Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

NON RIESCO A NAVIGARE

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

NON RIESCO A NAVIGARE

Messaggioda Luca90 » lun nov 09, 2009 11:05 pm

Da alcuni giorni nn riesco a navigare ne con internet expl 8 e crome, comparendomi pagina web nn disponibile.
Ho fatto una scansione con Spybot - Search & Destroy ha trovato alcuni virus e gli ho cancellati.
Ma nonostante questo nn riesco a navigare con i 2 browsers, anzi ho scoperto che riesco a navigare solo con firefox.
Penso che il virus mi abbia corrotto dei file. Io ho provato a installare di nuovo crome. Ma niente
Come faccio a navigare con crome o I.E 8 ??????????????? AIUTOOOOOOOOOO
QUESTO E' IL MIO script effetuato con hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.48.47, on 09/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
D:\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\BinarySense\hldasvc.exe
C:\Programmi\File comuni\BinarySense\hldasvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
D:\Sandboxie\SbieSvc.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\ArcSoft\TotalMedia\TotalMedia.exe
C:\Programmi\ArcSoft\TotalMedia\TMMonitor.exe
D:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClocX] D:\ClocX\ClocX.exe
O4 - HKCU\..\Run: [Lexmark X1100 Series] C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1060284298-1677128483-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1060284298-1677128483-725345543-500\..\RunOnce: [NeroHomeFirstStart] "C:\Programmi\File comuni\Nero\Lib\NMFirstStart.exe" (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Collegamento a ObjectDock.lnk = D:\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = D:\Digisoft AntiDialer\AntiDialer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4706538656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9589659479
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88471EEC-1B01-4A2D-8F53-68D44582CB56}: NameServer = 85.37.17.50 85.38.28.76
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Programmi\File comuni\BinarySense\hlAPP.dll" (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - D:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: GK - Unknown owner - C:\DOCUME~1\Luca\IMPOST~1\Temp\GK.exe (file missing)
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Programmi\File comuni\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMService - Unknown owner - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PFQ - Unknown owner - C:\DOCUME~1\Luca\IMPOST~1\Temp\PFQ.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - D:\Sandboxie\SbieSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 10239 bytes
Avatar utente
Luca90
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: sab lug 18, 2009 11:02 am

Re: NON RIESCO A NAVIGARE

Messaggioda Fred » mer nov 11, 2009 6:10 pm

Mi sembra pulito, a parte il fatto che non so cosa sia questo:
O24 - Desktop Component 0: Privacy Protection - (no file)

Due note, che non ti siano di rimprovero ma ti siano utili per il futuro.
1) quello non è uno script, ma un log
2) non scrivere in maiuscolo: equivale ad urlare e qui su MLI non è usanza farlo

Detto questo: le impostazioni dei tre browser sono tutte uguali?
[ciao]
Asus M3N78SE;AMD Athlon 64X2 5200+@5400;2 GB DDR2;NVIDIA GeForce 9500GT;Windows 7 Pro 64bit;
AcerASPIRE5230;Windows 7 Pro 64bit
Skype: nellopc90
Avatar utente
Fred
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3623
Iscritto il: mer apr 27, 2005 4:13 pm
Località: Urbe

Re: NON RIESCO A NAVIGARE

Messaggioda Berga95 » mer nov 11, 2009 9:49 pm

Confermo che il log di hijackthis è pulito... [^]
Non è morto ciò che in eterno può attendere - e col passare di strani eoni - anche la morte può morire.
~ H.P. Lovecraft
Avatar utente
Berga95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3342
Iscritto il: sab set 12, 2009 12:56 pm
Località: C:\Python27 | C:\Dev-Cpp | Treviso


Re: NON RIESCO A NAVIGARE

Messaggioda tecnico24 » mer nov 11, 2009 9:51 pm

Connessione?Router?
Avatar utente
tecnico24
Senior Member
Senior Member
 
Messaggi: 380
Iscritto il: dom mag 20, 2007 4:31 pm

Re: NON RIESCO A NAVIGARE

Messaggioda Luca90 » mer nov 11, 2009 10:48 pm

Fred ha scritto:Mi sembra pulito, a parte il fatto che non so cosa sia questo:
O24 - Desktop Component 0: Privacy Protection - (no file)

Due note, che non ti siano di rimprovero ma ti siano utili per il futuro.
1) quello non è uno script, ma un log
2) non scrivere in maiuscolo: equivale ad urlare e qui su MLI non è usanza farlo

Detto questo: le impostazioni dei tre browser sono tutte uguali?
[ciao]

si si
Avatar utente
Luca90
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: sab lug 18, 2009 11:02 am

Re: NON RIESCO A NAVIGARE

Messaggioda riise90 » gio nov 12, 2009 9:46 am

Potrebbe essere rimasto qualche altro virus. Prova a fare una scansione con Malwarebytes.
L'albero della libertà deve essere rinvigorito di tanto in tanto con il sangue dei patrioti e dei tiranni. Esso ne rappresenta il concime naturale.
Avatar utente
riise90
Bronze Member
Bronze Member
 
Messaggi: 826
Iscritto il: mar lug 01, 2008 3:48 pm
Località: Roma

Re: NON RIESCO A NAVIGARE

Messaggioda Luca90 » gio nov 12, 2009 9:12 pm

riise90 ha scritto:Potrebbe essere rimasto qualche altro virus. Prova a fare una scansione con Malwarebytes.

Ho fatto una scansione con lo strumento di rimozione della microsoft e mi compare: Trojan Downloader:Win32/Harnig.gen parzialmente rimosso. Come faccio a rimuoverlo completamente ho provato con:Spybot - Search & Destroy, Malwarebytes' Anti-Malware, nod32 anche dalla modalita provvisoria ma nn riesco a eleminarlo. Come facioooooooooooo????
Avatar utente
Luca90
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: sab lug 18, 2009 11:02 am

Re: NON RIESCO A NAVIGARE

Messaggioda Amantide » gio nov 12, 2009 9:27 pm

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: NON RIESCO A NAVIGARE

Messaggioda crazy.cat » ven nov 13, 2009 8:33 am

Luca90 ha scritto:Ho fatto una scansione con lo strumento di rimozione della microsoft e mi compare: Trojan Downloader:Win32/Harnig.gen parzialmente rimosso. Come faccio a rimuoverlo completamente ho provato con:Spybot - Search & Destroy, Malwarebytes' Anti-Malware, nod32 anche dalla modalita provvisoria ma non riesco a eleminarlo. Come facioooooooooooo????

Dove ti trova il problema? In quale file?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: NON RIESCO A NAVIGARE

Messaggioda Luca90 » ven nov 13, 2009 11:04 pm

Amantide ha scritto:Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.


ComboFix 09-11-13.06 - Luca 13/11/2009 22.36.12.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.431 [GMT 1:00]
Eseguito da: c:\documents and settings\Luca\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Spy Emergency *disabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3392081087-731342001-2151582609-1000
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
c:\documents and settings\Luca\Dati applicazioni\inst.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\Drivers\bmhdxiivwkko.sys
c:\windows\system32\Drivers\cdnybnjapqui.sys
c:\windows\system32\kungsflmulqvkv.dat

----- BITS: Possibili siti infetti -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P
-------\Legacy_CLBDRIVER
-------\Legacy_kungsfeyrvkklv
-------\Service_kungsfeyrvkklv
-------\Legacy_bmhdxiivwkko
-------\Legacy_cdnybnjapqui
-------\Service_bmhdxiivwkko
-------\Service_cdnybnjapqui


((((((((((((((((((((((((( Files Creati Da 2009-10-13 al 2009-11-13 )))))))))))))))))))))))))))))))))))
.

2009-11-13 21:14 . 2009-08-02 15:49 3036024 ----a-w- c:\documents and settings\Luca\Dati applicazioni\Simply Super Software\Trojan Remover\lnvF43.exe
2009-11-12 21:27 . 2009-11-12 21:30 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\Spy Emergency
2009-11-12 21:26 . 2009-09-17 07:58 18232 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2009-11-12 21:26 . 2009-09-17 07:58 14392 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2009-11-12 21:26 . 2009-09-17 07:58 12344 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2009-11-12 21:26 . 2009-11-12 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NETGATE
2009-11-12 21:26 . 2009-11-12 21:26 -------- d-----w- c:\programmi\NETGATE
2009-11-12 20:32 . 2009-11-12 20:32 -------- d-----w- c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\MCS Studios
2009-11-12 20:31 . 2009-11-12 20:31 -------- d-----w- c:\programmi\MCS Studios
2009-11-11 20:13 . 2009-11-13 05:46 -------- d-----w- c:\programmi\Exterminate It!
2009-11-09 21:40 . 2008-04-14 02:13 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-11-09 21:40 . 2001-08-30 22:08 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-09 21:40 . 2008-04-14 02:13 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-11-09 21:40 . 2001-08-30 22:08 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-11-09 21:40 . 2001-08-30 22:08 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-11-09 21:40 . 2001-08-30 22:08 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-09 21:39 . 2001-08-17 19:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-11-09 21:39 . 2004-08-03 20:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-11-09 21:39 . 2004-08-03 20:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-11-09 21:39 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-11-09 21:39 . 2004-08-03 20:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-11-09 21:39 . 2001-08-30 19:46 35402 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-11-09 21:37 . 2001-08-17 19:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2009-11-09 21:36 . 2008-04-13 18:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2009-11-09 21:35 . 2001-08-30 19:10 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2009-11-09 21:34 . 2001-08-17 21:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2009-11-09 21:33 . 2001-08-31 10:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2009-11-09 21:32 . 2001-08-31 10:00 25088 -c--a-w- c:\windows\system32\dllcache\sm59w.dll
2009-11-09 21:31 . 2008-04-13 18:45 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2009-11-09 21:30 . 2001-08-17 19:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2009-11-09 21:29 . 2001-08-17 20:52 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2009-11-09 21:28 . 2008-04-14 02:12 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2009-11-09 21:27 . 2001-08-30 22:08 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2009-11-09 21:26 . 2001-08-17 20:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-11-09 21:25 . 2001-08-30 20:11 130048 -c--a-w- c:\windows\system32\dllcache\n100325.sys
2009-11-09 21:25 . 2001-08-30 20:11 53279 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2009-11-09 21:25 . 2001-08-30 20:11 76544 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2009-11-09 21:25 . 2001-08-30 22:07 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2009-11-09 21:25 . 2001-08-17 20:49 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2009-11-09 21:25 . 2001-08-30 22:07 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2009-11-09 21:25 . 2001-08-30 20:11 22144 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2009-11-09 21:25 . 2001-08-31 10:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2009-11-09 21:25 . 2001-08-17 19:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2009-11-09 21:25 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2009-11-09 21:25 . 2001-08-17 20:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2009-11-09 21:24 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2009-11-09 21:24 . 2001-08-31 10:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-11-09 21:24 . 2001-08-17 21:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-11-09 21:24 . 2001-08-17 20:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-11-09 21:24 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-11-09 21:24 . 2001-08-17 20:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-11-09 21:24 . 2001-08-30 19:41 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-11-09 21:24 . 2001-08-17 20:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-11-09 21:22 . 2001-08-17 19:49 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2009-11-09 21:21 . 2001-08-30 22:07 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2009-11-09 21:20 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-11-09 21:20 . 2001-08-31 10:00 6144 -c--a-w- c:\windows\system32\dllcache\kbd101a.dll
2009-11-09 21:20 . 2001-08-31 10:00 18432 -c--a-w- c:\windows\system32\dllcache\jupiw.dll
2009-11-09 21:20 . 2001-08-31 10:00 9216 -c--a-w- c:\windows\system32\dllcache\iwrps.dll
2009-11-09 21:20 . 2001-08-31 10:00 7168 -c--a-w- c:\windows\system32\dllcache\isapips.dll
2009-11-09 21:20 . 2001-08-17 20:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-11-09 21:20 . 2001-08-17 20:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2009-11-09 21:20 . 2001-08-17 19:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2009-11-09 21:20 . 2001-08-30 22:07 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2009-11-09 21:20 . 2001-08-17 20:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2009-11-09 21:20 . 2008-04-14 01:52 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2009-11-09 21:20 . 2001-08-30 18:43 13568 -c--a-w- c:\windows\system32\dllcache\inport.sys
2009-11-09 21:20 . 2001-08-17 20:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2009-11-09 21:19 . 2001-08-31 10:00 9216 -c--a-w- c:\windows\system32\dllcache\infoctrs.dll
2009-11-09 21:19 . 2001-08-31 10:00 471102 -c--a-w- c:\windows\system32\dllcache\imskdic.dll
2009-11-09 21:19 . 2001-08-31 10:00 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe
2009-11-09 21:19 . 2001-08-31 10:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2009-11-09 21:19 . 2001-08-31 10:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2009-11-09 21:19 . 2001-08-31 10:00 311359 -c--a-w- c:\windows\system32\dllcache\imepadsv.exe
2009-11-09 21:19 . 2001-08-31 10:00 102463 -c--a-w- c:\windows\system32\dllcache\imepadsm.dll
2009-11-09 21:19 . 2001-08-31 10:00 44032 -c--a-w- c:\windows\system32\dllcache\imekrmig.exe
2009-11-09 21:18 . 2001-08-31 10:00 6656 -c--a-w- c:\windows\system32\dllcache\iissync.exe
2009-11-09 21:18 . 2001-08-31 10:00 3584 -c--a-w- c:\windows\system32\dllcache\iismui.dll
2009-11-09 21:18 . 2001-08-31 10:00 60928 -c--a-w- c:\windows\system32\dllcache\iisclex4.dll
2009-11-09 21:18 . 2001-08-31 10:00 19456 -c--a-w- c:\windows\system32\dllcache\iiscrmap.dll
2009-11-09 21:18 . 2001-08-30 22:07 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-11-09 21:18 . 2001-08-17 21:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2009-11-09 21:18 . 2001-08-30 22:07 20992 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2009-11-09 21:18 . 2001-08-30 22:07 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2009-11-09 21:18 . 2001-08-17 21:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2009-11-09 21:18 . 2001-08-30 22:07 63488 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2009-11-09 21:18 . 2001-08-30 22:07 92160 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2009-11-09 21:18 . 2001-08-30 22:07 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2009-11-09 21:16 . 2001-08-17 20:28 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2009-11-09 21:15 . 2008-04-13 18:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2009-11-09 21:14 . 2001-08-17 19:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2009-11-09 21:13 . 2001-08-30 20:53 629952 -c--a-w- c:\windows\system32\dllcache\eqn.sys
2009-11-09 21:12 . 2001-08-17 19:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2009-11-09 21:11 . 2001-08-30 22:07 159828 -c--a-w- c:\windows\system32\dllcache\digihlc.dll
2009-11-09 21:10 . 2001-08-17 19:19 111872 -c--a-w- c:\windows\system32\dllcache\cwcspud.sys
2009-11-09 21:09 . 2001-08-17 20:57 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2009-11-09 21:08 . 2001-08-31 10:00 54528 -c--a-w- c:\windows\system32\dllcache\cap7146.sys
2009-11-09 21:08 . 2008-04-14 02:13 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2009-11-09 21:08 . 2001-08-30 22:07 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2009-11-09 21:08 . 2001-08-30 22:07 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2009-11-09 21:08 . 2001-08-17 21:04 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2009-11-09 21:08 . 2001-08-17 21:04 223232 -c--a-w- c:\windows\system32\dllcache\camdrv21.sys
2009-11-09 21:08 . 2001-08-17 21:05 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2009-11-09 21:08 . 2001-08-31 10:00 10752 -c--a-w- c:\windows\system32\dllcache\c_iscii.dll
2009-11-09 21:08 . 2001-08-31 10:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2009-11-09 21:06 . 2001-08-30 22:07 102912 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2009-11-09 21:05 . 2001-08-30 18:59 281728 -c--a-w- c:\windows\system32\dllcache\atimtai.sys
2009-11-09 21:04 . 2001-08-31 10:00 50176 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2009-11-09 21:03 . 2001-08-30 22:07 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-11-09 21:03 . 2001-08-31 10:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-11-09 21:03 . 2001-08-31 10:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-11-09 21:03 . 2001-08-31 10:00 171520 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2009-11-09 21:03 . 2001-08-31 10:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-11-09 21:03 . 2001-08-31 10:00 15360 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2009-11-09 21:03 . 2001-08-31 10:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-11-09 20:12 . 1998-06-13 21:53 44544 ----a-w- c:\windows\system32\GIF89.DLL
2009-11-09 20:12 . 2009-11-09 22:38 -------- d-----w- c:\programmi\Gargaroz
2009-11-07 15:31 . 2009-11-07 15:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-11-07 15:31 . 2009-11-07 15:31 -------- d-----w- c:\programmi\NOS
2009-11-07 15:31 . 2009-09-23 15:37 34112 ----a-w- c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\5yf8awju.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-11-07 15:31 . 2009-09-23 15:37 32448 ----a-w- c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\5yf8awju.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-11-07 15:30 . 2009-09-23 15:37 22352 ----a-w- c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\5yf8awju.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 22:03 . 2008-09-11 22:46 1270894 ----a-w- c:\windows\system32\drivers\RemoveAny.log
2009-11-13 22:00 . 2001-08-31 10:00 491796 ----a-w- c:\windows\system32\perfh010.dat
2009-11-13 22:00 . 2001-08-31 10:00 85110 ----a-w- c:\windows\system32\perfc010.dat
2009-11-13 21:55 . 2008-02-17 17:44 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-12 21:43 . 2008-04-25 13:35 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\uTorrent
2009-11-09 22:32 . 2008-06-21 12:43 2 --shatr- c:\windows\winstart.bat
2009-11-08 20:25 . 2008-04-14 20:46 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\Free Download Manager
2009-11-08 16:38 . 2008-03-11 20:44 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\XnView
2009-11-08 16:05 . 2008-01-16 22:50 -------- d-----w- c:\programmi\Lexmark X1100 Series
2009-11-01 11:59 . 2009-01-29 21:49 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-26 19:36 . 2005-03-02 17:38 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\gtk-2.0
2009-10-11 13:40 . 2008-03-23 17:47 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\dvdcss
2009-10-02 09:01 . 2008-02-17 21:17 25198016 ----a-w- c:\windows\system32\MRT.exe.vir
2009-10-01 22:18 . 2008-04-21 21:29 -------- d-----w- c:\programmi\Windows Live
2009-10-01 22:03 . 2009-10-01 22:03 -------- d-----w- c:\programmi\Microsoft
2009-10-01 22:02 . 2009-10-01 22:02 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-10-01 21:35 . 2009-10-01 21:35 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-09-27 15:59 . 2009-09-27 15:59 -------- d-----w- c:\programmi\Time Stopper
2009-09-26 10:15 . 2009-09-26 10:15 -------- d-----w- c:\programmi\DataGuard
2009-09-25 12:21 . 2009-09-25 12:21 -------- d-----w- c:\programmi\Folderico
2009-09-11 14:17 . 2004-08-19 12:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 05:57 . 2008-09-13 07:07 4045528 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-10 12:54 . 2008-09-09 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-09-09 23:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-19 12:39 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2004-08-19 12:39 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-19 12:39 247326 ----a-w- c:\windows\system32\strmdll.dll
2004-05-07 13:31 . 2008-04-13 14:47 348160 ----a-w- c:\programmi\mozilla firefox\components\MSVCR71.DLL
2006-11-07 10:58 . 2008-04-13 14:47 139264 ----a-w- c:\programmi\mozilla firefox\components\SABFF20.DLL
2008-08-16 14:14 . 2008-08-16 14:14 48 --sha-w- c:\windows\SCECF0C61.tmp
2006-05-03 10:06 . 2008-01-20 17:23 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-01-20 17:23 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43 . 2008-02-25 22:40 27648 --sh--w- c:\windows\system32\Smab0.dll
2008-02-04 19:26 . 2008-02-25 22:40 151040 --sh--w- c:\windows\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-05-11 02:06 . 2007-10-10 18:51 39792 c:\programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

2008-02-05 19:04 . 2006-11-23 14:10 56928 c:\programmi\CyberLink\PowerDVD\bak\PDVDServ.exe

2008-02-05 19:05 . 2006-12-05 21:55 54832 c:\programmi\CyberLink\PowerDVD\Language\bak\Language.exe

2008-01-20 18:11 . 2003-06-12 08:44 49152 c:\programmi\Digital Video Duplicator\bak\BVRPOlr.exe

2005-06-07 10:31 . 2005-06-07 10:31 819712 c:\programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe

2008-01-22 23:02 . 2008-01-22 23:02 77824 c:\programmi\Java\jre1.6.0\bin\bak\jusched.exe

2008-01-20 17:15 . 2008-01-20 17:15 180269 c:\programmi\K-Lite Codec Pack\Real\Update_OB\bak\realsched.exe

2008-01-16 22:50 . 2003-08-19 15:01 57344 c:\programmi\Lexmark X1100 Series\bak\lxbkbmgr.exe
2008-01-16 22:50 . 2003-08-19 15:01 57344 c:\programmi\Lexmark X1100 Series\lxbkbmgr.exe

2004-08-19 12:39 . 2004-08-19 12:39 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-19 12:39 . 2008-04-14 02:14 15360 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="d:\clocx\ClocX.exe" [2007-07-26 270336]
"Lexmark X1100 Series"="c:\programmi\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"SpyEmergency"="c:\programmi\NETGATE\Spy Emergency\SpyEmergency.exe" [2009-10-19 1948216]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2009-02-17 949376]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"Cmaudio"="cmicnfg.cpl" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\Luca\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a ObjectDock.lnk - d:\stardock\ObjectDock\ObjectDock.exe [2008-1-20 3450608]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Digisoft AntiDialer.lnk - d:\digisoft antidialer\AntiDialer.exe [2003-8-19 730112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\PPLive\\PPLive.exe"=
"d:\\TVAnts\\Tvants.exe"=
"d:\\SopCast\\adv\\SopAdver.exe"=
"d:\\SopCast\\SopCast.exe"=
"d:\\TVUPlayer\\TVUPlayer.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"d:\\WebMediaPlayer\\WebMediaPlayer.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"d:\\utorrent\\utorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Smart PC Solutions\\1-2-3 Spyware Free\\SpywareFree.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"d:\\eMule\\Emulev0.49\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Luca\\Documenti\\LUCA\\SCUOLA 2008-2009\\INFORMATICA\\ES SCUOLA LINGUAGGIO HTML E ASP\\02 - ASP\\Baby_Web_Server\\babyweb.exe"=
"d:\\GIOCHI\\Briscola\\BriscolaChiamata.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Luca\\Documenti\\LUCA\\SCUOLA 2008-2009\\INFORMATICA\\ES SCUOLA LINGUAGGIO HTML E ASP\\02 - ASP\\Negozio on line\\Baby_Web_Server\\babyweb.exe"=
"d:\\Lphant\\eLePhantClient.exe"=
"c:\\Programmi\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Luca\\Impostazioni locali\\Dati applicazioni\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\eMule\\eMule0.49c-ScarAngel_v3.2-bin\\emule.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [23/04/2008 21.11.37 16855]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 16.11.18 35328]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17/02/2009 21.18.01 15424]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [27/11/2008 23.15.30 160792]
R1 RemoveAny;RemoveAny driver;c:\windows\system32\drivers\RemoveAny.sys [31/07/2008 9.54.24 11008]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [12/11/2009 22.26.59 12344]
R2 DataGuardService;Data Guard Service;c:\windows\system32\dataguard.sys [26/09/2009 11.15.21 48640]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\programmi\File comuni\BinarySense\hldasvc.exe [15/02/2008 14.17.00 832760]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\programmi\NETGATE\Spy Emergency\SpyEmergencySrv.exe [12/11/2009 22.26.58 1817144]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [23/04/2008 21.11.37 21808]
R3 BDA_Capture_220A;Digital-TV receiver Driver 1.0.1.3;c:\windows\system32\drivers\BDA_Capture_220A.sys [02/01/2006 4.41.31 14080]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [26/09/2008 21.15.10 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [26/09/2008 21.15.10 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [26/09/2008 21.15.09 108675]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/09/2008 0.46.13 19160]
R3 SbieDrv;SbieDrv;d:\sandboxie\SbieDrv.sys [15/11/2008 18.29.10 102912]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [12/11/2009 22.26.59 14392]
S1 gwxauoia;gwxauoia;\??\c:\windows\system32\drivers\gwxauoia.sys --> c:\windows\system32\drivers\gwxauoia.sys [?]
S1 SABKUTIL;SABKUTIL; [x]
S2 MBAMDrvService;MBAMDrvService;c:\windows\system32\drivers\mbam.sys [10/09/2008 0.46.13 19160]
S2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" --> c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [?]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [16/04/2008 22.42.12 8192]
S3 1d610;1d610;\??\c:\windows\system32\1d610.sys --> c:\windows\system32\1d610.sys [?]
S3 Aku08;Aku08; [x]
S3 BDA_Loader_220A;Digital-TV Receiver Firmware Loader 5.12.26.0;c:\windows\system32\drivers\BDA_Loader_220A.sys [02/01/2006 4.41.31 15744]
S3 Bll43;Bll43; [x]
S3 Bsl28;Bsl28; [x]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [27/01/2008 19.20.09 228352]
S3 CachemanXPService;CachemanXP;d:\progra~1\CACHEM~1\CachemanXP.exe [01/02/2009 15.16.06 355840]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\drivers\CnxTgNW.sys [16/01/2008 23.43.46 56832]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [19/08/2004 13.39.46 14336]
S3 GK;GK;c:\docume~1\Luca\IMPOST~1\Temp\GK.exe --> c:\docume~1\Luca\IMPOST~1\Temp\GK.exe [?]
S3 Gqq28;Gqq28; [x]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\58.tmp --> c:\windows\system32\58.tmp [?]
S3 Ndv32;Ndv32; [x]
S3 PFQ;PFQ;c:\docume~1\Luca\IMPOST~1\Temp\PFQ.exe --> c:\docume~1\Luca\IMPOST~1\Temp\PFQ.exe [?]
S3 Sbx85;Sbx85; [x]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [25/01/2009 16.46.11 356920]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [12/11/2009 22.26.59 18232]
S3 Wmy21;Wmy21; [x]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1677128483-725345543-1003Core.job
- c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 21:05]

2009-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1677128483-725345543-1003UA.job
- c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 21:05]

2009-11-05 c:\windows\Tasks\NeroLiveEpgUpdate-LUCA-PC1_Luca.job
- c:\programmi\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 08:59]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{8A06B909-5DF8-4862-9397-49F3AEB9D7F4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = http://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
LSP: c:\windows\system32\imon.dll
LSP: c:\programmi\File comuni\PC Tools\LSP\PCTLsp.dll
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\programmi\File comuni\BinarySense\hlAPP.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\5yf8awju.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Mozilla Firefox\components\SABFF20.DLL
FF - plugin: c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\5yf8awju.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\5yf8awju.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-AudioEdit Deluxe - c:\documents and settings\All Users\Dati applicazioni\{F481FC18-57D5-4479-B2FB-083BFF223F8F}\setup_aed.exe
AddRemove-Shock Aero 3D v0.97 - c:\windows\IFinst27.exe
AddRemove-{2E1DE390-879C-4291-9B68-DA032D2CC98E} - c:\documents and settings\All Users\Dati applicazioni\{F481FC18-57D5-4479-B2FB-083BFF223F8F}\setup_aed.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 22:57
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc23.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\58.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1677128483-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1C9927C-6DC7-2D03-8CF7-B813C777FFA1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iapecalndikakiefmb"=hex:6a,61,6c,64,65,63,65,6a,66,64,70,6c,61,6b,61,6d,6c,66,
6a,6e,00,f0
"haffojcinpikgfjb"=hex:69,61,6f,62,6f,64,6e,66,66,6e,68,6b,69,62,70,6b,6d,65,
00,00

[HKEY_USERS\S-1-5-21-1060284298-1677128483-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d6,61,89,e0,8d,06,c4,7b,51,66,4a,d5,19,51,ac,c1,e3,c9,52,fe,6e,74,03,
e9,15,36,e1,43,2f,0c,1d,03,a2,5c,65,ae,8d,52,07,a9,27,a0,94,09,34,5b,12,16,\
"??"=hex:52,86,53,a4,b4,eb,c2,b2,b3,b1,68,21,8e,ec,92,50

[HKEY_USERS\S-1-5-21-1060284298-1677128483-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:41,56,b8,a0,fc,a5,8a,a5,0c,32,f8,5c,86,6e,7f,b0,d3,df,c7,80,50,
6b,0f,14,94,0f,7c,72,ee,c4,55,8a,cc,c8,8d,26,37,05,f9,6a,37,6a,01,3e,d7,5f,\
"rkeysecu"=hex:d6,b3,c3,0e,65,a5,4a,a0,7b,46,00,ee,7f,ad,b4,5b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1C9927C-6DC7-2D03-8CF7-B813C777FFA1}\InProcServer32*]
"fajoidolbcgi"=hex:61,62,6b,64,6a,6e,6a,65,68,6e,65,67,64,68,6c,6b,70,67,62,67,
6f,6f,69,6c,68,6c,6f,67,6e,63,66,61,6a,63,00,35
"najooomdckhplmlbppiglpcnkamg"=hex:64,62,6b,66,6e,6a,6a,6b,6f,6b,63,62,69,61,
6f,63,6a,62,70,62,6d,67,69,68,6c,66,67,67,6e,6b,6b,68,67,70,70,67,64,67,70,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(536)
c:\windows\system32\WININET.dll
d:\stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Microsoft Office\OFFICE11\msohev.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\programmi\Lexmark X1100 Series\lxbkbmon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\programmi\Eset\nod32krn.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
d:\sandboxie\SbieSvc.exe
c:\programmi\Spyware Doctor\sdhelp.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-11-13 23:09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-13 22:09

Pre-Run: 31.516.123.136 byte disponibili
Post-Run: 31.355.428.864 byte disponibili

- - End Of File - - 4928F3F1E0174F22DEC8DDF763E95B45
Avatar utente
Luca90
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: sab lug 18, 2009 11:02 am

Re: NON RIESCO A NAVIGARE

Messaggioda Amantide » ven nov 13, 2009 11:24 pm

Un po' di robaccia è stata rimossa, hai provato a riavviare il pc e controllare la connessione?

Siccome si vedono ancora alcuni servizi sospetti, ti consiglio di eseguire anche la scansione con Kaspersky Virus Removal Tool.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising