MegaLab.it


http://www.megalab.it/forum/

crash con Adobe Premier Pro

./viewtopic.php?f=21&t=58983&start=0

Pagina 1 di 1

crash con Adobe Premier Pro

MessaggioInviato: dom nov 15, 2009 2:23 pm
da Giulio75
Ciao a tutti gli amici di MegaLab.it,
dopo aver fatto un paio di scansioni con Combofix, la prima in modalità provvisoria, mentre la seconda in maniera normale, vorrei chiedere l'aiuto di qualcuno per l'interpretazione dei file di log.
Questo è quanto è venuto fuori dalla prima scansione (modalità provvisoria):

ComboFix 09-11-15.01 - Administrator 15/11/2009 12.57.31..1 - FAT32x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1279.1015 [GMT 1:00]
Eseguito da: c:\documents and settings\Giulio\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091115-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Giulio\Impostazioni locali\Dati applicazioni\woqhqak.dat
c:\documents and settings\Giulio\Impostazioni locali\Dati applicazioni\woqhqak_nav.dat
c:\documents and settings\Giulio\Impostazioni locali\Dati applicazioni\woqhqak_navps.dat
c:\windows\46f8ef61-6f18-44a6-9c7c-306ded4152c3.ocx
c:\windows\struct~.ini
c:\windows\system32\16e7e30f-d39c-4141-88f2-d1d1d9f96a99.dll
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\nerocheck .exe

.
((((((((((((((((((((((((( Files Creati Da 2009-10-15 al 2009-11-15 )))))))))))))))))))))))))))))))))))
.

2009-11-14 20:45 . 2009-11-14 20:46 -------- d-----w- c:\programmi\File comuni\IdiomaX Uninstall
2009-11-14 20:45 . 2009-11-14 20:46 -------- d-----w- c:\programmi\File comuni\IdiomaX Shared
2009-11-14 20:45 . 2009-11-14 20:45 -------- d-----w- c:\programmi\IdiomaX Suite 5.0
2009-11-14 07:30 . 2009-11-14 07:30 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\LphantTb
2009-11-13 18:33 . 2009-11-13 18:33 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\vlc
2009-11-13 14:30 . 2009-11-13 14:35 -------- d-----w- c:\documents and settings\Giulio\SecurityScans
2009-11-13 14:30 . 2009-11-13 14:30 -------- d-----w- c:\programmi\Microsoft Baseline Security Analyzer 2
2009-11-13 13:52 . 2009-11-13 13:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-13 13:51 . 2009-11-13 13:57 152576 ----a-w- c:\documents and settings\Giulio\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-12 20:11 . 2009-11-12 19:22 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-12 19:22 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-12 19:22 . 2009-11-12 19:22 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-12 19:22 . 2009-11-12 19:22 93360 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-12 19:22 . 2009-11-12 19:22 862040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-11-12 19:22 . 2009-11-12 19:22 554280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-12 19:22 . 2009-11-12 19:22 15880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-12 19:22 . 2009-11-12 19:22 206944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-11-12 19:22 . 2009-11-12 19:22 390288 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-11-12 19:22 . 2009-11-12 19:22 537576 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-11-12 19:21 . 2009-11-12 19:22 212480 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-12 19:21 . 2009-11-12 19:21 283944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-12 19:21 . 2009-11-12 19:21 370744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-11-12 19:21 . 2009-11-12 19:21 163728 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-12 19:21 . 2009-11-12 19:21 194104 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-11-12 19:21 . 2009-11-12 19:21 1223976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-12 19:21 . 2009-11-12 19:21 242984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-12 19:20 . 2009-11-12 19:20 5908024 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-12 19:20 . 2009-11-12 19:20 327000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-12 19:20 . 2009-11-12 19:20 87496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-12 19:20 . 2009-11-12 19:20 933120 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-12 19:20 . 2009-11-12 19:20 640608 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-12 19:19 . 2009-11-12 19:19 815760 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-12 19:19 . 2009-11-12 19:19 822904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-12 19:19 . 2009-11-12 19:19 1638104 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-12 19:19 . 2009-11-12 19:19 788368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-12 19:18 . 2009-11-12 19:19 1179232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-12 19:15 . 2009-11-12 19:15 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-12 19:15 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-12 19:15 . 2009-11-12 19:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-11-12 19:15 . 2009-11-12 19:15 -------- d-----w- c:\programmi\Lavasoft
2009-11-12 14:59 . 2009-11-12 15:01 -------- d-----w- C:\AntiBlaster
2009-11-10 12:35 . 2009-11-10 12:35 -------- d-----w- c:\programmi\IObit
2009-11-08 21:44 . 2009-11-08 22:54 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\IObit
2009-11-06 11:23 . 2009-11-13 21:51 -------- d-----w- c:\programmi\JDownloader
2009-10-29 19:48 . 2009-10-29 19:48 -------- d-----w- c:\programmi\SopCast
2009-10-25 21:30 . 2009-10-25 21:30 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-24 12:10 . 2009-10-24 12:10 -------- d-----w- c:\programmi\Web Media Player
2009-10-24 11:40 . 2009-10-24 11:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-10-24 11:40 . 2009-10-24 11:40 -------- d-----w- c:\programmi\TVUPlayer
2009-10-20 20:41 . 2009-11-02 19:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-10-20 20:41 . 2009-11-02 19:30 -------- d-----w- c:\programmi\DVD Shrink
2009-10-20 19:05 . 2009-10-21 14:22 -------- d-----w- c:\programmi\SopCast(2)
2009-10-19 14:28 . 2009-10-19 14:29 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\CTdeveloping
2009-10-19 11:59 . 2009-10-19 11:59 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\adma
2009-10-19 11:57 . 2009-10-19 11:57 -------- d-----w- c:\programmi\adma

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 11:26 . 2007-10-26 15:42 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-13 13:58 . 2008-02-04 13:07 -------- d-----w- c:\programmi\Java
2009-11-13 13:49 . 2008-02-25 20:46 -------- d-----w- c:\programmi\QuickTime
2009-11-13 13:48 . 2008-02-25 20:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-11-13 12:56 . 2007-10-27 12:49 738496 ----a-w- c:\documents and settings\Giulio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-13 12:56 . 2009-09-25 14:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-11-13 12:51 . 2007-10-26 20:43 -------- d-----w- c:\programmi\File comuni\Adobe
2009-11-08 22:56 . 2007-10-27 21:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-08 22:52 . 2009-09-20 15:27 -------- d-----w- c:\programmi\Mozilla Firefox(2)
2009-11-08 22:51 . 2009-10-03 11:52 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\ManyCam
2009-11-08 22:51 . 2007-11-11 11:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2009-11-08 22:51 . 2009-04-27 14:32 -------- d-----w- c:\programmi\Zuma Deluxe
2009-11-08 22:51 . 2009-08-30 15:14 -------- d-----w- c:\programmi\ABBYY FineReader 4.0 Sprint
2009-11-08 22:51 . 2007-11-28 10:45 -------- d-----w- c:\programmi\NimoCodec Pack
2009-11-08 20:17 . 2009-01-25 17:47 -------- d-----w- c:\programmi\PPStream
2009-11-08 20:16 . 2009-01-30 15:22 -------- d-----w- c:\programmi\File comuni\uusee
2009-11-08 20:16 . 2009-01-29 13:59 -------- d-----w- c:\programmi\uusee
2009-11-08 10:56 . 2009-09-03 12:14 -------- d-----w- c:\programmi\Unlocker
2009-11-05 15:23 . 2008-01-03 14:15 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-10-28 19:49 . 2009-10-11 20:25 -------- d-----w- c:\programmi\DownloadToolz
2009-10-25 06:49 . 2001-08-31 10:00 80268 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 06:49 . 2001-08-31 10:00 481664 ----a-w- c:\windows\system32\perfh010.dat
2009-10-23 12:00 . 2007-12-08 11:25 48 ----a-w- c:\windows\wpd99.drv
2009-10-19 14:33 . 2008-11-03 20:59 -------- d-----w- c:\programmi\Panda Security
2009-10-07 07:24 . 2009-10-05 10:46 -------- d-----w- c:\programmi\Electronic System
2009-10-03 12:16 . 2009-10-03 12:13 -------- d-----w- c:\programmi\SplitCam
2009-10-03 12:14 . 2009-10-03 12:14 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2009-10-03 12:09 . 2009-10-03 11:41 -------- d-----w- c:\programmi\Fake Webcam
2009-10-03 11:22 . 2009-10-02 19:34 -------- d-----w- c:\programmi\bcWebCam
2009-10-03 10:32 . 2007-12-17 14:18 1440032 ----a-w- C:\PA7311.DAT
2009-10-03 10:16 . 2009-07-27 09:52 -------- d-----w- c:\programmi\Bonjour
2009-09-30 21:22 . 2007-12-23 13:10 -------- d-----w- c:\programmi\Windows Live
2009-09-30 21:20 . 2009-09-30 21:20 -------- d-----w- c:\programmi\Microsoft
2009-09-30 06:29 . 2009-09-30 06:29 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\gnupg
2009-09-28 11:29 . 2009-07-27 09:50 -------- d-----w- c:\programmi\File comuni\Apple
2009-09-28 06:00 . 2009-04-10 18:39 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-26 20:40 . 2009-09-26 20:40 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\GRETECH
2009-09-26 20:38 . 2009-09-26 20:38 -------- d-----w- c:\programmi\GRETECH
2009-09-25 21:21 . 2009-09-25 21:21 40960 ----a-r- c:\documents and settings\Giulio\Dati applicazioni\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\Rambooster.exe1_ADE3CACCEC31480C83A0587EE60CE8DF_1.exe
2009-09-25 21:21 . 2009-09-25 21:21 40960 ----a-r- c:\documents and settings\Giulio\Dati applicazioni\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\NewShortcut2_ADE3CACCEC31480C83A0587EE60CE8DF.exe
2009-09-25 21:21 . 2009-09-25 21:21 10134 ----a-r- c:\documents and settings\Giulio\Dati applicazioni\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\ARPPRODUCTICON.exe
2009-09-25 21:21 . 2009-09-25 21:21 -------- d-----w- c:\programmi\RamBooster 2.0
2009-09-25 14:02 . 2009-09-25 14:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS(2)
2009-09-11 14:34 . 2004-08-19 13:39 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2004-08-19 13:39 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:26 . 2004-08-19 13:39 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:26 . 2004-08-19 13:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:26 . 2004-08-19 13:39 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:14 . 2004-08-19 13:39 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 16:13 . 2009-08-22 18:51 5519752 ----a-w- c:\documents and settings\Giulio\Dati applicazioni\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.7.2.exe
2009-08-17 16:10 . 2008-03-27 11:13 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-03-27 11:13 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-03-27 11:13 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-05 11:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-05 11:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-03-27 11:13 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-03-27 11:13 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-03-27 11:13 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-03-27 11:13 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2008-05-24 10:08 . 2007-11-28 10:46 56 --sh--r- c:\windows\system32\1C0395B6E1.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-11-13 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Assistente di Traduzione IdiomaX.lnk - c:\programmi\IdiomaX Suite 5.0\TrasWord.exe [2009-6-25 401776]
Traduttore di E-Mail IdiomaX.lnk - c:\programmi\IdiomaX Suite 5.0\TrdLaunch.exe [2009-6-25 272752]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Ulead Photo Express SE Calendar Checker.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Ulead Photo Express SE Calendar Checker.lnk
backup=c:\windows\pss\Ulead Photo Express SE Calendar Checker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Watch.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Watch.lnk
backup=c:\windows\pss\Watch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Giulio^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=c:\documents and settings\Giulio\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Look@LAN\\LookAtLan.exe"=
"c:\\Programmi\\Look@LAN\\LookAtHost.exe"=
"c:\\Programmi\\uusee\\UUSeePlayer.exe"=
"c:\\Programmi\\PPLive\\PPLive.exe"=
"c:\\Programmi\\PPStream\\PPStream.exe"=
"c:\\Programmi\\PPStream\\PPSAP.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\PPMate\\ppmate.exe"=
"c:\\Programmi\\PPMate\\ppamnet.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\File comuni\\uusee\\UUSeeMediaCenter.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/11/2009 20.22.40 64288]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/04/2008 12.10.53 114768]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\Giulio\Documenti\Programmi\Programmi Portable\Antivirus & Sicurezza\SUPERAntiSpyware\SASDIFSV.SYS --> c:\documents and settings\Giulio\Documenti\Programmi\Programmi Portable\Antivirus & Sicurezza\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\Giulio\Documenti\Programmi\Programmi Portable\Antivirus & Sicurezza\SUPERAntiSpyware\SASKUTIL.sys --> c:\documents and settings\Giulio\Documenti\Programmi\Programmi Portable\Antivirus & Sicurezza\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/04/2008 12.10.58 20560]
S2 E2ECAP;CamDirector - WDM Video Capture;c:\windows\system32\drivers\e2eCap.sys [03/08/2008 18.51.13 156160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12.17.32 1179232]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 PAC7311;Cammaestro 1.0PT build 146;c:\windows\system32\drivers\PA707UCM.sys [27/06/2005 18.09.24 140800]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [31/03/2009 20.17.44 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [31/03/2009 20.17.45 53312]
S3 SASENUM;SASENUM;\??\c:\documents and settings\Giulio\Documenti\Programmi\Programmi Portable\Antivirus & Sicurezza\SUPERAntiSpyware\SASENUM.SYS --> c:\documents and settings\Giulio\Documenti\Programmi\Programmi Portable\Antivirus & Sicurezza\SUPERAntiSpyware\SASENUM.SYS [?]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:19]

2007-10-28 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\programmi\Spybot - Search & Destroy\SpybotSD.exe [2009-04-01 13:31]

2009-11-15 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:27]
.
.
------- Scansione supplementare -------
.
IE: {{998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel
IE: {{998A88A0-A355-809B-831C-B83A80000992} - c:\programmi\uusee\UUSeePlayer.exe
TCP: {CB7F5C2C-B37A-400B-A31E-963E6E6CA71A} = 192.168.1.101
TCP: {D694B855-917F-41F2-9B50-B8CA3DE58ACC} = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promot ... 371420.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{7B840956-64ED-11DE-B890-694956D89593} - (no file)
Toolbar-{7B840956-64ED-11DE-B890-694956D89593} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 13:16
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(260)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-11-15 13:21
ComboFix-quarantined-files.txt 2009-11-15 12:21

Pre-Run: 32.847.380.480 byte disponibili
Post-Run: 33.193.742.336 byte disponibili

- - End Of File - - 8993B904A94B163932A94FA381DDE8D3


Questo è quanto è venuto fuori dalla seconda scansione (modalità normale):

ComboFix 09-11-15.01 - Giulio 15/11/2009 13.49.57..1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1279.853 [GMT 1:00]
Eseguito da: c:\documents and settings\Giulio\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091115-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-10-15 al 2009-11-15 )))))))))))))))))))))))))))))))))))
.

2009-11-15 12:35 . 2009-11-15 12:35 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Ahead
2009-11-14 20:45 . 2009-11-14 20:46 -------- d-----w- c:\programmi\File comuni\IdiomaX Uninstall
2009-11-14 20:45 . 2009-11-14 20:46 -------- d-----w- c:\programmi\File comuni\IdiomaX Shared
2009-11-14 20:45 . 2009-11-14 20:45 -------- d-----w- c:\programmi\IdiomaX Suite 5.0
2009-11-14 07:30 . 2009-11-14 07:30 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\LphantTb
2009-11-13 18:33 . 2009-11-13 18:33 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\vlc
2009-11-13 14:30 . 2009-11-13 14:35 -------- d-----w- c:\documents and settings\Giulio\SecurityScans
2009-11-13 14:30 . 2009-11-13 14:30 -------- d-----w- c:\programmi\Microsoft Baseline Security Analyzer 2
2009-11-13 13:52 . 2009-11-13 13:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-13 13:51 . 2009-11-13 13:57 152576 ----a-w- c:\documents and settings\Giulio\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-12 20:11 . 2009-11-12 19:22 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-12 19:22 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-12 19:22 . 2009-11-12 19:22 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-12 19:22 . 2009-11-12 19:22 93360 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-12 19:22 . 2009-11-12 19:22 862040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-11-12 19:22 . 2009-11-12 19:22 554280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-12 19:22 . 2009-11-12 19:22 15880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-12 19:22 . 2009-11-12 19:22 206944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-11-12 19:22 . 2009-11-12 19:22 390288 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-11-12 19:22 . 2009-11-12 19:22 537576 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-11-12 19:21 . 2009-11-12 19:22 212480 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-12 19:21 . 2009-11-12 19:21 283944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-12 19:21 . 2009-11-12 19:21 370744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-11-12 19:21 . 2009-11-12 19:21 163728 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-12 19:21 . 2009-11-12 19:21 194104 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-11-12 19:21 . 2009-11-12 19:21 1223976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-12 19:21 . 2009-11-12 19:21 242984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-12 19:20 . 2009-11-12 19:20 5908024 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-12 19:20 . 2009-11-12 19:20 327000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-12 19:20 . 2009-11-12 19:20 87496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-12 19:20 . 2009-11-12 19:20 933120 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-12 19:20 . 2009-11-12 19:20 640608 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-12 19:19 . 2009-11-12 19:19 815760 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-12 19:19 . 2009-11-12 19:19 822904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-12 19:19 . 2009-11-12 19:19 1638104 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-12 19:19 . 2009-11-12 19:19 788368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-12 19:18 . 2009-11-12 19:19 1179232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-12 19:15 . 2009-11-12 19:15 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-12 19:15 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-12 19:15 . 2009-11-12 19:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-11-12 19:15 . 2009-11-12 19:15 -------- d-----w- c:\programmi\Lavasoft
2009-11-12 14:59 . 2009-11-12 15:01 -------- d-----w- C:\AntiBlaster
2009-11-10 12:35 . 2009-11-10 12:35 -------- d-----w- c:\programmi\IObit
2009-11-08 21:44 . 2009-11-08 22:54 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\IObit
2009-11-06 11:23 . 2009-11-13 21:51 -------- d-----w- c:\programmi\JDownloader
2009-10-29 19:48 . 2009-10-29 19:48 -------- d-----w- c:\programmi\SopCast
2009-10-25 21:30 . 2009-10-25 21:30 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-24 12:10 . 2009-10-24 12:10 -------- d-----w- c:\programmi\Web Media Player
2009-10-24 11:40 . 2009-10-24 11:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-10-24 11:40 . 2009-10-24 11:40 -------- d-----w- c:\programmi\TVUPlayer
2009-10-20 20:41 . 2009-11-02 19:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-10-20 20:41 . 2009-11-02 19:30 -------- d-----w- c:\programmi\DVD Shrink
2009-10-20 19:05 . 2009-10-21 14:22 -------- d-----w- c:\programmi\SopCast(2)
2009-10-19 14:28 . 2009-10-19 14:29 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\CTdeveloping
2009-10-19 11:59 . 2009-10-19 11:59 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\adma
2009-10-19 11:57 . 2009-10-19 11:57 -------- d-----w- c:\programmi\adma

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 11:26 . 2007-10-26 15:42 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-13 13:58 . 2008-02-04 13:07 -------- d-----w- c:\programmi\Java
2009-11-13 13:49 . 2008-02-25 20:46 -------- d-----w- c:\programmi\QuickTime
2009-11-13 13:48 . 2008-02-25 20:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-11-13 12:56 . 2007-10-27 12:49 738496 ----a-w- c:\documents and settings\Giulio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-13 12:56 . 2009-09-25 14:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-11-13 12:51 . 2007-10-26 20:43 -------- d-----w- c:\programmi\File comuni\Adobe
2009-11-08 22:56 . 2007-10-27 21:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-08 22:52 . 2009-09-20 15:27 -------- d-----w- c:\programmi\Mozilla Firefox(2)
2009-11-08 22:51 . 2009-10-03 11:52 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\ManyCam
2009-11-08 22:51 . 2007-11-11 11:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2009-11-08 22:51 . 2009-04-27 14:32 -------- d-----w- c:\programmi\Zuma Deluxe
2009-11-08 22:51 . 2009-08-30 15:14 -------- d-----w- c:\programmi\ABBYY FineReader 4.0 Sprint
2009-11-08 22:51 . 2007-11-28 10:45 -------- d-----w- c:\programmi\NimoCodec Pack
2009-11-08 20:17 . 2009-01-25 17:47 -------- d-----w- c:\programmi\PPStream
2009-11-08 20:16 . 2009-01-30 15:22 -------- d-----w- c:\programmi\File comuni\uusee
2009-11-08 20:16 . 2009-01-29 13:59 -------- d-----w- c:\programmi\uusee
2009-11-08 10:56 . 2009-09-03 12:14 -------- d-----w- c:\programmi\Unlocker
2009-11-05 15:23 . 2008-01-03 14:15 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-10-28 19:49 . 2009-10-11 20:25 -------- d-----w- c:\programmi\DownloadToolz
2009-10-25 06:49 . 2001-08-31 10:00 80268 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 06:49 . 2001-08-31 10:00 481664 ----a-w- c:\windows\system32\perfh010.dat
2009-10-23 12:00 . 2007-12-08 11:25 48 ----a-w- c:\windows\wpd99.drv
2009-10-19 14:33 . 2008-11-03 20:59 -------- d-----w- c:\programmi\Panda Security
2009-10-07 07:24 . 2009-10-05 10:46 -------- d-----w- c:\programmi\Electronic System
2009-10-03 12:16 . 2009-10-03 12:13 -------- d-----w- c:\programmi\SplitCam
2009-10-03 12:14 . 2009-10-03 12:14 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2009-10-03 12:09 . 2009-10-03 11:41 -------- d-----w- c:\programmi\Fake Webcam
2009-10-03 11:22 . 2009-10-02 19:34 -------- d-----w- c:\programmi\bcWebCam
2009-10-03 10:32 . 2007-12-17 14:18 1440032 ----a-w- C:\PA7311.DAT
2009-10-03 10:16 . 2009-07-27 09:52 -------- d-----w- c:\programmi\Bonjour
2009-09-30 21:22 . 2007-12-23 13:10 -------- d-----w- c:\programmi\Windows Live
2009-09-30 21:20 . 2009-09-30 21:20 -------- d-----w- c:\programmi\Microsoft
2009-09-30 06:29 . 2009-09-30 06:29 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\gnupg
2009-09-28 11:29 . 2009-07-27 09:50 -------- d-----w- c:\programmi\File comuni\Apple
2009-09-28 06:00 . 2009-04-10 18:39 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-26 20:40 . 2009-09-26 20:40 -------- d-----w- c:\documents and settings\Giulio\Dati applicazioni\GRETECH
2009-09-26 20:38 . 2009-09-26 20:38 -------- d-----w- c:\programmi\GRETECH
2009-09-25 21:21 . 2009-09-25 21:21 40960 ----a-r- c:\documents and settings\Giulio\Dati applicazioni\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\Rambooster.exe1_ADE3CACCEC31480C83A0587EE60CE8DF_1.exe
2009-09-25 21:21 . 2009-09-25 21:21 40960 ----a-r- c:\documents and settings\Giulio\Dati applicazioni\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\NewShortcut2_ADE3CACCEC31480C83A0587EE60CE8DF.exe
2009-09-25 21:21 . 2009-09-25 21:21 10134 ----a-r- c:\documents and settings\Giulio\Dati applicazioni\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\ARPPRODUCTICON.exe
2009-09-25 21:21 . 2009-09-25 21:21 -------- d-----w- c:\programmi\RamBooster 2.0
2009-09-25 14:02 . 2009-09-25 14:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS(2)
2009-09-11 14:34 . 2004-08-19 13:39 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2004-08-19 13:39 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:26 . 2004-08-19 13:39 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:26 . 2004-08-19 13:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:26 . 2004-08-19 13:39 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:14 . 2004-08-19 13:39 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 16:13 . 2009-08-22 18:51 5519752 ----a-w- c:\documents and settings\Giulio\Dati applicazioni\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.7.2.exe
2009-08-17 16:10 . 2008-03-27 11:13 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-03-27 11:13 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-03-27 11:13 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-05 11:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-05 11:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-03-27 11:13 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-03-27 11:13 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-03-27 11:13 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-03-27 11:13 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2008-05-24 10:08 . 2007-11-28 10:46 56 --sh--r- c:\windows\system32\1C0395B6E1.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-11-15_12.16.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-15 12:38 . 2009-11-15 12:38 16384 c:\windows\temp\Perflib_Perfdata_5ac.dat
+ 2009-11-15 12:38 . 2009-11-15 12:38 16384 c:\windows\temp\Perflib_Perfdata_358.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-11-13 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Assistente di Traduzione IdiomaX.lnk - c:\programmi\IdiomaX Suite 5.0\TrasWord.exe [2009-6-25 401776]
Traduttore di E-Mail IdiomaX.lnk - c:\programmi\IdiomaX Suite 5.0\TrdLaunch.exe [2009-6-25 272752]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Ulead Photo Express SE Calendar Checker.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Ulead Photo Express SE Calendar Checker.lnk
backup=c:\windows\pss\Ulead Photo Express SE Calendar Checker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Watch.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Watch.lnk
backup=c:\windows\pss\Watch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Giulio^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=c:\documents and settings\Giulio\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Look@LAN\\LookAtLan.exe"=
"c:\\Programmi\\Look@LAN\\LookAtHost.exe"=
"c:\\Programmi\\uusee\\UUSeePlayer.exe"=
"c:\\Programmi\\PPLive\\PPLive.exe"=
"c:\\Programmi\\PPStream\\PPStream.exe"=
"c:\\Programmi\\PPStream\\PPSAP.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\PPMate\\ppmate.exe"=
"c:\\Programmi\\PPMate\\ppamnet.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\File comuni\\uusee\\UUSeeMediaCenter.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/11/2009 20.22.40 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/04/2008 12.10.53 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/04/2008 12.10.58 20560]
R3 PAC7311;Cammaestro 1.0PT build 146;c:\windows\system32\drivers\PA707UCM.sys [27/06/2005 18.09.24 140800]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\Giulio\Documenti\Programmi\Programmi Portable\Antivirus & Sicurezza\SUPERAntiSpyware\SASDIFSV.SYS --> c:\documents and settings\Giulio\Documenti\Programmi\Programmi Portable\Antivirus & Sicurezza\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\Giulio\Documenti\Programmi\Programmi Portable\Antivirus & Sicurezza\SUPERAntiSpyware\SASKUTIL.sys --> c:\documents and settings\Giulio\Documenti\Programmi\Programmi Portable\Antivirus & Sicurezza\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 E2ECAP;CamDirector - WDM Video Capture;c:\windows\system32\drivers\e2eCap.sys [03/08/2008 18.51.13 156160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12.17.32 1179232]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [31/03/2009 20.17.44 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [31/03/2009 20.17.45 53312]
S3 SASENUM;SASENUM;\??\c:\documents and settings\Giulio\Documenti\Programmi\Programmi Portable\Antivirus & Sicurezza\SUPERAntiSpyware\SASENUM.SYS --> c:\documents and settings\Giulio\Documenti\Programmi\Programmi Portable\Antivirus & Sicurezza\SUPERAntiSpyware\SASENUM.SYS [?]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:19]

2007-10-28 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\programmi\Spybot - Search & Destroy\SpybotSD.exe [2009-04-01 13:31]

2009-11-15 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ʹÓÃUUSee¼ÓËÙ²¥·Å - c:\programmi\uusee\geturltoplay.htm
IE: ʹÓÃUUSeeÏÂÔØ - c:\programmi\uusee\geturltodown.htm
IE: {{998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel
IE: {{998A88A0-A355-809B-831C-B83A80000992} - c:\programmi\uusee\UUSeePlayer.exe
TCP: {CB7F5C2C-B37A-400B-A31E-963E6E6CA71A} = 192.168.1.101
TCP: {D694B855-917F-41F2-9B50-B8CA3DE58ACC} = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promot ... 371420.cab
FF - ProfilePath - c:\documents and settings\Giulio\Dati applicazioni\Mozilla\Firefox\Profiles\emmz0gxq.default\
FF - prefs.js: browser.search.selectedEngine - Lphant Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://search.lphant.com/webResults.html?src=ffb&q=
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 14:02
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\docume~1\Giulio\IMPOST~1\Temp\catchme.dll 53248 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1560)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-11-15 14:07
ComboFix-quarantined-files.txt 2009-11-15 13:07
ComboFix2.txt 2009-11-15 12:21

Pre-Run: 31.805.087.744 byte disponibili
Post-Run: 31.772.860.416 byte disponibili

- - End Of File - - BF6738F0CAD449E86E4043693187D22C


Un grazie anticipatamente.
Giulio75

Re: Scansione con Combofix

MessaggioInviato: dom nov 15, 2009 6:16 pm
da crazy.cat
La prima scansione che hai fatto ti ha rimosso alcune cose, che problemi avevi o che hai ancora?

Re: Scansione con Combofix

MessaggioInviato: dom nov 15, 2009 8:25 pm
da Giulio75
Praticamente ho scoperto così per caso, che un programma dell'Adobe, esattamente il Premier Pro, non mi si caricava più e che mi mostrava un messaggio di errore di "overrun buffer".
Da qui il sospetto di un'infezione virale di Blaster (o qualche sua variante) o Bagle (o qualche sua variante).
Premetto che il programma di montaggio video è sempre andato una meraviglia e leggendo l'articolo trattato proprio su MegaLab.it che riguardava questa infezione virale ho pensato bene di eseguire sia una scansione con un tool specifico per Blaster (il tool della Symantec "FixBlast"), che per Bagle (il tool della sUBs "Combofix).
Aggiungo che l'antivirus installato nel mio pc è Avast e che purtroppo sembra non riconoscere questo tipo di infezione (almeno per quanto riguarda Bagle).
Comunque grazie mille crazy per aver dato un'occhiatina al mio post.

Re: Scansione con Combofix

MessaggioInviato: lun nov 16, 2009 8:35 am
da crazy.cat
Se era bagle non ti funzionava più l'antivirus, blaster ormai è troppo vecchio.
Riguardo al programma prova sempre a disinstallarlo e reinstallarlo.

Re: Scansione con Combofix

MessaggioInviato: lun nov 16, 2009 12:23 pm
da Giulio75
La disinstallazione e la reinstallazione l'ho già fatta prima di effettuare le due scansioni, ma con esito negativo, cioè, mi dava sempre lo stesso errore.
Ci riproverò di nuovo, anche se prima vorrei provare ad effettuare una scansione con un buon anti-rootkit.
Grazie ancora crazy.

Re: Scansione con Combofix

MessaggioInviato: lun nov 16, 2009 12:27 pm
da crazy.cat
Giulio75 ha scritto:anche se prima vorrei provare ad effettuare una scansione con un buon anti-rootkit.

Già fatta con combofix che include gmer:
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 14:02
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
c:\docume~1\Giulio\IMPOST~1\Temp\catchme.dll 53248 bytes executable
Scansione completata con successo
Files nascosti: 1

Re: Scansione con Combofix

MessaggioInviato: lun nov 16, 2009 3:19 pm
da Giulio75
Nulla da fare crazy....
Sempre lo stesso errore.
Stavolta ti allego direttamente il messaggio.
Grazie ancora.

Re: Scansione con Combofix

MessaggioInviato: lun nov 16, 2009 3:32 pm
da crazy.cat
Prova ad installare questo
http://www.microsoft.com/downloads/deta ... laylang=it

Re: crash con Adobe Premier Pro

MessaggioInviato: lun nov 16, 2009 7:30 pm
da Giulio75
Nulla da fare crazy.
Sempre lo stesso errore.
Ho anche provato con l'installazione della Redistributable Package 2008, ma nulla da fare.
Tutti gli orari sono UTC + 1 ora [ ora legale ]
Pagina 1 di 1
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/