Ringraziato in
    719 post

    Riferimento: Vdibej..virus..??..

    Ciao p060477,

    Adesso devi scaricare Malwarebytes e aggiornalo, scarica anche ATF-Cleaner

    - Dalla Modalità Provvisoria ripulisci tutto con ATF-Cleaner
    - Fai la scansione approfondita con Malwarebytes (ricordarsi di visualizzare i risultati e premere il tasto in basso a sinistra per eliminare quanto trovato)
    - Allega il log di Malwarebytes


    Cortesemente i log inseriscili come allegati, oppure utilizza i TAG spoiler

    Dum differtur, vita transcurrit

    Rispondi citando Rispondi citando Il mio PC

  6. #5
    Data registrazione
    Jan 2010
    Messaggi
    1,628
    Grazie dati 
    1,374
    Grazie ricevuti 
    95
    Ringraziato in
    75 post

    Riferimento: Vdibej..virus..??..

    ciao LadyHawke!
    ..perdona la mia max imbranataggine..mi guideresti all'uso del "tag Spoiler"..
    ..non riuscirei ad usarlo..ma faresti un esempio magari usando delle immagini guida..?!..
    grazie mille..anche della pazienza!
    luca

    Rispondi citando Rispondi citando

  7. #6
    Data registrazione
    Aug 2009
    Sesso
    Donna
    Messaggi
    1,323
    Grazie dati 
    341
    Grazie ricevuti 
    1,798
    Ringraziato in
    719 post

    Riferimento: Vdibej..virus..??..

    Ecco qua:



    Le TAG che determinano inizio e fine codice sono quelle in rosso, dove titolo dello spoiler è il nome (obbligatorio) che devi dare allo spoiler (es. [spoiler=HJT] o [spoiler=combofix]


    Dum differtur, vita transcurrit

    Rispondi citando Rispondi citando Il mio PC

  8. #7
    Data registrazione
    Jan 2010
    Messaggi
    1,628
    Grazie dati 
    1,374
    Grazie ricevuti 
    95
    Ringraziato in
    75 post

    Riferimento: Vdibej..virus..??..

    ciao e grazie!
    chiarissimo!
    ..una domanda..anche la scan con malwarebytes devo farla in mod provvisoria..?
    ancora grazie!

    luca

    Rispondi citando Rispondi citando

  9. #8
    Data registrazione
    Aug 2009
    Sesso
    Donna
    Messaggi
    1,323
    Grazie dati 
    341
    Grazie ricevuti 
    1,798
    Ringraziato in
    719 post

    Riferimento: Vdibej..virus..??..

    No, non è necessario, l'importante è che sia quella completa e non quella veloce

    Dum differtur, vita transcurrit

    Rispondi citando Rispondi citando Il mio PC

  10. #9
    Data registrazione
    Jan 2010
    Messaggi
    1,628
    Grazie dati 
    1,374
    Grazie ricevuti 
    95
    Ringraziato in
    75 post

    Riferimento: Vdibej..virus..??..

    ciao ladyhawke!

    1) fatta pulizia con Atf cleaner in mod provvisoria!

    2)fatta la scan completa con malawarebytes..ecco il log..:
     
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Versione database: 4380

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    02/08/2010 16.20.23
    mbam-log-2010-08-02 (16-20-23).txt

    Tipo di scansione: Scansione completa (C:\|D:\|E:\|)
    Elementi esaminati: 245516
    Tempo trascorso: 1 ore, 1 minuti, 49 secondi

    Processi infetti in memoria: 0
    Moduli di memoria infetti: 0
    Chiavi di registro infette: 1
    Valori di registro infetti: 1
    Voci infette nei dati di registro: 0
    Cartelle infette: 0
    File infetti: 1

    Processi infetti in memoria:
    (Non sono stati rilevati elementi nocivi)

    Moduli di memoria infetti:
    (Non sono stati rilevati elementi nocivi)

    Chiavi di registro infette:
    HKEY_CLASSES_ROOT\CLSID\{38c8f34e-2cc7-4b04-9b75-1a35043970f8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

    Valori di registro infetti:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\psfactorybu ffer (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

    Voci infette nei dati di registro:
    (Non sono stati rilevati elementi nocivi)

    Cartelle infette:
    (Non sono stati rilevati elementi nocivi)

    File infetti:
    C:\Programmi\File comuni\PSFactoryBuffer\PSFactoryBuffer.dll (Trojan.FakeAlert.H) -> Delete on reboot.



    ..cosa ne pensi ora del tutto,log di hijackthis piu' combofix piu' questo di malawarebytes..??!!

    luca

    Rispondi citando Rispondi citando

  11. #10
    Data registrazione
    Aug 2009
    Sesso
    Donna
    Messaggi
    1,323
    Grazie dati 
    341
    Grazie ricevuti 
    1,798
    Ringraziato in
    719 post

    Riferimento: Vdibej..virus..??..

    Direi che saremo a posto dopo che avrai disinstallato PSFactoryBuffer che non è roba buona, ed eliminato la sua cartella in C:\Programmi\File comuni\PSFactoryBuffer (verifica anche la presenza in C:\programmi\PSFactoryBuffer)


    Dum differtur, vita transcurrit

    Rispondi citando Rispondi citando Il mio PC

Segnalibri

Regole di scrittura

  • Tu non puoi inviare nuove discussioni
  • Tu non puoi inviare risposte
  • Tu non puoi inviare allegati
  • Tu non puoi modificare i tuoi messaggi
  •  
Cookies:direttiva 2009/136/CE (E-Privacy)

Il sito utilizza cookies propri e di terze parti per maggiori informazioni faq - Termini di servizio - Cookies
Il forum non puo' funzionare senza l'uso dei cookies pertanto l'uso della community è vincolato dall'accettazione degli stessi, nel caso contrario siete pregati di lasciare la community, proseguendo la navigazione acconsenti all’uso dei cookie