Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Problemi di Trojan

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Problemi di Trojan

Messaggioda knvies » gio mag 27, 2010 10:03 am

Salve a tutti,
la settimana scorsa ho avuto alcuni problemi con un trojan, che mi veniva segnalato da Avg. Dopo diverse scansioni sono riuscito ad eliminarlo, ma non sono ancora sicuro che sia scomparso totalmente.
Se qualcuno può aiutarmi, vi posto il LOG con hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10.31.50, on 27/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\V0220Mon.exe
C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\No-IP\DUC20.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=C:\DOCUME~1\Andrea\IMPOST~1\Temp\mstinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\WINDOWS\logman.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\Documents and Settings\Andrea\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\WINDOWS\System32\drivers\esentutl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\Andrea\IMPOST~1\Temp\comrepl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\Documents and Settings\Andrea\LOCALS~1\APPLIC~1\sessmgr.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\WINDOWS\mstinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\Documents and Settings\Andrea\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\Andrea\DATIAP~1\MICROS~1\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\Andrea\IMPOST~1\Temp\mstsc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\Andrea\DATIAP~1\MICROS~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Documents and Settings\Andrea\LOCALS~1\APPLIC~1\cisvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\Andrea\DATIAP~1\MICROS~1\comrepl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\DOCUME~1\Andrea\DATIAP~1\sessmgr.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\Andrea\DATIAP~1\MICROS~1\esentutl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\WINDOWS\System32\drivers\cmstp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [IEudinit] C:\WINDOWS\ieudinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\Andrea\IMPOST~1\Temp\mstinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\Documents and Settings\Andrea\LOCALS~1\APPLIC~1\MICROS~1\rsvp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\Andrea\DATIAP~1\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\DOCUME~1\Andrea\DATIAP~1\mqtgsvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Documents and Settings\Andrea\LOCALS~1\APPLIC~1\dllhst3g.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\WINDOWS\cmstp.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\Andrea\IMPOST~1\Temp\esentutl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\Andrea\DATIAP~1\mstinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MqtgSVC] C:\DOCUME~1\Andrea\DATIAP~1\mqtgsvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [CmSTP] C:\WINDOWS\cmstp.exe /waitservice (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Programmi\No-IP\DUC20.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://i.ebayimg.com/08/%21BeckTY%21%21 ... %7E_12.JPG

--
End of file - 14007 bytes


Grazie ancora per l'aiuto.
Knvies
Avatar utente
knvies
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: gio mag 27, 2010 9:31 am

Re: Problemi di Trojan

Messaggioda ste_95 » gio mag 27, 2010 1:30 pm

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Problemi di Trojan

Messaggioda knvies » gio mag 27, 2010 3:43 pm

Ecco il log di Combofix:

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SW_Win2000X9.DLL
c:\windows\SW_Win3112X32.DLL
c:\windows\SW_Win3242X48.DLL
c:\windows\SW_Win9423X24.DLL

.
((((((((((((((((((((((((( Files Creati Da 2010-04-27 al 2010-05-27 )))))))))))))))))))))))))))))))))))
.

2010-05-27 08:31 . 2010-05-27 08:31 -------- d-----w- c:\programmi\Trend Micro
2010-05-27 06:46 . 2010-05-27 06:47 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Nokia
2010-05-26 14:18 . 2010-05-26 14:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-05-26 14:13 . 2010-05-26 14:13 -------- d-----w- c:\programmi\Adobe Media Player
2010-05-26 14:11 . 2010-05-26 14:11 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-05-26 14:07 . 2010-05-26 14:07 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2010-05-25 12:06 . 2010-05-25 12:06 -------- d-----w- c:\programmi\UltraVNC
2010-05-24 18:08 . 2010-05-24 18:08 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Sierra Entertainment
2010-05-24 18:04 . 2010-05-24 18:04 -------- d-----w- c:\programmi\AGEIA Technologies
2010-05-24 18:04 . 2010-05-24 18:04 -------- d-----w- c:\windows\system32\AGEIA
2010-05-24 18:04 . 2010-05-24 18:04 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-05-24 17:56 . 2010-05-24 17:56 -------- d-----w- c:\programmi\Sierra Entertainment
2010-05-24 07:18 . 2004-09-18 20:55 278528 ----a-w- c:\windows\system32\AdvImgLib.dll
2010-05-24 07:18 . 2004-07-28 23:14 1313280 ----a-w- c:\windows\system32\ISED.DLL
2010-05-24 07:18 . 2004-07-08 22:45 761856 ----a-w- c:\windows\system32\FreeImage3.dll
2010-05-24 07:18 . 2004-07-08 22:45 761856 ----a-w- c:\windows\system32\FreeImage.dll
2010-05-24 07:11 . 2008-04-25 08:36 98304 ----a-w- c:\windows\system32\DVM.dll
2010-05-24 07:11 . 2008-01-18 09:34 286720 ----a-w- c:\windows\system32\vic32.dll
2010-05-24 07:11 . 2007-12-03 11:02 53248 ----a-w- c:\windows\system32\RegisterExe.exe
2010-05-24 07:11 . 2005-03-18 13:01 626688 ----a-w- c:\windows\system32\NCTImageFile.dll
2010-05-24 07:11 . 2005-02-28 13:47 344064 ----a-w- c:\windows\system32\NCTImageView.dll
2010-05-24 07:11 . 2005-02-28 13:47 335872 ----a-w- c:\windows\system32\NCTImageUtility.dll
2010-05-24 07:11 . 2005-02-28 13:47 401408 ----a-w- c:\windows\system32\NCTImageTransform.dll
2010-05-24 07:11 . 2003-07-08 13:50 344064 ----a-w- c:\windows\system32\MSVCR70.DLL
2010-05-24 07:11 . 2010-05-24 07:21 -------- d-----w- c:\programmi\Softinterface, Inc
2010-05-24 06:36 . 2010-05-24 06:40 -------- d-----w- c:\windows\tessdata
2010-05-24 06:36 . 2010-05-24 06:36 -------- d-----w- c:\programmi\Softi Software
2010-05-24 06:35 . 2010-05-24 06:35 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Softi Software
2010-05-22 07:18 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-05-17 15:29 . 2010-05-17 15:30 -------- d-----w- c:\programmi\No-IP
2010-05-16 15:21 . 2010-05-16 15:21 -------- d-----w- c:\programmi\eMule AdunanzA
2010-05-14 05:47 . 2010-05-14 05:47 -------- d-----w- c:\programmi\QuickTime
2010-05-14 05:47 . 2010-05-14 05:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-05-05 09:30 . 2010-05-05 09:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-27 08:31 . 2010-05-27 08:31 388096 ----a-r- c:\documents and settings\Andrea\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-27 06:47 . 2009-02-02 21:12 -------- d-----w- c:\programmi\Nokia
2010-05-26 14:18 . 2009-01-23 21:19 73008 ----a-w- c:\documents and settings\Andrea\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-26 14:14 . 2009-01-23 20:22 -------- d-----w- c:\programmi\File comuni\Adobe
2010-05-25 06:30 . 2010-05-25 06:30 503808 ----a-w- c:\documents and settings\Andrea\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-74da982a-n\msvcp71.dll
2010-05-25 06:30 . 2010-05-25 06:30 499712 ----a-w- c:\documents and settings\Andrea\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-74da982a-n\jmc.dll
2010-05-25 06:30 . 2010-05-25 06:30 348160 ----a-w- c:\documents and settings\Andrea\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-74da982a-n\msvcr71.dll
2010-05-25 06:30 . 2010-05-25 06:30 61440 ----a-w- c:\documents and settings\Andrea\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37dda8a5-n\decora-sse.dll
2010-05-25 06:30 . 2010-05-25 06:30 12800 ----a-w- c:\documents and settings\Andrea\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37dda8a5-n\decora-d3d.dll
2010-05-24 22:13 . 2009-12-17 20:53 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\vlc
2010-05-24 17:56 . 2009-01-23 20:25 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-05-22 07:13 . 2009-04-04 09:26 1 ----a-w- c:\documents and settings\Andrea\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-20 09:06 . 2009-01-30 19:33 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\dvdcss
2010-05-20 07:02 . 2010-01-24 21:54 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\HPAppData
2010-05-16 15:19 . 2009-03-08 18:24 -------- d-----w- c:\programmi\eMule
2010-05-12 06:52 . 2009-01-23 20:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-05-11 03:31 . 2010-05-24 07:21 659456 ----a-w- c:\windows\system32\tx151rtf.dll
2010-05-11 02:00 . 2010-05-24 07:21 172032 ----a-w- c:\windows\system32\tx151ic.dll
2010-05-10 13:12 . 2010-05-24 07:21 831488 ----a-w- c:\windows\system32\tx151.dll
2010-05-10 02:01 . 2010-05-24 07:21 245760 ----a-w- c:\windows\system32\tx151tls.dll
2010-05-10 01:02 . 2010-05-24 07:21 618496 ----a-w- c:\windows\system32\tx151htm.dll
2010-05-09 21:43 . 2009-03-06 07:31 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Skype
2010-05-09 21:42 . 2009-03-06 07:41 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\skypePM
2010-05-05 09:32 . 2010-05-05 09:32 57344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-05 09:32 . 2010-05-05 09:32 56766 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-05 09:32 . 2010-02-25 17:32 -------- d-----w- c:\programmi\DivX
2010-04-25 09:14 . 2010-05-24 07:21 1802240 ----a-w- c:\windows\system32\beconvlib.dll
2010-04-20 14:35 . 2010-04-20 14:35 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\PlayFirst
2010-04-20 14:35 . 2010-04-20 14:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PlayFirst
2010-04-20 14:29 . 2010-04-20 14:29 -------- d-----w- c:\programmi\Diner Dash 2
2010-04-15 12:12 . 2009-01-23 20:44 -------- d-----w- c:\programmi\Java
2010-04-15 03:21 . 2010-05-24 07:21 790528 ----a-w- c:\windows\system32\tx151doc.dll
2010-04-14 23:11 . 2010-05-24 07:21 1101824 ----a-w- c:\windows\system32\tx151dox.dll
2010-04-12 15:29 . 2010-04-15 12:12 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-07 00:06 . 2010-05-24 07:21 360448 ----a-w- c:\windows\system32\tx151css.dll
2010-03-30 18:13 . 2010-03-30 18:13 61440 ----a-w- c:\documents and settings\Andrea\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-36cc2591-n\decora-sse.dll
2010-03-30 18:13 . 2010-03-30 18:13 503808 ----a-w- c:\documents and settings\Andrea\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-448d2e68-n\msvcp71.dll
2010-03-30 18:13 . 2010-03-30 18:13 499712 ----a-w- c:\documents and settings\Andrea\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-448d2e68-n\jmc.dll
2010-03-30 18:13 . 2010-03-30 18:13 348160 ----a-w- c:\documents and settings\Andrea\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-448d2e68-n\msvcr71.dll
2010-03-30 18:13 . 2010-03-30 18:13 12800 ----a-w- c:\documents and settings\Andrea\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-36cc2591-n\decora-d3d.dll
2010-03-30 18:13 . 2009-01-23 20:44 -------- d-----w- c:\programmi\File comuni\Java
2010-03-30 18:13 . 2001-08-31 12:00 80826 ----a-w- c:\windows\system32\perfc010.dat
2010-03-30 18:13 . 2001-08-31 12:00 482766 ----a-w- c:\windows\system32\perfh010.dat
2010-03-24 14:12 . 2010-03-30 06:31 52224 ----a-w- c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\8z8ab7et.default\extensions\{9bb815eb-3f9f-4e11-9150-cb70e29b40fc}\components\FFExternalAlert.dll
2010-03-24 14:12 . 2010-03-30 06:31 101376 ----a-w- c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\8z8ab7et.default\extensions\{9bb815eb-3f9f-4e11-9150-cb70e29b40fc}\components\RadioWMPCore.dll
2010-03-10 06:15 . 2008-04-13 17:13 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2008-04-07 07:46 . 2008-04-07 07:46 13624 ----a-w- c:\programmi\mozilla firefox\plugins\cgpcfg.dll
2008-04-07 07:42 . 2008-04-07 07:42 87352 ----a-w- c:\programmi\mozilla firefox\plugins\CgpCore.dll
2008-04-07 07:43 . 2008-04-07 07:43 91448 ----a-w- c:\programmi\mozilla firefox\plugins\confmgr.dll
2008-04-07 07:43 . 2008-04-07 07:43 21824 ----a-w- c:\programmi\mozilla firefox\plugins\ctxlogging.dll
2008-04-07 07:49 . 2008-04-07 07:49 206136 ----a-w- c:\programmi\mozilla firefox\plugins\ctxmui.dll
2008-04-07 07:43 . 2008-04-07 07:43 31544 ----a-w- c:\programmi\mozilla firefox\plugins\icafile.dll
2008-04-07 07:46 . 2008-04-07 07:46 40248 ----a-w- c:\programmi\mozilla firefox\plugins\icalogon.dll
2007-03-16 16:27 . 2007-03-16 16:27 479232 ----a-w- c:\programmi\mozilla firefox\plugins\msvcm80.dll
2007-03-16 16:27 . 2007-03-16 16:27 548864 ----a-w- c:\programmi\mozilla firefox\plugins\msvcp80.dll
2007-03-16 16:27 . 2007-03-16 16:27 626688 ----a-w- c:\programmi\mozilla firefox\plugins\msvcr80.dll
2008-03-27 16:08 . 2008-03-27 16:08 981170 ----a-w- c:\programmi\mozilla firefox\plugins\sslsdk_b.dll
2008-04-07 07:42 . 2008-04-07 07:42 24376 ----a-w- c:\programmi\mozilla firefox\plugins\TcpPServ.dll
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 07:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-27 . D5E120A3BA164D2E7307A6688FEB26B2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13574144]
"nwiz"="nwiz.exe" [2008-06-26 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 86016]
"DAEMON Tools-1033"="c:\programmi\D-Tools\daemon.exe" [2004-03-12 81920]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-06-28 32768]
"AVFX Engine"="c:\programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"DivXUpdate"="c:\programmi\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-03-17 421888]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\
No-IP DUC.lnk - c:\programmi\No-IP\DUC20.exe [2010-5-17 1172992]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-24 07:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programmi\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Sierra Entertainment\\Empire Earth III\\EE3.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [23/01/2009 22.20.23 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [23/01/2009 22.20.23 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/09/2009 14.02.15 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/01/2009 22.33.43 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/01/2009 22.33.46 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/07/2009 9.57.21 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/01/2009 22.33.38 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 16.49.06 1029456]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [23/01/2009 22.06.24 1310720]
R3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [14/04/2009 13.00.54 146112]
R3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [14/04/2009 13.00.57 6272]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 13:02]

2010-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\8z8ab7et.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Radio Bar 2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2405727&q=
FF - component: c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\8z8ab7et.default\extensions\{9bb815eb-3f9f-4e11-9150-cb70e29b40fc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\8z8ab7et.default\extensions\{9bb815eb-3f9f-4e11-9150-cb70e29b40fc}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\8z8ab7et.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\8z8ab7et.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Andrea\Dati applicazioni\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-C6501Sound - c6501.cpl
HKLM-Run-NWEReboot - (no file)
HKLM-Explorer_Run-Logman - c:\windows\logman.exe
HKLM-Explorer_Run-ClipSrv - c:\documents and settings\Andrea\LOCALS~1\APPLIC~1\clipsrv.exe
HKLM-Explorer_Run-Esent Utl - c:\windows\System32\drivers\esentutl.exe
HKLM-Explorer_Run-SessMgr - c:\documents and settings\Andrea\LOCALS~1\APPLIC~1\sessmgr.exe
HKLM-Explorer_Run-IEudinit - c:\documents and settings\Andrea\LOCALS~1\APPLIC~1\ieudinit.exe
HKLM-Explorer_Run-DllHst - c:\windows\dllhst3g.exe
HKU-Default-Explorer_Run-CmSTP - c:\windows\cmstp.exe
HKU-Default-Explorer_Run-ClipSrv - c:\windows\clipsrv.exe
HKU-Default-Explorer_Run-Mstsc - c:\docume~1\Andrea\DATIAP~1\MICROS~1\mstsc.exe
HKU-Default-Explorer_Run-DllHst - c:\windows\System32\drivers\dllhst3g.exe
HKU-Default-Explorer_Run-rsvp - c:\docume~1\Andrea\DATIAP~1\rsvp.exe
HKU-Default-Explorer_Run-Logman - c:\documents and settings\Andrea\LOCALS~1\APPLIC~1\MICROS~1\logman.exe
HKU-Default-Explorer_Run-Spool - c:\documents and settings\Andrea\LOCALS~1\APPLIC~1\spoolsv.exe
HKU-Default-Explorer_Run-MstInit - c:\docume~1\Andrea\DATIAP~1\mstinit.exe
HKU-Default-Explorer_Run-MqtgSVC - c:\docume~1\Andrea\DATIAP~1\mqtgsvc.exe
AddRemove-Convert Doc_is1 - c:\programmi\Softinterface
AddRemove-Convert Image To PDF_is1 - c:\programmi\Softinterface
AddRemove-Convert Image_is1 - c:\programmi\Softinterface



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-27 16:40
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89972008]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28
\Driver\ACPI -> ACPI.sys @ 0xf7337cb8
\Driver\atapi -> 0x89972008
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71aabb0
PacketIndicateHandler -> NDIS.sys @ 0xf71b7a21
SendHandler -> NDIS.sys @ 0xf719587b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
malicious code @ sector 0x17499f00 size 0x1ad !
PE file found in sector at 0x017499F00 !

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3080)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\RunDll32.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Ora fine scansione: 2010-05-27 16:44:04 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-05-27 14:44

Pre-Run: 12.046.368.768 byte disponibili
Post-Run: 12.651.458.560 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - CD2192FF97E2A00C6BB9E0F65A7ACD7F


Grazie ancora per il supporto!
Avatar utente
knvies
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: gio mag 27, 2010 9:31 am


Re: Problemi di Trojan

Messaggioda markinson » gio mag 27, 2010 10:41 pm

Una prima pulizia credo che Combofix l'abbia già operata (QUI la guida per il suo utilizzo in italiano).

Infatti ...
BleepingComputer.com ha scritto:Si dovrebbe ora inserire questo file di log nella discussione in cui è stato chiesto di eseguire ComboFix in modo da poterlo far analizzare da chi vi sta aiutando e consigliare di conseguenza. ...
E' possibile che ComboFix già al primo utilizzo risolva i problemi riscontrati.


Tornando però al log di Hijack, si evidenziano diversi problemi. Ora, avendo dato una passata con Combofix, qualcosa potrebbe essere pure risolto.
Comunque, mi permetto di suggerirti:
  • cambia antivirus, dovresti avere AVG e ancora alla versione 8 (è uscita da tempo una nuova edizione e, attualmente, AVG non è tra i migliori antivirus gratuiti);
  • installa e manda in esecuzione qualche software anti-malware tipo Malwarebytes.

Soluzioni antivirus gratuite possono essere Avast! così come Avira.
Eventualmente, fai una nuova scansione con Hijack e posta ancora il suo log, per vedere cosa è rimasto dopo l'intervento di Combofix.
MegaLab.it (MLI) = Gianluigi "Zane" Zanettini - That's all Folks!
Avatar utente
markinson
Bronze Member
Bronze Member
 
Messaggi: 936
Iscritto il: sab mag 01, 2010 9:22 am
Località: Roma

Re: Problemi di Trojan

Messaggioda stevens » ven mag 28, 2010 10:09 am

hai anche l'mbr infetto

scarica mbr.exe in C:\

da provvisoria clicca su start => esegui => digita: mbr.exe -f (fai copia incolla per non sbagliare)

Posta il log che troverai in C:\ come mbr.log
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Problemi di Trojan

Messaggioda knvies » sab mag 29, 2010 9:20 am

Questo è il log di Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4152

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/05/2010 23.18.44
mbam-log-2010-05-28 (23-18-44).txt

Tipo di scansione: Scansione completa (C:\|E:\|F:\|G:\|)
Elementi esaminati: 218710
Tempo trascorso: 53 minuti, 29 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)


Mi sembra che non abbia rilevato niente di insolito?!?! :S
comunque ho disinstallato AVG e installato AVAST 5.0!Grazie per il consiglio!

@Stevens
Mi hai accennato ad un infezione del mbr. Ho provato a scaricare mbr.exe.
L'ho posizionato in C:\ e riavviato il pc in modalità provvisoria e fatto partire con la procedura da te descritta 3 volte! (mbr.exe -f)
Ma stranamente...partiva e si richiudeva un secondo dopo...senza rilasciare alcun Log.
:S
Avatar utente
knvies
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: gio mag 27, 2010 9:31 am

Re: Problemi di Trojan

Messaggioda stevens » sab mag 29, 2010 9:50 am

il log lo trovi in C:\ come mbr.log
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Problemi di Trojan

Messaggioda knvies » sab mag 29, 2010 11:40 am

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x17499f00 size 0x1ad !
PE file found in sector at 0x017499F00 !


L'ho fatto partire cliccando sul file, e non con la procedura da te descritta, perché stranamente non mi da il log in quel modo!
Avatar utente
knvies
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: gio mag 27, 2010 9:31 am

Re: Problemi di Trojan

Messaggioda stevens » sab mag 29, 2010 11:59 am

scarica HelpAssistantFix
Estrai il contenuto di HelpAssistantFix.zip ed esegui HelpAssistantFix.bat


scarica antivir_rootkit

scompattalo

clicca su ''start scan''

quando finisce vai in basso su ''view report'' e copia il rapporto che rilascia
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Problemi di Trojan

Messaggioda markinson » sab mag 29, 2010 1:55 pm

knvies ha scritto:Ecco il log di Combofix:

Codice: Seleziona tutto
...

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

...
Warning: possible MBR rootkit infection !
user & kernel MBR OK
malicious code @ sector 0x17499f00 size 0x1ad !
PE file found in sector at 0x017499F00 !

**************************************************************************
...

@stevens
... mi sono ciecato sul log, per capire come avevi fatto a vedere che il MBR era infetto! [acc2]
Complimenti! [;)]

@knvies
... mi sembra che stevens sappia il fatto suo! Sicuramente più di me!!! [:D]
MegaLab.it (MLI) = Gianluigi "Zane" Zanettini - That's all Folks!
Avatar utente
markinson
Bronze Member
Bronze Member
 
Messaggi: 936
Iscritto il: sab mag 01, 2010 9:22 am
Località: Roma


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 0 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising