Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
c'è qualcosa di strano?
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
spirritutoro
Comune mortale
Comune mortale


Registrato: 20/12/07 23:39
Messaggi: 3
MessaggioInviato: 20 Dic 2007 23:46    Oggetto: c'è qualcosa di strano? Rispondi citando
ciao a tutti volevo chiedervi se notate qualche processo anomalo.
il problema era drivecleaner 2006 ke forse sono riuscito a rimuovere ( spybot e altri non lo rilevano piu) pero adesso mi si aprono costantemente delle pagine con mozilla

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.15.23, on 20/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Users\michele\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\michele\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Orion.lnk = C:\Convesoft\Orion\Messenger.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 12433 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 21 Dic 2007 00:09    Oggetto: Rispondi citando
Ciao spirritutoro, Ciao

Segui le istruzioni di questo messaggio per postare il log di combofix.
Top
Profilo Invia messaggio privato
spirritutoro
Comune mortale
Comune mortale


Registrato: 20/12/07 23:39
Messaggi: 3
MessaggioInviato: 21 Dic 2007 23:33    Oggetto: Rispondi citando
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.31.42, on 21/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\michele\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Orion.lnk = C:\Convesoft\Orion\Messenger.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 11557 bytes






ComboFix 07-12-21.4 - michele 2007-12-21 22:26:00.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1040.18.774 [GMT 1:00]
Eseguito da: C:\Users\michele\Desktop\ComboFix(4).exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Privacy Policy.url
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\Terms and conditions.url
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\Privacy Policy.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\Terms and conditions.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\Website.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Privacy Policy.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Terms and conditions.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.lnk
c:\Users\michele\AppData\Local\zuhdxkwrey.dat
C:\Users\michele\AppData\Local\zuhdxkwrey.exe
c:\Users\michele\AppData\Local\zuhdxkwrey_nav.dat
c:\Users\michele\AppData\Local\zuhdxkwrey_navps.dat
C:\Users\Public\Desktop\webmediaplayer.lnk

.
((((((((((((((((((((((((( Files Creati Da 2007-11-21 al 2007-12-21 )))))))))))))))))))))))))))))))))))
.

2007-12-21 12:06 . 2007-12-21 12:06 <DIR> d-------- C:\Program Files\RegCleaner
2007-12-21 10:49 . 2007-12-21 12:21 <DIR> d-------- C:\Users\michele\AppData\Roaming\Application Data
2007-12-21 10:49 . 2007-12-21 12:21 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-12-20 21:34 . 2007-12-20 22:05 <DIR> d-------- C:\Program Files\Sophos
2007-12-20 16:22 . 2007-05-29 13:55 22,112 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2007-12-20 16:22 . 2007-05-29 13:55 10,592 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2007-12-20 16:22 . 2007-05-29 13:55 705 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2007-12-20 12:07 . 2007-12-21 12:48 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-12-20 12:07 . 2007-12-21 12:48 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-12-20 12:01 . 2007-12-20 14:25 <DIR> d-------- C:\VEXPLITE
2007-12-20 12:01 . 2007-10-10 09:00 36,096 --a------ C:\Windows\System32\drivers\VIRAGTLT.SYS
2007-12-20 11:53 . 2007-12-20 11:53 47,104 --a------ C:\Windows\System32\drivers\avgwfp.sys
2007-12-20 01:40 . 2007-12-20 01:40 <DIR> d-------- C:\Users\All Users\pixelStorm
2007-12-20 01:40 . 2007-12-20 01:40 <DIR> d-------- C:\ProgramData\pixelStorm
2007-12-20 00:40 . 2007-12-20 00:40 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2007-12-19 12:55 . 2007-12-19 12:56 <DIR> d-------- C:\Users\All Users\PC Suite
2007-12-19 12:55 . 2007-12-19 12:56 <DIR> d-------- C:\ProgramData\PC Suite
2007-12-19 12:52 . 2007-12-19 13:19 <DIR> d-------- C:\Users\michele\AppData\Roaming\Nokia
2007-12-19 12:52 . 2007-12-19 12:52 <DIR> d-------- C:\Users\michele\{94e96e35-481d-4f3c-a1a7-3f51eb7e6484}
2007-12-19 12:51 . 2007-12-19 12:51 <DIR> d-------- C:\Program Files\DIFX
2007-12-19 12:50 . 2007-12-19 13:03 <DIR> d-------- C:\Users\michele\AppData\Roaming\PC Suite
2007-12-19 12:48 . 2007-02-22 10:15 90,624 --a------ C:\Windows\System32\nmwcdcls.dll
2007-12-19 12:46 . 2007-12-19 12:46 <DIR> d-------- C:\Users\All Users\Installations
2007-12-19 12:46 . 2007-12-19 12:46 <DIR> d-------- C:\ProgramData\Installations
2007-12-18 17:59 . 2007-12-18 17:59 <DIR> d-------- C:\Users\All Users\Forge of Games
2007-12-18 17:59 . 2007-12-18 17:59 <DIR> d-------- C:\ProgramData\Forge of Games
2007-12-17 21:04 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2007-12-17 21:03 . 2007-12-17 21:04 <DIR> d-------- C:\Program Files\Java
2007-12-17 21:02 . 2007-12-17 21:02 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-17 16:58 . 2007-12-17 16:58 <DIR> d-------- C:\Users\michele\AppData\Roaming\CyberLink
2007-12-17 13:30 . 2007-12-17 13:30 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2007-12-17 13:26 . 2007-12-17 13:26 8,138,240 --a------ C:\Windows\System32\ssBranded.scr
2007-12-17 13:26 . 2007-12-17 13:26 88,576 --a------ C:\Windows\System32\avifil32.dll
2007-12-17 13:26 . 2007-12-17 13:26 69,632 --a------ C:\Windows\System32\sendmail.dll
2007-12-17 13:26 . 2007-12-17 13:26 31,232 --a------ C:\Windows\System32\msvidc32.dll
2007-12-17 13:26 . 2007-12-17 13:26 12,800 --a------ C:\Windows\System32\msrle32.dll
2007-12-16 23:13 . 2007-12-16 23:13 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2007-12-16 23:13 . 2007-12-16 23:13 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2007-12-16 23:11 . 2007-12-16 23:11 <DIR> d-------- C:\Users\michele\AppData\Roaming\SecondLife
2007-12-16 17:00 . 2007-12-16 17:01 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-12-16 17:00 . 2007-12-16 17:00 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-12-16 16:53 . 2007-12-21 12:48 <DIR> d-------- C:\Program Files\Windows Live
2007-12-16 16:53 . 2007-12-21 12:48 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-16 16:52 . 2007-12-21 12:24 <DIR> d-------- C:\Users\All Users\WLInstaller
2007-12-16 16:52 . 2007-12-21 12:24 <DIR> d-------- C:\ProgramData\WLInstaller
2007-12-16 12:33 . 2007-12-16 12:33 <DIR> d-------- C:\Users\All Users\eMule
2007-12-16 12:33 . 2007-12-16 12:33 <DIR> d-------- C:\ProgramData\eMule
2007-12-16 12:15 . 2007-12-16 12:15 <DIR> d-------- C:\Users\michele\AppData\Roaming\eMule
2007-12-16 12:15 . 2007-12-16 12:15 <DIR> d-------- C:\Program Files\eMule
2007-12-16 00:00 . 2007-12-19 01:16 441,843 --a------ C:\PokerStars.log.1
2007-12-16 00:00 . 2007-12-20 00:52 83,519 --a------ C:\PokerStars.log.0
2007-12-15 14:38 . 2007-12-15 14:38 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-12-15 14:38 . 2007-12-15 14:38 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-12-15 14:38 . 2007-12-15 14:38 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-12-15 14:38 . 2007-12-15 14:38 4,096 --a------ C:\Windows\System32\msdxm.ocx
2007-12-15 14:38 . 2007-12-15 14:38 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-12-15 14:37 . 2007-12-15 14:37 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2007-12-15 14:37 . 2007-12-15 14:37 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2007-12-15 14:37 . 2007-12-15 14:37 193,536 --a------ C:\Windows\System32\drivers\usbhub.sys
2007-12-15 14:37 . 2007-12-15 14:37 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2007-12-15 14:37 . 2007-12-15 14:37 19,456 --a------ C:\Windows\System32\drivers\usbohci.sys
2007-12-15 14:37 . 2007-12-15 14:37 8,704 --a------ C:\Windows\System32\hcrstco.dll
2007-12-15 14:37 . 2007-12-15 14:37 8,704 --a------ C:\Windows\System32\hccoin.dll
2007-12-15 14:37 . 2007-12-15 14:37 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2007-12-15 14:37 . 2007-12-15 14:37 2,048 --a------ C:\Windows\System32\msxml3r.dll
2007-12-15 14:36 . 2007-12-15 14:36 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-15 14:36 . 2007-12-15 14:36 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-15 14:36 . 2007-12-15 14:36 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-15 14:36 . 2007-12-15 14:36 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-15 14:35 . 2007-12-15 14:35 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2007-12-15 14:35 . 2007-12-15 14:35 737,792 --a------ C:\Windows\System32\inetcomm.dll
2007-12-15 14:35 . 2007-12-15 14:35 84,480 --a------ C:\Windows\System32\INETRES.dll
2007-12-15 14:35 . 2007-12-15 14:35 2,048 --a------ C:\Windows\System32\msxml6r.dll
2007-12-15 14:33 . 2007-12-15 14:33 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-15 14:33 . 2007-12-15 14:33 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-15 14:33 . 2007-12-15 14:33 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-15 14:33 . 2007-12-15 14:33 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-15 14:32 . 2007-12-15 14:32 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-15 14:32 . 2007-12-15 14:32 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-15 14:32 . 2007-12-15 14:32 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-15 14:32 . 2007-12-15 14:32 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2007-12-15 14:31 . 2007-12-15 14:31 750,080 --a------ C:\Windows\System32\qmgr.dll
2007-12-15 14:31 . 2007-12-15 14:31 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-15 14:22 . 2007-12-20 23:46 <DIR> d-------- C:\Users\All Users\Google
2007-12-15 14:21 . 2007-12-20 23:59 <DIR> d-------- C:\Program Files\Google
2007-12-15 13:05 . 2007-12-21 18:27 <DIR> d-------- C:\Program Files\PokerStars
2007-12-15 12:52 . 2007-12-15 12:52 <DIR> d-------- C:\Nuova cartella
2007-12-15 12:34 . 2007-12-15 12:34 16 --a------ C:\Windows\System32\coh.cache
2007-12-15 12:17 . 2007-12-15 12:17 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2007-12-15 12:17 . 2007-12-15 12:17 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2007-12-15 12:17 . 2007-12-15 12:17 549,720 --a------ C:\Windows\System32\wuapi.dll
2007-12-15 12:17 . 2007-12-15 12:17 163,000 --a------ C:\Windows\System32\wuwebv.dll
2007-12-15 12:17 . 2007-12-15 12:17 80,896 --a------ C:\Windows\System32\wudriver.dll
2007-12-15 12:17 . 2007-12-15 12:17 53,080 --a------ C:\Windows\System32\wuauclt.exe
2007-12-15 12:17 . 2007-12-15 12:17 43,352 --a------ C:\Windows\System32\wups2.dll
2007-12-15 12:17 . 2007-12-15 12:17 33,624 --a------ C:\Windows\System32\wups.dll
2007-12-15 12:17 . 2007-12-15 12:17 31,232 --a------ C:\Windows\System32\wuapp.exe
2007-12-15 12:12 . 2007-12-15 12:12 <DIR> d-------- C:\Program Files\nobrand
2007-12-15 12:11 . 2007-12-15 12:11 <DIR> d-------- C:\Windows\Downloaded Installations
2007-12-15 12:05 . 2007-12-21 22:18 27,525 --a------ C:\Users\michele\AppData\Roaming\nvModes.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 11:48 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-21 11:48 --------- d-----w C:\Program Files\Microsoft Works
2007-12-21 11:48 --------- d-----w C:\Program Files\Acer GameZone
2007-12-21 11:12 --------- d-----w C:\Program Files\Norton Internet Security
2007-12-21 10:29 --------- d-----w C:\ProgramData\Symantec
2007-12-21 10:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-20 13:44 --------- d-----w C:\Program Files\Windows Calendar
2007-12-19 11:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 12:40 174 --sha-w C:\Program Files\desktop.ini
2007-12-17 12:27 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-17 12:27 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-17 12:27 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-17 12:27 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-17 12:27 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-17 12:27 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-17 12:27 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-17 12:27 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-17 12:27 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-17 12:27 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-16 10:39 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-16 10:39 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-16 10:39 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-16 10:39 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-16 10:39 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-16 10:39 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-16 10:39 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-16 10:39 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-16 10:39 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-16 10:39 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-16 10:39 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-16 10:39 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-16 10:39 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-16 10:39 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-16 10:39 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-16 10:39 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-16 10:39 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-16 10:39 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-16 10:39 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-15 17:44 --------- d-----w C:\Program Files\Windows Mail
2007-12-15 13:39 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-15 13:39 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-15 13:39 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-15 13:39 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-15 13:39 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-15 13:39 4 --sha-w C:\Windows\Fonts\ARIAL.TCX
2007-12-15 13:39 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-15 13:39 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-15 13:39 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-15 13:39 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-15 13:39 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-15 13:39 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-15 13:39 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-15 13:39 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-15 13:39 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-15 13:39 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-12-15 13:34 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-15 13:34 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-15 13:34 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-15 12:12 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-12-15 12:12 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2007-12-15 12:12 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2007-12-15 12:12 --------- d-----w C:\Program Files\Symantec
2007-12-14 23:00 --------- d-sh--w C:\ProgramData\Preferiti
2007-12-14 23:00 --------- d-sh--w C:\ProgramData\Modelli
2007-12-14 23:00 --------- d-sh--w C:\ProgramData\Menu Avvio
2007-12-14 23:00 --------- d-sh--w C:\ProgramData\Documenti
2007-12-14 23:00 --------- d-sh--w C:\ProgramData\Dati applicazioni
2007-12-14 23:00 --------- d-sh--w C:\Program Files\File comuni
2007-11-06 08:20 831,048 ----a-w C:\Windows\System32\WudfUpdate_01005.dll
2007-10-30 18:55 39,856 ----a-w C:\Windows\system32\drivers\symids.sys
2007-10-30 18:55 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2007-10-30 18:55 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2007-10-30 18:55 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2007-10-30 18:55 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2007-10-30 18:55 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2007-10-30 18:24 12,963 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2007-10-30 18:24 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2007-10-26 09:27 --------- d-----w C:\Program Files\Vic512WA
2007-10-26 09:27 --------- d-----w C:\Program Files\Acer Inc
2007-10-26 09:25 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2007-10-26 09:20 5,120 ----a-w C:\Windows\System32\wmi.dll
2007-10-26 09:20 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2007-10-26 09:20 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2007-10-26 09:19 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-10-26 09:19 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-10-26 09:19 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-10-26 09:16 --------- d-----w C:\ProgramData\CyberLink
2007-10-26 09:16 --------- d-----w C:\Program Files\Acer Arcade Deluxe
2007-10-26 09:14 --------- d-----w C:\Program Files\Launch Manager
2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35]
"WindowsWelcomeCenter"="" []
"Acer Tour Reminder"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-10 17:33]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-17 19:28 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-07 07:15]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:08]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 00:18]
"Acer Tour"="" []
"NvSvc"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-08-16 04:44]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 12:38]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 17:57:44]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071218.003\IDSvix86.sys [2007-12-04 17:51]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 15:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 13:24]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe -p []
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 16:46]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 10:23]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-07 07:16]
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\Windows\system32\DRIVERS\DKbFltr.sys [2007-08-16 04:44]
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-05-10 04:35]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-07 07:15]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-15 09:25]
S3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2007-12-20 11:53]
S3 BCM43XV;Driver della scheda di rete Broadcom Extensible 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-05-07 07:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
"2007-12-21 19:25:43 C:\Windows\Tasks\Norton Internet Security - Scansione completa sistema - michele.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2007-12-20 23:48:06 C:\Windows\Tasks\User_Feed_Synchronization-{FD75A522-82F5-4C35-9CB7-1146CB5ECD44}.job"
- C:\Windows\system32\msfeedssync.exe
"2007-12-16 16:01:09 C:\Windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 22:28:28
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2007-12-21 22:29:25
.
2007-12-17 12:30:52 --- E O F ---
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 22 Dic 2007 10:10    Oggetto: Rispondi
Combofix ha fatto qualche pulizia... Razz

Per cortesia, fai queste scansioni con GMER e posta i logs su FreeFileHosting come indicato qui.

Dopo, collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi