Olimpo Informatico

supereros18 · Mortale devoto Registrato: 20/03/08 12:49 Messaggi: 5

Ciao ragazzi,grazie al vostro aiuto,ho imparato a tenere sempre il mio computer più o meno pulito e funzionale.Questa volta però non mi spiego qual'è il problema,è iniziato ad andare lentissimo da un momento all'altro e una ragione apparente non c'è.Ho usato combofix,nod e norman malware;ha eliminato qualcosa con combo e con nod,niente malware.Ma il risultato non è cambiato,tra l'altro ci mette 5 minuti per accendersi...vi posto i log più recenti,dopo aver eliminato la roba.vedete se notate qualcosa.GRAZIE MILLE COME SEMPRE

_____________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.50.29, on 17/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programmi\Comodo\BackUp\CmdBkSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Visual ToolTip\VisualToolTip.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Microsoft LifeChat\LifeChat.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmi\Wallpaper Master\Wallpaper.exe
C:\Programmi\LClock\LClock.exe
C:\Programmi\Microsoft ActiveSync\Wcescomm.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.250.15.250:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programmi\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmi\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programmi\Styler\TB\StylerTB.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Programmi\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O4 - HKLM\..\Run: [VisualTooltip] C:\Programmi\Visual ToolTip\VisualToolTip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Programmi\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Programmi\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [WallpaperChanger] C:\Programmi\Wallpaper Master\Wallpaper.exe
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download all links with IDM - C:\Programmi\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Programmi\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Programmi\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica tutti i video usando BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Scarica tutto usando BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Scarica usando &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programmi\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD63F104-C903-45E4-9453-619171D999BF}: NameServer = 193.12.150.2,212.247.152.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ComodoBackupService - COMODO - C:\Programmi\Comodo\BackUp\CmdBkSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11045 bytes

___________________________________________________________

ComboFix 08-12-15.08 - Eros 2008-12-17 21.57.01.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2038.1766 [GMT 1:00]
Eseguito da: c:\documents and settings\Eros\Desktop\PULIZIA COMPUTER\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-11-17 al 2008-12-17 )))))))))))))))))))))))))))))))))))
.

2008-12-17 21:19 . 2008-12-17 21:19 <DIR> d-------- c:\programmi\Runtime Software
2008-12-17 21:08 . 2008-12-17 21:08 <DIR> d-------- c:\programmi\Comodo
2008-12-17 19:35 . 2008-12-17 19:35 <DIR> d-------- c:\programmi\Trend Micro
2008-12-17 08:13 . 2008-12-17 08:13 <DIR> d-------- c:\windows\system32\xircom
2008-12-17 08:13 . 2008-12-17 08:13 <DIR> d-------- c:\windows\srchasst
2008-12-17 08:13 . 2008-12-17 08:13 <DIR> d-------- c:\programmi\microsoft frontpage
2008-12-12 10:58 . 2008-10-03 11:02 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2008-12-07 13:12 . 2008-12-07 13:12 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-04 00:41 . 2008-12-04 00:41 <DIR> d-------- c:\documents and settings\Eros\Dati applicazioni\PC Suite
2008-12-04 00:41 . 2008-12-04 00:41 <DIR> d-------- c:\documents and settings\Eros\Dati applicazioni\Nokia
2008-12-04 00:41 . 2008-12-04 00:41 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2008-12-04 00:40 . 2008-12-04 00:40 <DIR> d-------- c:\programmi\PC Connectivity Solution
2008-12-04 00:40 . 2008-12-04 00:40 <DIR> d-------- c:\programmi\Nokia
2008-12-04 00:40 . 2008-12-04 00:40 <DIR> d-------- c:\programmi\File comuni\PCSuite
2008-12-04 00:40 . 2008-12-04 00:40 <DIR> d-------- c:\programmi\File comuni\Nokia
2008-12-04 00:40 . 2008-12-04 00:40 <DIR> d-------- c:\programmi\DIFX
2008-12-04 00:40 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2008-12-04 00:40 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2008-12-04 00:39 . 2008-12-04 00:39 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Installations
2008-12-02 17:20 . 2008-12-02 17:20 <DIR> d-------- c:\programmi\Betfair
2008-12-02 17:20 . 2008-12-02 17:20 <DIR> d-------- c:\documents and settings\Eros\Dati applicazioni\Betfair
2008-12-02 17:20 . 2008-12-02 17:20 40 --a------ c:\windows\ujf635.bin
2008-12-02 17:16 . 2008-12-02 17:16 <DIR> d-------- C:\Poker
2008-12-02 15:06 . 2008-12-11 23:58 <DIR> d-------- c:\programmi\HTTP-Tunnel
2008-12-01 16:47 . 2008-12-01 16:47 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-11-30 11:56 . 2008-11-30 11:56 <DIR> d-------- c:\programmi\Virgin Poker
2008-11-29 02:30 . 2008-12-12 01:39 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-28 19:05 . 2008-11-28 19:05 <DIR> d-------- c:\programmi\Microsoft CAPICOM 2.1.0.2
2008-11-28 14:42 . 2008-11-28 14:42 <DIR> d-------- c:\documents and settings\Eros\Dati applicazioni\Brother
2008-11-28 14:28 . 2008-11-28 14:57 474 --a------ c:\windows\BRWMARK.INI
2008-11-28 14:28 . 2008-11-28 14:28 184 --a------ c:\windows\system32\brsvc01a.bsi
2008-11-28 14:28 . 2008-11-28 14:28 30 --a------ c:\windows\system32\brss01a.ini
2008-11-28 14:28 . 2008-11-28 14:28 27 --a------ c:\windows\BRPP2KA.INI
2008-11-28 14:26 . 2008-11-28 14:26 <DIR> d-------- c:\programmi\Common Files
2008-11-28 14:26 . 2008-11-28 14:26 <DIR> d-------- c:\programmi\Brother
2008-11-28 14:24 . 2008-11-28 14:24 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Brother
2008-11-28 14:22 . 2008-04-13 09:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-28 14:22 . 2008-04-13 07:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-26 19:49 . 2008-11-26 19:49 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-11-26 19:49 . 2008-11-26 19:49 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-11-26 19:47 . 2008-11-26 19:47 <DIR> d-------- c:\programmi\Kaspersky Lab
2008-11-26 19:47 . 2008-12-17 21:31 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2008-11-26 19:47 . 2008-12-17 21:53 3,046,432 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-26 19:47 . 2008-12-17 21:53 499,744 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-26 19:47 . 2008-12-17 21:53 25,928 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-26 19:47 . 2008-12-17 21:53 3,836 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-26 19:43 . 2008-11-26 19:43 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-11-25 11:58 . 2008-11-25 11:58 <DIR> d-------- C:\Program Files
2008-11-25 11:58 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2008-11-24 21:50 . 2008-11-24 21:50 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-24 21:50 . 2008-11-24 21:50 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-11-24 21:36 . 2008-11-24 21:36 <DIR> d-------- c:\programmi\Microsoft LifeChat
2008-11-24 21:36 . 2006-11-02 16:09 1,419,232 --a------ c:\windows\system32\WdfCoInstaller01005.dll
2008-11-24 21:36 . 2007-08-28 17:05 55,808 --a------ c:\windows\system32\drivers\xusb21.sys
2008-11-24 07:07 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-24 07:07 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-24 07:07 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-23 21:01 . 2008-11-23 21:01 <DIR> d-------- c:\programmi\BetClic Poker
2008-11-23 20:48 . 2008-11-23 20:48 473 --a------ c:\windows\system32\%LocalXml%
2008-11-22 16:00 . 2008-11-22 16:00 <DIR> d-------- c:\programmi\Microsoft Silverlight
2008-11-18 18:50 . 2008-11-18 18:50 <DIR> d-------- c:\programmi\PDF Creator Plus 4.0
2008-11-18 18:50 . 2008-11-18 18:50 <DIR> d-------- c:\documents and settings\Eros\Dati applicazioni\PEERNET
2008-11-18 18:50 . 2008-11-18 18:50 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PEERNET
2008-11-18 18:49 . 2008-11-18 18:49 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 19:58 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\IDM
2008-12-17 19:58 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\DMCache
2008-12-16 16:41 --------- d-----w c:\programmi\FCM
2008-12-12 10:09 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-12-12 00:39 --------- d-----w c:\programmi\Java
2008-12-10 01:29 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Babylon
2008-12-06 13:27 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\Babylon
2008-11-30 16:46 --------- d-----w c:\programmi\Internet Download Manager
2008-11-28 13:26 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-28 13:26 --------- d-----w c:\programmi\File comuni\InstallShield
2008-11-17 18:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2008-11-17 13:14 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\ScanSoft
2008-11-16 22:41 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\Zeon
2008-11-16 15:11 --------- d-----w c:\programmi\ScanSoft
2008-11-16 15:11 --------- d-----w c:\programmi\File comuni\ScanSoft Shared
2008-11-16 15:11 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Zeon
2008-11-16 15:10 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2008-11-16 14:32 --------- d--h--w c:\programmi\Zero G Registry
2008-11-16 14:25 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\Sports Interactive
2008-11-16 14:25 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sports Interactive
2008-11-16 14:15 --------- d-----w c:\programmi\Team JPN
2008-11-15 17:07 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\Skype
2008-11-14 11:33 --------- d-----w c:\programmi\MessengerDiscovery
2008-11-14 10:51 --------- d-----w c:\programmi\Reference Assemblies
2008-11-14 10:04 --------- d-----w c:\programmi\MSXML 4.0
2008-11-13 02:19 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\Nero
2008-11-13 02:07 --------- d-----w c:\programmi\Nero
2008-11-13 02:01 --------- d-----w c:\programmi\File comuni\Nero
2008-11-13 01:57 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2008-11-13 00:56 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\Nuance
2008-11-13 00:56 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\InstallShield
2008-11-13 00:50 --------- d-----w c:\programmi\Nuance
2008-11-13 00:50 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nuance
2008-11-13 00:38 --------- d-----w c:\programmi\Google
2008-11-13 00:22 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\MAGIX
2008-11-13 00:20 --------- d-----w c:\programmi\MAGIX
2008-11-13 00:20 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\MAGIX
2008-11-13 00:10 --------- d-----w c:\programmi\VirtualDJ
2008-11-13 00:06 90,112 ----a-w c:\windows\system32\agsaami.dll
2008-11-13 00:06 610,304 ----a-w c:\windows\system32\agsaamg.dll
2008-11-13 00:06 372,736 ----a-w c:\windows\system32\agsaamc.dll
2008-11-13 00:06 2,535,424 ----a-w c:\windows\system32\agsaamj.dll
2008-11-13 00:06 --------- d-----w c:\programmi\AML Products
2008-11-13 00:03 --------- d-----w c:\programmi\WinAVI Video Converter 9.0
2008-11-12 23:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ilium Software
2008-11-12 23:40 --------- d-----w c:\programmi\Ilium Software
2008-11-12 23:40 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\Ilium Software
2008-11-12 23:12 --------- d-----w c:\programmi\Babylon
2008-11-12 21:09 --------- d-----w c:\programmi\CFacile
2008-11-12 21:06 --------- d-----w c:\programmi\Borland
2008-11-12 21:04 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\OpenOffice.org
2008-11-12 21:03 --------- d-----w c:\programmi\OpenOffice.org 3
2008-11-12 21:03 --------- d-----w c:\programmi\JRE
2008-11-12 20:52 --------- d-----w c:\programmi\Winamp
2008-11-12 20:31 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\Media Player Classic
2008-11-12 10:45 --------- d-----w c:\programmi\eMule
2008-11-12 10:45 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\eMule
2008-11-11 12:09 --------- d-----w c:\programmi\BitComet
2008-11-11 12:08 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\Yahoo!
2008-11-11 12:08 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2008-11-11 01:08 --------- d-----w c:\programmi\Dell
2008-11-11 01:05 --------- d-----w c:\programmi\SigmaTel
2008-11-11 01:02 549,888 ----a-w c:\windows\system32\winlogon.exe
2008-11-11 00:59 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2008-11-11 00:55 --------- d-----w c:\programmi\Microsoft ActiveSync
2008-11-11 00:32 --------- d-----w c:\programmi\Wallpaper Master
2008-11-10 23:20 --------- d-----w c:\programmi\Styler
2008-11-10 23:20 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\Styler
2008-11-10 23:16 --------- d-----w c:\programmi\Visual ToolTip
2008-11-10 23:16 --------- d-----w c:\programmi\Vista Drive Icon
2008-11-10 23:14 --------- d-----w c:\programmi\DAEMON Tools Lite
2008-11-10 23:12 --------- d-----w c:\programmi\Stardock
2008-11-10 23:12 --------- d-----w c:\programmi\File comuni\Stardock
2008-11-10 23:09 --------- d-----w c:\programmi\Microsoft Works
2008-11-10 23:08 --------- d-----w c:\programmi\MSBuild
2008-11-10 23:02 --------- d-----w c:\programmi\Messenger Plus! Live
2008-11-10 23:01 --------- d-----w c:\programmi\Windows Live
2008-11-10 23:01 --------- d-----w c:\programmi\Skype
2008-11-10 23:01 --------- d-----w c:\programmi\File comuni\Skype
2008-11-10 23:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2008-11-10 23:00 --------- d-----w c:\programmi\Yahoo!
2008-11-10 23:00 --------- d-----w c:\programmi\Recuva
2008-11-10 23:00 --------- d-----w c:\programmi\File comuni\Java
2008-11-10 22:59 --------- d-----w c:\programmi\Real Alternative
2008-11-10 22:59 --------- d-----w c:\programmi\QuickTime Alternative
2008-11-10 22:59 --------- d-----w c:\programmi\K-Lite Codec Pack
2008-11-10 22:59 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-11-10 22:58 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\DAEMON Tools
2008-11-10 22:43 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-10 22:39 --------- d-----w c:\programmi\Alky for Applications
2008-11-10 22:37 --------- d-----w c:\programmi\Servizi in linea
2008-11-10 22:32 --------- d-----w c:\programmi\VistaExperience.org
2008-11-10 22:30 --------- d-----w c:\programmi\Windows Media Connect 2
2008-11-10 20:30 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\GlobalSCAPE
2008-11-10 20:29 --------- d-----w c:\programmi\GlobalSCAPE
2008-11-10 18:55 --------- d-----w c:\programmi\Kaspersky Key Finder
2008-11-10 18:44 --------- d-----w c:\documents and settings\Eros\Dati applicazioni\Winamp
2008-11-10 18:25 --------- d-----w c:\programmi\File comuni\Adobe
2008-11-10 18:22 --------- d-----w c:\programmi\File comuni\Macrovision Shared
2008-11-10 16:05 --------- d-----w c:\programmi\Broadcom
.

((((((((((((((((((((((((((((( snapshot@2008-12-17_ 8.25.53.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-16 23:32:24 67,002 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-17 20:59:09 67,002 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-16 23:32:25 78,780 ----a-w c:\windows\system32\perfc010.dat
+ 2008-12-17 20:59:09 78,780 ----a-w c:\windows\system32\perfc010.dat
- 2008-12-16 23:32:25 433,058 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-17 20:59:09 433,058 ----a-w c:\windows\system32\perfh009.dat
- 2008-12-16 23:32:25 478,758 ----a-w c:\windows\system32\perfh010.dat
+ 2008-12-17 20:59:10 478,758 ----a-w c:\windows\system32\perfh010.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WallpaperChanger"="c:\programmi\Wallpaper Master\Wallpaper.exe" [2005-01-06 509952]
"LClock"="c:\programmi\LClock\LClock.exe" [2004-09-19 65536]
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-10-12 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTooltip"="c:\programmi\Visual ToolTip\VisualToolTip.exe" [2007-12-06 988672]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SigmatelSysTrayApp"="c:\programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SetDefPrt"="c:\programmi\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"LifeChat"="c:\programmi\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"DrvIcon"="c:\programmi\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"ControlCenter2.0"="c:\programmi\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Babylon Client"="c:\programmi\Babylon\Babylon-Pro\Babylon.exe" [2008-11-13 3551456]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-10-12 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2008-10-16 c:\windows\system32\advpack.dll]

c:\documents and settings\Eros\Menu Avvio\Programmi\Esecuzione automatica\
Stardock ObjectDock.lnk - c:\programmi\Stardock\ObjectDock\ObjectDock.exe [2008-11-11 3444008]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"7784:TCP"= 7784:TCP:BitComet 7784 TCP
"7784:UDP"= 7784:UDP:BitComet 7784 UDP

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
S2 ComodoBackupService;ComodoBackupService;c:\programmi\Comodo\BackUp\CmdBkSvc.exe [2008-12-17 1023488]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [2008-11-13 1527900]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-24 c:\windows\Tasks\LifeChatTask.job
- c:\programmi\Microsoft LifeChat\LifeChat.exe [2008-08-21 11:16]
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 10.250.15.250:3128
IE: Download all links with IDM - c:\programmi\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\programmi\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\programmi\Internet Download Manager\IEExt.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Scarica tutti i video usando BitComet - c:\programmi\BitComet\BitComet.exe/AddVideo.htm
IE: Scarica tutto usando BitComet - c:\programmi\BitComet\BitComet.exe/AddAllLink.htm
IE: Scarica usando &BitComet - c:\programmi\BitComet\BitComet.exe/AddLink.htm
IE: Translate with &Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
TCP: {AD63F104-C903-45E4-9453-619171D999BF} = 193.12.150.2,212.247.152.2
FF - ProfilePath - c:\documents and settings\Eros\Dati applicazioni\Mozilla\Firefox\Profiles\uw5tprt9.default\
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 22:01:11
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(248)
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(304)
c:\windows\system32\scecli.dll
.
Ora fine scansione: 2008-12-17 22.02.19
ComboFix-quarantined-files.txt 2008-12-17 21:01:42
ComboFix2.txt 2008-12-17 07:26:43

Pre-Run: 45.247.016.960 byte disponibili
Post-Run: 45,235,761,152 byte disponibili

304 --- E O F --- 2008-12-12 10:09:06

____________________________________________________________

Zeus

magari non scrivere in maiuscolo e mettere un subject diverso da "aiutatemi per favore" sarebbe utile

chemicalbit · Dio maturo Registrato: 01/04/05 18:59 Messaggi: 18597 Residenza: Milano