Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Programma rogue VirusHeat

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Programma rogue VirusHeat

Messaggioda CarDependant » lun mar 31, 2008 2:02 pm

Oggi ho acceso il pc e mi sono comparsi diverse icone sul desktop e mi è comparsa sulla tray l'applicazione VirusHeat, che penso sia un rogue, e vorrei che mi aiutate a rimuoverlo, perché ho timore a farlo da solo, temo di danneggiare il PC, non esiste per caso un rogue remover o cosa del genere? Casomai provo con quello se non funziona ditemi come rimuoverlo ok?
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Messaggioda ste_95 » lun mar 31, 2008 2:11 pm

Dai una passata con Rogue Remover Free e segui queste istruzioni.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda CarDependant » lun mar 31, 2008 2:21 pm

Intanto le icone sul desktop le cancello manualmente?
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT


Messaggioda ste_95 » lun mar 31, 2008 2:22 pm

Prima prova i programmi elencati, dovrebbero fare tutto loro [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda CarDependant » lun mar 31, 2008 10:46 pm

Ho passato al setaccio il PC con Rogue Remover, Spybot S&D, SUPERAntiSpyware e A-squared free, altre precauzioni da prendere oppure il PC posso considerarlo pulito?
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Messaggioda ste_95 » mar apr 01, 2008 6:05 am

Funziona meglio?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda CarDependant » mar apr 01, 2008 5:54 pm

Non molto cioè il PC non funzionava male col rogue mi sono solo ritrovato sulla tray l'icona di VirusHeat e su IE compariva una toolbar aggiuntiva che non ho mai installato più la homepage cambiata, ora non ci sono piu dopo aver pulito il PC, è come prima anzi a volte mi capitavano dei "BSOD", che mostravano errore relativo ai driver, ma succede una volta ogni tanto...
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Messaggioda ste_95 » mar apr 01, 2008 5:56 pm

Scarica HijackThis
Salvalo in una cartella (non aprirlo direttamente, sennò non farà i backup!)
Apri l'eseguibile
Clicca quindi su "Do a System Scan and Save a Logfile"
Attendi che finisca la scansione
Quindi copia il contenuto del blocco note qui sul forum.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda CarDependant » mer apr 02, 2008 10:20 pm

Eccovi il log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.22.17, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\PFShared\UmxCfg.exe
C:\Programmi\Tiny Firewall Pro\UmxFwHlp.exe
C:\Programmi\File comuni\PFShared\UmxPol.exe
C:\Programmi\Tiny Firewall Pro\UmxAgent.exe
C:\Programmi\Tiny Firewall Pro\UmxTray.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\PFShared\umxlu.exe
C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Carmelo\Desktop\HijackThis\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Carmelo\IMPOST~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://carmelino1988.spaces.live.com/Ph ... nPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{817D8A0C-4F73-403A-946A-9C17525312DC}: NameServer = 208.67.222.222 208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: FW Event Manager (UmxAgent) - Computer Associates International, Inc. - C:\Programmi\Tiny Firewall Pro\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Computer Associates International, Inc. - C:\Programmi\File comuni\PFShared\UmxCfg.exe
O23 - Service: FW User-Mode Helper (UmxFwHlp) - Computer Associates International, Inc. - C:\Programmi\Tiny Firewall Pro\UmxFwHlp.exe
O23 - Service: FW Live Update (UmxLU) - Computer Associates International, Inc. - C:\Programmi\File comuni\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Computer Associates International, Inc. - C:\Programmi\File comuni\PFShared\UmxPol.exe

--
End of file - 8779 bytes
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Messaggioda ste_95 » mer apr 02, 2008 10:30 pm

Seleziona a sinistra queste voci e premi in basso il pulsante Fix Checked:

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Carmelo\IMPOST~1\Temp\IXP000.TMP\"

Poi scarica ComboFix e fai una scansione, al termine di questa, posta qui il log che ti appare.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda CarDependant » mer apr 02, 2008 11:38 pm

Ecco il log di ComboFix:

ComboFix 08-04-02.1 - Carmelo 2008-04-03 0.37.29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.581 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Carmelo\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-03-02 al 2008-04-02 )))))))))))))))))))))))))))))))))))
.

2008-04-02 22:47 . 2008-04-02 22:48 36 --a------ C:\WINDOWS\system32\drivers\Ids_cfg.dat
2008-03-31 22:38 . 2008-03-31 23:44 <DIR> d-------- C:\Programmi\a-squared Free
2008-03-31 21:47 . 2008-03-31 21:47 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-03-31 21:47 . 2008-03-31 21:47 <DIR> d-------- C:\Documents and Settings\Carmelo\Dati applicazioni\SUPERAntiSpyware.com
2008-03-31 21:47 . 2008-03-31 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-03-31 16:43 . 2008-03-31 18:41 <DIR> d-------- C:\Programmi\a-squared Anti-Malware
2008-03-31 15:26 . 2008-03-31 15:26 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-03-31 15:26 . 2008-03-31 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-03-31 15:08 . 2008-03-31 15:09 <DIR> d-------- C:\Programmi\RogueRemover FREE
2008-03-23 17:14 . 2008-03-23 17:14 268 --ah----- C:\sqmdata15.sqm
2008-03-23 17:14 . 2008-03-23 17:14 244 --ah----- C:\sqmnoopt15.sqm
2008-03-23 14:38 . 2008-03-23 14:38 268 --ah----- C:\sqmdata14.sqm
2008-03-23 14:38 . 2008-03-23 14:38 244 --ah----- C:\sqmnoopt14.sqm
2008-03-23 14:09 . 2008-03-23 14:09 268 --ah----- C:\sqmdata13.sqm
2008-03-23 14:09 . 2008-03-23 14:09 244 --ah----- C:\sqmnoopt13.sqm
2008-03-23 04:09 . 2008-03-23 04:09 268 --ah----- C:\sqmdata12.sqm
2008-03-23 04:09 . 2008-03-23 04:09 244 --ah----- C:\sqmnoopt12.sqm
2008-03-22 15:50 . 2008-03-22 15:50 268 --ah----- C:\sqmdata11.sqm
2008-03-22 15:50 . 2008-03-22 15:50 244 --ah----- C:\sqmnoopt11.sqm
2008-03-22 14:56 . 2008-03-22 14:56 268 --ah----- C:\sqmdata10.sqm
2008-03-22 14:56 . 2008-03-22 14:56 244 --ah----- C:\sqmnoopt10.sqm
2008-03-22 05:08 . 2008-03-22 05:08 268 --ah----- C:\sqmdata09.sqm
2008-03-22 05:08 . 2008-03-22 05:08 244 --ah----- C:\sqmnoopt09.sqm
2008-03-21 17:13 . 2008-03-21 17:13 268 --ah----- C:\sqmdata08.sqm
2008-03-21 17:13 . 2008-03-21 17:13 244 --ah----- C:\sqmnoopt08.sqm
2008-03-21 04:35 . 2008-03-21 04:35 268 --ah----- C:\sqmdata07.sqm
2008-03-21 04:35 . 2008-03-21 04:35 244 --ah----- C:\sqmnoopt07.sqm
2008-03-20 17:05 . 2008-03-20 17:05 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-20 17:05 . 2008-03-20 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-03-16 01:52 . 2008-03-16 01:52 <DIR> d-------- C:\Programmi\uTorrent
2008-03-16 01:52 . 2008-04-02 02:04 <DIR> d-------- C:\Documents and Settings\Carmelo\Dati applicazioni\uTorrent
2008-03-15 23:50 . 2008-03-15 23:50 <DIR> dr-h----- C:\Documents and Settings\Carmelo\Dati applicazioni\SecuROM
2008-03-15 23:50 . 2008-03-15 23:50 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-15 23:44 . 2008-03-15 23:44 <DIR> d-------- C:\Programmi\DAEMON Tools Lite
2008-03-15 12:21 . 2008-03-15 12:21 <DIR> d-------- C:\WINDOWS\Sun
2008-03-15 12:21 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-15 12:20 . 2008-03-15 12:21 <DIR> d-------- C:\Programmi\Java
2008-03-15 12:16 . 2008-03-15 12:16 <DIR> d-------- C:\Programmi\File comuni\Java
2008-03-10 15:54 . 2008-03-10 15:54 <DIR> d-------- C:\Programmi\TechSmith
2008-03-10 15:54 . 2008-03-10 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TechSmith
2008-03-10 15:51 . 2008-03-31 21:47 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-03-06 15:54 . 2008-03-06 15:54 268 --ah----- C:\sqmdata06.sqm
2008-03-06 15:54 . 2008-03-06 15:54 244 --ah----- C:\sqmnoopt06.sqm
2008-03-06 05:04 . 2008-03-06 05:04 268 --ah----- C:\sqmdata05.sqm
2008-03-06 05:04 . 2008-03-06 05:04 244 --ah----- C:\sqmnoopt05.sqm
2008-03-06 00:30 . 2008-03-06 00:30 268 --ah----- C:\sqmdata04.sqm
2008-03-06 00:30 . 2008-03-06 00:30 244 --ah----- C:\sqmnoopt04.sqm
2008-03-05 21:38 . 2008-03-05 21:38 268 --ah----- C:\sqmdata03.sqm
2008-03-05 21:38 . 2008-03-05 21:38 244 --ah----- C:\sqmnoopt03.sqm
2008-03-05 18:12 . 2008-03-05 18:12 268 --ah----- C:\sqmdata02.sqm
2008-03-05 18:12 . 2008-03-05 18:12 244 --ah----- C:\sqmnoopt02.sqm
2008-03-05 04:44 . 2008-03-05 04:44 244 --ah----- C:\sqmnoopt01.sqm
2008-03-05 04:44 . 2008-03-05 04:44 232 --ah----- C:\sqmdata01.sqm
2008-03-03 13:49 . 2008-03-03 13:49 <DIR> d-------- C:\Documents and Settings\Altri utenti\Dati applicazioni\HP
2008-03-02 20:44 . 2008-03-02 20:44 <DIR> d-------- C:\Programmi\File comuni\HP
2008-03-02 20:44 . 2008-03-02 20:44 <DIR> d-------- C:\Documents and Settings\Carmelo\Dati applicazioni\HP
2008-03-02 20:44 . 2008-03-02 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\HP
2008-03-02 20:43 . 2008-03-02 20:43 <DIR> d-------- C:\Programmi\Hewlett-Packard
2008-03-02 20:42 . 2008-03-02 20:42 <DIR> d-------- C:\Programmi\File comuni\Hewlett-Packard
2008-03-02 20:42 . 2006-01-03 10:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2008-03-02 20:42 . 2006-04-12 04:04 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-02 20:42 . 2006-04-10 15:03 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll
2008-03-02 20:42 . 2006-04-12 04:04 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-02 20:41 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-02 20:41 . 2004-08-03 23:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-02 20:28 . 2008-03-02 20:44 <DIR> d-------- C:\Programmi\HP
2008-03-02 20:28 . 2006-03-03 22:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-03-02 20:28 . 2006-03-03 22:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-03-02 20:28 . 2006-03-03 22:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-03-02 20:28 . 2006-03-03 22:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-03-02 20:28 . 2006-03-03 22:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-03-02 20:28 . 2006-03-03 22:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-03-02 20:26 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-02 20:26 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-02 20:25 . 2008-03-02 20:44 123,611 --a------ C:\WINDOWS\hpoins11.dat
2008-03-02 20:00 . 2008-03-02 20:01 <DIR> d-------- C:\Programmi\Unlocker
2008-03-02 19:49 . 2008-03-02 19:49 <DIR> d-------- C:\Programmi\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 14:57 40,764 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k
2008-03-31 12:49 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-03-30 21:47 --------- d-----w C:\Documents and Settings\Carmelo\Dati applicazioni\TeraCopy
2008-03-15 21:41 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-03 00:31 --------- d-----w C:\Programmi\Mafia
2008-03-01 16:38 --------- d-----w C:\Documents and Settings\Carmelo\Dati applicazioni\DAEMON Tools
2008-02-28 18:11 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-02-28 16:11 --------- d-----w C:\Programmi\File comuni\Adobe
2008-02-28 13:46 --------- d-----w C:\Programmi\Windows Live
2008-02-28 13:46 --------- d-----w C:\Programmi\MSN Messenger
2008-02-28 13:46 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-02-28 00:59 --------- d-----w C:\Programmi\TeraCopy
2008-02-27 18:11 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-02-27 01:24 --------- d-----w C:\Documents and Settings\Carmelo\Dati applicazioni\Auslogics
2008-02-24 10:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-02-24 10:05 --------- d-----w C:\Documents and Settings\Carmelo\Dati applicazioni\Sports Interactive
2008-02-24 10:04 --------- d--h--w C:\Programmi\Zero G Registry
2008-02-24 09:52 --------- d-----w C:\Programmi\Sports Interactive
2008-02-24 02:53 --------- d-----w C:\Documents and Settings\Carmelo\Dati applicazioni\AdobeUM
2008-02-23 02:53 --------- d-----w C:\Documents and Settings\Carmelo\Dati applicazioni\Ashampoo
2008-02-23 02:52 --------- d-----w C:\Programmi\Ashampoo
2008-02-20 02:31 --------- d-----w C:\Programmi\File comuni\SWF Studio
2008-02-20 02:30 --------- d-----w C:\Programmi\Riva
2008-02-19 18:07 --------- d-----w C:\Programmi\Microsoft SQL Server Compact Edition
2008-02-19 17:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-02-19 17:53 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-02-19 17:10 --------- d-----w C:\Programmi\MSXML 4.0
2008-02-19 15:32 --------- d-----w C:\Documents and Settings\Altri utenti\Dati applicazioni\Roxio
2008-02-18 23:12 --------- d-----w C:\Programmi\Tiny Firewall Pro
2008-02-18 23:08 --------- d-----w C:\Documents and Settings\Carmelo\Dati applicazioni\vlc
2008-02-18 23:07 --------- d-----w C:\Programmi\VideoLAN
2008-02-18 21:05 --------- d-----w C:\Programmi\Alwil Software
2008-02-18 20:58 --------- d-----w C:\Programmi\File comuni\PFShared
2008-02-18 20:55 646,400 ----a-w C:\WINDOWS\system32\drivers\CnxEtU.sys
2008-02-18 20:55 60,288 ----a-w C:\WINDOWS\system32\drivers\CnxEtP.sys
2008-02-18 20:55 163,840 ----a-w C:\WINDOWS\system32\CnxHwIo.dll
2008-02-18 20:55 118,784 ----a-w C:\WINDOWS\system32\CnxMfdCo.dll
2008-02-18 20:55 118,784 ----a-w C:\WINDOWS\system32\CnxClsCo.dll
2008-02-18 20:55 108,771 ----a-w C:\WINDOWS\system32\drivers\CnxTgN.sys
2008-02-18 20:55 --------- d-----w C:\Programmi\Trust
2008-02-18 19:06 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\Roxio
2008-02-18 19:06 --------- d-----w C:\Documents and Settings\Carmelo\Dati applicazioni\Roxio
2008-02-18 19:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Roxio
2008-02-18 19:05 --------- d-----w C:\Programmi\Roxio
2008-02-18 19:05 --------- d-----w C:\Programmi\File comuni\Sonic Shared
2008-02-18 19:05 --------- d-----w C:\Programmi\File comuni\Roxio Shared
2008-02-18 19:05 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sonic
2008-02-18 19:05 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
2008-02-18 19:04 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-02-18 18:01 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-18 18:01 --------- d-----w C:\Programmi\Realtek AC97
2008-02-18 17:55 --------- d-----w C:\Programmi\Nvidia
2008-02-18 17:46 --------- d-----w C:\Programmi\microsoft frontpage
2008-02-18 17:45 --------- d-----w C:\Programmi\Servizi in linea
2008-01-14 12:52 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"DAEMON Tools Lite"="C:\Programmi\DAEMON Tools Lite\daemon.exe" [2008-03-14 13:55 486856]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"RoxWatchTray"="C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2006-01-20 09:51 163840]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-01-03 06:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"CnxDslTaskBar"="C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2008-02-18 22:55 462848]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"UnlockerAssistant"="C:\Programmi\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"a-squared"="C:\Programmi\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2005-07-12 00:26 73728 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=UmxSbxExw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TinyFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=

R0 KmxNdis;KmxNdis;C:\WINDOWS\system32\DRIVERS\kmxndis.sys [2005-08-16 12:42]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2005-07-11 19:39]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2005-07-12 00:20]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2005-08-16 12:42]
R1 KmxIds;KmxIds;C:\WINDOWS\system32\DRIVERS\kmxids.sys [2005-08-11 15:31]
R2 KmxBiG;KmxBiG;C:\WINDOWS\system32\DRIVERS\KmxBiG.sys [2005-07-12 00:21]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2005-08-23 23:50]
R2 UmxAgent;FW Event Manager;"C:\Programmi\Tiny Firewall Pro\UmxAgent.exe" [2005-08-22 10:51]
R2 UmxCfg;FW Configuration Interpreter;"C:\Programmi\File comuni\PFShared\UmxCfg.exe" [2005-07-12 17:57]
R2 UmxLU;FW Live Update;"C:\Programmi\File comuni\PFShared\umxlu.exe" [2005-07-12 13:24]
R2 UmxPol;FW Policy Manager;"C:\Programmi\File comuni\PFShared\UmxPol.exe" [2005-07-12 01:21]
R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2008-02-18 22:55]
R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2008-02-18 22:55]
R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2008-02-18 22:55]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2005-08-23 13:41]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 00:38:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programmi\Unlocker\UnlockerHook.dll
-> C:\WINDOWS\system32\nview.dll
.
Ora fine scansione: 2008-04-03 0.39.27
ComboFix-quarantined-files.txt 2008-04-02 22:39:25
6 Directory 89,779,437,568 byte disponibili
8 Directory 89,766,346,752 byte disponibili
.
2008-02-27 17:32:12 --- E O F ---
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Messaggioda ste_95 » gio apr 03, 2008 6:11 am

Nel log non noto nulla di strano. Qual è la tua situazione attuale?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda CarDependant » gio apr 03, 2008 1:48 pm

Mah normale il PC funziona bene
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Messaggioda ste_95 » gio apr 03, 2008 1:50 pm

Quindi il problema è risolto?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda CarDependant » gio apr 03, 2008 2:02 pm

Penso di si, sono rimaste le icone sul desktop, a questo punto le rimuovo, no?
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Messaggioda ste_95 » gio apr 03, 2008 2:07 pm

CarDependant ha scritto:Penso di si, sono rimaste le icone sul desktop, a questo punto le rimuovo, no?

Sì! [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising