www.MegaLab.it

da **francescosurya** » lun apr 20, 2009 9:33 pm

ho trovato questo file in system32 e avira lo rileva come virus. se lo elimino mi dice che è in uso e non posso eliminarlo. cosa faccio?

da **stevens** » lun apr 20, 2009 10:01 pm

analizzalo qui =====>>> http://www.virustotal.com/it/

da **ste_95** » mar apr 21, 2009 6:23 am

Probabile Vundo.

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto: [LOG]qui va inserito il log[/LOG]

da **francescosurya** » mar apr 21, 2009 1:26 pm

Quelli che ho messo in grassetto me li vedeva avira come virus. Ma me li ha eliminati? Grazie mille comunnque ste!
Vi posto anche un log di hijackthis?

ComboFix 09-04-21.A1 - Francesco 21/04/2009 14.23.31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2468 [GMT 2:00]
Eseguito da: c:\documents and settings\Francesco\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\agqcisq.dat
c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\agqcisq_nav.dat
c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\agqcisq_navps.dat
c:\windows\system32\lvcoinst.dll

----- BITS: Possibili siti infetti -----

hxxp://sunmicro.ht.rd.llnw.net
hxxp://SERVER:55000
.
((((((((((((((((((((((((( Files Creati Da 2009-03-21 al 2009-04-21 )))))))))))))))))))))))))))))))))))
.

2009-04-29 12:17 . 2009-04-29 12:17 -------- d-----w c:\documents and settings\Francesco\Dati applicazioni\Media Player Classic
2009-04-26 18:44 . 2008-04-13 09:45 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-26 18:20 . 2009-04-26 18:20 -------- d-----w C:\ATI
2009-04-24 12:07 . 2009-04-24 12:07 -------- d-----w c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\Warner Bros. Interactive Entertainment
2009-04-23 12:36 . 2009-04-23 12:36 -------- d-----w c:\documents and settings\Francesco\Dati applicazioni\Apple Computer
2009-04-23 12:36 . 2008-04-17 11:12 15464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-23 12:36 . 2008-04-17 11:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-23 12:36 . 2009-04-23 12:36 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-04-23 12:35 . 2009-04-23 12:36 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-04-23 12:35 . 2009-04-23 12:35 -------- d-----w c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\Apple
2009-04-23 12:34 . 2009-04-23 12:34 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple
2009-04-23 12:34 . 2009-04-23 12:36 -------- d-----w c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\Apple Computer
2009-04-20 20:10 . 2009-04-20 20:10 1088 ----a-w c:\windows\system32\iifgGXqn.dll
2009-04-20 19:15 . 2009-04-20 19:16 -------- d-----w c:\documents and settings\Francesco\Dati applicazioni\Summer Athletics 2008
2009-04-20 19:02 . 2009-04-20 19:02 39424 ----a-w c:\windows\system32\yayApmnL.dll
2009-04-20 19:01 . 2009-04-20 19:01 39424 ----a-w c:\windows\system32\hgGxWmmm.dll
2009-04-20 19:01 . 2009-04-20 19:01 39424 ------w c:\windows\system32\jkkjiIcy.dll
2009-04-20 17:27 . 2009-04-20 17:27 -------- d-----w c:\documents and settings\Francesco\Dati applicazioni\Avira
2009-04-19 19:47 . 2009-03-10 10:05 97096 ----a-w c:\windows\system32\drivers\avfwot.sys
2009-04-19 19:47 . 2009-02-24 10:06 69632 ----a-w c:\windows\system32\drivers\avfwim.sys
2009-04-19 17:12 . 2009-04-19 17:12 172032 ----a-w c:\windows\system32\AniGIF.ocx
2009-04-19 13:19 . 2009-04-19 13:19 -------- d-----w C:\PacSteamT
2009-04-18 16:54 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-14 20:18 . 2009-04-21 12:21 -------- d-----w c:\documents and settings\Francesco\Dati applicazioni\Skype
2009-04-14 20:18 . 2009-04-14 20:18 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2009-04-11 14:00 . 2009-04-11 14:00 -------- d-----w c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\CAPCOM
2009-04-11 13:44 . 2009-04-11 13:44 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-10 21:49 . 2008-07-10 12:56 107864 ----a-w c:\windows\system32\tsccvid.dll
2009-04-10 21:49 . 2009-04-10 21:49 -------- d-----w c:\windows\system32\QuickTime
2009-04-10 21:49 . 2009-04-10 21:49 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\TechSmith
2009-04-10 21:41 . 2009-04-18 16:48 -------- d-----w c:\windows\uninstall
2009-04-09 17:53 . 2009-04-09 17:53 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Eidos
2009-04-09 06:42 . 2009-04-09 06:42 -------- d-----w c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\wanted
2009-04-09 06:42 . 2009-04-09 06:42 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\wanted
2009-04-08 20:18 . 2009-04-08 20:18 -------- d-----w c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\Xara
2009-04-08 20:16 . 2007-04-27 07:43 120200 ----a-w c:\windows\system32\DLLDEV32i.dll
2009-04-08 20:15 . 2009-04-08 20:18 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\MAGIX
2009-04-08 20:15 . 2009-04-08 20:20 -------- d-----w c:\windows\system32\MAGIX
2009-04-08 20:15 . 2008-06-23 12:07 7103 ----a-w c:\windows\mgxoschk.ini
2009-04-08 20:15 . 2008-04-15 13:14 700416 ----a-w c:\windows\system32\mgxoschk.dll
2009-04-07 12:11 . 2009-04-07 12:11 -------- d-----w c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\Scansoft
2009-04-06 15:20 . 2007-01-26 13:06 34816 ------w c:\windows\system32\BrWiaNCp.dll
2009-04-06 15:20 . 2007-01-18 11:51 163840 ------w c:\windows\system32\NSSearch.dll
2009-04-06 15:20 . 2007-02-06 17:50 61952 ------w c:\windows\system32\BrNetSti.dll
2009-04-06 15:20 . 2007-01-26 13:05 18944 ------w c:\windows\system32\BrnStiCp.cpl
2009-04-06 15:20 . 2006-12-26 17:39 37376 ------w c:\windows\system32\Brnsplg.dll
2009-04-06 15:20 . 2006-11-20 18:48 9728 ------w c:\windows\system32\BrSti07a.dll
2009-04-06 15:20 . 2002-11-26 11:43 106496 ------w c:\windows\system32\BrMuSNMP.dll
2009-04-06 15:12 . 2009-04-06 15:20 50 ----a-w c:\windows\system32\bridf07a.dat
2009-04-06 15:11 . 2007-01-26 14:19 56832 ----a-w c:\windows\system32\brinsstr.dll
2009-04-06 15:11 . 2007-02-15 11:54 131072 ------w c:\windows\brunin03.dll
2009-04-06 15:10 . 2006-10-24 13:35 31652 ----a-w c:\windows\maxlink.ini
2009-04-06 15:09 . 2009-04-06 15:10 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2009-04-06 15:08 . 2009-04-06 15:08 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Brother
2009-04-06 15:04 . 2008-04-13 09:47 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-06 15:04 . 2008-04-13 09:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-06 12:26 . 2009-04-06 12:26 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-04-04 16:30 . 2009-04-04 16:30 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\LightScribe
2009-04-03 10:01 . 2009-04-03 10:01 4767 ----a-w c:\windows\Irremote.ini
2009-04-02 19:42 . 2009-04-02 19:42 -------- d-----w c:\windows\system32\Adobe
2009-04-01 18:11 . 2009-04-01 18:11 -------- d-----w c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\THQ
2009-04-01 17:28 . 2009-04-01 17:28 -------- d-----w c:\documents and settings\Francesco\Dati applicazioni\Thinstall
2009-04-01 11:04 . 2009-04-01 11:04 61 ----a-w c:\windows\FINSON.INI
2009-03-31 19:34 . 2008-04-13 09:45 60032 -c--a-w c:\windows\system32\dllcache\usbaudio.sys
2009-03-31 19:34 . 2008-04-13 09:45 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys
2009-03-31 19:34 . 2006-06-22 20:51 22334 ----a-r c:\windows\system32\lvcoinst.ini
2009-03-31 19:34 . 2006-06-22 20:51 4770 ----a-r c:\windows\system32\Repository.reg
2009-03-31 19:34 . 2006-06-22 22:29 38960 ----a-r c:\windows\system32\drivers\LVUSBSta.sys
2009-03-31 19:34 . 2006-06-22 22:29 513584 ----a-r c:\windows\system32\LVUI2RC.dll
2009-03-31 19:34 . 2006-06-22 22:29 210480 ----a-r c:\windows\system32\LVUI2.dll
2009-03-31 19:34 . 2006-06-22 22:29 263728 ----a-r c:\windows\system32\lvcodec2.dll
2009-03-31 19:34 . 2003-02-21 12:42 348160 ----a-r c:\windows\system\msvcr71.dll
2009-03-31 19:34 . 2006-06-22 22:29 720176 ----a-r c:\windows\system32\drivers\LV302AV.SYS
2009-03-31 19:34 . 2008-04-13 17:13 54784 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-03-31 19:34 . 2008-04-13 17:13 54784 ----a-w c:\windows\system32\vfwwdm32.dll
2009-03-25 12:19 . 2006-08-23 11:33 7680 ----a-w c:\windows\system32\ff_acm.acm
2009-03-24 18:57 . 2009-03-25 11:39 -------- d-----w C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 20:33 . 2009-04-29 20:33 -------- d-----w c:\programmi\FLV Player
2009-04-28 13:50 . 2009-02-16 19:16 -------- d-----w c:\documents and settings\Francesco\Dati applicazioni\SPORE
2009-04-24 19:51 . 2009-04-24 19:50 -------- d-----w c:\programmi\BZFlag2.0.8
2009-04-24 19:49 . 2009-04-19 13:20 -------- d-----w c:\programmi\PacSteamT
2009-04-24 09:54 . 2009-04-24 09:49 -------- d-----w c:\programmi\LEGO Batman
2009-04-23 12:36 . 2009-04-23 12:36 -------- d-----w c:\programmi\iTunes
2009-04-23 12:36 . 2009-04-23 12:36 -------- d-----w c:\programmi\iPod
2009-04-23 12:36 . 2009-04-23 12:35 -------- d-----w c:\programmi\File comuni\Apple
2009-04-23 12:36 . 2009-04-23 12:36 -------- d-----w c:\programmi\Bonjour
2009-04-23 12:35 . 2009-04-23 12:35 -------- d-----w c:\programmi\QuickTime
2009-04-23 12:35 . 2009-04-23 12:35 -------- d-----w c:\programmi\Apple Software Update
2009-04-20 20:38 . 2009-01-27 17:06 2606656 ----a-w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-04-20 19:45 . 2009-04-20 19:00 -------- d-----w c:\programmi\Summer Athletics
2009-04-20 17:35 . 2009-01-30 13:17 -------- d-----w c:\programmi\Rockstar Games
2009-04-20 17:35 . 2009-01-24 14:43 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-20 17:27 . 2009-01-24 17:02 -------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-04-20 15:51 . 2009-02-06 19:35 -------- d-----w c:\programmi\Steam
2009-04-20 14:50 . 2009-04-20 14:50 -------- d-----w c:\programmi\BootRacer
2009-04-19 19:56 . 2009-01-30 14:04 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-19 19:47 . 2009-01-24 19:39 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2009-04-19 19:41 . 2009-04-19 19:41 -------- d-----w c:\programmi\Avira
2009-04-19 17:13 . 2009-04-19 17:12 -------- d-----w c:\programmi\SpeedBit Video Accelerator
2009-04-19 17:12 . 2009-04-19 17:12 -------- d-----w c:\programmi\AskSBar
2009-04-19 14:15 . 2009-01-24 20:19 -------- d-----w c:\programmi\QuickMediaConverter
2009-04-19 13:19 . 2009-04-19 13:19 -------- d-----w c:\programmi\File comuni\Thraex Software
2009-04-18 16:48 . 2009-04-10 21:41 -------- d-----w c:\programmi\ExePW
2009-04-14 20:18 . 2009-04-14 20:18 -------- d-----r c:\programmi\Skype
2009-04-11 13:46 . 2009-04-11 13:46 -------- d-----w c:\programmi\CAPCOM
2009-04-11 13:44 . 2009-02-04 13:06 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-11 13:43 . 2001-08-31 11:00 77570 ----a-w c:\windows\system32\perfc010.dat
2009-04-11 13:43 . 2001-08-31 11:00 473484 ----a-w c:\windows\system32\perfh010.dat
2009-04-10 21:49 . 2009-04-10 21:49 -------- d-----w c:\programmi\File comuni\TechSmith Shared
2009-04-10 21:49 . 2009-04-10 21:49 -------- d-----w c:\programmi\TechSmith
2009-04-10 21:29 . 2009-04-10 21:26 -------- d-----w c:\programmi\CoreCodec
2009-04-10 21:26 . 2009-04-10 21:26 -------- d-----w c:\programmi\Haali
2009-04-09 17:53 . 2009-01-27 18:22 -------- d-----w c:\programmi\Eidos
2009-04-09 17:41 . 2009-04-09 17:31 26 ----a-w C:\xml2.txt
2009-04-09 06:30 . 2009-02-02 13:21 -------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-04-09 06:30 . 2009-02-02 13:21 -------- d-----w c:\programmi\AGEIA Technologies
2009-04-09 06:23 . 2009-04-09 06:23 -------- d-----w c:\programmi\WarnerBros
2009-04-09 06:02 . 2009-01-24 15:11 118640 ----a-w c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-08 20:20 . 2009-04-08 20:17 -------- d-----w c:\programmi\File comuni\MAGIX Shared
2009-04-08 20:18 . 2009-04-08 20:15 -------- d-----w c:\programmi\MAGIX
2009-04-08 20:17 . 2009-04-08 20:17 -------- d-----w c:\programmi\File comuni\xara
2009-04-06 15:25 . 2009-04-06 15:11 -------- d-----w c:\programmi\Brother
2009-04-06 15:10 . 2009-04-06 15:10 -------- d-----w c:\programmi\Nuance
2009-04-06 15:10 . 2009-04-06 15:09 -------- d-----w c:\programmi\File comuni\ScanSoft Shared
2009-04-06 15:09 . 2009-04-06 15:09 -------- d-----w c:\programmi\ScanSoft
2009-04-06 12:19 . 2009-01-26 19:38 -------- d-----w c:\programmi\LucasArts
2009-04-05 10:34 . 2009-04-05 10:34 -------- d-----w c:\programmi\Quake III Arena
2009-04-04 16:30 . 2009-01-24 16:46 -------- d-----w c:\documents and settings\Francesco\Dati applicazioni\Nero
2009-04-03 10:12 . 2009-01-24 16:45 -------- d-----w c:\programmi\File comuni\Nero
2009-04-03 10:00 . 2009-04-03 09:50 -------- d-----w c:\programmi\Nero
2009-04-03 09:59 . 2009-04-03 09:59 -------- d-----w c:\programmi\Windows Sidebar
2009-04-03 09:55 . 2009-01-24 16:45 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2009-04-03 09:49 . 2009-04-03 09:49 -------- d-----w c:\programmi\File comuni\LightScribe
2009-04-01 18:05 . 2009-04-01 17:53 -------- d-----w c:\programmi\Saints Row 2
2009-04-01 11:41 . 2009-04-01 11:41 -------- d-----w c:\programmi\OvO Demo
2009-04-01 11:08 . 2009-04-01 11:04 -------- d-----w c:\programmi\Arredamento 3D
2009-04-01 11:06 . 2009-04-01 11:06 -------- d-----w c:\programmi\Finson Live Update
2009-03-31 19:34 . 2009-03-31 19:34 1596 ----a-w C:\lvcoinst.log
2009-03-31 19:00 . 2009-03-31 19:00 -------- d-----w c:\programmi\OvO
2009-03-30 17:16 . 2009-03-22 09:27 -------- d-----w c:\programmi\MagicISO
2009-03-30 16:43 . 2009-03-30 16:43 -------- d-----w c:\programmi\SyncToy 2.0
2009-03-30 16:42 . 2009-03-30 16:42 -------- d-----w c:\programmi\Microsoft Sync Framework
2009-03-25 12:19 . 2009-03-25 12:19 -------- d-----w c:\programmi\ffdshow
2009-03-25 12:17 . 2009-03-25 12:17 -------- d-----w c:\programmi\PlayFLV
2009-03-22 09:47 . 2009-01-25 09:01 -------- d-----w c:\programmi\EA Games
2009-03-22 09:09 . 2009-03-22 09:09 253952 ------w c:\windows\Setup1.exe
2009-03-22 09:09 . 2009-02-09 13:24 74752 ----a-w c:\windows\ST6UNST.EXE
2009-03-18 19:53 . 2009-03-18 19:53 -------- d-----w c:\documents and settings\Francesco\Dati applicazioni\THQ
2009-03-18 19:51 . 2009-03-18 19:51 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-03-18 19:44 . 2009-03-18 19:44 -------- d-----w c:\programmi\THQ
2009-03-18 19:44 . 2009-01-24 14:43 -------- d-----w c:\programmi\File comuni\InstallShield
2009-03-18 19:43 . 2009-03-18 19:43 -------- d-----w c:\documents and settings\Francesco\Dati applicazioni\InstallShield
2009-03-17 14:32 . 2009-01-25 08:56 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-03-16 19:42 . 2009-03-16 19:42 -------- d-----r c:\documents and settings\Francesco\Dati applicazioni\Brother
2009-03-14 12:55 . 2009-03-14 12:55 -------- d-----w c:\programmi\Microsoft Games
2009-03-12 12:07 . 2009-01-25 08:56 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-03-09 19:48 . 2009-01-25 09:17 138184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-09 19:48 . 2009-01-25 09:17 183112 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-09 13:01 . 2009-01-25 17:22 -------- d-----w c:\programmi\Lavasoft
2009-03-09 13:01 . 2009-01-25 17:22 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-03-09 13:01 . 2009-01-25 17:22 -------- dc-h--w c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-08 08:12 . 2009-03-08 08:12 -------- d-----w c:\documents and settings\Guest\Dati applicazioni\ATI
2009-03-08 08:11 . 2009-03-08 08:11 -------- d-----w c:\documents and settings\Guest\Dati applicazioni\Nero
2009-03-08 08:11 . 2009-03-08 08:11 72040 ----a-w c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-03-07 22:37 . 2009-03-07 22:37 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\ATI
2009-03-07 22:35 . 2009-01-24 19:19 -------- d-----w c:\programmi\ATI Technologies
2009-03-07 12:36 . 2009-02-16 18:22 -------- d-----w c:\programmi\Electronic Arts
2009-02-08 20:17 . 2009-02-08 20:15 0 ----a-w C:\Lemmings.log
2009-02-02 14:22 . 2009-02-02 14:22 444952 ----a-w c:\windows\system32\wrap_oal.dll
2009-02-02 14:22 . 2009-02-02 14:22 109080 ----a-w c:\windows\system32\OpenAL32.dll
2009-01-25 09:25 . 2009-01-25 09:17 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-24 19:10 . 2008-06-24 17:31 46 ---ha-w C:\splash.idx
2009-01-24 15:55 . 2009-01-24 14:07 86327 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-01-24 15:52 . 2002-08-28 23:05 251600 --sha-r C:\ntldr
2009-01-24 14:43 . 2009-01-24 14:43 315392 ----a-w c:\windows\HideWin.exe
2009-01-24 14:07 . 2009-01-24 14:07 558142 ----a-w c:\windows\java\Packages\UWVHR79B.ZIP
2009-01-24 14:07 . 2009-01-24 14:07 2678 ----a-w c:\windows\java\Packages\Data\GSXJDBRV.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2009-04-20 19:01 39424 ------w c:\windows\system32\jkkjiIcy.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-03-27 24103720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\programmi\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-03 5964800]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"TrayServer"="c:\programmi\MAGIX\Video_deluxe_15_Plus_Download-Version\TrayServer.exe" [2008-08-18 90112]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-11 148888]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-13 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"BootRacer"="c:\programmi\BootRacer\Bootrace.exe" [2009-01-14 1548392]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-1-24 552296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\jkkjiIcy.dll" [2009-04-20 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjiIcy]
2009-04-20 19:01 39424 ------w c:\windows\system32\jkkjiIcy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Home Server\\Discovery.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Programmi\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Programmi\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Programmi\\Codemasters\\GRID\\GRID.exe"=
"c:\\Documents and Settings\\Francesco\\Desktop\\gamez\\TDU\\TestDriveUnlimited.exe"=
"c:\\Programmi\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"c:\\Programmi\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\BZFlag2.0.8\\bzflag.exe"=
"c:\\Programmi\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Programmi\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Programmi\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Programmi\\THQ\\Juiced2_HIN\\Juiced2_HIN.exe"=
"c:\\Programmi\\EA Games\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Programmi\\Saints Row 2\\SR2_pc.exe"=
"c:\\Documents and Settings\\Francesco\\Desktop\\gamez\\P. Quake III Arena by yd.exe"=
"c:\\Programmi\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Programmi\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Programmi\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd; [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 PD91Engine;PD91Engine;c:\programmi\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
S0 mv61xx;mv61xx;c:\windows\System32\DRIVERS\mv61xx.sys [2008-06-23 150568]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [2009-02-24 186625]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-02-12 432897]
S2 BootRacerServ;BootRacerServ;c:\programmi\BootRacer\BootRacerServ.exe [2009-01-14 57088]
S2 PD91Agent;PD91Agent;c:\programmi\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2009-04-19 288368]
S2 WHSConnector;Windows Home Server Connector Service;c:\programmi\Windows Home Server\WHSConnector.exe [2008-10-31 325480]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-10-21 89600]
S3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-04-12 c:\windows\Tasks\ATF-Cleaner.job
- c:\documents and settings\Francesco\Desktop\SICUREZZA\ATF-Cleaner.exe [2009-03-30 13:55]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-agqcisq - c:\documents and settings\francesco\impostazioni locali\dati applicazioni\agqcisq.exe

.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
TCP: {7F9C0798-A76A-4B29-AD55-AC2829A9F410} = 212.216.112.112,212.216.172.62
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\jh05v13a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPAskSBr.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 14:25
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-583907252-1177238915-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:61,cc,e1,6a,36,73,a3,5f,a6,d6,85,e0,c1,bf,21,74,ec,ba,e0,d3,a1,
b0,a6,44,d5,fa,5b,0e,e3,e4,10,f9,2d,c0,6c,e1,28,4a,d3,bb,08,7f,0f,e3,dc,fa,\
"rkeysecu"=hex:19,e2,15,05,0e,15,8b,bc,dc,12,a0,93,53,f7,51,a4
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\jkkjiIcy.dll

- - - - - - - > 'lsass.exe'(872)
c:\progra~1\SPEEDB~1\sblsp.dll
c:\programmi\SpeedBit Video Accelerator\ConfigDB.dll
c:\programmi\Avira\AntiVir Desktop\avsda.dll
c:\programmi\SpeedBit Video Accelerator\Accelerator.dll
c:\programmi\SpeedBit Video Accelerator\CommPipe.dll
c:\programmi\SpeedBit Video Accelerator\Collector.dll
c:\programmi\Bonjour\mdnsNSP.dll
.
Ora fine scansione: 2009-04-21 14.26.36
ComboFix-quarantined-files.txt 2009-04-21 12:26

Pre-Run: 127.798.878.208 byte disponibili
Post-Run: 128.272.773.120 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

360

da **ste_95** » mar apr 21, 2009 1:45 pm

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto: Files to delete: c:\windows\system32\iifgGXqn.dll c:\windows\system32\yayApmnL.dll c:\windows\system32\hgGxWmmm.dll c:\windows\system32\jkkjiIcy.dll c:\windows\mgxoschk.ini c:\windows\system32\mgxoschk.dll

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger riporta un errore, prova a riscrivere manualmente la prima riga (Files to delete:) ricordando i due punti.

da **Amantide** » mar apr 21, 2009 2:12 pm

c:\windows\system32\dllcache\vfwwdm32.dll
c:\windows\system32\vfwwdm32.dll

Questi dovrebbero essere sicuri.

EDIT:

Aggiungi anche questa parte nello script per Avenger:

Codice: Seleziona tutto: Registry keys to delete: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjiIcy Registry values to delete: hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks | {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

da **ste_95** » mar apr 21, 2009 2:19 pm

Come nomi facevano molto Vundo, ho modificato il post.

da **francescosurya** » mar apr 21, 2009 2:19 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "c:\windows\system32\iifgGXqn.dll" deleted successfully.
File "c:\windows\system32\yayApmnL.dll" deleted successfully.
File "c:\windows\system32\hgGxWmmm.dll" deleted successfully.
File "c:\windows\system32\jkkjiIcy.dll" deleted successfully.
File "c:\windows\mgxoschk.ini" deleted successfully.
File "c:\windows\system32\mgxoschk.dll" deleted successfully.
File "c:\windows\system32\dllcache\vfwwdm32.dll" deleted successfully.
File "c:\windows\system32\vfwwdm32.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

però 3 dei file non me li ha cancellati, ma li ha messi in C:\Avenger\

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjiIcy" deleted successfully.
Registry value "hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks|{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

da **ste_95** » mar apr 21, 2009 2:30 pm

francescosurya ha scritto:File "c:\windows\system32\dllcache\vfwwdm32.dll" deleted successfully.
File "c:\windows\system32\vfwwdm32.dll" deleted successfully.

Riporta questi due nelle rispettive cartelle di appartenenza e dovresti essere a posto.

da **francescosurya** » mar apr 21, 2009 2:44 pm

il secondo l'ho messo ma del primo in system32 non che la cartella dllcache....

da **francescosurya** » mer apr 22, 2009 3:31 pm

ste ci sei ancora??? per piacere rispondi! Grazie 100!

da **ste_95** » mer apr 22, 2009 6:29 pm

francescosurya ha scritto:il secondo l'ho messo ma del primo in system32 non che la cartella dllcache....

Non ho capito qual è il problema con dllcache.

da **francescosurya** » mer apr 22, 2009 6:34 pm

devo mettere il file in una cartella che si chiama ddlcache giusto?? non la trovo!

da **ste_95** » mer apr 22, 2009 7:12 pm

La cartella dllcache si trova in system32, ma non è necessario. Se il file servirà al sistema, se lo ricreerà da solo. [;)]

da **francescosurya** » mer apr 22, 2009 7:27 pm

ok grazie 100!

da **francescosurya** » gio apr 23, 2009 5:49 pm

E qui è tutto ok??

ComboFix 09-04-21.A8 - Francesco 21/04/2009 21.41.25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2047.1359 [GMT 2:00]
Eseguito da: c:\documents and settings\Francesco\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\update.exe
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000016_.tmp.dll

----- BITS: Possibili siti infetti -----

hxxp://SERVER:55000
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Creati Da 2009-03-23 al 2009-04-23 )))))))))))))))))))))))))))))))))))
.

2009-04-20 18:38 . 2009-04-20 18:38 39424 ----a-w c:\windows\system32\cbXOHbYq.dll
2009-04-20 18:38 . 2009-04-20 18:38 39424 ----a-w c:\windows\system32\fccbAPgf.dll
2009-04-20 18:37 . 2009-04-20 18:37 39424 ----a-w c:\windows\system32\tuvTmMcd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 16:41 . 2001-08-31 11:00 76636 ----a-w c:\windows\system32\perfc010.dat
2009-04-23 16:41 . 2001-08-31 11:00 453302 ----a-w c:\windows\system32\perfh010.dat
2009-04-20 20:38 . 2008-12-07 20:49 -------- d-----w c:\documents and settings\Francesco\Dati applicazioni\uTorrent
2009-04-01 16:28 . 2008-08-28 09:30 -------- d-----w c:\documents and settings\Francesco\Dati applicazioni\Thinstall
2009-03-30 11:23 . 2008-12-07 21:51 -------- d-----w c:\programmi\Java
2009-03-21 12:57 . 2008-05-31 10:15 -------- d-----w c:\programmi\Microsoft Silverlight
2009-03-12 13:23 . 2007-11-21 09:18 33824 -c--a-w c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-03-12 13:16 . 2009-03-12 13:00 -------- d-----w c:\programmi\Brother
2009-03-12 13:15 . 2007-11-21 08:44 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-12 12:59 . 2009-03-12 12:59 -------- d-----w c:\programmi\Nuance
2009-03-12 12:58 . 2009-03-12 12:57 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2009-03-12 12:58 . 2009-03-12 12:58 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-03-12 12:57 . 2009-03-12 12:57 -------- d-----w c:\programmi\File comuni\ScanSoft Shared
2009-03-12 12:57 . 2007-11-21 08:42 -------- d-----w c:\programmi\File comuni\InstallShield
2009-03-12 12:56 . 2009-03-12 12:56 -------- d-----w c:\programmi\ScanSoft
2009-03-12 12:55 . 2009-03-12 12:55 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Brother
2009-03-09 03:19 . 2008-12-07 21:52 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-01-25 09:46 . 2008-10-26 09:39 183112 -c--a-w c:\windows\system32\PnkBstrB.exe
2008-10-26 09:39 . 2008-10-26 09:39 22328 -c--a-w c:\documents and settings\Francesco\Dati applicazioni\PnkBstrK.sys
2008-06-12 09:23 . 2008-06-12 09:23 138 -c--a-w c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\fusioncache.dat
2008-04-26 18:03 . 2008-04-26 18:03 3409 -csh--r c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\GDIPFONT982CACHEV32.DAT
2008-03-26 10:38 . 2008-03-26 10:38 15464 -c--a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-11-21 14:08 . 2007-11-21 14:08 32 -c--a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2009-04-20 18:37 39424 ----a-w c:\windows\system32\tuvTmMcd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-03-09 03:18 35840 ----a-w c:\programmi\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-03-09 03:18 73728 ----a-w c:\programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D73E76A3-F902-45BD-8FC8-95AE8E014671}"= "c:\programmi\Windows Home Server\WHSDeskBands.dll" [2008-10-31 245608]

[HKEY_CLASSES_ROOT\clsid\{d73e76a3-f902-45bd-8fc8-95ae8e014671}]
[HKEY_CLASSES_ROOT\WHSDeskBands.ToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{F28211FB-BF6C-499A-B03B-5EB4C544B4C1}]
[HKEY_CLASSES_ROOT\WHSDeskBands.ToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"= "c:\windows\system32\ieframe.dll" [2008-10-03 6066176]

[HKEY_CLASSES_ROOT\clsid\{f2cf5485-4e02-4f68-819c-b92de9277049}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SpybotSD TeaTimer"="d:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="d:\programmi\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"LogitechQuickCamRibbon"="d:\programmi\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"Nokia Tray Application"="c:\programmi\File comuni\Nokia\Tools\NclTray.exe" [2003-12-19 425984]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"WebcamMaxMoniter"="d:\programmi\WebcamMax\wcmmon.exe" [2008-02-12 456024]
"avgnt"="d:\programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-07-18 266497]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-05-21 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programmi\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\programmi\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\programmi\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\programmi\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2008-7-25 552296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\tuvTmMcd.dll" [2009-04-20 39424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2008-08-26 233472]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-19 15:26 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTmMcd]
2009-04-20 18:37 39424 ----a-w c:\windows\system32\tuvTmMcd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Francesco^Menu Avvio^Programmi^Esecuzione automatica^Need for Speed™ Undercover Registration.lnk]
path=c:\documents and settings\Francesco\Menu Avvio\Programmi\Esecuzione automatica\Need for Speed™ Undercover Registration.lnk
backup=c:\windows\pss\Need for Speed™ Undercover Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"Firewalboverride"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programmi\\IncrediMail\\bin\\IMApp.exe"=
"d:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"d:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Windows Home Server\\Discovery.exe"=
"c:\\Programmi\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"d:\\Programmi\\BZFlag2.0.10\\bzflag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Programmi\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"d:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"d:\\Programmi\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"d:\\Programmi\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"d:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programmi\\Aspyr\\Guitar Hero III\\GH3.exe"=
"d:\\Programmi\\iTunes\\iTunes.exe"=
"d:\\Programmi\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"d:\\Programmi\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"d:\\Programmi\\LimeWire\\LimeWire.exe"=
"d:\\Documenti\\My Lockbox\\P2P\\utorrent.exe"=
"d:\\Programmi\\AVG\\AVG8\\avgam.exe"=
"d:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"d:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"d:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"d:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"37674:TCP"= 37674:TCP:*:Disabled:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:*:Disabled:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:*:Disabled:Porta UDP ooVoo 37675
"443:UDP"= 443:UDP:*:Disabled:Porta UDP ooVoo 443
"37676:TCP"= 37676:TCP:*:Disabled:Porta TCP ooVoo 37676
"37676:UDP"= 37676:UDP:*:Disabled:Porta UDP ooVoo 37676
"37677:UDP"= 37677:UDP:*:Disabled:Porta UDP ooVoo 37677

R0 MFX;MFX; [x]
R3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2008-07-12 46368]
R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [2008-04-03 104960]
R3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys [2008-04-03 110080]
R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys [2008-04-03 104960]
R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys [2008-04-03 104960]
R3 PD91Engine;PD91Engine;d:\programmi\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
R3 USRSp50;USRSp50 NDIS Protocol Driver; [x]
R4 avg8emc;AVG8 E-mail Scanner;d:\progra~1\AVG\AVG8\avgemc.exe [2009-01-19 903960]
R4 avg8wd;AVG8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-19 298264]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-01-19 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-01-19 325128]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-01-19 107272]
S2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;d:\programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-11-25 164097]
S2 antivirwebservice;Avira AntiVir Premium WebGuard;d:\programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-07-18 258305]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2008-01-14 81920]
S2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;d:\programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-07-18 41217]
S2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CamthWDM.sys [2008-02-09 941784]
S2 litsgt;litsgt;c:\windows\system32\DRIVERS\litsgt.sys [2008-06-07 137344]
S2 PD91Agent;PD91Agent;d:\programmi\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
S2 tansgt;tansgt;c:\windows\system32\DRIVERS\tansgt.sys [2008-06-07 12032]
S2 WHSConnector;Windows Home Server Connector Service;c:\programmi\Windows Home Server\WHSConnector.exe [2008-10-31 325480]

.
Contenuto della cartella 'Scheduled Tasks'

2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

2009-03-15 c:\windows\Tasks\Pulitura disco.job
- c:\windows\system32\cleanmgr.exe [2001-08-31 14:39]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-SecurDisc - d:\programmi\Nero 8\InCD\NBHGui.exe
HKLM-Run-System Files Updater - c:\windows\FlyakiteOSX\System Files Updater.exe
ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
SSODL-WebCheck-{E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)
Notify-WgaLogon - (no file)
Notify-wvUljijJ - wvUljijJ.dll

.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: &Add animation to IncrediMail Style Box - d:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: &Clean Traces - d:\programmi\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - d:\programmi\DAP\dapextie.htm
IE: Download &all with DAP - d:\programmi\DAP\dapextie2.htm
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\Messenger\msmsgs.exe
LSP: avsda.dll
TCP: {664AA16B-B344-4405-8C1B-AA86DB40A243} = 192.168.0.11,212.216.172.62
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\msdaipp.dll
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\msdaipp.dll
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\msdaipp.dll
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\msdaipp.dll
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\msdaipp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\programmi\AVG\AVG8\avgpp.dll
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\msdaipp.dll
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\msdaipp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\FILECO~1\Skype\SKYPE4~1.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\DAP\dapie.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\afa365eq.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\afa365eq.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: d:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: d:\programmi\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\programmi\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: d:\programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: d:\programmi\real player\Netscape6\nppl3260.dll
FF - plugin: d:\programmi\real player\Netscape6\nprjplug.dll
FF - plugin: d:\programmi\real player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 18:40
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1767777339-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1767777339-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,73,80,db,c5,2f,c9,24,d0,88,72,b9,2b,1d,a5,46,de,eb,3e,09,75,43,1f,
9b,e6,50,6a,cf,ec,a5,59,20,f1,24,24,5b,72,50,77,fa,ab,03,cf,c8,65,a9,5d,fd,\
"??"=hex:ce,d9,d2,49,ac,5f,25,e3,64,e3,d6,58,ad,4e,fc,f5

[HKEY_USERS\S-1-5-21-1409082233-1767777339-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:3d,12,45,9d,d4,5a,04,cf,1a,1d,61,30,22,45,93,50,01,8e,0d,4b,18,
73,0d,95,9e,bb,d6,c1,97,a8,38,e9,31,8d,01,2c,74,24,f9,7a,fe,33,e1,40,d4,5d,\
"rkeysecu"=hex:90,b6,27,99,a1,5f,d5,d3,6a,e3,f1,cc,da,c1,09,a9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,7b,81,02,ea,b1,
9b,9b,eb,e2,63,26,f1,3f,c8,ff,68,ba,2c,16,88,85,16,49,f8,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8a,ca,c0,4e,77,
0e,df,48,6a,9c,d6,61,af,45,84,18,ec,08,20,4e,96,da,9e,4a,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,ab,43,74,89,95,
7b,db,bd,ff,7c,85,e0,43,d4,0e,fe,14,f8,bf,92,07,68,4c,f6,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,42,d9,17,c1,c5,
1c,1d,09,86,8c,21,01,be,91,eb,e7,14,b1,fe,cd,e9,35,cc,c4,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,f4,39,19,dc,ed,
49,a8,32,f5,1d,4d,73,a8,13,5c,05,0d,3a,d6,b3,46,ef,8d,dd,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,4f,e3,3b,b9,71,
4f,f8,f8,df,20,58,62,78,6b,cf,c8,b8,1b,87,68,a3,cb,67,34,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,ec,7d,f6,b3,00,
02,ef,3f,fb,a7,78,e6,12,2f,9a,ea,9a,e1,c8,e2,47,39,c6,02,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,60,e8,c5,30,fc,
6e,6f,8b,01,3a,48,fc,e8,04,4a,f1,6e,d0,31,b4,3c,73,f8,c0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,d3,9f,21,e4,62,
1b,9e,50,f6,0f,4e,58,98,5b,89,c9,0a,50,2a,39,e1,68,7f,77,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,46,69,88,d2,0c,
a2,b5,52,3d,ce,ea,26,2d,45,aa,78,dd,2c,03,04,ae,f8,ec,8e,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,a8,2d,d9,a4,6d,
09,01,39,2a,b7,cc,b5,b9,7f,41,e7,e4,41,49,cd,e1,e2,9c,63,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,e1,2c,f4,db,a9,
0d,19,9c,6c,43,2d,1e,aa,22,2f,9c,63,41,ab,5e,b6,0c,20,1a,6c,43,2d,1e,aa,22,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\tuvTmMcd.dll

- - - - - - - > 'lsass.exe'(884)
c:\windows\system32\avsda.dll

- - - - - - - > 'explorer.exe'(6184)
c:\programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
d:\programmi\Nokia\PC Suite for N-Gage QD\eccopyhook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\tuvTmMcd.dll
c:\windows\system32\avsda.dll
c:\windows\system32\browselc.dll
d:\progra~1\SPYBOT~1\SDHelper.dll
c:\programmi\Windows Home Server\WHSDeskBands.dll
c:\programmi\Bonjour\mdnsNSP.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
d:\programmi\AVG\AVG8\avgrsx.exe
d:\programmi\Avira\Antivir PersonalEdition Premium\avguard.exe
d:\programmi\Avira\Antivir PersonalEdition Premium\sched.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
d:\programmi\Nero 8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oocinst.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
c:\windows\system32\rundll32.exe
c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
c:\programmi\Brother\ControlCenter3\BrccMCtl.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
c:\programmi\Brother\Brmfcmon\BrMfcMon.exe
c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
c:\programmi\Windows Home Server\WHSTrayApp.exe
c:\programmi\File comuni\LogiShrd\LQCVFX\COCIManager.exe
d:\programmi\Mozilla Firefox\firefox.exe
d:\programmi\uTorrent\uTorrent.exe
.
**************************************************************************
.
Ora fine scansione: 2009-04-23 18.47.18 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-04-23 16:47

Pre-Run: 3.550.478.336 byte disponibili
Post-Run: 3.608.084.480 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /FASTDETECT /NOEXECUTE=OPTIN

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
413 --- E O F --- 2008-04-10 10:06

da **ste_95** » gio apr 23, 2009 10:06 pm

Usa i tool consigliati in questo articolo:
http://www.MegaLab.it/2785/vundo-liberi ... per-sempre

www.MegaLab.it

jkkjiIcy.dll

jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Re: jkkjiIcy.dll

Chi c’è in linea