Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

log hijackthis

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

log hijackthis

Messaggioda e.villan » sab gen 03, 2009 6:01 pm

Vi allego il log aggiornato ad oggi dopo l'installazione del service pack 3.
Sto riscontrando, contrariamente al solito, l'apertura di finestre non richieste su altri siti internet (casinò, ecc..) e Avast blocca piuttosto spesso virus.
Non vorrei ci fosse qualcosa di strano che nel computer:

Logfile of HijackThis v1.99.1
Scan saved at 17.58.40, on 03/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Alice\Alice EnterNet\app\pppoeservice.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Mio Technology\MioSync\mioSync.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\uTorrent\utorrent.exe
C:\Documents and Settings\Roberta Mavero\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programmi\AskSearch\bin\DefaultSearch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Programmi\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
O4 - HKLM\..\Run: [RealTray] C:\Programmi\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S10B.tmp" /EF "HKCU"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MioSync.lnk = C:\Programmi\Mio Technology\MioSync\mioSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2C75D0-D6C1-4B0D-A49C-3549F31D8CAB}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\FILECO~1\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\Alice EnterNet\app\pppoeservice.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FILECO~1\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Mille grazie per l'aiuto.
Ciao
Enzo
Avatar utente
e.villan
Aficionado
Aficionado
 
Messaggi: 140
Iscritto il: lun ott 04, 2004 2:06 pm
Località: Osnago
Top

Re: log hijackthis

Messaggioda crazy.cat » sab gen 03, 2009 6:06 pm

Hai fatto la scansione con superantispyware?

Scarica ComboFix, salvandolo sul PC con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Re: log hijackthis

Messaggioda e.villan » dom gen 04, 2009 10:40 am

Ti allego il log di combofix

ComboFix 09-01-02.01 - Roberta Mavero 2009-01-04 10.08.02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.512.201 [GMT 1:00]
Eseguito da: c:\documents and settings\Roberta Mavero\Desktop\Programmi ottimizzazione computer\Antipopup.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ROBERT~1\IMPOST~1\Temp\tmp2.tmp
c:\programmi\autorun.inf
c:\windows\Downloaded Program Files\343di79
c:\windows\Downloaded Program Files\343di79\blluc6e.exe
c:\windows\Downloaded Program Files\343di79\blluc6e.jar
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32.dll
c:\windows\system32\cfkrhraf.dll
c:\windows\system32\ftpupd.exe
c:\windows\system32\i
c:\windows\system32\mcrh.tmp
c:\windows\system32\msnchecker.exe
c:\windows\System32\qoMggfGx.dll
c:\windows\system32\tkebybvu.dll
c:\windows\system32\xGfggMoq.ini
c:\windows\system32\xGfggMoq.ini2

.
((((((((((((((((((((((((( Files Creati Da 2008-12-04 al 2009-01-04 )))))))))))))))))))))))))))))))))))
.

2009-01-03 13:28 . 2009-01-03 13:28 1,347,298 --ahs---- c:\windows\system32\farhrkfc.ini
2009-01-02 19:31 . 2009-01-02 20:34 1,347,298 --ahs---- c:\windows\system32\ktbniqep.ini
2009-01-01 19:28 . 2009-01-01 19:29 1,347,298 --ahs---- c:\windows\system32\afkfwukg.ini
2009-01-01 15:41 . 2009-01-01 15:41 1,347,298 --ahs---- c:\windows\system32\ruatylsg.ini
2009-01-01 10:45 . 2009-01-01 10:45 <DIR> d-------- c:\programmi\AskSearch
2008-12-31 15:38 . 2008-12-31 15:39 1,347,298 --ahs---- c:\windows\system32\uvbybekt.ini
2008-12-30 18:31 . 2009-01-02 18:38 <DIR> d-------- c:\programmi\uTorrent
2008-12-30 18:31 . 2009-01-03 23:47 <DIR> d-------- c:\documents and settings\Roberta Mavero\Dati applicazioni\uTorrent
2008-12-30 17:38 . 2008-12-30 17:38 <DIR> d-------- c:\windows\system32\it-it
2008-12-30 17:38 . 2008-12-30 17:38 <DIR> d-------- c:\windows\system32\it
2008-12-30 17:38 . 2008-12-30 17:38 <DIR> d-------- c:\windows\l2schemas
2008-12-30 17:31 . 2008-04-13 09:36 144,384 --a------ c:\windows\system32\drivers\hdaudbus.sys
2008-12-30 17:31 . 2008-04-13 11:40 10,240 --a------ c:\windows\system32\drivers\sffp_mmc.sys
2008-12-30 17:27 . 2006-12-28 12:01 19,569 --a------ c:\windows\002999_.tmp
2008-12-30 15:07 . 2008-12-30 15:07 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Acronis
2008-12-30 14:56 . 2008-12-30 14:56 395,744 --a------ c:\windows\system32\drivers\timntr.sys
2008-12-30 14:56 . 2008-12-30 14:56 114,048 --a------ c:\windows\system32\drivers\snapman.sys
2008-12-30 14:56 . 2008-12-30 14:56 39,264 --a------ c:\windows\system32\drivers\tifsfilt.sys
2008-12-30 14:55 . 2008-12-30 14:56 <DIR> d-------- c:\programmi\File comuni\Acronis
2008-12-30 14:55 . 2008-12-30 14:55 <DIR> d-------- c:\programmi\Acronis
2008-12-30 14:41 . 2008-12-30 14:41 <DIR> d-------- c:\documents and settings\Roberta Mavero\Dati applicazioni\Babylon
2008-12-30 14:41 . 2008-12-30 14:41 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Babylon
2008-12-29 17:56 . 2008-12-29 18:19 <DIR> d-------- c:\programmi\ZipBackup
2008-12-28 15:24 . 2008-04-13 11:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2008-12-28 15:13 . 2008-12-30 18:19 4,757 --a------ c:\windows\imsins.BAK
2008-12-28 15:13 . 2008-12-28 15:13 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-28 15:13 . 2008-12-28 15:13 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-27 15:56 . 2008-12-27 15:56 <DIR> d-------- c:\windows\system\Precopy
2008-12-27 15:56 . 2008-12-27 15:56 <DIR> d-------- c:\windows\Options
2008-12-27 15:56 . 2008-12-27 15:56 <DIR> d-------- c:\programmi\Idf
2008-12-26 12:17 . 2008-12-26 12:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\MailFrontier
2008-12-26 12:16 . 2008-12-26 12:16 75,932 --a------ c:\windows\system32\drivers\klick.dat
2008-12-26 12:16 . 2008-12-26 12:16 74,396 --a------ c:\windows\system32\drivers\klin.dat
2008-12-26 12:15 . 2007-05-31 00:03 110,360 --a------ c:\windows\system32\drivers\kl1.sys
2008-12-25 09:59 . 2008-04-13 19:13 27,136 --a------ c:\windows\system32\ddrawex.dll
2008-12-25 09:48 . 2008-12-25 09:48 <DIR> d-------- c:\programmi\Sports Interactive
2008-12-05 21:56 . 2008-10-27 18:37 4,499,280 --a------ c:\windows\system32\D3dx9d_40.dll
2008-12-05 21:56 . 2008-10-27 18:37 3,796,816 --a------ c:\windows\system32\d3dx9d_33.dll
2008-12-05 21:56 . 2008-10-27 18:37 3,084,624 --a------ c:\windows\system32\d3d9d.dll
2008-12-05 21:56 . 2008-10-27 18:37 906,576 --a------ c:\windows\system32\xaudioD2_3.dll
2008-12-05 21:56 . 2008-10-27 18:36 496,464 --a------ c:\windows\system32\D3DX10d_40.dll
2008-12-05 21:56 . 2008-10-27 18:39 360,784 --a------ c:\windows\system32\XactEngineA3_3.dll
2008-12-05 21:56 . 2008-10-27 18:39 359,760 --a------ c:\windows\system32\dinput8d.dll
2008-12-05 21:56 . 2008-10-27 18:39 349,520 --a------ c:\windows\system32\d3dref9.dll
2008-12-05 21:56 . 2008-10-27 18:39 286,032 --a------ c:\windows\system32\XactEngineD3_3.dll
2008-12-05 21:56 . 2008-10-27 18:39 123,216 --a------ c:\windows\system32\XAPOFXD1_2.dll
2008-12-05 21:56 . 2008-10-27 18:38 47,440 --a------ c:\windows\system32\X3DAudioD1_5.dll
2008-12-05 21:52 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-12-05 21:52 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-12-05 21:51 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-12-05 21:51 . 2008-07-10 11:00 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2008-12-05 21:51 . 2008-07-10 11:00 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2008-12-05 21:51 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-12-05 21:51 . 2008-07-30 06:20 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2008-12-05 21:51 . 2008-07-10 11:01 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2008-12-05 21:51 . 2008-07-30 06:20 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2008-12-05 21:51 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-12-05 21:51 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-12-05 21:51 . 2008-07-30 06:20 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2008-12-05 21:51 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-12-05 21:17 . 2008-12-05 21:55 <DIR> d-------- c:\programmi\Microsoft DirectX SDK (November 2008)
2008-12-05 21:14 . 2008-12-05 21:14 119,120 --a------ c:\windows\dxsdkuninst.exe
2008-12-05 19:45 . 2008-04-13 19:13 14,336 --a------ c:\windows\system32\msdmo.dll
2008-12-05 15:57 . 2008-12-05 16:29 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Sports Interactive
2008-12-05 15:52 . 2008-12-05 21:16 <DIR> d-------- c:\windows\Logs
2008-12-05 15:24 . 2008-12-05 15:24 <DIR> d-------- c:\programmi\Alcohol Soft
2008-12-05 15:09 . 2008-12-05 15:09 639,224 --a------ c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 22:49 1,805,824 ----a-w c:\windows\Internet Logs\xDB20.tmp
2009-01-02 14:16 --------- d-----w c:\programmi\Mozilla Thunderbird
2009-01-01 21:36 229,376 ----a-w c:\windows\Internet Logs\xDB1F.tmp
2009-01-01 17:46 550,912 ----a-w c:\windows\Internet Logs\xDB1E.tmp
2009-01-01 17:10 --------- d-----w c:\programmi\eMule
2009-01-01 00:22 737,280 ----a-w c:\windows\Internet Logs\xDB1D.tmp
2008-12-30 17:24 --------- d-----w c:\programmi\MSN Messenger
2008-12-30 14:16 16,896 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2008-12-30 14:00 1,827,328 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2008-12-27 14:56 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-27 14:51 --------- d-----w c:\programmi\Telecom Italia
2008-12-27 11:05 1,042,432 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2008-12-24 14:26 663,552 ----a-w c:\windows\Internet Logs\xDB19.tmp
2008-12-23 19:16 --------- d-----w c:\programmi\cdcover
2008-12-22 22:03 2,920,960 ----a-w c:\windows\Internet Logs\xDB18.tmp
2008-12-16 23:33 1,875,456 ----a-w c:\windows\Internet Logs\xDB17.tmp
2008-12-13 11:02 1,018,368 ----a-w c:\windows\Internet Logs\xDB16.tmp
2008-12-12 22:23 5,715,968 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-12-12 22:23 3,307,008 ----a-w c:\windows\Internet Logs\xDB15.tmp
2008-12-05 15:16 --------- d-----w c:\documents and settings\Roberta Mavero\Dati applicazioni\Sports Interactive
2008-11-30 17:09 --------- d-----w c:\programmi\Google
2008-11-30 13:41 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\TVU Networks
2008-11-28 21:58 2,515,968 ----a-w c:\windows\Internet Logs\xDB13.tmp
2008-11-27 16:43 3,275,776 ----a-w c:\windows\Internet Logs\xDB12.tmp
2008-11-24 22:13 3,273,728 ----a-w c:\windows\Internet Logs\xDB11.tmp
2008-11-22 13:10 3,269,120 ----a-w c:\windows\Internet Logs\xDB10.tmp
2008-11-22 13:10 1,299,968 ----a-w c:\windows\Internet Logs\xDBF.tmp
2008-11-21 21:25 3,267,584 ----a-w c:\windows\Internet Logs\xDBE.tmp
2008-11-20 21:44 5,636,096 ----a-w c:\windows\Internet Logs\xDBD.tmp
2008-11-19 22:03 3,266,048 ----a-w c:\windows\Internet Logs\xDBC.tmp
2008-11-17 21:55 3,263,488 ----a-w c:\windows\Internet Logs\xDBB.tmp
2008-11-15 11:13 --------- d-----w c:\programmi\File comuni\InstallShield
2008-11-15 11:10 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\UDL
2008-11-15 11:07 --------- d-----w c:\programmi\EPSON
2008-11-15 11:06 --------- d-----w c:\programmi\ABBYY FineReader 6.0 Sprint
2008-11-15 11:02 --------- d-----w c:\documents and settings\Roberta Mavero\Dati applicazioni\InstallShield
2008-11-15 11:01 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\EPSON
2008-11-03 21:47 3,242,496 -c--a-w c:\windows\Internet Logs\xDBA.tmp
2008-11-02 22:15 3,241,472 -c--a-w c:\windows\Internet Logs\xDB9.tmp
2008-10-28 22:04 2,970,112 -c--a-w c:\windows\Internet Logs\xDB8.tmp
2008-10-25 18:34 1,025,536 -c--a-w c:\windows\Internet Logs\xDB7.tmp
2008-10-25 09:37 14,069,910 -c--a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-25 08:12 2,721,280 -c--a-w c:\windows\Internet Logs\xDB6.tmp
2008-10-19 21:02 2,684,928 -c--a-w c:\windows\Internet Logs\xDB5.tmp
2008-10-16 13:13 202,776 -c--a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 -c--a-w c:\windows\system32\muweb.dll
2008-10-14 20:55 941,568 -c--a-w c:\windows\Internet Logs\xDB3.tmp
2008-10-14 20:55 3,195,392 -c--a-w c:\windows\Internet Logs\xDB4.tmp
2008-10-12 20:42 3,192,832 -c--a-w c:\windows\Internet Logs\xDB2.tmp
2008-10-12 20:42 2,696,192 -c--a-w c:\windows\Internet Logs\xDB1.tmp
2008-09-21 12:35 50,192 -c--a-w c:\documents and settings\Roberta Mavero\Dati applicazioni\GDIPFONTCACHEV1.DAT
2006-01-30 07:49 2,789,784 -c--a-w c:\programmi\LimeWireWin-full.exe
2005-09-11 15:00 696 ----a-w c:\programmi\QuickTime Player.lnk
2004-10-27 15:05 22,144 ----a-w c:\windows\inf\OTHER\ADM851X.sys
2004-10-27 15:05 22,144 ----a-w c:\windows\inf\ADM851X.sys
2003-12-13 16:43 21,504 -c--a-w c:\programmi\lettera anna.doc
2003-12-13 16:22 10,752 -c--a-w c:\programmi\lettera.doc
2001-03-07 06:53 224,777,863 -c-ha-w c:\programmi\OFFICE1.CAB
2008-05-10 17:08 67,696 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2008-05-10 17:08 54,376 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2008-05-10 17:08 34,952 ----a-w c:\programmi\mozilla firefox\components\myspell.dll
2008-05-10 17:08 46,720 ----a-w c:\programmi\mozilla firefox\components\spellchk.dll
2008-05-10 17:08 172,144 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2006-07-20 1257472]
"MsnMsgr"="c:\programmi\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"EPSON Stylus DX8400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\Alwil Software\Avast4\ashDisp.exe" [2008-11-26 81000]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2004-03-10 406016]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2005-04-22 77824]
"PSDrvCheck"="c:\programmi\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" [2003-09-12 406016]
"PCLEPCI"="c:\progra~1\PINNAC~1\PPE\PPE.EXE" [2003-09-23 32768]
"RealTray"="c:\programmi\K-Lite Codec Pack\Real\mpclauncher.exe" [2006-08-20 663552]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 919016]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-12-12 1186904]
"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-12-12 1962736]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2006-12-12 87584]
"nwiz"="nwiz.exe" [2003-10-06 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2002-12-05 110592]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-04-10 127488]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
MioSync.lnk - c:\programmi\Mio Technology\MioSync\mioSync.exe [2007-08-27 647168]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2006-02-16 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon]
2006-06-20 14:29 258048 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\uTorrent\\utorrent.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2005-04-10 9344]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-13 111184]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [2006-02-16 5632]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2006-06-09 23552]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-13 20560]
R4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2005-04-10 433920]
R4 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2005-04-10 15968]
R4 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2005-04-10 13776]
R4 PPPoEService;PPPoE Service;c:\progra~1\Alice\Alice EnterNet\app\pppoeservice.exe [2008-01-25 49152]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2001-09-10 17976]
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe []

2007-04-28 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{0491BF3E-0EF1-4119-B136-E4B6D4D579E0} - c:\windows\System32\qoMggfGx.dll
Notify-nnnmkLDt - nnnmkLDt.dll


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.virgilio.it/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {EB2C75D0-D6C1-4B0D-A49C-3549F31D8CAB} = 85.37.17.4 85.38.28.70

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Roberta Mavero\Dati applicazioni\Mozilla\Firefox\Profiles\g4ub061i.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101764&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\programmi\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 10:22:28
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,55,23,7c,8a,6b,\
16,28,1d,e2,63,26,f1,3f,c8,ff,68,8b,38,54,12,3b,3d,72,c7,e2,63,26,f1,3f,c8,\
ff,68,11,74,57,58,cc,56,00,1d,c8,28,51,af,b0,29,a3,98,55,e6,c7,c8,9d,70,07,\
61,0e,61,e9,1b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,5a,a5,0c,35,a6,\
65,6c,fb,6a,9c,d6,61,af,45,84,18,d1,37,19,f7,46,bd,fe,c9,6a,9c,d6,61,af,45,\
84,18,49,7b,2b,e9,41,a6,62,c7,46,47,15,b0,92,4b,c7,ef,21,96,da,a4,14,9d,1d,\
66,2c,c7,95,53

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,bf,04,20,1c,ae,\
11,2c,52,ff,7c,85,e0,43,d4,0e,fe,30,c8,4d,b2,04,27,b5,e8,ff,7c,85,e0,43,d4,\
0e,fe,8b,3c,ad,99,99,82,fd,17,7a,45,05,fd,91,e8,6f,31,ee,68,39,76,cf,10,a3,\
5b,13,5d,74,5d

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,85,22,ae,fe,73,\
3e,28,d2,86,8c,21,01,be,91,eb,e7,de,39,d5,6b,6d,46,77,eb,86,8c,21,01,be,91,\
eb,e7,d7,17,16,ae,62,f8,3e,af,3e,1e,9e,e0,57,5a,93,61,8e,81,a9,f8,65,54,7c,\
51,12,35,b1,04

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,2f,ff,1d,4e,b1,\
cf,22,d1,f5,1d,4d,73,a8,13,5c,05,ae,14,29,a0,01,9b,60,cd,f5,1d,4d,73,a8,13,\
5c,05,3c,de,50,03,4a,de,5f,c4,cd,44,cd,b9,a6,33,6c,cd,45,a4,42,0d,17,77,0e,\
53,15,13,b8,9e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,98,86,4d,c3,73,\
d7,2e,f1,df,20,58,62,78,6b,cf,c8,c4,c4,2a,31,20,0d,7b,e5,df,20,58,62,78,6b,\
cf,c8,8f,34,d0,88,fc,f8,e9,d1,b0,18,ed,a7,3f,8d,37,a4,01,ef,1e,91,d7,d6,a6,\
88,30,78,25,df

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,4f,f7,54,ab,ed,\
ff,f8,84,fb,a7,78,e6,12,2f,9a,ea,f9,3c,0f,92,f7,df,df,e4,fb,a7,78,e6,12,2f,\
9a,ea,68,3f,95,06,e4,ad,96,f2,fb,a7,78,e6,12,2f,9a,ea,2d,28,9d,96,a7,26,85,\
c8,63,43,14,f8

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,5c,f7,4a,7a,ea,\
5c,dd,cb,01,3a,48,fc,e8,04,4a,f1,cc,75,05,16,59,04,4c,98,01,3a,48,fc,e8,04,\
4a,f1,eb,b1,11,b1,d5,0f,7a,d9,83,6c,56,8b,a0,85,96,ab,09,02,58,85,d8,d8,95,\
94,b9,db,20,5b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,b1,1e,0e,76,f2,\
77,31,e7,f6,0f,4e,58,98,5b,89,c9,3a,89,c8,57,78,00,05,de,f6,0f,4e,58,98,5b,\
89,c9,c3,b8,ad,8d,e5,85,01,4c,51,fa,6e,91,28,9e,14,cc,e6,cb,f8,d4,29,cd,ff,\
a2,fa,15,f8,49

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,94,e0,a9,55,48,\
38,34,bc,3d,ce,ea,26,2d,45,aa,78,59,6a,c9,4e,f2,25,97,46,3d,ce,ea,26,2d,45,\
aa,78,bc,ad,2d,55,df,8e,6b,56,3d,ce,ea,26,2d,45,aa,78,1d,a6,e7,8c,9d,4a,d4,\
1b,70,da,27,c7

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,b9,79,88,3f,0a,\
37,06,5f,2a,b7,cc,b5,b9,7f,41,e7,aa,44,78,27,59,31,98,db,2a,b7,cc,b5,b9,7f,\
41,e7,21,fd,0e,5e,dd,fd,53,4d,2a,b7,cc,b5,b9,7f,41,e7,e4,99,3c,7c,c5,30,fb,\
50,f1,00,67,fc

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,03,d5,59,fb,fc,\
6b,56,07,6c,43,2d,1e,aa,22,2f,9c,52,58,4b,9e,d0,43,8d,19,6c,43,2d,1e,aa,22,\
2f,9c,5a,fb,b9,0a,b1,e2,c1,2c,05,73,21,dd,54,d8,4a,c5,78,31,82,a6,ff,1d,c6,\
89,88,ed,c4,4c

[HKEY_LOCAL_MACHINE\software\Ulead Systems\Ulead CD/DVD Writing Engine]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Ulead Systems\Ulead COOL 3D]
@DACL=(02 0000)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\ahead\InCD\InCDsrv.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-04 10:31:41 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2009-01-04 09:31:33

Pre-Run: 18.260.099.072 byte disponibili
Post-Run: 18,117,820,416 byte disponibili


Non so se ho allegato come volevi tu il log ma non capivo cosa intendessi per 'inserirlo tra i tag LOG'.
Grazie per la verifica.
Ciao
Enzo
Avatar utente
e.villan
Aficionado
Aficionado
 
Messaggi: 140
Iscritto il: lun ott 04, 2004 2:06 pm
Località: Osnago
Top
Top

Re: log hijackthis

Messaggioda crazy.cat » dom gen 04, 2009 11:09 am

come va adesso?

Hai fatto la scansione con superantispyware?

Da una veloce occhiata ci sono alcuni file strani
2009-01-03 13:28 . 2009-01-03 13:28 1,347,298 --ahs---- c:\windows\system32\farhrkfc.ini
2009-01-02 19:31 . 2009-01-02 20:34 1,347,298 --ahs---- c:\windows\system32\ktbniqep.ini
2009-01-01 19:28 . 2009-01-01 19:29 1,347,298 --ahs---- c:\windows\system32\afkfwukg.ini
2009-01-01 15:41 . 2009-01-01 15:41 1,347,298 --ahs---- c:\windows\system32\ruatylsg.ini
2008-12-31 15:38 . 2008-12-31 15:39 1,347,298 --ahs---- c:\windows\system32\uvbybekt.ini
2008-12-30 17:27 . 2006-12-28 12:01 19,569 --a------ c:\windows\002999_.tmp

Sopratutto questi due ti consiglierei di caricarli sul sito www.virustotal.com per farli analizzare.
2008-12-26 12:16 . 2008-12-26 12:16 75,932 --a------ c:\windows\system32\drivers\klick.dat
2008-12-26 12:16 . 2008-12-26 12:16 74,396 --a------ c:\windows\system32\drivers\klin.dat

Anche tutti questi tmp sono abbastanza insoliti.
2009-01-03 22:49 1,805,824 ----a-w c:\windows\Internet Logs\xDB20.tmp
2009-01-01 21:36 229,376 ----a-w c:\windows\Internet Logs\xDB1F.tmp
2009-01-01 17:46 550,912 ----a-w c:\windows\Internet Logs\xDB1E.tmp
2009-01-01 00:22 737,280 ----a-w c:\windows\Internet Logs\xDB1D.tmp
2008-12-30 14:16 16,896 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2008-12-30 14:00 1,827,328 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2008-12-27 11:05 1,042,432 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2008-12-24 14:26 663,552 ----a-w c:\windows\Internet Logs\xDB19.tmp
2008-12-22 22:03 2,920,960 ----a-w c:\windows\Internet Logs\xDB18.tmp
2008-12-16 23:33 1,875,456 ----a-w c:\windows\Internet Logs\xDB17.tmp
2008-12-13 11:02 1,018,368 ----a-w c:\windows\Internet Logs\xDB16.tmp
2008-12-12 22:23 5,715,968 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-12-12 22:23 3,307,008 ----a-w c:\windows\Internet Logs\xDB15.tmp
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Re: log hijackthis

Messaggioda e.villan » dom gen 04, 2009 12:25 pm

Ieri sera ho lanciato Superantispywere e ho dovuto cancellare con Avast diversi virus trojan (other) che non riuscivo nemmeno a spostare nel cestino.
Alcuni dei virus che ho cancellato mi sembrano proprio che avevano lo stesso nome degli ultimi file che mi hai segnato tu nella cartella windows/sistem32.
Quindi mi consigli di cancellarli direttamente dalla cartella o lanciare l'antivirus e vedere se si riesce a spostarli nel cestino ??
Intanto appena posso faccio analizzare da virustotal quello che mi hai detto.
Ti ringrazio per la velocità di risposta.
Ciao
Enzo
Avatar utente
e.villan
Aficionado
Aficionado
 
Messaggi: 140
Iscritto il: lun ott 04, 2004 2:06 pm
Località: Osnago
Top

Re: log hijackthis

Messaggioda crazy.cat » dom gen 04, 2009 12:30 pm

Una scansione fatta da antivirus/antispyware è sempre consigliabile perché rimuove cose che noi non possiamo vedere.
Comunque i file che ti ho indicato non sembrano niente di buono e li puoi anche rimuovere a mano.
Ma ci può anche essere molto altro...
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Re: log hijackthis

Messaggioda e.villan » dom gen 04, 2009 10:13 pm

Ti allego il risultato dell'analisi di virustotal dei due file che mi hai segnalato:
File klick.dat ricevuto il 2009.01.04 22:07:16 (CET)
Stato corrente: Carico ... in coda attesa scansione finito NON TROVATO INTERROTTO


Risultato: 0/38 (0%)
Carico informazioni server...
Il tuo file è in coda in posizione: 2.
Tempo stimato inizio tra 46 e 66 secondi.
Non chiudere la finestra fino al termine della scansione.
Lo scanner che stava processando il tuo file si è fermato in questo momento, stiamo aspettando alcuni secondi per tentare di recuperare i tuoi risultati.
Se stai aspettando da più di cinque minuti devi rimandare il tuo file.
VirusTotal sta controllando il tuo file in questo momento,
i risultati saranno visualizzati mentre vengono generati.
Formattato Stampa risultati
Il tuo file è scaduto o non esiste.
Il servizio è fermo in questo momento, il tuo file sta aspettando di essere controllato (posizione: ) da un tempo indefinito.

Puoi aspettare la risposta sul web (ricarico automatico) o digitare il tuo indirizzo email nel riquadro qui sotto e premere "richiesta" così il sistema ti invierà una notifica al termine della scansione.
Email:


Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.0.0.73 2009.01.04 -
AhnLab-V3 2008.12.31.0 2009.01.04 -
AntiVir 7.9.0.45 2009.01.04 -
Authentium 5.1.0.4 2009.01.03 -
Avast 4.8.1281.0 2009.01.04 -
AVG 8.0.0.199 2009.01.04 -
BitDefender 7.2 2009.01.04 -
CAT-QuickHeal 10.00 2009.01.03 -
ClamAV 0.94.1 2009.01.04 -
Comodo 874 2009.01.04 -
DrWeb 4.44.0.09170 2009.01.04 -
eTrust-Vet 31.6.6289 2009.01.02 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.03 -
F-Secure 8.0.14470.0 2009.01.04 -
Fortinet 3.117.0.0 2009.01.04 -
GData 19 2009.01.04 -
Ikarus T3.1.1.45.0 2009.01.03 -
K7AntiVirus 7.10.575 2009.01.03 -
Kaspersky 7.0.0.125 2009.01.04 -
McAfee 5484 2009.01.04 -
McAfee+Artemis 5484 2009.01.04 -
Microsoft 1.4205 2009.01.04 -
NOD32 3735 2009.01.04 -
Norman 5.80.02 2009.01.02 -
Panda 9.0.0.4 2009.01.04 -
PCTools 4.4.2.0 2009.01.04 -
Prevx1 V2 2009.01.04 -
Rising 21.10.62.00 2009.01.04 -
SecureWeb-Gateway 6.7.6 2009.01.04 -
Sophos 4.37.0 2009.01.04 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.04 -
TheHacker 6.3.1.4.204 2009.01.02 -
TrendMicro 8.700.0.1004 2009.01.04 -
VBA32 3.12.8.10 2009.01.04 -
ViRobot 2009.1.3.1541 2009.01.03 -
VirusBuster 4.5.11.0 2009.01.04 -
Informazioni addizionali
File size: 75932 bytes
MD5...: 31b0580764f5bd0ac3814ea973129667
SHA1..: c1abeeeb5c4df44a40283a3488bae30b523e4500
SHA256: 3ea37221609d2d9b97a1c6b989845b86b2505d58f924af2d2662102dd190afc4
SHA512: 561f54684662f1cce1911bb53cf9a3f1d7baa49002636db1736c606c91bda6fb
bc7578861a400e93d2e06569cc064fac40b4fb61845b6c9c5a72b990f7a66bd5

ssdeep: 1536:56B9mkdQYS2V2BGvjNj8QJJ09abWplR6r5LY72bMvZ3RgVlWqckX:u9mkdS
RBgF8Qv2TM5Lc2bMvZ30mQ

PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

File klin.dat ricevuto il 2009.01.04 22:13:44 (CET)
Stato corrente: Carico ... in coda attesa scansione finito NON TROVATO INTERROTTO


Risultato: 0/38 (0%)
Carico informazioni server...
Il tuo file è in coda in posizione: 1.
Tempo stimato inizio tra 38 e 55 secondi.
Non chiudere la finestra fino al termine della scansione.
Lo scanner che stava processando il tuo file si è fermato in questo momento, stiamo aspettando alcuni secondi per tentare di recuperare i tuoi risultati.
Se stai aspettando da più di cinque minuti devi rimandare il tuo file.
VirusTotal sta controllando il tuo file in questo momento,
i risultati saranno visualizzati mentre vengono generati.
Formattato Stampa risultati
Il tuo file è scaduto o non esiste.
Il servizio è fermo in questo momento, il tuo file sta aspettando di essere controllato (posizione: ) da un tempo indefinito.

Puoi aspettare la risposta sul web (ricarico automatico) o digitare il tuo indirizzo email nel riquadro qui sotto e premere "richiesta" così il sistema ti invierà una notifica al termine della scansione.
Email:


Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.0.0.73 2009.01.04 -
AhnLab-V3 2008.12.31.0 2009.01.04 -
AntiVir 7.9.0.45 2009.01.04 -
Authentium 5.1.0.4 2009.01.03 -
Avast 4.8.1281.0 2009.01.04 -
AVG 8.0.0.199 2009.01.04 -
BitDefender 7.2 2009.01.04 -
CAT-QuickHeal 10.00 2009.01.03 -
ClamAV 0.94.1 2009.01.04 -
Comodo 874 2009.01.04 -
DrWeb 4.44.0.09170 2009.01.04 -
eTrust-Vet 31.6.6289 2009.01.02 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.03 -
F-Secure 8.0.14470.0 2009.01.04 -
Fortinet 3.117.0.0 2009.01.04 -
GData 19 2009.01.04 -
Ikarus T3.1.1.45.0 2009.01.03 -
K7AntiVirus 7.10.575 2009.01.03 -
Kaspersky 7.0.0.125 2009.01.04 -
McAfee 5484 2009.01.04 -
McAfee+Artemis 5484 2009.01.04 -
Microsoft 1.4205 2009.01.04 -
NOD32 3735 2009.01.04 -
Norman 5.80.02 2009.01.02 -
Panda 9.0.0.4 2009.01.04 -
PCTools 4.4.2.0 2009.01.04 -
Prevx1 V2 2009.01.04 -
Rising 21.10.62.00 2009.01.04 -
SecureWeb-Gateway 6.7.6 2009.01.04 -
Sophos 4.37.0 2009.01.04 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.04 -
TheHacker 6.3.1.4.204 2009.01.02 -
TrendMicro 8.700.0.1004 2009.01.04 -
VBA32 3.12.8.10 2009.01.04 -
ViRobot 2009.1.3.1541 2009.01.03 -
VirusBuster 4.5.11.0 2009.01.04 -
Informazioni addizionali
File size: 74396 bytes
MD5...: a3223e84075ac2c477ea9093392ee264
SHA1..: 670d1313218f5dbbf1a9ca99af8f0c494e2d7423
SHA256: 217304ad25aae43102082a8c774a6e3dbfd1f1b7c4cf1ca4b9193da7b79d7670
SHA512: b38ec20147d176a37c542f7795d7c745f01e9e4add3e62e9aab0dd41c77b68f5
4e8ca48b3176abe5be14d26034e9008cc0ecca652dd100b692f64e5128a3b333

ssdeep: 1536:5EDTfUgheu5cfEOwjcOd3kidKdPhszggL5vjvXQwkw8LH:OD73hJ55J1U5p
hLg9jvgp

PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

Cosa devo fare ora ?? Posso cancellarli ???
Grazie mille
Enzo
Avatar utente
e.villan
Aficionado
Aficionado
 
Messaggi: 140
Iscritto il: lun ott 04, 2004 2:06 pm
Località: Osnago
Top

Re: log hijackthis

Messaggioda crazy.cat » lun gen 05, 2009 8:03 am

Sembra che non siano stati analizzati o che l'analisi sia stata bloccata.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising