Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

sospetto trojan????

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

sospetto trojan????

Messaggioda BourneMega87 » mar nov 02, 2010 10:43 am

Ciao a tutti...
Ho un problema da diverso tempo che spero qualcuno riesca a risolverlo o perlomeno mi aiuti a farlo...
Allora ho nella path C:\Windows\Temp una cartella _avast4_ che si crea in automatico.Questa cartella è vuota e Microsoft Security Essentials me la rileva come trojan ma quando vado ad applicare "Pulisci Computer" dall'interfaccia di quest'ultimo, mi dice che non ha trovato alcun software dannoso con conseguente messaggio: "Computer pulito"..mah...ho fatto una scansione con GData e nessun visrus trovato, con lo stesso Microsoft Security Essentials e anche qui tutto è risultato ok, con Panda Cloud Antivirus, con Supera Antispyware, con Malwarebytes' AntiMalware, e tutti hanno dato esito negativo, ovvero nessun trojan, rootkit, o malware trovato. Ora aprendo la path sopracitata, la cartella è vuota, la elimino definitivamente con SHIFT+CANC, si elimina, ma dopo qualche minuti riappare "magicamente" da sola in automatico, è come se ci fosse un processo che (io non sono risucito a trovare) ricrea questa cartella....
Qualcuno mi saprebbe dare una mano per favore????????un aiuto??????????un suggerimento??????????
Ah dimenticavo...non ho avast come antivirus [:)]

Spero di essere stato chiaro...e vi ringrazio in anticipo a chiunque mi rispondesse [:)]
Avatar utente
BourneMega87
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab gen 02, 2010 11:30 am

Re: sospetto trojan????

Messaggioda ste_95 » mar nov 02, 2010 10:48 am

Fai una scansione con ComboFix e poi posta qui il log.
http://www.bleepingcomputer.com/downloa ... s/combofix
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: sospetto trojan????

Messaggioda BourneMega87 » mar nov 02, 2010 11:01 am

Grazie per avermi risposto...seguirò subito il tuo consiglio....
il tempo della scansione e posterò il log...
grazie
Avatar utente
BourneMega87
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab gen 02, 2010 11:30 am


Re: sospetto trojan????

Messaggioda BourneMega87 » mar nov 02, 2010 11:34 am

Strano....iniziata la scansione si è riavviato, schermata del dos di colore blu...scansione avviata...si è riavviato di nuovo....ma di un log nessuna traccia se doveva comparirmi un file.txt....la cartella è ancora in C:\Windows\Temp
Avatar utente
BourneMega87
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab gen 02, 2010 11:30 am

Re: sospetto trojan????

Messaggioda BourneMega87 » mar nov 02, 2010 11:38 am

perdonami non avevo letto la guida....riavvio la scansione...e ti faccio sapere :D
Avatar utente
BourneMega87
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab gen 02, 2010 11:30 am

Re: sospetto trojan????

Messaggioda BourneMega87 » mar nov 02, 2010 12:00 pm

Ecco tutto il file di log COMBOFIX.TXT

ComboFix 10-10-26.02 - Francesco 02/11/2010 11.44.26.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2045.933 [GMT 1:00]
Eseguito da: c:\users\Francesco\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Francesco\AppData\Roaming\drivers\downld
c:\windows\system32\muzapp.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-10-02 al 2010-11-02 )))))))))))))))))))))))))))))))))))
.

2010-11-02 10:47 . 2010-11-02 10:48 -------- d-----w- c:\users\Francesco\AppData\Local\temp
2010-11-02 10:47 . 2010-11-02 10:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-02 10:47 . 2010-11-02 10:47 -------- d-----w- c:\users\_ocster_backup_\AppData\Local\temp
2010-11-02 10:36 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0A85B08-BCA1-407C-AED2-F91350963EF2}\mpengine.dll
2010-11-02 10:05 . 2010-11-02 10:06 3887136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{27A6AC6C-0ED7-0E86-E66C-FF6682E2641F}-ComboFix.exe
2010-11-02 10:05 . 2010-11-02 10:06 3887136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{5847C5B4-781A-96C5-7642-3D7A02ED21FD}-ComboFix.exe
2010-11-02 07:57 . 2010-11-02 07:57 -------- d-----w- c:\users\Francesco\AppData\Roaming\Blumentals
2010-11-01 15:07 . 2010-11-01 15:07 -------- d-----w- c:\users\Francesco\AppData\Roaming\AllyNova
2010-11-01 15:06 . 2010-11-01 15:07 -------- d-----w- c:\program files\HTML Password Wizard
2010-11-01 15:00 . 2009-12-09 13:59 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-11-01 08:21 . 2010-11-01 08:21 -------- d-----w- c:\programdata\PC Tools
2010-10-31 08:29 . 2010-10-31 08:29 -------- d-----w- c:\program files\CA VMN Anti-Spyware
2010-10-31 08:29 . 2010-10-31 08:30 -------- d-----w- c:\programdata\EmailNotifier
2010-10-31 08:29 . 2010-10-31 08:30 -------- d-----w- c:\program files\vmntoolbar
2010-10-31 08:29 . 2010-10-31 08:29 -------- d-----w- c:\users\Francesco\AppData\Roaming\Dynamic
2010-10-31 08:29 . 2010-10-31 09:08 -------- d-----w- c:\users\Francesco\AppData\Roaming\Sites
2010-10-31 08:29 . 2010-10-31 08:33 -------- d-----w- c:\users\Francesco\AppData\Roaming\SiteClasses
2010-10-31 08:28 . 2010-10-31 08:28 -------- d-----w- c:\program files\Visicom Media
2010-10-28 07:55 . 2010-10-28 07:55 -------- d-----w- c:\users\Francesco\AppData\Roaming\Panda Security
2010-10-28 07:46 . 2010-10-28 07:46 -------- d-----w- c:\programdata\Panda Security
2010-10-28 07:46 . 2010-10-28 07:46 -------- d-----w- c:\program files\Panda Security
2010-10-27 07:37 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 07:37 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 07:37 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-25 08:10 . 2010-10-25 08:10 -------- d-----w- c:\program files\CSS Tab Designer 2
2010-10-22 14:25 . 2010-10-22 14:25 -------- d-----w- c:\users\Francesco\AppData\Local\Windows Live
2010-10-22 14:22 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-13 20:16 . 2010-10-29 07:40 -------- d-----w- c:\program files\Wondershare
2010-10-13 14:15 . 2009-12-09 14:06 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-10-13 14:14 . 2010-10-13 20:29 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-10-13 14:07 . 2010-10-13 15:01 -------- d-----w- c:\users\Francesco\AppData\Local\Innovative Solutions
2010-10-13 14:06 . 2010-10-13 14:06 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2010-10-13 14:06 . 2010-10-13 14:07 -------- d-----w- c:\programdata\Innovative Solutions
2010-10-13 14:06 . 2009-11-05 14:36 47984 ----a-w- c:\windows\system32\AdvUninstCPL.cpl
2010-10-13 14:05 . 2010-10-31 08:39 -------- d-----w- c:\program files\Innovative Solutions
2010-10-13 08:22 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 08:22 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 08:22 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 08:22 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 08:20 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 08:20 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 08:20 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 08:20 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-12 21:13 . 2010-10-12 21:13 -------- d-----w- c:\programdata\MAGIX
2010-10-12 21:13 . 2010-10-12 21:13 -------- d-----w- c:\users\Francesco\AppData\Roaming\MAGIX
2010-10-12 21:13 . 2010-10-12 21:13 -------- d-----w- c:\users\Francesco\AppData\Local\Xara
2010-10-12 21:12 . 2010-10-12 21:14 -------- d-----w- c:\program files\Xara
2010-10-12 21:12 . 2010-10-12 21:12 -------- d-----w- c:\programdata\Xara
2010-10-12 20:46 . 2010-10-12 20:52 -------- d-----w- c:\program files\ShopFactory V8
2010-10-12 20:46 . 2010-10-12 20:46 -------- d-----w- c:\programdata\3D3
2010-10-12 10:27 . 2010-10-12 10:27 -------- d-----w- c:\program files\Xirrus
2010-10-12 10:14 . 2010-10-12 10:14 -------- d-----w- c:\program files\MiserWare
2010-10-12 07:42 . 2010-10-12 07:42 -------- d-----w- c:\users\Francesco\AppData\Roaming\AntiBrowserSpy 2009
2010-10-08 07:19 . 2010-10-08 07:19 -------- d-----w- c:\program files\Vectorian Inc
2010-10-07 07:14 . 2009-08-19 22:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-10-07 07:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-10-06 10:59 . 2010-10-06 10:59 -------- d-----w- c:\program files\Zip Password Recovery Magic
2010-10-06 09:12 . 2010-10-06 09:13 -------- d-----w- c:\program files\Vectorian Giotto
2010-10-06 09:08 . 2010-10-06 09:08 -------- d-----w- c:\users\Francesco\AppData\Local\Easy Website Pro
2010-10-06 09:06 . 2010-10-06 09:06 -------- d-----w- c:\program files\PhotonFX
2010-10-06 07:59 . 2010-10-12 19:54 -------- d-----w- c:\program files\Hide Your IP Address
2010-10-06 07:50 . 2010-11-02 06:45 -------- d-----w- c:\users\Francesco\AppData\Roaming\AVG
2010-10-06 06:51 . 2010-10-06 06:51 -------- d-----w- c:\program files\AVG
2010-10-04 13:03 . 2010-10-04 13:03 -------- d-----w- c:\program files\TorrentFetcher

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-11-21 15:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2009-11-26 12:17 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-24 07:31 . 2010-09-24 07:31 34276864 ----a-w- c:\windows\system32\imageres.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-15 03:50 . 2010-05-03 08:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33 . 2010-10-27 07:37 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 07:37 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 07:37 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 07:37 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-16 07:48 128000 ----a-w- c:\windows\system32\spoolsv.exe
2007-12-17 17:23 . 2010-03-17 14:11 1136640 ----a-w- c:\program files\Common Files\ewutils2.dll
2007-11-06 23:19 . 2010-09-02 06:38 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-06 23:19 . 2010-09-02 06:38 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-09-24 14:26 1966080 ----a-w- c:\progra~1\vmntoolbar\vmntoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\progra~1\vmntoolbar\vmntoolbar.dll" [2007-09-24 1966080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\progra~1\vmntoolbar\vmntoolbar.dll" [2007-09-24 1966080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 13:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 13:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware Application"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-17 1549608]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"G DATA AntiVirus Trayapplication"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2010-01-06 951880]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2009-10-21 1124424]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]

c:\users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-1-6 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceRV_McciTrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpyWare2Guard
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo AntiSpyWare 2 Guard
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2006-12-11 16:27 530552 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 16:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-12-07 15:49 55416 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2006-12-14 18:09 493688 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-10 16:20 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-08-17 11:14 1549608 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2009-03-16 18:54 6158240 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Online Product Information]
2009-03-16 18:54 6158240 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO]
2010-08-27 11:14 1050072 ----a-w- c:\program files\Toshiba TEMPRO\TemproTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-26 07:43 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2010-05-20 22:39 64048 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Google Update"="c:\users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"EPSON S21 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE /FU "c:\windows\TEMP\E_S6DA1.tmp" /EF "HKCU"
"ehTray.exe"=c:\windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NDSTray.exe"=NDSTray.exe
"DBHAgent"=c:\program files\Paragon Software\System Backup 9.5\program\dbhagent.exe
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-179793737-3557242359-2971821377-1000]
"EnableNotificationsRef"=dword:00000001

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 133104]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-02-21 151552]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-02-23 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-02-23 8456]
R3 Paragon System Backup Service;Paragon System Backup Service;c:\program files\Paragon Software\System Backup 9.5\program\dbhservice.exe [2010-05-06 150096]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-10-02 94992]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-22 691696]
S0 84280882;84280882 Boot Guard Driver;c:\windows\system32\DRIVERS\84280882.sys [2009-10-22 37392]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-02-26 28616]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-05-06 40624]
S1 84280881;84280881;c:\windows\system32\DRIVERS\84280881.sys [2009-09-25 128016]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-02-19 127744]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2010-02-26 40904]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-02-27 29992]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 125960]
S1 setup_9.0.0.722_02.02.2010_11-10drv;setup_9.0.0.722_02.02.2010_11-10drv;c:\windows\system32\DRIVERS\8428088.sys [2009-10-09 311312]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-10-02 115856]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-10-02 41424]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2009-12-15 1054792]
S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2009-09-07 397896]
S2 AVKWCtl;G Data Guardiano del file system;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2009-11-25 1251488]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
S2 ocster_backup;Ocster Backup;c:\program files\Ocster Backup\bin\backupService-ox.exe [2010-08-12 18200]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 99336]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 111176]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-08-27 124368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-09 1044808]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [2010-05-06 242000]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-05-20 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-20 539184]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2009-11-25 1547104]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-02-26 55624]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2010-02-26 47560]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G DATA\GDScan\GDScan.exe [2009-11-26 302152]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-02-26 35272]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 NETw5v32;Driver scheda Intel(R) Wireless WiFi Link per Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-05 6000640]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-10-02 103568]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efc7fc58-56bd-11df-9619-005056c00008}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenuto della cartella 'Scheduled Tasks'

2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 09:26]

2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 09:26]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-179793737-3557242359-2971821377-1000Core.job
- c:\users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-22 18:11]

2010-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-179793737-3557242359-2971821377-1000UA.job
- c:\users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-22 18:11]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Aggiungi a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Francesco\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017}
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\9vy4ccet.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?cl ... t:official
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60341&qkw=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Francesco\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-02 11:48
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Ora fine scansione: 2010-11-02 11:54:01
ComboFix-quarantined-files.txt 2010-11-02 10:53

Pre-Run: 37.090.004.992 byte disponibili
Post-Run: 36.823.408.640 byte disponibili

- - End Of File - - 70EC709AEE68D4459BC3D13FC2968C2C


Attendo tuoi suggerimenti........
Avatar utente
BourneMega87
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab gen 02, 2010 11:30 am

Re: sospetto trojan????

Messaggioda The Doctor » mar nov 02, 2010 12:18 pm

Questo è il mio suggerimento, nel frattempo ho editato io il tuo post di sopra [;)]

[!!!] Allegare contenuti alle discussioni - nuovo tag MEMO

[grazie]
Ciao Nonno
Avatar utente
The Doctor
MLI Hero
MLI Hero
 
Messaggi: 5553
Iscritto il: mer mar 24, 2010 9:10 am
Località: Fiumicino (Roma)

Re: sospetto trojan????

Messaggioda BourneMega87 » mar nov 02, 2010 12:24 pm

Perdonami sono nuovo in questo forum...e non avevo visto l'asterisco..scusa per il file a crudo postato....
Avatar utente
BourneMega87
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab gen 02, 2010 11:30 am

Re: sospetto trojan????

Messaggioda FDAC » mar nov 02, 2010 12:31 pm

Ciao.
Disinstalla:
- SUPERAntiSpyware
- Lavasoft Adaware

Scarica ed installa MalwareBytes:
http://www.aiutamici.com/software?id=80346
Prima di fare la scansione aggiornalo -clicca su Aggiornamento in alto-
Esegui una scansione completa del sistema.
Elimina tutto ciò che trova.
Invia il log.

- Scarica ed installa Hijackthis dal link sottostante:
http://www.hijackthis.de/downloads/HJTInstall.exe
- lancia Hijackthis
- clicca su Do a system scan and save a logfile
- al termine della scansione verrà rilasciato un file di testo: salvalo sul Desktop perché lo dovrai inviare qui
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: sospetto trojan????

Messaggioda BourneMega87 » mar nov 02, 2010 12:34 pm

ComboFix 10-10-26.02 - Francesco 02/11/2010 11.44.26.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2045.933 [GMT 1:00]
Eseguito da: c:\users\Francesco\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Francesco\AppData\Roaming\drivers\downld
c:\windows\system32\muzapp.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-10-02 al 2010-11-02 )))))))))))))))))))))))))))))))))))
.

2010-11-02 10:47 . 2010-11-02 10:48 -------- d-----w- c:\users\Francesco\AppData\Local\temp
2010-11-02 10:47 . 2010-11-02 10:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-02 10:47 . 2010-11-02 10:47 -------- d-----w- c:\users\_ocster_backup_\AppData\Local\temp
2010-11-02 10:36 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0A85B08-BCA1-407C-AED2-F91350963EF2}\mpengine.dll
2010-11-02 10:05 . 2010-11-02 10:06 3887136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{27A6AC6C-0ED7-0E86-E66C-FF6682E2641F}-ComboFix.exe
2010-11-02 10:05 . 2010-11-02 10:06 3887136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{5847C5B4-781A-96C5-7642-3D7A02ED21FD}-ComboFix.exe
2010-11-02 07:57 . 2010-11-02 07:57 -------- d-----w- c:\users\Francesco\AppData\Roaming\Blumentals
2010-11-01 15:07 . 2010-11-01 15:07 -------- d-----w- c:\users\Francesco\AppData\Roaming\AllyNova
2010-11-01 15:06 . 2010-11-01 15:07 -------- d-----w- c:\program files\HTML Password Wizard
2010-11-01 15:00 . 2009-12-09 13:59 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-11-01 08:21 . 2010-11-01 08:21 -------- d-----w- c:\programdata\PC Tools
2010-10-31 08:29 . 2010-10-31 08:29 -------- d-----w- c:\program files\CA VMN Anti-Spyware
2010-10-31 08:29 . 2010-10-31 08:30 -------- d-----w- c:\programdata\EmailNotifier
2010-10-31 08:29 . 2010-10-31 08:30 -------- d-----w- c:\program files\vmntoolbar
2010-10-31 08:29 . 2010-10-31 08:29 -------- d-----w- c:\users\Francesco\AppData\Roaming\Dynamic
2010-10-31 08:29 . 2010-10-31 09:08 -------- d-----w- c:\users\Francesco\AppData\Roaming\Sites
2010-10-31 08:29 . 2010-10-31 08:33 -------- d-----w- c:\users\Francesco\AppData\Roaming\SiteClasses
2010-10-31 08:28 . 2010-10-31 08:28 -------- d-----w- c:\program files\Visicom Media
2010-10-28 07:55 . 2010-10-28 07:55 -------- d-----w- c:\users\Francesco\AppData\Roaming\Panda Security
2010-10-28 07:46 . 2010-10-28 07:46 -------- d-----w- c:\programdata\Panda Security
2010-10-28 07:46 . 2010-10-28 07:46 -------- d-----w- c:\program files\Panda Security
2010-10-27 07:37 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 07:37 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 07:37 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-25 08:10 . 2010-10-25 08:10 -------- d-----w- c:\program files\CSS Tab Designer 2
2010-10-22 14:25 . 2010-10-22 14:25 -------- d-----w- c:\users\Francesco\AppData\Local\Windows Live
2010-10-22 14:22 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-13 20:16 . 2010-10-29 07:40 -------- d-----w- c:\program files\Wondershare
2010-10-13 14:15 . 2009-12-09 14:06 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-10-13 14:14 . 2010-10-13 20:29 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-10-13 14:07 . 2010-10-13 15:01 -------- d-----w- c:\users\Francesco\AppData\Local\Innovative Solutions
2010-10-13 14:06 . 2010-10-13 14:06 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2010-10-13 14:06 . 2010-10-13 14:07 -------- d-----w- c:\programdata\Innovative Solutions
2010-10-13 14:06 . 2009-11-05 14:36 47984 ----a-w- c:\windows\system32\AdvUninstCPL.cpl
2010-10-13 14:05 . 2010-10-31 08:39 -------- d-----w- c:\program files\Innovative Solutions
2010-10-13 08:22 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 08:22 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 08:22 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 08:22 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 08:20 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 08:20 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 08:20 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 08:20 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-12 21:13 . 2010-10-12 21:13 -------- d-----w- c:\programdata\MAGIX
2010-10-12 21:13 . 2010-10-12 21:13 -------- d-----w- c:\users\Francesco\AppData\Roaming\MAGIX
2010-10-12 21:13 . 2010-10-12 21:13 -------- d-----w- c:\users\Francesco\AppData\Local\Xara
2010-10-12 21:12 . 2010-10-12 21:14 -------- d-----w- c:\program files\Xara
2010-10-12 21:12 . 2010-10-12 21:12 -------- d-----w- c:\programdata\Xara
2010-10-12 20:46 . 2010-10-12 20:52 -------- d-----w- c:\program files\ShopFactory V8
2010-10-12 20:46 . 2010-10-12 20:46 -------- d-----w- c:\programdata\3D3
2010-10-12 10:27 . 2010-10-12 10:27 -------- d-----w- c:\program files\Xirrus
2010-10-12 10:14 . 2010-10-12 10:14 -------- d-----w- c:\program files\MiserWare
2010-10-12 07:42 . 2010-10-12 07:42 -------- d-----w- c:\users\Francesco\AppData\Roaming\AntiBrowserSpy 2009
2010-10-08 07:19 . 2010-10-08 07:19 -------- d-----w- c:\program files\Vectorian Inc
2010-10-07 07:14 . 2009-08-19 22:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-10-07 07:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-10-06 10:59 . 2010-10-06 10:59 -------- d-----w- c:\program files\Zip Password Recovery Magic
2010-10-06 09:12 . 2010-10-06 09:13 -------- d-----w- c:\program files\Vectorian Giotto
2010-10-06 09:08 . 2010-10-06 09:08 -------- d-----w- c:\users\Francesco\AppData\Local\Easy Website Pro
2010-10-06 09:06 . 2010-10-06 09:06 -------- d-----w- c:\program files\PhotonFX
2010-10-06 07:59 . 2010-10-12 19:54 -------- d-----w- c:\program files\Hide Your IP Address
2010-10-06 07:50 . 2010-11-02 06:45 -------- d-----w- c:\users\Francesco\AppData\Roaming\AVG
2010-10-06 06:51 . 2010-10-06 06:51 -------- d-----w- c:\program files\AVG
2010-10-04 13:03 . 2010-10-04 13:03 -------- d-----w- c:\program files\TorrentFetcher

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-11-21 15:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2009-11-26 12:17 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-24 07:31 . 2010-09-24 07:31 34276864 ----a-w- c:\windows\system32\imageres.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-15 03:50 . 2010-05-03 08:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33 . 2010-10-27 07:37 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 07:37 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 07:37 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 07:37 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-16 07:48 128000 ----a-w- c:\windows\system32\spoolsv.exe
2007-12-17 17:23 . 2010-03-17 14:11 1136640 ----a-w- c:\program files\Common Files\ewutils2.dll
2007-11-06 23:19 . 2010-09-02 06:38 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-06 23:19 . 2010-09-02 06:38 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-09-24 14:26 1966080 ----a-w- c:\progra~1\vmntoolbar\vmntoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\progra~1\vmntoolbar\vmntoolbar.dll" [2007-09-24 1966080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\progra~1\vmntoolbar\vmntoolbar.dll" [2007-09-24 1966080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 13:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 13:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware Application"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-17 1549608]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"G DATA AntiVirus Trayapplication"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2010-01-06 951880]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2009-10-21 1124424]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]

c:\users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-1-6 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceRV_McciTrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpyWare2Guard
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo AntiSpyWare 2 Guard
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2006-12-11 16:27 530552 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 16:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-12-07 15:49 55416 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2006-12-14 18:09 493688 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-10 16:20 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-08-17 11:14 1549608 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2009-03-16 18:54 6158240 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Online Product Information]
2009-03-16 18:54 6158240 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO]
2010-08-27 11:14 1050072 ----a-w- c:\program files\Toshiba TEMPRO\TemproTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-26 07:43 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2010-05-20 22:39 64048 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Google Update"="c:\users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"EPSON S21 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE /FU "c:\windows\TEMP\E_S6DA1.tmp" /EF "HKCU"
"ehTray.exe"=c:\windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NDSTray.exe"=NDSTray.exe
"DBHAgent"=c:\program files\Paragon Software\System Backup 9.5\program\dbhagent.exe
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-179793737-3557242359-2971821377-1000]
"EnableNotificationsRef"=dword:00000001

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 133104]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-02-21 151552]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-02-23 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-02-23 8456]
R3 Paragon System Backup Service;Paragon System Backup Service;c:\program files\Paragon Software\System Backup 9.5\program\dbhservice.exe [2010-05-06 150096]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-10-02 94992]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-22 691696]
S0 84280882;84280882 Boot Guard Driver;c:\windows\system32\DRIVERS\84280882.sys [2009-10-22 37392]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-02-26 28616]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-05-06 40624]
S1 84280881;84280881;c:\windows\system32\DRIVERS\84280881.sys [2009-09-25 128016]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-02-19 127744]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2010-02-26 40904]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-02-27 29992]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 125960]
S1 setup_9.0.0.722_02.02.2010_11-10drv;setup_9.0.0.722_02.02.2010_11-10drv;c:\windows\system32\DRIVERS\8428088.sys [2009-10-09 311312]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-10-02 115856]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-10-02 41424]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2009-12-15 1054792]
S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2009-09-07 397896]
S2 AVKWCtl;G Data Guardiano del file system;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2009-11-25 1251488]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
S2 ocster_backup;Ocster Backup;c:\program files\Ocster Backup\bin\backupService-ox.exe [2010-08-12 18200]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 99336]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 111176]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-08-27 124368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-09 1044808]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [2010-05-06 242000]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-05-20 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-20 539184]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2009-11-25 1547104]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-02-26 55624]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2010-02-26 47560]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G DATA\GDScan\GDScan.exe [2009-11-26 302152]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-02-26 35272]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 NETw5v32;Driver scheda Intel(R) Wireless WiFi Link per Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-05 6000640]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-10-02 103568]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efc7fc58-56bd-11df-9619-005056c00008}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenuto della cartella 'Scheduled Tasks'

2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 09:26]

2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 09:26]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-179793737-3557242359-2971821377-1000Core.job
- c:\users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-22 18:11]

2010-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-179793737-3557242359-2971821377-1000UA.job
- c:\users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-22 18:11]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Aggiungi a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Francesco\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017}
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\9vy4ccet.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?cl ... t:official
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60341&qkw=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Francesco\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-02 11:48
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Ora fine scansione: 2010-11-02 11:54:01
ComboFix-quarantined-files.txt 2010-11-02 10:53

Pre-Run: 37.090.004.992 byte disponibili
Post-Run: 36.823.408.640 byte disponibili

- - End Of File - - 70EC709AEE68D4459BC3D13FC2968C2C


Spero ora di aver corretto il messaggio...scusate ancora
Avatar utente
BourneMega87
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab gen 02, 2010 11:30 am

Re: sospetto trojan????

Messaggioda BourneMega87 » mar nov 02, 2010 12:57 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.51.14, on 02/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\Webfilter\AvkWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\vmntoolbar\vmntoolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\7.0.517.43\npchrome_frame.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\Webfilter\AvkWebIE.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\vmntoolbar\vmntoolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware Application] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-179793737-3557242359-2971821377-1008\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '_ocster_backup_')
O4 - HKUS\S-1-5-21-179793737-3557242359-2971821377-1008\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '_ocster_backup_')
O4 - HKUS\S-1-5-21-179793737-3557242359-2971821377-1008\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (User '_ocster_backup_')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Francesco\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - (no file)
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - (no file)
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\7.0.517.43\npchrome_frame.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\CDivision\Skype4COM.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
O23 - Service: G Data Guardiano del file system (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Ocster Backup (ocster_backup) - Unknown owner - c:\Program Files\Ocster Backup\bin\backupService-ox.exe
O23 - Service: Paragon System Backup Service - Paragon Software Group - C:\Program Files\Paragon Software\System Backup 9.5\program\dbhservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 13348 bytes


Report di hijackthis.log
Avatar utente
BourneMega87
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab gen 02, 2010 11:30 am

Re: sospetto trojan????

Messaggioda FDAC » mar nov 02, 2010 1:47 pm

Posta il log di Malwarebytes, non di Combofix.
Che problemi riscontri?
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: sospetto trojan????

Messaggioda Sabbb » mar nov 02, 2010 1:55 pm

Forse sbaglio,ma pare che ha due antivirus attivi:G Data e Security Essentials.
Avatar utente
Sabbb
Utente inattivo
 
Messaggi: 4483
Iscritto il: sab set 04, 2010 11:19 am

Re: sospetto trojan????

Messaggioda FDAC » mar nov 02, 2010 2:25 pm

Hai ragione Sabb, grazie per essere intervenuto.
Aspetto il Log di Malwarebytes, poi prosegui tu e gli dici come procedere :)
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: sospetto trojan????

Messaggioda hashcat » mar nov 02, 2010 2:33 pm

A parte qualche bottone aggiuntivo su internet explorer sembra tutto a posto dal log di hijackthis
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: sospetto trojan????

Messaggioda Sabbb » mar nov 02, 2010 2:35 pm

FDAC ha scritto:Hai ragione Sabb, grazie per essere intervenuto .
Di niente [;)]
Aspetto il Log di Malwarebytes, poi prosegui tu e gli dici come procedere :)[/quote] Continua tu.No problem Immagine
Avatar utente
Sabbb
Utente inattivo
 
Messaggi: 4483
Iscritto il: sab set 04, 2010 11:19 am

Re: sospetto trojan????

Messaggioda FDAC » mar nov 02, 2010 2:37 pm

Sab, quanto lavoro che mi dai :)
A parte gli scherzi, Bourne, aspetto il log Di Malwarebytes.
Poi disinstalli Microsoft Security Essentials.
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: sospetto trojan????

Messaggioda Sabbb » mar nov 02, 2010 5:04 pm

Prima di disinstallare Microsoft Security Essentials assicurati che G Data sia ancora in licenza (valida) Se scaduta disinstalla G Data e tieniti Microsoft Security Essentials,mentre se valida ancora la licenza per G Data disinstalla pure MSE .
Avatar utente
Sabbb
Utente inattivo
 
Messaggi: 4483
Iscritto il: sab set 04, 2010 11:19 am

Re: sospetto trojan????

Messaggioda BourneMega87 » mar nov 02, 2010 9:41 pm

Scusate ma non ci sono stato...impegni di lavoro...comunque grazie per avermi risposto...ecco il file di log di malwarebytes' anti malware:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 5024

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

02/11/2010 21.37.24
mbam-log-2010-11-02 (21-37-24).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 160775
Tempo trascorso: 20 minuti, 14 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\20W6RLKX65 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ASH24SXZ9S (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Videocan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)


Letto il file di log ho eliminato i tre trojan individuati.
Poi il file di log di combo fix me lo aveva chiesto ste_95 e gliel'ho postato..
Poi G-Data è in licenza valida, validissima, e MSE fino a questa piccolo problemino non mi ha mai dato motivo di preoccuparmi, mi rileva spesso firus dai file
o keygen e repentinamente me li elimina...c'è stato solo questo problema e perciò vi ho chiesto consiglio...
ad ogni modo aspetto vostre istruzioni in merito...
Avatar utente
BourneMega87
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab gen 02, 2010 11:30 am

Re: sospetto trojan????

Messaggioda Sabbb » mar nov 02, 2010 9:51 pm

BourneMega87 ha scritto: Poi G-Data è in licenza valida, validissima, e MSE fino a questa piccolo problemino non mi ha mai dato motivo di preoccuparmi, mi rileva spesso firus dai file ..........
Io ti consiglio di disinstallare MSE per il semplice motivo che due antivirus non solo possono andare in conflitto,ma danno rallentamenti e noie varie,specie con G Data che ha due motori antivirali. Poi è molto valido e non ha per niente bisogno di qualsiasi altro antivirus affiancato. Naturalmente il pc è tuo,il mio è solo un suggerimento che tra l'altro sanno già tutti. Malwarebytes ha fatto il suo lavoro ed è a posto.Ma il G Data è aggiornato? Mi meraviglio non poco che si è dovuti ricorrere a Malwarebytes [uhm]
Avatar utente
Sabbb
Utente inattivo
 
Messaggi: 4483
Iscritto il: sab set 04, 2010 11:19 am

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising