Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

attacco malware e alureon.h

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

attacco malware e alureon.h

Messaggioda meno82 » gio ott 14, 2010 3:40 pm

negli ultimi giorni ho subito diversi attacchi che sono comparsi sotto diverse forme:
popup di finti antivirus (l'ultimo di antivirus 2010)
scritte sul desktop : your computer is infected!..
difficoltà a usare i browser
processi che partono e intasano la cpu

Sono riscito a togliere qlc con malwarebytes, ma la situazione del pc non è migliorata.
ogni scansione mi rivela e toglie qualcosa ma continuano sempre a ricomparire.
vi ringrazio anticipatamente per l'aiuto e
vi allego il log di hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.19.29, on 14/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
D:\Documenti\HijackThis.exe
C:\Programmi\Alwil Software\Avast5\defs\10101400\Sf.bin

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgilio.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fornito da Virgilio
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IE BHO Helper - {b879dc47-7f5a-4973-a570-1e03a60c7c02} - C:\Programmi\ToolbarPorno\adxloader.dll
O2 - BHO: (no name) - {cba0ec77-dd2c-4d2a-8853-94e4a8092822} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O3 - Toolbar: (no name) - {9e26c99f-6954-4e1e-80d4-de6dc4777ab3} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Veriton\Dati applicazioni\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Veriton\Dati applicazioni\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programmi\PlotSoft\PDFill\DownloadPDF.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GA ... b60096.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zp ... b79352.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... 102118.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.fueps.com/gp/images/common/g ... v10_it.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F16269E-84B1-48E7-9955-85F53B822C9C}: NameServer = 151.99.125.1,151.99.0.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F16269E-84B1-48E7-9955-85F53B822C9C}: NameServer = 151.99.125.1,151.99.0.100
O18 - Filter hijack: text/html - {bbb1e058-387f-4c7b-bb5f-97a5d37b6dcc} - (no file)
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Hardware Monitoring Program (ADMService) - OSA Technologies Inc - c:\Programmi\Acer\eManager\admServ.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio di Google Update (gupdate1c9b6a99bff244c) (gupdate1c9b6a99bff244c) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O24 - Desktop Component 0: (no name) - http://www.tremetrisoprailcielo.it/down ... esk_1B.jpg
O24 - Desktop Component 1: (no name) - http://www.rassegnalithos.it/2001/images/animate.js
O24 - Desktop Component 2: (no name) - http://www.tremetrisoprailcielo.it/down ... esk_2B.jpg

--
End of file - 12012 bytes



Fatemi sapere se vi occorre altro e se devo fare altre scansioni con altri programmi.. Sono nelle vostre mani.. Grazie..
Avatar utente
meno82
Neo Iscritto
Neo Iscritto
 
Messaggi: 23
Iscritto il: mer feb 06, 2008 1:27 am

Re: attacco malware e alureon.h

Messaggioda stevens » gio ott 14, 2010 4:04 pm

ciao

collegati qui usando il browser I.E. e fai una scansione completa del pc alla fine posta il rapporto della scansione
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: attacco malware e alureon.h

Messaggioda meno82 » gio ott 14, 2010 4:34 pm

Grazie per la risposta così celere..

Eccolo qui

BitDefender Online Scanner



Scan report generated at: Thu, Oct 14, 2010 - 17:38:29





Scan path: D:\Documenti;C:\Documents and Settings\Veriton\Desktop\EPSON Foto;







Statistics

Time
00:11:00

Files
29828

Folders
2634

Boot Sectors
0

Archives
259

Packed Files
893




Results

Identified Viruses
0

Infected Files
0

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0




Engines Info

Virus Definitions
6328527

Engine build
AVCORE v2.1 Windows/i386 11.0.0.42 (Aug 31 2010)

Scan plugins
18

Archive plugins
44

Unpack plugins
10

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

No virus found.


Devo fare altro.. Grazie
Avatar utente
meno82
Neo Iscritto
Neo Iscritto
 
Messaggi: 23
Iscritto il: mer feb 06, 2008 1:27 am


Re: attacco malware e alureon.h

Messaggioda FDAC » gio ott 14, 2010 5:04 pm

Rilancia Hijackthis:
- Do a System Scan Only
- spunta la casellina fianco di ogni singola voce che ti indicherò sotto
- una volta spuntate le voci:
- chiudi tutte le applicazioni aperte
- chiudi tutte le pagine del browser aperte
- in Hijackthis fixa le voci cliccando su Fix checked

Queste le voci da fixare:

O2 - BHO: IE BHO Helper - {b879dc47-7f5a-4973-a570-1e03a60c7c02} - C:\Programmi\ToolbarPorno\adxloader.dll
O2 - BHO: (no name) - {cba0ec77-dd2c-4d2a-8853-94e4a8092822} - (no file)
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O3 - Toolbar: (no name) - {9e26c99f-6954-4e1e-80d4-de6dc4777ab3} - (no file)
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GA ... b60096.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zp ... b79352.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... 102118.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.fueps.com/gp/images/common/g ... v10_it.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/html - {bbb1e058-387f-4c7b-bb5f-97a5d37b6dcc} - (no file)
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)


POI

Scarica ComboFix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Quando lo salvi hai la possibilità di rinominare il file: rinomina l’exe in pippo.exe

● posiziona pippo.exe sul Desktop
● disconnettiti da Internet
● sconnetti, fisicamente, il modem dal computer
● accedi al sistema in modalità provvisoria con un account con privilegi di Amministratore
● lancia ComboFix e segui le istruzioni che verranno rilasciate per eseguire la scansione
● senza eseguire altre operazioni, lascia che il tool completi la scansione e la fase di creazione del log
● al termine della operazione, il sistema verrà riavviato automaticamente (in caso contrario, riavvialo tu)

Note - durante la scansione:
● verranno creati alcuni file sul desktop e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all' antivirus in uso: prosegui ignorando il messaggio
● il firewall, se attivo, potrebbe rilasciare un avviso che verranno rimossi alcuni driver (consenti pure)

Verrà creato un log in Disco Locale C: dal nome combofix.txt che dovrai inviare qui.

Conclusa la scansione:
● riavvia il sistema in modalità normale
● ricollega, fisicamente, il modem al computer
● connettiti a Internet e invia il file di testo

N.B. Se non riuscissi in alcun modo ad utilizzare Combofix, segui questi semplici passi:

start > esegui, nel box bianco copia e incolla questo comando, virgolette comprese:
"%userprofile%\desktop\pippo.exe" /killall
Premi OK, si dovrebbe avviare la scansione.
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: attacco malware e alureon.h

Messaggioda meno82 » gio ott 14, 2010 5:48 pm

Grazie per l'aiuto..
Fatto tutto ecco il log di combofix

ComboFix 10-10-12.03 - Veriton 14/10/2010 18.34.13.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1015.629 [GMT 2:00]
Eseguito da: c:\documents and settings\Veriton\Desktop\pippo.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Dati applicazioni\.wtav
c:\documents and settings\Veriton\Dati applicazioni\PriceGong
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\Veriton\Dati applicazioni\PriceGong\Data\z.xml
c:\windows\ST6UNST.000
c:\windows\system32\AutoRun.inf
c:\windows\system32\vbzlib1.dll

La copia infetta di c:\windows\system32\drivers\pci.sys è stata trovata e disinfettata
ipristinata copia da - Kitty had a snack :p
La copia infetta di c:\windows\system32\midimap.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\VistaMizer\old\midimap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD
-------\Legacy_WINDOWS_LOG
-------\Service_ndisrd
-------\Service_Windows Log


((((((((((((((((((((((((( Files Creati Da 2010-09-14 al 2010-10-14 )))))))))))))))))))))))))))))))))))
.

2010-10-14 15:18 . 2010-10-14 15:18 -------- d-----w- c:\windows\BDOSCAN8
2010-10-14 11:25 . 2010-10-14 11:25 68736 ----a-w- c:\windows\system32\drivers\tafkpcwe.sys
2010-10-14 08:34 . 2010-10-14 08:34 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-14 06:15 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 06:15 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 06:15 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 16:22 . 2010-10-12 16:22 -------- d-----w- c:\programmi\CCleaner
2010-10-12 13:45 . 2010-10-12 13:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-07 11:01 . 2010-10-07 11:01 -------- d-----w- C:\FOUND.019
2010-10-06 19:13 . 2010-10-06 19:13 -------- d-----w- C:\FOUND.018
2010-10-06 18:58 . 2010-10-06 18:58 -------- d-----w- C:\FOUND.017
2010-10-05 19:25 . 2010-10-05 19:25 -------- d-----w- C:\FOUND.016
2010-09-15 18:16 . 2010-09-15 18:16 -------- d-----w- C:\FOUND.009
2010-09-15 12:57 . 2010-09-15 12:57 -------- d-----w- C:\FOUND.008

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 19CB8AA5B83D0017EB9A9126AA2EEB55 . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[-] 2008-04-14 . 19CB8AA5B83D0017EB9A9126AA2EEB55 . 1554944 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7E2817A623E16F830B660F81C0FD63DA . 1035776 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-04 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-04 77824]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"avast5"="c:\programmi\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido HP Photosmart Premier.lnk
backup=c:\windows\pss\Avvio rapido HP Photosmart Premier.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON CardMonitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON CardMonitor.lnk
backup=c:\windows\pss\EPSON CardMonitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tasto di scelta rapida per l'avvio di AutoCAD LT.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Tasto di scelta rapida per l'avvio di AutoCAD LT.lnk
backup=c:\windows\pss\Tasto di scelta rapida per l'avvio di AutoCAD LT.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Veriton^Menu Avvio^Programmi^Esecuzione automatica^Utilità controllo supporti di Picture Motion Browser.lnk]
path=c:\documents and settings\Veriton\Menu Avvio\Programmi\Esecuzione automatica\Utilità controllo supporti di Picture Motion Browser.lnk
backup=c:\windows\pss\Utilità controllo supporti di Picture Motion Browser.lnkStartup

[HKLM\~\startupfolder\^Comprensorio.jpg]
path=\Comprensorio.jpg
backup=c:\windows\pss\Comprensorio.jpgStartup

[HKLM\~\startupfolder\^Romaiano.jpg]
path=\Romaiano.jpg
backup=c:\windows\pss\Romaiano.jpgStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-22 18:42 116040 ----a-w- c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-07-30 08:47 289064 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-06-02 14:03 1957888 ------w- c:\programmi\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ------w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 20:56 204288 ------w- c:\programmi\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programmi\\hp\\HP Software Update\\HPWUCli.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02/09/2010 16.39.36 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/09/2010 16.39.37 17744]
R2 cp9xwnt;cp9xwnt;c:\windows\system32\drivers\CP9XWNT.SYS [28/09/2006 11.02.07 16416]
S2 gupdate1c9b6a99bff244c;Servizio di Google Update (gupdate1c9b6a99bff244c);c:\programmi\Google\Update\GoogleUpdate.exe [06/04/2009 13.19.53 133104]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [28/09/2006 11.02.06 18007]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [25/09/2008 20.31.42 101120]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 PortRW;PortRW;c:\windows\system32\drivers\PortRW.sys [28/09/2006 11.02.07 3456]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [02/09/2010 12.03.14 27064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 13:04 8192 ----a-w- c:\programmi\PixiePack Codec Pack\InstallerHelper.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-11 c:\windows\Tasks\WebReg Photosmart C4200 series.job
- c:\programmi\HP\Digital Imaging\bin\hpqwrg.exe [2009-11-17 22:29]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-06 11:19]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-06 11:19]

2010-10-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\documents and settings\Veriton\Dati applicazioni\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Veriton\Dati applicazioni\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {3F16269E-84B1-48E7-9955-85F53B822C9C} = 151.99.125.1,151.99.0.100
FF - ProfilePath - c:\documents and settings\Veriton\Dati applicazioni\Mozilla\Firefox\Profiles\ottxfbmk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT22690 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2269050&q=
FF - component: c:\documents and settings\Veriton\Dati applicazioni\Mozilla\Firefox\Profiles\ottxfbmk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Veriton\Dati applicazioni\Mozilla\Firefox\Profiles\ottxfbmk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Veriton\Dati applicazioni\Mozilla\Firefox\Profiles\ottxfbmk.default\extensions\{b6315c48-f861-4913-9578-1b5fac41ebe0}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Veriton\Dati applicazioni\Mozilla\Firefox\Profiles\ottxfbmk.default\extensions\{b6315c48-f861-4913-9578-1b5fac41ebe0}\components\RadioWMPCore.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPBILLARD8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- Associazioni dei file -------
.
.scr=AutoCADLTScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SoundMan - SOUNDMAN.EXE
HKLM-Run-RTHDCPL - RTHDCPL.EXE
AddRemove-Diff Doc_is1 - c:\programmi\Softinterface


.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(472)
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(1860)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\MSVCP60.dll
c:\windows\System32\cscui.dll
c:\windows\system32\shimgvw.dll
c:\windows\system32\webcheck.dll
c:\progra~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\programmi\File comuni\Microsoft Shared\Web Components\11\1040\OWCI11.DLL
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\LTMSG.exe
.
**************************************************************************
.
Ora fine scansione: 2010-10-14 18:49:15 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-10-14 16:49

Pre-Run: 8.101.199.872 byte disponibili
Post-Run: 8.234.369.024 byte disponibili

- - End Of File - - BF04F4F37E6EEED14C13F065C11F9470


Devo fare altro.. Grazie
Avatar utente
meno82
Neo Iscritto
Neo Iscritto
 
Messaggi: 23
Iscritto il: mer feb 06, 2008 1:27 am

Re: attacco malware e alureon.h

Messaggioda stevens » gio ott 14, 2010 5:51 pm

@ fdac

scusa ma dovresti rispettare le regole del forum e chi segue una discussione, non puoi intrometterti ogni volta

@ meno82

segui questa procedura

scarica malwarebytes
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .


scarica Dr.Web Cure it:
http://www.freedrweb.com/download+cureit/gr/?lng=en
Esegui Dr.Web Cure it facendogli risolvere tutte le minacce rilevate (all'avvio, alla comparsa della finestra "Enhanced Protection Mode" premi il pulsante OK, poi Avvia). Esegui prima la scansione veloce poi quella approfondita
Inserisci poi il report (File>Salva lista report) su wikisend
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: attacco malware e alureon.h

Messaggioda FDAC » gio ott 14, 2010 7:51 pm

Ciao Stevens, siamo qui per aiutare, tutti quanti;
Mi pare che la scansione con Combofix abbia ottenuto gli esiti sperati -Eliminato PriceGong e altre infezioni-.
Lascio continuare te, se proprio ci tieni.
Ciao
P.S. Vedi MP
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: attacco malware e alureon.h

Messaggioda stevens » gio ott 14, 2010 7:56 pm

fdac se vuoi aiutare cerca di non intrometterti nelle discussioni, crei solo confusione

io non ''ci tengo'' ma avendo iniziato la discussione preferirei continuarla (col tuo permesso)

oltretutto quando consigli una scansione cerca di controllare bene il suo rapporto, non ti sei ancora accorto che l'utente ha ancora qualcosa da eliminare

controllati per bene il rapporto
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: attacco malware e alureon.h

Messaggioda FDAC » gio ott 14, 2010 8:06 pm

Pensavo ci pensassi tu, io gli script li tengo per me perché non sono ancora sicuro.
Poi li confronto con i tuoi.
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: attacco malware e alureon.h

Messaggioda meno82 » ven ott 15, 2010 4:08 pm

@ Stevens

Eccomi qua e scusa per il ritardo..

Allora ho eseguito la scansione con malwarebytes ti posto il log:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Versione database: 4829

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/10/2010 10.48.49
mbam-log-2010-10-15 (10-48-49).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 254098
Tempo trascorso: 50 minuti, 11 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)



Per quanto riguarda la scansione con Dr.Web Cure it, la prima scansione che fa lui in automatico è risultata senza virus però non ho saputo salvare il log. Adesso sta facendo quella approfondita ma è già 2 ore che scansiona e la barra blu che scorre non è ancora a metà, ma è normale? comunque appena finisce ti posto il log se questa volta riesco a salvarlo.

A più tardi spero finisca presto, dimmi se va tutto bene o se devo fare altro. Grazie mille..
Avatar utente
meno82
Neo Iscritto
Neo Iscritto
 
Messaggi: 23
Iscritto il: mer feb 06, 2008 1:27 am

Re: attacco malware e alureon.h

Messaggioda stevens » ven ott 15, 2010 7:56 pm

hai fatto uno ScanDisk ultimamente?


Ora apri una pagina del blocco note e copia incolla quanto segue

File::
c:\windows\system32\drivers\tafkpcwe.sys

Folder::
C:\FOUND.008
C:\FOUND.009
C:\FOUND.016
C:\FOUND.017
C:\FOUND.018
C:\FOUND.019


salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log ...
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: attacco malware e alureon.h

Messaggioda meno82 » lun ott 18, 2010 9:36 am

@ Stevens

Buongiorno, scusa se non mi sono più fatto sentire, per quanto riguarda la scansione con Dr.Web Cure it l'ho lasciato lavorare anche tutto sabato e domenica ma stamani l'ho interrotto perché i file che esaminava aumentavano ma la barra blu non era ancora arrivata alla fine e non mi sembrava una cosa normale. Poi dimme te se ho sbagliato.. comunque aveva trovato 37 virus glieli ho fatti curare e se necessario eliminare.

Mi chiedevi poi se avevo fatto uno ScanDisk ultimamente? Che io mi ricordi no. perché?

Per quanto riguarda l'ultimo procedimento ho fatto come mi hai detto, combofix ha fatto tutti i suoi passaggi fino alla dicitura sta creando il file report poi si è impallato tutto per un'ora allora mi è toccato riavviare però il log non l'ho trovato.. Ho fatto male??

Dimmi te come mi devo muovere adesso.. Grazie (anche per la pazienza)
Avatar utente
meno82
Neo Iscritto
Neo Iscritto
 
Messaggi: 23
Iscritto il: mer feb 06, 2008 1:27 am

Re: attacco malware e alureon.h

Messaggioda stevens » lun ott 18, 2010 11:58 am

rimuovi combofix con OTC by OldTimer

eseguilo
Clicca su CleanUp.
Alla richiesta di riavvio clicca SI

scaricalo nuovamente senza in stallare la recovery consolle ed esegui nuovamente lo script

combofix devi scaricarlo sul desktop e' importante
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: attacco malware e alureon.h

Messaggioda meno82 » lun ott 18, 2010 2:48 pm

Infatti quando lo avevo fatto la prima volta non era sul desktop.(errore mio)

Rifatto tutto ecco il log:

ComboFix 10-10-17.04 - Veriton 18/10/2010 15.34.28.4.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1015.490 [GMT 2:00]
Eseguito da: c:\documents and settings\Veriton\Desktop\pippo.exe
Opzioni usate :: c:\documents and settings\Veriton\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\drivers\tafkpcwe.sys"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.008
c:\found.008\FILE0000.CHK
c:\found.008\FILE0001.CHK
c:\found.008\FILE0002.CHK
c:\found.008\FILE0003.CHK
c:\found.008\FILE0004.CHK
c:\found.008\FILE0005.CHK
c:\found.008\FILE0006.CHK
c:\found.008\FILE0007.CHK
c:\found.008\FILE0008.CHK
c:\found.008\FILE0009.CHK
c:\found.008\FILE0010.CHK
c:\found.008\FILE0011.CHK
c:\found.008\FILE0012.CHK
c:\found.008\FILE0013.CHK
c:\found.008\FILE0014.CHK
c:\found.008\FILE0015.CHK
c:\found.008\FILE0016.CHK
c:\found.008\FILE0017.CHK
c:\found.008\FILE0018.CHK
c:\found.008\FILE0019.CHK
c:\found.008\FILE0020.CHK
c:\found.008\FILE0021.CHK
c:\found.008\FILE0022.CHK
c:\found.008\FILE0023.CHK
c:\found.008\FILE0024.CHK
c:\found.008\FILE0025.CHK
c:\found.008\FILE0026.CHK
c:\found.008\FILE0027.CHK
c:\found.008\FILE0028.CHK
c:\found.008\FILE0029.CHK
c:\found.008\FILE0030.CHK
c:\found.008\FILE0031.CHK
c:\found.008\FILE0032.CHK
c:\found.008\FILE0033.CHK
c:\found.008\FILE0034.CHK
c:\found.008\FILE0035.CHK
c:\found.008\FILE0036.CHK
c:\found.008\FILE0037.CHK
c:\found.008\FILE0038.CHK
c:\found.008\FILE0039.CHK
c:\found.008\FILE0040.CHK
c:\found.008\FILE0041.CHK
c:\found.008\FILE0042.CHK
c:\found.008\FILE0043.CHK
c:\found.008\FILE0044.CHK
c:\found.008\FILE0045.CHK
c:\found.008\FILE0046.CHK
c:\found.008\FILE0047.CHK
c:\found.008\FILE0048.CHK
c:\found.008\FILE0049.CHK
c:\found.008\FILE0050.CHK
c:\found.008\FILE0051.CHK
c:\found.008\FILE0052.CHK
c:\found.008\FILE0053.CHK
c:\found.008\FILE0054.CHK
c:\found.008\FILE0055.CHK
c:\found.008\FILE0056.CHK
c:\found.008\FILE0057.CHK
c:\found.008\FILE0058.CHK
c:\found.008\FILE0059.CHK
c:\found.008\FILE0060.CHK
c:\found.008\FILE0061.CHK
c:\found.008\FILE0062.CHK
c:\found.008\FILE0063.CHK
c:\found.008\FILE0064.CHK
c:\found.008\FILE0065.CHK
c:\found.008\FILE0066.CHK
c:\found.008\FILE0067.CHK
c:\found.008\FILE0068.CHK
c:\found.008\FILE0069.CHK
c:\found.008\FILE0070.CHK
c:\found.008\FILE0071.CHK
c:\found.008\FILE0072.CHK
c:\found.008\FILE0073.CHK
c:\found.008\FILE0074.CHK
c:\found.008\FILE0075.CHK
c:\found.008\FILE0076.CHK
c:\found.008\FILE0077.CHK
c:\found.008\FILE0078.CHK
c:\found.008\FILE0079.CHK
c:\found.008\FILE0080.CHK
c:\found.008\FILE0081.CHK
c:\found.008\FILE0082.CHK
c:\found.008\FILE0083.CHK
c:\found.008\FILE0084.CHK
c:\found.008\FILE0085.CHK
c:\found.008\FILE0086.CHK
c:\found.008\FILE0087.CHK
c:\found.008\FILE0088.CHK
c:\found.008\FILE0089.CHK
c:\found.008\FILE0090.CHK
c:\found.008\FILE0091.CHK
c:\found.008\FILE0092.CHK
c:\found.008\FILE0093.CHK
c:\found.008\FILE0094.CHK
c:\found.008\FILE0095.CHK
c:\found.008\FILE0096.CHK
c:\found.008\FILE0097.CHK
c:\found.008\FILE0098.CHK
c:\found.008\FILE0099.CHK
c:\found.008\FILE0100.CHK
c:\found.008\FILE0101.CHK
c:\found.008\FILE0102.CHK
c:\found.008\FILE0103.CHK
c:\found.008\FILE0104.CHK
c:\found.008\FILE0105.CHK
c:\found.008\FILE0106.CHK
c:\found.008\FILE0107.CHK
c:\found.008\FILE0108.CHK
c:\found.008\FILE0109.CHK
c:\found.008\FILE0110.CHK
c:\found.008\FILE0111.CHK
c:\found.008\FILE0112.CHK
c:\found.008\FILE0113.CHK
c:\found.008\FILE0114.CHK
c:\found.008\FILE0115.CHK
c:\found.008\FILE0116.CHK
c:\found.008\FILE0117.CHK
c:\found.008\FILE0118.CHK
c:\found.008\FILE0119.CHK
c:\found.008\FILE0120.CHK
c:\found.008\FILE0121.CHK
c:\found.008\FILE0122.CHK
c:\found.008\FILE0123.CHK
c:\found.008\FILE0124.CHK
c:\found.008\FILE0125.CHK
c:\found.008\FILE0126.CHK
c:\found.008\FILE0127.CHK
c:\found.008\FILE0128.CHK
c:\found.008\FILE0129.CHK
c:\found.008\FILE0130.CHK
c:\found.008\FILE0131.CHK
c:\found.008\FILE0132.CHK
c:\found.008\FILE0133.CHK
c:\found.008\FILE0134.CHK
c:\found.008\FILE0135.CHK
c:\found.008\FILE0136.CHK
c:\found.008\FILE0137.CHK
c:\found.008\FILE0138.CHK
c:\found.008\FILE0139.CHK
c:\found.008\FILE0140.CHK
c:\found.008\FILE0141.CHK
c:\found.008\FILE0142.CHK
c:\found.008\FILE0143.CHK
c:\found.008\FILE0144.CHK
c:\found.008\FILE0145.CHK
c:\found.008\FILE0146.CHK
c:\found.008\FILE0147.CHK
c:\found.008\FILE0148.CHK
c:\found.008\FILE0149.CHK
c:\found.008\FILE0150.CHK
c:\found.008\FILE0151.CHK
c:\found.008\FILE0152.CHK
c:\found.008\FILE0153.CHK
c:\found.008\FILE0154.CHK
c:\found.008\FILE0155.CHK
c:\found.008\FILE0156.CHK
c:\found.008\FILE0157.CHK
c:\found.008\FILE0158.CHK
c:\found.008\FILE0159.CHK
c:\found.008\FILE0160.CHK
c:\found.008\FILE0161.CHK
c:\found.008\FILE0162.CHK
c:\found.008\FILE0163.CHK
c:\found.008\FILE0164.CHK
c:\found.008\FILE0165.CHK
c:\found.008\FILE0166.CHK
c:\found.008\FILE0167.CHK
c:\found.008\FILE0168.CHK
c:\found.008\FILE0169.CHK
c:\found.008\FILE0170.CHK
c:\found.008\FILE0171.CHK
c:\found.008\FILE0172.CHK
c:\found.008\FILE0173.CHK
c:\found.008\FILE0174.CHK
c:\found.008\FILE0175.CHK
c:\found.008\FILE0176.CHK
c:\found.008\FILE0177.CHK
c:\found.008\FILE0178.CHK
c:\found.008\FILE0179.CHK
c:\found.008\FILE0180.CHK
c:\found.008\FILE0181.CHK
c:\found.008\FILE0182.CHK
c:\found.008\FILE0183.CHK
c:\found.008\FILE0184.CHK
c:\found.008\FILE0185.CHK
c:\found.008\FILE0186.CHK
c:\found.008\FILE0187.CHK
c:\found.008\FILE0188.CHK
c:\found.008\FILE0189.CHK
c:\found.008\FILE0190.CHK
c:\found.008\FILE0191.CHK
c:\found.008\FILE0192.CHK
c:\found.008\FILE0193.CHK
c:\found.008\FILE0194.CHK
c:\found.008\FILE0195.CHK
c:\found.008\FILE0196.CHK
c:\found.008\FILE0197.CHK
c:\found.008\FILE0198.CHK
c:\found.008\FILE0199.CHK
c:\found.008\FILE0200.CHK
c:\found.008\FILE0201.CHK
c:\found.008\FILE0202.CHK
c:\found.008\FILE0203.CHK
c:\found.008\FILE0204.CHK
c:\found.008\FILE0205.CHK
c:\found.008\FILE0206.CHK
c:\found.008\FILE0207.CHK
c:\found.008\FILE0208.CHK
c:\found.008\FILE0209.CHK
c:\found.008\FILE0210.CHK
c:\found.008\FILE0211.CHK
c:\found.008\FILE0212.CHK
c:\found.008\FILE0213.CHK
c:\found.008\FILE0214.CHK
c:\found.008\FILE0215.CHK
c:\found.008\FILE0216.CHK
c:\found.008\FILE0217.CHK
c:\found.008\FILE0218.CHK
c:\found.008\FILE0219.CHK
c:\found.008\FILE0220.CHK
c:\found.008\FILE0221.CHK
c:\found.008\FILE0222.CHK
c:\found.008\FILE0223.CHK
c:\found.008\FILE0224.CHK
c:\found.008\FILE0225.CHK
c:\found.008\FILE0226.CHK
c:\found.008\FILE0227.CHK
c:\found.008\FILE0228.CHK
c:\found.008\FILE0229.CHK
c:\found.008\FILE0230.CHK
c:\found.008\FILE0231.CHK
c:\found.008\FILE0232.CHK
c:\found.008\FILE0233.CHK
c:\found.008\FILE0234.CHK
c:\found.008\FILE0235.CHK
c:\found.008\FILE0236.CHK
c:\found.008\FILE0237.CHK
c:\found.008\FILE0238.CHK
c:\found.008\FILE0239.CHK
c:\found.008\FILE0240.CHK
c:\found.008\FILE0241.CHK
c:\found.008\FILE0242.CHK
c:\found.008\FILE0243.CHK
c:\found.008\FILE0244.CHK
c:\found.008\FILE0245.CHK
c:\found.008\FILE0246.CHK
c:\found.008\FILE0247.CHK
c:\found.008\FILE0248.CHK
c:\found.008\FILE0249.CHK
c:\found.008\FILE0250.CHK
c:\found.008\FILE0251.CHK
c:\found.008\FILE0252.CHK
c:\found.008\FILE0253.CHK
c:\found.008\FILE0254.CHK
c:\found.008\FILE0255.CHK
c:\found.008\FILE0256.CHK
c:\found.008\FILE0257.CHK
c:\found.008\FILE0258.CHK
c:\found.008\FILE0259.CHK
c:\found.008\FILE0260.CHK
c:\found.008\FILE0261.CHK
c:\found.008\FILE0262.CHK
c:\found.008\FILE0263.CHK
c:\found.008\FILE0264.CHK
c:\found.008\FILE0265.CHK
c:\found.008\FILE0266.CHK
c:\found.008\FILE0267.CHK
c:\found.008\FILE0268.CHK
c:\found.008\FILE0269.CHK
c:\found.008\FILE0270.CHK
c:\found.008\FILE0271.CHK
c:\found.008\FILE0272.CHK
c:\found.008\FILE0273.CHK
c:\found.008\FILE0274.CHK
c:\found.008\FILE0275.CHK
c:\found.008\FILE0276.CHK
c:\found.008\FILE0277.CHK
c:\found.008\FILE0278.CHK
c:\found.008\FILE0279.CHK
c:\found.008\FILE0280.CHK
c:\found.008\FILE0281.CHK
c:\found.008\FILE0282.CHK
c:\found.008\FILE0283.CHK
c:\found.008\FILE0284.CHK
c:\found.008\FILE0285.CHK
c:\found.008\FILE0286.CHK
c:\found.008\FILE0287.CHK
c:\found.008\FILE0288.CHK
c:\found.008\FILE0289.CHK
c:\found.008\FILE0290.CHK
c:\found.008\FILE0291.CHK
c:\found.008\FILE0292.CHK
c:\found.008\FILE0293.CHK
c:\found.008\FILE0294.CHK
c:\found.008\FILE0295.CHK
c:\found.008\FILE0296.CHK
c:\found.008\FILE0297.CHK
c:\found.008\FILE0298.CHK
c:\found.008\FILE0299.CHK
c:\found.008\FILE0300.CHK
c:\found.008\FILE0301.CHK
c:\found.008\FILE0302.CHK
c:\found.008\FILE0303.CHK
c:\found.008\FILE0304.CHK
c:\found.008\FILE0305.CHK
c:\found.008\FILE0306.CHK
c:\found.008\FILE0307.CHK
c:\found.008\FILE0308.CHK
c:\found.008\FILE0309.CHK
c:\found.008\FILE0310.CHK
c:\found.008\FILE0311.CHK
c:\found.008\FILE0312.CHK
c:\found.008\FILE0313.CHK
c:\found.008\FILE0314.CHK
c:\found.008\FILE0315.CHK
c:\found.008\FILE0316.CHK
c:\found.008\FILE0317.CHK
c:\found.008\FILE0318.CHK
c:\found.008\FILE0319.CHK
c:\found.008\FILE0320.CHK
c:\found.008\FILE0321.CHK
c:\found.008\FILE0322.CHK
c:\found.008\FILE0323.CHK
c:\found.008\FILE0324.CHK
c:\found.008\FILE0325.CHK
c:\found.008\FILE0326.CHK
c:\found.008\FILE0327.CHK
c:\found.008\FILE0328.CHK
c:\found.008\FILE0329.CHK
c:\found.008\FILE0330.CHK
c:\found.008\FILE0331.CHK
c:\found.008\FILE0332.CHK
c:\found.008\FILE0333.CHK
c:\found.008\FILE0334.CHK
c:\found.008\FILE0335.CHK
c:\found.008\FILE0336.CHK
c:\found.008\FILE0337.CHK
c:\found.008\FILE0338.CHK
c:\found.008\FILE0339.CHK
c:\found.008\FILE0340.CHK
c:\found.008\FILE0341.CHK
c:\found.008\FILE0342.CHK
c:\found.008\FILE0343.CHK
c:\found.008\FILE0344.CHK
c:\found.008\FILE0345.CHK
c:\found.008\FILE0346.CHK
c:\found.008\FILE0347.CHK
c:\found.008\FILE0348.CHK
c:\found.008\FILE0349.CHK
c:\found.008\FILE0350.CHK
c:\found.008\FILE0351.CHK
c:\found.008\FILE0352.CHK
c:\found.008\FILE0353.CHK
c:\found.008\FILE0354.CHK
c:\found.008\FILE0355.CHK
c:\found.008\FILE0356.CHK
c:\found.008\FILE0357.CHK
c:\found.008\FILE0358.CHK
c:\found.008\FILE0359.CHK
c:\found.008\FILE0360.CHK
c:\found.008\FILE0361.CHK
c:\found.008\FILE0362.CHK
c:\found.008\FILE0363.CHK
c:\found.008\FILE0364.CHK
c:\found.008\FILE0365.CHK
c:\found.008\FILE0366.CHK
c:\found.008\FILE0367.CHK
c:\found.008\FILE0368.CHK
c:\found.008\FILE0369.CHK
c:\found.008\FILE0370.CHK
c:\found.008\FILE0371.CHK
c:\found.008\FILE0372.CHK
c:\found.008\FILE0373.CHK
c:\found.008\FILE0374.CHK
c:\found.008\FILE0375.CHK
c:\found.008\FILE0376.CHK
c:\found.008\FILE0377.CHK
c:\found.008\FILE0378.CHK
c:\found.008\FILE0379.CHK
c:\found.008\FILE0380.CHK
c:\found.008\FILE0381.CHK
c:\found.008\FILE0382.CHK
c:\found.008\FILE0383.CHK
c:\found.008\FILE0384.CHK
c:\found.008\FILE0385.CHK
c:\found.008\FILE0386.CHK
c:\found.008\FILE0387.CHK
c:\found.008\FILE0388.CHK
c:\found.008\FILE0389.CHK
c:\found.008\FILE0390.CHK
c:\found.008\FILE0391.CHK
c:\found.008\FILE0392.CHK
c:\found.008\FILE0393.CHK
c:\found.008\FILE0394.CHK
c:\found.008\FILE0395.CHK
c:\found.008\FILE0396.CHK
c:\found.008\FILE0397.CHK
c:\found.008\FILE0398.CHK
c:\found.008\FILE0399.CHK
c:\found.008\FILE0400.CHK
c:\found.008\FILE0401.CHK
c:\found.008\FILE0402.CHK
c:\found.008\FILE0403.CHK
c:\found.008\FILE0404.CHK
c:\found.008\FILE0405.CHK
c:\found.008\FILE0406.CHK
c:\found.008\FILE0407.CHK
c:\found.008\FILE0408.CHK
c:\found.008\FILE0409.CHK
c:\found.008\FILE0410.CHK
c:\found.008\FILE0411.CHK
c:\found.008\FILE0412.CHK
c:\found.008\FILE0413.CHK
c:\found.008\FILE0414.CHK
c:\found.008\FILE0415.CHK
c:\found.008\FILE0416.CHK
c:\found.008\FILE0417.CHK
c:\found.008\FILE0418.CHK
c:\found.008\FILE0419.CHK
c:\found.008\FILE0420.CHK
c:\found.008\FILE0421.CHK
c:\found.008\FILE0422.CHK
c:\found.008\FILE0423.CHK
c:\found.008\FILE0424.CHK
c:\found.008\FILE0425.CHK
c:\found.008\FILE0426.CHK
c:\found.008\FILE0427.CHK
c:\found.008\FILE0428.CHK
c:\found.008\FILE0429.CHK
c:\found.008\FILE0430.CHK
c:\found.008\FILE0431.CHK
c:\found.008\FILE0432.CHK
c:\found.008\FILE0433.CHK
c:\found.008\FILE0434.CHK
c:\found.008\FILE0435.CHK
c:\found.008\FILE0436.CHK
c:\found.008\FILE0437.CHK
c:\found.008\FILE0438.CHK
c:\found.008\FILE0439.CHK
c:\found.008\FILE0440.CHK
c:\found.008\FILE0441.CHK
c:\found.008\FILE0442.CHK
c:\found.008\FILE0443.CHK
c:\found.008\FILE0444.CHK
c:\found.008\FILE0445.CHK
c:\found.008\FILE0446.CHK
c:\found.008\FILE0447.CHK
c:\found.008\FILE0448.CHK
c:\found.008\FILE0449.CHK
c:\found.008\FILE0450.CHK
c:\found.008\FILE0451.CHK
c:\found.008\FILE0452.CHK
c:\found.008\FILE0453.CHK
c:\found.008\FILE0454.CHK
c:\found.008\FILE0455.CHK
c:\found.008\FILE0456.CHK
c:\found.008\FILE0457.CHK
c:\found.008\FILE0458.CHK
c:\found.008\FILE0459.CHK
c:\found.008\FILE0460.CHK
c:\found.008\FILE0461.CHK
c:\found.008\FILE0462.CHK
c:\found.008\FILE0463.CHK
c:\found.008\FILE0464.CHK
c:\found.008\FILE0465.CHK
c:\found.008\FILE0466.CHK
c:\found.008\FILE0467.CHK
c:\found.008\FILE0468.CHK
c:\found.008\FILE0469.CHK
c:\found.008\FILE0470.CHK
c:\found.008\FILE0471.CHK
c:\found.008\FILE0472.CHK
c:\found.008\FILE0473.CHK
c:\found.008\FILE0474.CHK
c:\found.008\FILE0475.CHK
c:\found.008\FILE0476.CHK
c:\found.008\FILE0477.CHK
c:\found.008\FILE0478.CHK
c:\found.008\FILE0479.CHK
c:\found.008\FILE0480.CHK
c:\found.008\FILE0481.CHK
c:\found.008\FILE0482.CHK
c:\found.008\FILE0483.CHK
c:\found.008\FILE0484.CHK
c:\found.008\FILE0485.CHK
c:\found.008\FILE0486.CHK
c:\found.008\FILE0487.CHK
c:\found.008\FILE0488.CHK
c:\found.008\FILE0489.CHK
c:\found.008\FILE0490.CHK
c:\found.008\FILE0491.CHK
c:\found.008\FILE0492.CHK
c:\found.008\FILE0493.CHK
c:\found.008\FILE0494.CHK
c:\found.008\FILE0495.CHK
c:\found.008\FILE0496.CHK
c:\found.008\FILE0497.CHK
c:\found.008\FILE0498.CHK
c:\found.008\FILE0499.CHK
c:\found.008\FILE0500.CHK
c:\found.008\FILE0501.CHK
c:\found.008\FILE0502.CHK
c:\found.008\FILE0503.CHK
c:\found.008\FILE0504.CHK
c:\found.008\FILE0505.CHK
c:\found.008\FILE0506.CHK
c:\found.008\FILE0507.CHK
c:\found.008\FILE0508.CHK
c:\found.008\FILE0509.CHK
c:\found.008\FILE0510.CHK
c:\found.008\FILE0511.CHK
c:\found.008\FILE0512.CHK
c:\found.008\FILE0513.CHK
c:\found.008\FILE0514.CHK
c:\found.008\FILE0515.CHK
c:\found.008\FILE0516.CHK
c:\found.008\FILE0517.CHK
c:\found.008\FILE0518.CHK
c:\found.008\FILE0519.CHK
c:\found.008\FILE0520.CHK
c:\found.008\FILE0521.CHK
c:\found.008\FILE0522.CHK
c:\found.008\FILE0523.CHK
c:\found.008\FILE0524.CHK
c:\found.008\FILE0525.CHK
c:\found.008\FILE0526.CHK
c:\found.008\FILE0527.CHK
c:\found.008\FILE0528.CHK
c:\found.008\FILE0529.CHK
c:\found.008\FILE0530.CHK
c:\found.008\FILE0531.CHK
c:\found.008\FILE0532.CHK
c:\found.008\FILE0533.CHK
c:\found.008\FILE0534.CHK
c:\found.008\FILE0535.CHK
c:\found.008\FILE0536.CHK
c:\found.008\FILE0537.CHK
c:\found.008\FILE0538.CHK
c:\found.008\FILE0539.CHK
c:\found.008\FILE0540.CHK
c:\found.008\FILE0541.CHK
c:\found.008\FILE0542.CHK
c:\found.008\FILE0543.CHK
c:\found.008\FILE0544.CHK
c:\found.008\FILE0545.CHK
c:\found.008\FILE0546.CHK
c:\found.008\FILE0547.CHK
c:\found.008\FILE0548.CHK
c:\found.008\FILE0549.CHK
c:\found.008\FILE0550.CHK
c:\found.008\FILE0551.CHK
c:\found.008\FILE0552.CHK
c:\found.008\FILE0553.CHK
c:\found.008\FILE0554.CHK
c:\found.008\FILE0555.CHK
c:\found.008\FILE0556.CHK
c:\found.008\FILE0557.CHK
c:\found.008\FILE0558.CHK
c:\found.008\FILE0559.CHK
c:\found.008\FILE0560.CHK
c:\found.008\FILE0561.CHK
c:\found.008\FILE0562.CHK
c:\found.008\FILE0563.CHK
c:\found.008\FILE0564.CHK
c:\found.008\FILE0565.CHK
c:\found.008\FILE0566.CHK
c:\found.008\FILE0567.CHK
c:\found.008\FILE0568.CHK
c:\found.008\FILE0569.CHK
c:\found.008\FILE0570.CHK
c:\found.008\FILE0571.CHK
c:\found.008\FILE0572.CHK
c:\found.008\FILE0573.CHK
c:\found.008\FILE0574.CHK
c:\found.008\FILE0575.CHK
c:\found.008\FILE0576.CHK
c:\found.008\FILE0577.CHK
c:\found.008\FILE0578.CHK
c:\found.008\FILE0579.CHK
c:\found.008\FILE0580.CHK
c:\found.008\FILE0581.CHK
c:\found.008\FILE0582.CHK
c:\found.008\FILE0583.CHK
c:\found.008\FILE0584.CHK
c:\found.008\FILE0585.CHK
c:\found.008\FILE0586.CHK
c:\found.008\FILE0587.CHK
c:\found.008\FILE0588.CHK
c:\found.008\FILE0589.CHK
c:\found.008\FILE0590.CHK
c:\found.008\FILE0591.CHK
c:\found.008\FILE0592.CHK
c:\found.008\FILE0593.CHK
c:\found.008\FILE0594.CHK
c:\found.008\FILE0595.CHK
c:\found.008\FILE0596.CHK
c:\found.008\FILE0597.CHK
c:\found.008\FILE0598.CHK
c:\found.008\FILE0599.CHK
c:\found.008\FILE0600.CHK
c:\found.008\FILE0601.CHK
c:\found.008\FILE0602.CHK
c:\found.008\FILE0603.CHK
c:\found.008\FILE0604.CHK
c:\found.008\FILE0605.CHK
c:\found.008\FILE0606.CHK
c:\found.008\FILE0607.CHK
c:\found.008\FILE0608.CHK
c:\found.008\FILE0609.CHK
c:\found.008\FILE0610.CHK
c:\found.008\FILE0611.CHK
c:\found.008\FILE0612.CHK
c:\found.008\FILE0613.CHK
c:\found.008\FILE0614.CHK
c:\found.008\FILE0615.CHK
c:\found.008\FILE0616.CHK
c:\found.008\FILE0617.CHK
c:\found.008\FILE0618.CHK
c:\found.008\FILE0619.CHK
c:\found.008\FILE0620.CHK
c:\found.008\FILE0621.CHK
c:\found.008\FILE0622.CHK
c:\found.008\FILE0623.CHK
c:\found.008\FILE0624.CHK
c:\found.008\FILE0625.CHK
c:\found.008\FILE0626.CHK
c:\found.008\FILE0627.CHK
c:\found.008\FILE0628.CHK
c:\found.008\FILE0629.CHK
c:\found.008\FILE0630.CHK
c:\found.008\FILE0631.CHK
c:\found.008\FILE0632.CHK
c:\found.008\FILE0633.CHK
c:\found.008\FILE0634.CHK
c:\found.008\FILE0635.CHK
c:\found.008\FILE0636.CHK
c:\found.008\FILE0637.CHK
c:\found.008\FILE0638.CHK
c:\found.008\FILE0639.CHK
c:\found.008\FILE0640.CHK
c:\found.008\FILE0641.CHK
c:\found.008\FILE0642.CHK
c:\found.008\FILE0643.CHK
c:\found.008\FILE0644.CHK
c:\found.008\FILE0645.CHK
c:\found.008\FILE0646.CHK
c:\found.008\FILE0647.CHK
c:\found.008\FILE0648.CHK
c:\found.008\FILE0649.CHK
c:\found.008\FILE0650.CHK
c:\found.008\FILE0651.CHK
c:\found.008\FILE0652.CHK
c:\found.008\FILE0653.CHK
c:\found.008\FILE0654.CHK
c:\found.008\FILE0655.CHK
c:\found.008\FILE0656.CHK
c:\found.008\FILE0657.CHK
c:\found.008\FILE0658.CHK
c:\found.008\FILE0659.CHK
c:\found.008\FILE0660.CHK
c:\found.008\FILE0661.CHK
c:\found.008\FILE0662.CHK
c:\found.008\FILE0663.CHK
c:\found.008\FILE0664.CHK
c:\found.008\FILE0665.CHK
c:\found.008\FILE0666.CHK
c:\found.008\FILE0667.CHK
c:\found.008\FILE0668.CHK
c:\found.008\FILE0669.CHK
c:\found.008\FILE0670.CHK
c:\found.008\FILE0671.CHK
c:\found.008\FILE0672.CHK
c:\found.008\FILE0673.CHK
c:\found.008\FILE0674.CHK
c:\found.008\FILE0675.CHK
c:\found.008\FILE0676.CHK
c:\found.008\FILE0677.CHK
c:\found.008\FILE0678.CHK
c:\found.008\FILE0679.CHK
c:\found.008\FILE0680.CHK
c:\found.008\FILE0681.CHK
c:\found.008\FILE0682.CHK
c:\found.008\FILE0683.CHK
c:\found.008\FILE0684.CHK
c:\found.008\FILE0685.CHK
c:\found.008\FILE0686.CHK
c:\found.008\FILE0687.CHK
c:\found.008\FILE0688.CHK
c:\found.008\FILE0689.CHK
c:\found.008\FILE0690.CHK
c:\found.008\FILE0691.CHK
c:\found.008\FILE0692.CHK
c:\found.008\FILE0693.CHK
c:\found.008\FILE0694.CHK
c:\found.008\FILE0695.CHK
c:\found.008\FILE0696.CHK
c:\found.008\FILE0697.CHK
c:\found.008\FILE0698.CHK
c:\found.008\FILE0699.CHK
c:\found.008\FILE0700.CHK
c:\found.008\FILE0701.CHK
c:\found.008\FILE0702.CHK
c:\found.008\FILE0703.CHK
c:\found.008\FILE0704.CHK
c:\found.008\FILE0705.CHK
c:\found.008\FILE0706.CHK
c:\found.008\FILE0707.CHK
c:\found.008\FILE0708.CHK
c:\found.008\FILE0709.CHK
c:\found.008\FILE0710.CHK
c:\found.008\FILE0711.CHK
c:\found.008\FILE0712.CHK
c:\found.008\FILE0713.CHK
c:\found.008\FILE0714.CHK
c:\found.008\FILE0715.CHK
c:\found.008\FILE0716.CHK
c:\found.008\FILE0717.CHK
c:\found.008\FILE0718.CHK
c:\found.008\FILE0719.CHK
c:\found.008\FILE0720.CHK
c:\found.008\FILE0721.CHK
c:\found.008\FILE0722.CHK
c:\found.008\FILE0723.CHK
c:\found.008\FILE0724.CHK
c:\found.008\FILE0725.CHK
c:\found.008\FILE0726.CHK
c:\found.008\FILE0727.CHK
c:\found.008\FILE0728.CHK
c:\found.008\FILE0729.CHK
c:\found.008\FILE0730.CHK
c:\found.008\FILE0731.CHK
c:\found.008\FILE0732.CHK
c:\found.008\FILE0733.CHK
c:\found.008\FILE0734.CHK
c:\found.008\FILE0735.CHK
c:\found.008\FILE0736.CHK
c:\found.008\FILE0737.CHK
c:\found.008\FILE0738.CHK
c:\found.008\FILE0739.CHK
c:\found.008\FILE0740.CHK
c:\found.008\FILE0741.CHK
c:\found.008\FILE0742.CHK
c:\found.008\FILE0743.CHK
c:\found.008\FILE0744.CHK
c:\found.008\FILE0745.CHK
c:\found.008\FILE0746.CHK
c:\found.008\FILE0747.CHK
c:\found.008\FILE0748.CHK
c:\found.008\FILE0749.CHK
c:\found.008\FILE0750.CHK
c:\found.008\FILE0751.CHK
c:\found.008\FILE0752.CHK
c:\found.008\FILE0753.CHK
c:\found.008\FILE0754.CHK
c:\found.008\FILE0755.CHK
c:\found.008\FILE0756.CHK
c:\found.008\FILE0757.CHK
c:\found.008\FILE0758.CHK
c:\found.008\FILE0759.CHK
c:\found.008\FILE0760.CHK
c:\found.008\FILE0761.CHK
c:\found.008\FILE0762.CHK
c:\found.008\FILE0763.CHK
c:\found.008\FILE0764.CHK
c:\found.008\FILE0765.CHK
c:\found.008\FILE0766.CHK
c:\found.008\FILE0767.CHK
c:\found.008\FILE0768.CHK
c:\found.008\FILE0769.CHK
c:\found.008\FILE0770.CHK
c:\found.008\FILE0771.CHK
c:\found.008\FILE0772.CHK
c:\found.008\FILE0773.CHK
c:\found.008\FILE0774.CHK
c:\found.008\FILE0775.CHK
c:\found.008\FILE0776.CHK
c:\found.008\FILE0777.CHK
c:\found.008\FILE0778.CHK
c:\found.008\FILE0779.CHK
c:\found.008\FILE0780.CHK
c:\found.008\FILE0781.CHK
c:\found.008\FILE0782.CHK
c:\found.008\FILE0783.CHK
c:\found.008\FILE0784.CHK
c:\found.008\FILE0785.CHK
c:\found.008\FILE0786.CHK
c:\found.008\FILE0787.CHK
c:\found.008\FILE0788.CHK
c:\found.008\FILE0789.CHK
c:\found.008\FILE0790.CHK
c:\found.008\FILE0791.CHK
c:\found.008\FILE0792.CHK
c:\found.008\FILE0793.CHK
c:\found.008\FILE0794.CHK
c:\found.008\FILE0795.CHK
c:\found.008\FILE0796.CHK
c:\found.008\FILE0797.CHK
c:\found.008\FILE0798.CHK
c:\found.008\FILE0799.CHK
c:\found.008\FILE0800.CHK
c:\found.008\FILE0801.CHK
c:\found.008\FILE0802.CHK
c:\found.008\FILE0803.CHK
c:\found.008\FILE0804.CHK
c:\found.008\FILE0805.CHK
c:\found.008\FILE0806.CHK
c:\found.008\FILE0807.CHK
c:\found.008\FILE0808.CHK
c:\found.008\FILE0809.CHK
c:\found.008\FILE0810.CHK
c:\found.008\FILE0811.CHK
c:\found.008\FILE0812.CHK
c:\found.008\FILE0813.CHK
c:\found.008\FILE0814.CHK
c:\found.008\FILE0815.CHK
c:\found.008\FILE0816.CHK
c:\found.008\FILE0817.CHK
c:\found.008\FILE0818.CHK
c:\found.008\FILE0819.CHK
c:\found.008\FILE0820.CHK
c:\found.008\FILE0821.CHK
c:\found.008\FILE0822.CHK
c:\found.008\FILE0823.CHK
c:\found.008\FILE0824.CHK
c:\found.008\FILE0825.CHK
c:\found.008\FILE0826.CHK
c:\found.008\FILE0827.CHK
c:\found.008\FILE0828.CHK
c:\found.008\FILE0829.CHK
c:\found.008\FILE0830.CHK
c:\found.008\FILE0831.CHK
c:\found.008\FILE0832.CHK
c:\found.008\FILE0833.CHK
c:\found.008\FILE0834.CHK
c:\found.008\FILE0835.CHK
c:\found.008\FILE0836.CHK
c:\found.008\FILE0837.CHK
c:\found.008\FILE0838.CHK
c:\found.008\FILE0839.CHK
c:\found.008\FILE0840.CHK
c:\found.008\FILE0841.CHK
c:\found.008\FILE0842.CHK
c:\found.008\FILE0843.CHK
c:\found.008\FILE0844.CHK
c:\found.008\FILE0845.CHK
c:\found.008\FILE0846.CHK
c:\found.008\FILE0847.CHK
c:\found.008\FILE0848.CHK
c:\found.008\FILE0849.CHK
c:\found.008\FILE0850.CHK
c:\found.008\FILE0851.CHK
c:\found.008\FILE0852.CHK
c:\found.008\FILE0853.CHK
c:\found.008\FILE0854.CHK
c:\found.008\FILE0855.CHK
c:\found.008\FILE0856.CHK
c:\found.008\FILE0857.CHK
c:\found.008\FILE0858.CHK
c:\found.008\FILE0859.CHK
c:\found.008\FILE0860.CHK
c:\found.008\FILE0861.CHK
c:\found.008\FILE0862.CHK
c:\found.008\FILE0863.CHK
c:\found.008\FILE0864.CHK
c:\found.008\FILE0865.CHK
c:\found.008\FILE0866.CHK
c:\found.008\FILE0867.CHK
c:\found.008\FILE0868.CHK
c:\found.008\FILE0869.CHK
c:\found.008\FILE0870.CHK
c:\found.008\FILE0871.CHK
c:\found.008\FILE0872.CHK
c:\found.008\FILE0873.CHK
c:\found.008\FILE0874.CHK
c:\found.008\FILE0875.CHK
c:\found.008\FILE0876.CHK
c:\found.008\FILE0877.CHK
c:\found.008\FILE0878.CHK
c:\found.008\FILE0879.CHK
c:\found.008\FILE0880.CHK
c:\found.008\FILE0881.CHK
c:\found.008\FILE0882.CHK
c:\found.008\FILE0883.CHK
c:\found.008\FILE0884.CHK
c:\found.008\FILE0885.CHK
c:\found.008\FILE0886.CHK
c:\found.008\FILE0887.CHK
c:\found.008\FILE0888.CHK
c:\found.008\FILE0889.CHK
c:\found.008\FILE0890.CHK
c:\found.008\FILE0891.CHK
c:\found.008\FILE0892.CHK
c:\found.008\FILE0893.CHK
c:\found.008\FILE0894.CHK
c:\found.008\FILE0895.CHK
c:\found.008\FILE0896.CHK
c:\found.008\FILE0897.CHK
c:\found.008\FILE0898.CHK
c:\found.008\FILE0899.CHK
c:\found.008\FILE0900.CHK
c:\found.008\FILE0901.CHK
c:\found.008\FILE0902.CHK
c:\found.008\FILE0903.CHK
c:\found.008\FILE0904.CHK
c:\found.008\FILE0905.CHK
c:\found.008\FILE0906.CHK
c:\found.008\FILE0907.CHK
c:\found.008\FILE0908.CHK
c:\found.008\FILE0909.CHK
c:\found.008\FILE0910.CHK
c:\found.008\FILE0911.CHK
c:\found.008\FILE0912.CHK
c:\found.008\FILE0913.CHK
c:\found.008\FILE0914.CHK
c:\found.008\FILE0915.CHK
c:\found.008\FILE0916.CHK
c:\found.008\FILE0917.CHK
c:\found.008\FILE0918.CHK
c:\found.008\FILE0919.CHK
c:\found.008\FILE0920.CHK
c:\found.008\FILE0921.CHK
c:\found.008\FILE0922.CHK
c:\found.008\FILE0923.CHK
c:\found.008\FILE0924.CHK
c:\found.008\FILE0925.CHK
c:\found.008\FILE0926.CHK
c:\found.008\FILE0927.CHK
c:\found.008\FILE0928.CHK
c:\found.008\FILE0929.CHK
c:\found.008\FILE0930.CHK
c:\found.008\FILE0931.CHK
c:\found.008\FILE0932.CHK
c:\found.008\FILE0933.CHK
c:\found.008\FILE0934.CHK
c:\found.008\FILE0935.CHK
c:\found.008\FILE0936.CHK
c:\found.008\FILE0937.CHK
c:\found.008\FILE0938.CHK
c:\found.008\FILE0939.CHK
c:\found.008\FILE0940.CHK
c:\found.008\FILE0941.CHK
c:\found.008\FILE0942.CHK
c:\found.008\FILE0943.CHK
c:\found.008\FILE0944.CHK
c:\found.008\FILE0945.CHK
c:\found.008\FILE0946.CHK
c:\found.008\FILE0947.CHK
c:\found.008\FILE0948.CHK
c:\found.008\FILE0949.CHK
c:\found.008\FILE0950.CHK
c:\found.008\FILE0951.CHK
c:\found.008\FILE0952.CHK
c:\found.008\FILE0953.CHK
c:\found.008\FILE0954.CHK
c:\found.008\FILE0955.CHK
c:\found.008\FILE0956.CHK
c:\found.008\FILE0957.CHK
c:\found.008\FILE0958.CHK
c:\found.008\FILE0959.CHK
c:\found.008\FILE0960.CHK
c:\found.008\FILE0961.CHK
c:\found.008\FILE0962.CHK
c:\found.008\FILE0963.CHK
c:\found.008\FILE0964.CHK
c:\found.008\FILE0965.CHK
c:\found.008\FILE0966.CHK
c:\found.008\FILE0967.CHK
c:\found.008\FILE0968.CHK
c:\found.008\FILE0969.CHK
c:\found.008\FILE0970.CHK
c:\found.008\FILE0971.CHK
c:\found.008\FILE0972.CHK
c:\found.008\FILE0973.CHK
c:\found.008\FILE0974.CHK
c:\found.008\FILE0975.CHK
c:\found.008\FILE0976.CHK
c:\found.008\FILE0977.CHK
c:\found.008\FILE0978.CHK
c:\found.008\FILE0979.CHK
c:\found.008\FILE0980.CHK
c:\found.008\FILE0981.CHK
c:\found.008\FILE0982.CHK
c:\found.008\FILE0983.CHK
c:\found.008\FILE0984.CHK
c:\found.008\FILE0985.CHK
c:\found.008\FILE0986.CHK
c:\found.008\FILE0987.CHK
c:\found.008\FILE0988.CHK
c:\found.008\FILE0989.CHK
c:\found.008\FILE0990.CHK
c:\found.008\FILE0991.CHK
c:\found.008\FILE0992.CHK
c:\found.008\FILE0993.CHK
c:\found.008\FILE0994.CHK
c:\found.008\FILE0995.CHK
c:\found.008\FILE0996.CHK
c:\found.008\FILE0997.CHK
c:\found.008\FILE0998.CHK
c:\found.008\FILE0999.CHK
c:\found.008\FILE1000.CHK
c:\found.008\FILE1001.CHK
c:\found.008\FILE1002.CHK
c:\found.008\FILE1003.CHK
c:\found.008\FILE1004.CHK
c:\found.008\FILE1005.CHK
c:\found.008\FILE1006.CHK
c:\found.008\FILE1007.CHK
c:\found.008\FILE1008.CHK
c:\found.008\FILE1009.CHK
c:\found.008\FILE1010.CHK
c:\found.008\FILE1011.CHK
c:\found.008\FILE1012.CHK
c:\found.008\FILE1013.CHK
c:\found.008\FILE1014.CHK
c:\found.008\FILE1015.CHK
c:\found.008\FILE1016.CHK
c:\found.008\FILE1017.CHK
c:\found.008\FILE1018.CHK
c:\found.008\FILE1019.CHK
c:\found.008\FILE1020.CHK
c:\found.008\FILE1021.CHK
c:\found.008\FILE1022.CHK
c:\found.008\FILE1023.CHK
c:\found.008\FILE1024.CHK
c:\found.008\FILE1025.CHK
c:\found.008\FILE1026.CHK
c:\found.008\FILE1027.CHK
c:\found.008\FILE1028.CHK
c:\found.008\FILE1029.CHK
c:\found.008\FILE1030.CHK
c:\found.008\FILE1031.CHK
c:\found.008\FILE1032.CHK
c:\found.008\FILE1033.CHK
c:\found.008\FILE1034.CHK
c:\found.008\FILE1035.CHK
c:\found.008\FILE1036.CHK
c:\found.008\FILE1037.CHK
c:\found.008\FILE1038.CHK
c:\found.008\FILE1039.CHK
c:\found.008\FILE1040.CHK
c:\found.008\FILE1041.CHK
c:\found.008\FILE1042.CHK
c:\found.008\FILE1043.CHK
c:\found.008\FILE1044.CHK
c:\found.008\FILE1045.CHK
c:\found.008\FILE1046.CHK
c:\found.008\FILE1047.CHK
c:\found.008\FILE1048.CHK
c:\found.008\FILE1049.CHK
c:\found.008\FILE1050.CHK
c:\found.008\FILE1051.CHK
c:\found.008\FILE1052.CHK
c:\found.008\FILE1053.CHK
c:\found.008\FILE1054.CHK
c:\found.008\FILE1055.CHK
c:\found.008\FILE1056.CHK
c:\found.008\FILE1057.CHK
c:\found.008\FILE1058.CHK
c:\found.008\FILE1059.CHK
c:\found.008\FILE1060.CHK
c:\found.008\FILE1061.CHK
c:\found.008\FILE1062.CHK
c:\found.008\FILE1063.CHK
c:\found.008\FILE1064.CHK
c:\found.008\FILE1065.CHK
c:\found.008\FILE1066.CHK
c:\found.008\FILE1067.CHK
c:\found.008\FILE1068.CHK
c:\found.008\FILE1069.CHK
c:\found.008\FILE1070.CHK
c:\found.008\FILE1071.CHK
c:\found.008\FILE1072.CHK
c:\found.008\FILE1073.CHK
c:\found.008\FILE1074.CHK
c:\found.008\FILE1075.CHK
c:\found.008\FILE1076.CHK
c:\found.008\FILE1077.CHK
c:\found.008\FILE1078.CHK
c:\found.008\FILE1079.CHK
c:\found.008\FILE1080.CHK
c:\found.008\FILE1081.CHK
c:\found.008\FILE1082.CHK
c:\found.008\FILE1083.CHK
c:\found.008\FILE1084.CHK
c:\found.008\FILE1085.CHK
c:\found.008\FILE1086.CHK
c:\found.008\FILE1087.CHK
c:\found.008\FILE1088.CHK
c:\found.008\FILE1089.CHK
c:\found.008\FILE1090.CHK
c:\found.008\FILE1091.CHK
c:\found.008\FILE1092.CHK
c:\found.008\FILE1093.CHK
c:\found.008\FILE1094.CHK
c:\found.008\FILE1095.CHK
c:\found.008\FILE1096.CHK
c:\found.008\FILE1097.CHK
c:\found.008\FILE1098.CHK
c:\found.008\FILE1099.CHK
c:\found.008\FILE1100.CHK
c:\found.008\FILE1101.CHK
c:\found.008\FILE1102.CHK
c:\found.008\FILE1103.CHK
c:\found.008\FILE1104.CHK
c:\found.008\FILE1105.CHK
c:\found.008\FILE1106.CHK
c:\found.008\FILE1107.CHK
c:\found.008\FILE1108.CHK
c:\found.008\FILE1109.CHK
c:\found.008\FILE1110.CHK
c:\found.008\FILE1111.CHK
c:\found.008\FILE1112.CHK
c:\found.008\FILE1113.CHK
c:\found.008\FILE1114.CHK
c:\found.008\FILE1115.CHK
c:\found.008\FILE1116.CHK
c:\found.008\FILE1117.CHK
c:\found.008\FILE1118.CHK
c:\found.008\FILE1119.CHK
c:\found.008\FILE1120.CHK
c:\found.008\FILE1121.CHK
c:\found.008\FILE1122.CHK
c:\found.008\FILE1123.CHK
c:\found.008\FILE1124.CHK
c:\found.008\FILE1125.CHK
c:\found.008\FILE1126.CHK
c:\found.008\FILE1127.CHK
c:\found.008\FILE1128.CHK
c:\found.008\FILE1129.CHK
c:\found.008\FILE1130.CHK
c:\found.008\FILE1131.CHK
c:\found.008\FILE1132.CHK
c:\found.008\FILE1133.CHK
c:\found.008\FILE1134.CHK
c:\found.008\FILE1135.CHK
c:\found.008\FILE1136.CHK
c:\found.008\FILE1137.CHK
c:\found.008\FILE1138.CHK
c:\found.008\FILE1139.CHK
c:\found.008\FILE1140.CHK
c:\found.008\FILE1141.CHK
c:\found.008\FILE1142.CHK
c:\found.008\FILE1143.CHK
c:\found.008\FILE1144.CHK
c:\found.008\FILE1145.CHK
c:\found.008\FILE1146.CHK
c:\found.008\FILE1147.CHK
c:\found.008\FILE1148.CHK
c:\found.008\FILE1149.CHK
c:\found.008\FILE1150.CHK
c:\found.008\FILE1151.CHK
c:\found.008\FILE1152.CHK
c:\found.008\FILE1153.CHK
c:\found.008\FILE1154.CHK
c:\found.008\FILE1155.CHK
c:\found.008\FILE1156.CHK
c:\found.008\FILE1157.CHK
c:\found.008\FILE1158.CHK
c:\found.008\FILE1159.CHK
c:\found.008\FILE1160.CHK
c:\found.008\FILE1161.CHK
c:\found.008\FILE1162.CHK
c:\found.008\FILE1163.CHK
c:\found.008\FILE1164.CHK
c:\found.008\FILE1165.CHK
c:\found.008\FILE1166.CHK
c:\found.008\FILE1167.CHK
c:\found.008\FILE1168.CHK
c:\found.008\FILE1169.CHK
c:\found.008\FILE1170.CHK
c:\found.008\FILE1171.CHK
c:\found.008\FILE1172.CHK
c:\found.008\FILE1173.CHK
c:\found.008\FILE1174.CHK
c:\found.008\FILE1175.CHK
c:\found.008\FILE1176.CHK
c:\found.008\FILE1177.CHK
c:\found.008\FILE1178.CHK
c:\found.008\FILE1179.CHK
c:\found.008\FILE1180.CHK
c:\found.008\FILE1181.CHK
c:\found.008\FILE1182.CHK
c:\found.008\FILE1183.CHK
c:\found.008\FILE1184.CHK
c:\found.008\FILE1185.CHK
c:\found.008\FILE1186.CHK
c:\found.008\FILE1187.CHK
c:\found.008\FILE1188.CHK
c:\found.008\FILE1189.CHK
c:\found.008\FILE1190.CHK
c:\found.008\FILE1191.CHK
c:\found.008\FILE1192.CHK
c:\found.008\FILE1193.CHK
c:\found.008\FILE1194.CHK
c:\found.008\FILE1195.CHK
c:\found.008\FILE1196.CHK
c:\found.008\FILE1197.CHK
c:\found.008\FILE1198.CHK
c:\found.008\FILE1199.CHK
c:\found.008\FILE1200.CHK
c:\found.008\FILE1201.CHK
c:\found.008\FILE1202.CHK
c:\found.008\FILE1203.CHK
c:\found.008\FILE1204.CHK
c:\found.008\FILE1205.CHK
c:\found.008\FILE1206.CHK
c:\found.008\FILE1207.CHK
c:\found.008\FILE1208.CHK
c:\found.008\FILE1209.CHK
c:\found.008\FILE1210.CHK
c:\found.008\FILE1211.CHK
c:\found.008\FILE1212.CHK
c:\found.008\FILE1213.CHK
c:\found.008\FILE1214.CHK
c:\found.008\FILE1215.CHK
c:\found.008\FILE1216.CHK
c:\found.008\FILE1217.CHK
c:\found.008\FILE1218.CHK
c:\found.008\FILE1219.CHK
c:\found.008\FILE1220.CHK
c:\found.008\FILE1221.CHK
c:\found.008\FILE1222.CHK
c:\found.008\FILE1223.CHK
c:\found.008\FILE1224.CHK
c:\found.008\FILE1225.CHK
c:\found.008\FILE1226.CHK
c:\found.008\FILE1227.CHK
c:\found.008\FILE1228.CHK
c:\found.008\FILE1229.CHK
c:\found.008\FILE1230.CHK
c:\found.008\FILE1231.CHK
c:\found.008\FILE1232.CHK
c:\found.008\FILE1233.CHK
c:\found.008\FILE1234.CHK
c:\found.008\FILE1235.CHK
c:\found.008\FILE1236.CHK
c:\found.008\FILE1237.CHK
c:\found.008\FILE1238.CHK
c:\found.008\FILE1239.CHK
c:\found.008\FILE1240.CHK
c:\found.008\FILE1241.CHK
c:\found.008\FILE1242.CHK
c:\found.008\FILE1243.CHK
c:\found.008\FILE1244.CHK
c:\found.008\FILE1245.CHK
c:\found.008\FILE1246.CHK
c:\found.008\FILE1247.CHK
c:\found.008\FILE1248.CHK
c:\found.008\FILE1249.CHK
c:\found.008\FILE1250.CHK
c:\found.008\FILE1251.CHK
c:\found.008\FILE1252.CHK
c:\found.008\FILE1253.CHK
c:\found.008\FILE1254.CHK
c:\found.008\FILE1255.CHK
c:\found.008\FILE1256.CHK
c:\found.008\FILE1257.CHK
c:\found.008\FILE1258.CHK
c:\found.008\FILE1259.CHK
c:\found.008\FILE1260.CHK
c:\found.008\FILE1261.CHK
c:\found.008\FILE1262.CHK
c:\found.008\FILE1263.CHK
c:\found.008\FILE1264.CHK
c:\found.008\FILE1265.CHK
c:\found.008\FILE1266.CHK
c:\found.008\FILE1267.CHK
c:\found.008\FILE1268.CHK
c:\found.008\FILE1269.CHK
c:\found.008\FILE1270.CHK
c:\found.008\FILE1271.CHK
c:\found.008\FILE1272.CHK
c:\found.008\FILE1273.CHK
c:\found.008\FILE1274.CHK
c:\found.008\FILE1275.CHK
c:\found.008\FILE1276.CHK
c:\found.008\FILE1277.CHK
c:\found.008\FILE1278.CHK
c:\found.008\FILE1279.CHK
c:\found.008\FILE1280.CHK
c:\found.008\FILE1281.CHK
c:\found.008\FILE1282.CHK
c:\found.008\FILE1283.CHK
c:\found.008\FILE1284.CHK
c:\found.008\FILE1285.CHK
c:\found.008\FILE1286.CHK
c:\found.008\FILE1287.CHK
c:\found.008\FILE1288.CHK
c:\found.008\FILE1289.CHK
c:\found.008\FILE1290.CHK
c:\found.008\FILE1291.CHK
c:\found.008\FILE1292.CHK
c:\found.008\FILE1293.CHK
c:\found.008\FILE1294.CHK
c:\found.008\FILE1295.CHK
c:\found.008\FILE1296.CHK
c:\found.008\FILE1297.CHK
c:\found.008\FILE1298.CHK
c:\found.008\FILE1299.CHK
c:\found.008\FILE1300.CHK
c:\found.008\FILE1301.CHK
c:\found.008\FILE1302.CHK
c:\found.008\FILE1303.CHK
c:\found.008\FILE1304.CHK
c:\found.008\FILE1305.CHK
c:\found.008\FILE1306.CHK
c:\found.008\FILE1307.CHK
c:\found.008\FILE1308.CHK
c:\found.008\FILE1309.CHK
c:\found.008\FILE1310.CHK
c:\found.008\FILE1311.CHK
c:\found.008\FILE1312.CHK
c:\found.008\FILE1313.CHK
c:\found.008\FILE1314.CHK
c:\found.008\FILE1315.CHK
c:\found.008\FILE1316.CHK
c:\found.008\FILE1317.CHK
c:\found.008\FILE1318.CHK
c:\found.008\FILE1319.CHK
c:\found.008\FILE1320.CHK
c:\found.008\FILE1321.CHK
c:\found.008\FILE1322.CHK
c:\found.008\FILE1323.CHK
c:\found.008\FILE1324.CHK
c:\found.008\FILE1325.CHK

.
((((((((((((((((((((((((( Files Creati Da 2010-09-18 al 2010-10-18 )))))))))))))))))))))))))))))))))))
.

2010-10-15 09:56 . 2010-10-15 09:56 -------- d-----w- c:\documents and settings\Veriton\DoctorWeb
2010-10-14 16:27 . 2010-10-14 16:27 -------- d-----w- C:\pippo
2010-10-14 15:18 . 2010-10-14 15:18 -------- d-----w- c:\windows\BDOSCAN8
2010-10-14 08:34 . 2010-10-14 08:34 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-14 06:15 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 06:15 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 06:15 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 16:22 . 2010-10-12 16:22 -------- d-----w- c:\programmi\CCleaner
2010-10-12 13:45 . 2010-10-12 13:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-23 12:42 . 2010-09-23 12:42 95672 ----a-w- c:\programmi\Mozilla Firefox\plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 19CB8AA5B83D0017EB9A9126AA2EEB55 . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[-] 2008-04-14 . 19CB8AA5B83D0017EB9A9126AA2EEB55 . 1554944 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7E2817A623E16F830B660F81C0FD63DA . 1035776 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-04 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-04 77824]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast5"="c:\programmi\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON CardMonitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON CardMonitor.lnk
backup=c:\windows\pss\EPSON CardMonitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tasto di scelta rapida per l'avvio di AutoCAD LT.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Tasto di scelta rapida per l'avvio di AutoCAD LT.lnk
backup=c:\windows\pss\Tasto di scelta rapida per l'avvio di AutoCAD LT.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Veriton^Menu Avvio^Programmi^Esecuzione automatica^Utilità controllo supporti di Picture Motion Browser.lnk]
path=c:\documents and settings\Veriton\Menu Avvio\Programmi\Esecuzione automatica\Utilità controllo supporti di Picture Motion Browser.lnk
backup=c:\windows\pss\Utilità controllo supporti di Picture Motion Browser.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-06-02 14:03 1957888 ------w- c:\programmi\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 20:56 204288 ------w- c:\programmi\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programmi\\hp\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programmi\\hp\\HP Software Update\\HPWUCli.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02/09/2010 16.39.36 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/09/2010 16.39.37 17744]
R2 cp9xwnt;cp9xwnt;c:\windows\system32\drivers\CP9XWNT.SYS [28/09/2006 11.02.07 16416]
S2 gupdate1c9b6a99bff244c;Servizio di Google Update (gupdate1c9b6a99bff244c);c:\programmi\Google\Update\GoogleUpdate.exe [06/04/2009 13.19.53 133104]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [28/09/2006 11.02.06 18007]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [25/09/2008 20.31.42 101120]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 PortRW;PortRW;c:\windows\system32\drivers\PortRW.sys [28/09/2006 11.02.07 3456]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [02/09/2010 12.03.14 27064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 13:04 8192 ----a-w- c:\programmi\PixiePack Codec Pack\InstallerHelper.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-17 c:\windows\Tasks\WebReg Photosmart C4200 series.job
- c:\programmi\HP\Digital Imaging\bin\hpqwrg.exe [2009-11-17 22:29]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-06 11:19]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-06 11:19]

2010-10-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\documents and settings\Veriton\Dati applicazioni\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Veriton\Dati applicazioni\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {3F16269E-84B1-48E7-9955-85F53B822C9C} = 151.99.125.1,151.99.0.100
FF - ProfilePath - c:\documents and settings\Veriton\Dati applicazioni\Mozilla\Firefox\Profiles\ottxfbmk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT22690 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2269050&q=
FF - component: c:\documents and settings\Veriton\Dati applicazioni\Mozilla\Firefox\Profiles\ottxfbmk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Veriton\Dati applicazioni\Mozilla\Firefox\Profiles\ottxfbmk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Veriton\Dati applicazioni\Mozilla\Firefox\Profiles\ottxfbmk.default\extensions\{b6315c48-f861-4913-9578-1b5fac41ebe0}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Veriton\Dati applicazioni\Mozilla\Firefox\Profiles\ottxfbmk.default\extensions\{b6315c48-f861-4913-9578-1b5fac41ebe0}\components\RadioWMPCore.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-AppleSyncNotifier - c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-iTunesHelper - c:\programmi\iTunes\iTunesHelper.exe
MSConfigStartUp-QuickTime Task - c:\programmi\QuickTime\qttask.exe


.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
Ora fine scansione: 2010-10-18 15:45:36
ComboFix-quarantined-files.txt 2010-10-18 13:45

Pre-Run: 8.612.184.064 byte disponibili
Post-Run: 8.657.731.584 byte disponibili

- - End Of File - - D444069EEF15B3F750ABCE6AC38ECF7C


Domanda: in C: ho notato che ci sono altre cartelle nominate Found001 ecc, quelle non vanno cancellate?

Fammi sapere cosa devo fare adesso. Grazie ancora..
Avatar utente
meno82
Neo Iscritto
Neo Iscritto
 
Messaggi: 23
Iscritto il: mer feb 06, 2008 1:27 am

Re: attacco malware e alureon.h

Messaggioda stevens » lun ott 18, 2010 2:58 pm

ho un dubbio su questi due .sys controlla dalle proprieta' a quale societa' appartengono

c:\windows\system32\PavTPK.sys

c:\windows\system32\PavSRK.sys
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: attacco malware e alureon.h

Messaggioda meno82 » lun ott 18, 2010 4:44 pm

mi spiace ma non li trovo da nessuna parte questi due file.
Avatar utente
meno82
Neo Iscritto
Neo Iscritto
 
Messaggi: 23
Iscritto il: mer feb 06, 2008 1:27 am

Re: attacco malware e alureon.h

Messaggioda stevens » lun ott 18, 2010 5:00 pm

mi spiace ma non li trovo da nessuna parte questi due file.


visualizza i file nascosti e vedi se sono realmente nel pc
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: attacco malware e alureon.h

Messaggioda meno82 » lun ott 18, 2010 7:10 pm

Ho ricontrollato nuovamente visualizzando i file nascosti ma non ho trovato niente.

Come devo procedere adesso. Devo fare altre scansioni. Lo abbiamo ripulito il pc.
Grazie ancora..
Avatar utente
meno82
Neo Iscritto
Neo Iscritto
 
Messaggi: 23
Iscritto il: mer feb 06, 2008 1:27 am

Re: attacco malware e alureon.h

Messaggioda stevens » mar ott 19, 2010 3:03 pm

credo che siamo giunti alla fine


rimuovi combofix con OTC by OldTimer

eseguilo
Clicca su CleanUp.
Alla richiesta di riavvio clicca SI

fai pulizia con ccleaner dei soli temp (registro escluso)

posta un log aggiornato di hijackthis per una verifica
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: attacco malware e alureon.h

Messaggioda meno82 » mar ott 19, 2010 3:37 pm

Fatto tutto..
Ecco il log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.37.26, on 19/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\LTMSG.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
D:\Documenti\Per Virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Veriton\Dati applicazioni\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Veriton\Dati applicazioni\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programmi\PlotSoft\PDFill\DownloadPDF.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F16269E-84B1-48E7-9955-85F53B822C9C}: NameServer = 151.99.125.1,151.99.0.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F16269E-84B1-48E7-9955-85F53B822C9C}: NameServer = 151.99.125.1,151.99.0.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F16269E-84B1-48E7-9955-85F53B822C9C}: NameServer = 151.99.125.1,151.99.0.100
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Hardware Monitoring Program (ADMService) - OSA Technologies Inc - c:\Programmi\Acer\eManager\admServ.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio di Google Update (gupdate1c9b6a99bff244c) (gupdate1c9b6a99bff244c) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O24 - Desktop Component 0: (no name) - http://www.tremetrisoprailcielo.it/down ... esk_1B.jpg
O24 - Desktop Component 1: (no name) - http://www.rassegnalithos.it/2001/images/animate.js
O24 - Desktop Component 2: (no name) - http://www.tremetrisoprailcielo.it/down ... esk_2B.jpg

--
End of file - 9172 bytes


Fammi sapere se è tutto ok o se devo fare altre cose.. Ti ringrazio ancora..
Avatar utente
meno82
Neo Iscritto
Neo Iscritto
 
Messaggi: 23
Iscritto il: mer feb 06, 2008 1:27 am

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Bing [Bot] e 0 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising