|
| Precedente :: Successivo |
| Autore |
Messaggio |
marcus88
Comune mortale
Registrato: 15/03/10 01:41
Messaggi: 3
|
 Inviato: 15 Mar 2010 01:59 Oggetto: Problema Rogue. MalwareBytes.. messaggio pop-up. |
 |
|
Ciao a tutti, sono nuovo.
Spero mi sappiate aiutare.
Qualche settimana fa, mi sono beccato un bel Rogue... Desktop Security 2010. Ho provato di tutto per toglierlo scansioni con vari antivirus antimalware ecc... cancellazione di chiavi di registro... insomma tt le guide possibili le ho provate... ma tt le volte dopo che riavviavo il pc, al primo avvio del browser eccolo che tornava..
Alla fine ho risolto installando Malwarebytes Anti-Malware, che in scansione mi rileva il rogue Desktop Security 2010.
Al primo tentativo ho rimosso il rogue, ma dopo il riavvio eccolo ancora li, al secondo tentativo ho attivato la protezione IP di Malwarebytes. Bingo!! il rogue nn è più tornato... ma credo che sia li che bussa in continuo alla porta. Per confermare la cosa, come disattivo la protezione di Malwarebytes eccolo che torna.
Infatti mi capita come già successo ad un altro utente di cui riporto il topic: http://forum.zeusnews.com/viewtopic.php?t=44184&postdays=0&postorder=asc&start=0.
In poche parole Malware rivela un infezione da questo IP 217.23.5.54 e da 217.23.5.5 . La cosa è un po' fastidiosa perchè viene fuori questo messaggio di pop-up in continuo, senza sosta. e soprattutto con il blocco ip attivo non riesco più a raggiungere certe pagine che prima visualizzavo tranquillamente, e che do per certo siano sicure.
Ora ricapitolando. Ho fatto tutte le scansioni possibili, con:
Malware
Spyware doctor
Hijack
combofix
avira
avast
ma credo che ci sia un qualche processo che tiene aperta una backdoor sul mio pc e consente l'ingresso del rogue.
Che si può fare?? Aiutatemi, sono alla frutta ormai, ultima spiaggia poi passo al Format![/url] |
|
| Top |
|
 |
JeanGrey
Eroe in grazia degli dei
Registrato: 21/12/08 22:00
Messaggi: 142
|
| Inviato: 15 Mar 2010 12:56 Oggetto: |
|
|
Ciao marcus88, benvenuto.
Allega le scansioni eseguite con Malwarebytes, Combofix e Hijackthis.
Segui le indicazioni di questa discussione per postare il rapporto. |
|
| Top |
|
|
marcus88
Comune mortale
Registrato: 15/03/10 01:41
Messaggi: 3
|
| Inviato: 15 Mar 2010 15:30 Oggetto: |
|
|
| JeanGrey ha scritto: | Ciao marcus88, benvenuto.
Allega le scansioni eseguite con Malwarebytes, Combofix e Hijackthis.
Segui le indicazioni di questa discussione per postare il rapporto. |
Ecco i log:
HiJack This:
| Codice: | Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.05.38, on 15/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Creative\Shared Files\CTAudSvc.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Programmi\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\RealVNC\VNC4\winvnc4.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\ActivIdentity\ActivClient\accrdsub.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Programmi\ActivIdentity\ActivClient\acevents.exe
C:\Programmi\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programmi\File comuni\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Programmi\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\programmi\file comuni\microsoft shared\dw\1049\reportingdwintl2012.0.4518.1014.exe
C:\programmi\adobe\adobe photoshop cs4\locales\it_it\support files\shortcuts\win\shortcutsdefault14081.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools Lite\DTLite.exe
c:\programmi\skype\toolbars\shared\pluginnumber.exe
c:\programmi\file comuni\adobe\cs4servicemanager\managerservice.exe
c:\programmi\adobe\acrobat 9.0\acrobat\settings\qualityhigh.exe
C:\Programmi\Tall Emu\Online Armor\oaui.exe
C:\Programmi\Tall Emu\Online Armor\OAhlp.exe
C:\Programmi\Tall Emu\Online Armor\oasrv.exe
C:\Documents and Settings\Administrator\Documenti\Downloads\10-2_xp32_dd_ccc_wdm_enu.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [accrdsub] "C:\Programmi\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [XboxStat] "c:\Programmi\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Module Loader] C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
O4 - HKLM\..\Run: [Creative KSRun Persistence Module] RunDll32 KSRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [VolPanel] "C:\Programmi\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl9] C:\Programmi\CyberLink\PowerDVD9\PDVD9Serv.exe
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] C:\Programmi\CyberLink\PowerDVD9\Language\Language.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [pluginPhone1.0.1.11] C:\programmi\skype\toolbars\shared\pluginnumber.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\RunServices: [Phoneplugin] C:\programmi\skype\toolbars\shared\pluginnumber.exe
O4 - HKLM\..\RunServices: [ServiceManager] C:\programmi\file comuni\adobe\cs4servicemanager\managerservice.exe
O4 - HKLM\..\RunServices: [ReportingError] C:\programmi\file comuni\microsoft shared\dw\1049\reportingdwintl2012.0.4518.1014.exe
O4 - HKLM\..\RunServices: [QualityHigh] c:\programmi\adobe\acrobat 9.0\acrobat\settings\qualityhigh.exe
O4 - HKLM\..\RunServices: [cjstylecjstyle] C:\programmi\artisteer 2\library\styles\cjstylecjstyle.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233840452953
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0895D74A-5784-4AFF-BB7D-7433D3364E62}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{0895D74A-5784-4AFF-BB7D-7433D3364E62}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS3\Services\Tcpip\..\{0895D74A-5784-4AFF-BB7D-7433D3364E62}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: acunlock - C:\Programmi\ActivIdentity\ActivClient\acunlock.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Programmi\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programmi\File comuni\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programmi\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Nero AG - (no file)
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Programmi\Tall Emu\Online Armor\OAcat.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Programmi\Tall Emu\Online Armor\oasrv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\winvnc4.exe
--
End of file - 14994 bytes
|
Combofix
| Codice: |
ComboFix 10-03-06.07 - Administrator 07/03/2010 14.00.14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1789.1014 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Documenti\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {00200000-EE94-0012-94EE-120094EE1200}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
((((((((((((((((((((((((( Files Creati Da 2010-02-07 al 2010-03-07 )))))))))))))))))))))))))))))))))))
.
2010-03-07 12:36 . 2010-03-07 12:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-07 12:31 . 2010-03-07 12:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2010-03-07 12:31 . 2010-03-07 12:31 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\PC Tools
2010-03-07 12:30 . 2010-03-07 12:30 -------- d-----w- c:\programmi\File comuni\PC Tools
2010-03-07 03:27 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-06 17:58 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-06 17:58 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-03-06 17:56 . 2010-03-07 12:30 -------- d-----w- c:\programmi\File comuni\PC Tools(2)
2010-03-04 22:21 . 2010-03-07 12:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Desktop Security 2010
2010-03-02 19:53 . 2010-03-02 19:57 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\UltraVNC
2010-03-02 19:52 . 2010-03-02 19:59 -------- d-----w- c:\programmi\UltraVNC
2010-02-27 17:20 . 2010-02-27 17:20 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Threat Expert
2010-02-27 12:53 . 2010-02-27 12:53 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\MariusSoft_LLC
2010-02-27 12:50 . 2010-02-27 12:50 -------- d-----w- c:\programmi\MariusSoft
2010-02-26 23:49 . 2010-02-26 23:49 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SuperFlexibleSynchronizer
2010-02-26 23:49 . 2010-02-26 23:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SuperFlexibleSynchronizer
2010-02-26 23:49 . 2010-02-26 23:49 -------- d-----w- c:\programmi\SuperFlexible
2010-02-24 18:59 . 2007-10-09 21:02 3072 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2010-02-24 18:59 . 2007-10-09 21:02 19968 ----a-w- c:\windows\system32\vncmirror.dll
2010-02-24 18:59 . 2010-02-24 18:59 -------- d-----w- c:\programmi\RealVNC
2010-02-24 18:54 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-24 18:54 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-24 18:54 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-02-24 18:54 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-24 18:21 . 2010-02-24 18:21 -------- d-----w- c:\programmi\Add Remove Pro
2010-02-24 18:21 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-24 18:21 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-24 18:21 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-24 18:21 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-24 18:20 . 2010-03-07 13:11 -------- d-----w- c:\programmi\Spyware Doctor
2010-02-24 02:07 . 2010-03-02 22:44 -------- d-----w- c:\programmi\Veetle
2010-02-22 20:31 . 2010-02-22 20:32 -------- d-----w- C:\d3a45fdf0fa2ddaf9d62a337
2010-02-21 11:59 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-21 11:59 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-21 11:59 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-21 11:59 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-21 11:59 . 2010-02-21 11:59 -------- d-----w- c:\programmi\Avira
2010-02-21 11:59 . 2010-02-21 11:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-02-20 16:07 . 2010-02-20 16:07 -------- d-----w- c:\programmi\Loaris
2010-02-16 23:53 . 2010-02-16 23:54 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Cyberlink
2010-02-16 23:53 . 2010-02-16 23:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2010-02-16 23:44 . 2010-02-16 23:44 -------- d-----w- c:\programmi\File comuni\CyberLink
2010-02-16 23:43 . 2010-02-16 23:43 -------- d-----w- c:\programmi\CyberLink
2010-02-16 23:41 . 2010-02-16 22:50 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-16 22:50 . 2010-03-07 13:12 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\Temp
2010-02-16 19:22 . 2010-02-16 23:53 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\CyberLink
2010-02-15 21:50 . 2010-02-15 21:50 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-15 21:50 . 2010-02-15 21:50 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-15 12:07 . 2010-02-15 12:07 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-02-15 12:07 . 2010-02-15 12:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-15 12:00 . 2009-12-07 15:10 24064 ----a-w- c:\windows\system32\KSRun.dll
2010-02-15 12:00 . 2008-10-30 08:41 86016 ----a-r- c:\windows\system32\CtCoInst.dll
2010-02-15 12:00 . 2008-10-30 08:40 183296 ----a-r- c:\windows\system32\CtDvInst.dll
2010-02-15 12:00 . 2009-12-15 09:25 857472 ----a-w- c:\windows\system32\drivers\ksaud.sys
2010-02-15 12:00 . 2008-10-24 17:27 1830912 ----a-w- c:\windows\system32\drivers\ksaudfl.sys
2010-02-15 11:57 . 2010-02-16 19:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Creative
2010-02-15 11:52 . 2006-10-06 06:17 53248 ------w- c:\windows\Ctregrun.exe
2010-02-15 11:50 . 1999-12-12 17:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2010-02-15 11:50 . 1999-11-17 17:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2010-02-15 11:50 . 2010-02-15 11:50 -------- d-----w- c:\programmi\File comuni\Creative
2010-02-15 11:50 . 2010-02-15 11:51 -------- d--h--w- c:\programmi\Creative Installation Information
2010-02-15 11:47 . 2009-12-07 09:59 264192 ----a-w- c:\windows\system32\KSXPPI32.dll
2010-02-15 11:46 . 2007-12-13 16:46 25364 ----a-w- c:\windows\ksaudITA.reg
2010-02-15 11:46 . 2007-12-11 17:47 23292 ----a-w- c:\windows\ksaudENG.reg
2010-02-15 11:46 . 2007-07-05 09:27 2630 ----a-w- c:\windows\MixerName.reg
2010-02-15 11:46 . 2009-03-18 16:13 7556 ----a-w- c:\windows\system32\MixerDefaultXP.reg
2010-02-15 11:46 . 2008-08-28 22:02 3556 ----a-w- c:\windows\system32\DeviceDefaultsXP.reg
2010-02-15 11:46 . 2010-02-16 18:07 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Creative
2010-02-15 11:43 . 2010-02-15 11:43 -------- d-----w- c:\programmi\File comuni\Creative Labs Shared
2010-02-15 11:42 . 2010-02-15 21:50 -------- d-----w- c:\programmi\Creative
2010-02-11 14:54 . 2007-04-03 05:06 437760 ----a-r- c:\windows\system32\drivers\WlanUZXP.sys
2010-02-09 20:38 . 2010-02-20 15:45 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-02-09 20:38 . 2010-02-20 15:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-02-09 20:00 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll
2010-02-09 20:00 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-09 20:00 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-09 20:00 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-02-09 20:00 . 2010-01-05 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-09 20:00 . 2010-02-09 20:01 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-02-09 19:46 . 2010-02-09 19:56 -------- d-----w- c:\programmi\The KMPlayer
2010-02-09 00:11 . 2010-03-07 12:41 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\TeraCopy
2010-02-09 00:11 . 2010-02-09 00:11 -------- d-----w- c:\programmi\TeraCopy
1601-01-01 00:00 . 1601-01-01 00:00 -------- d-----w- c:\windows\LastGood.Tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 13:14 . 2009-08-09 14:03 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-03-07 12:40 . 2009-08-09 14:04 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-03-07 12:34 . 2009-11-08 15:58 -------- d-----w- c:\programmi\Google
2010-03-02 22:07 . 2006-03-02 11:00 80670 ----a-w- c:\windows\system32\perfc010.dat
2010-03-02 22:07 . 2006-03-02 11:00 482232 ----a-w- c:\windows\system32\perfh010.dat
2010-02-26 23:35 . 2009-02-05 20:39 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2010-02-21 14:11 . 2009-11-18 13:07 -------- d-----w- c:\programmi\ATI
2010-02-21 11:41 . 2009-06-20 12:16 -------- d-----w- c:\programmi\rpat
2010-02-21 11:39 . 2009-11-09 00:05 -------- d-----w- c:\programmi\Lineage II
2010-02-21 11:38 . 2010-01-26 01:17 -------- d-----w- c:\programmi\Fake Webcam
2010-02-21 11:37 . 2009-07-31 21:22 -------- d-----w- c:\programmi\Dofus
2010-02-16 23:44 . 2009-02-04 20:38 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-15 12:34 . 2009-12-04 21:02 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\dvdcss
2010-02-13 08:29 . 2009-11-17 18:07 -------- d-----w- c:\programmi\PhotoPRINT SERVER Floraprint Edition 5.0v3
2010-02-11 20:53 . 2009-06-08 13:26 -------- d-----w- c:\programmi\Artisteer 2
2010-02-10 02:28 . 2009-11-25 09:46 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox
2010-02-10 02:03 . 2009-02-10 07:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-02 20:23 . 2010-02-02 20:22 3843928 ----a-r- C:\ComboFix.exe
2010-02-02 20:03 . 2010-02-02 20:03 -------- d-----w- c:\programmi\Trend Micro
2010-01-22 14:57 . 2010-01-22 14:57 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Research In Motion
2010-01-17 17:36 . 2010-01-17 17:25 -------- d-----w- c:\programmi\Research In Motion
2010-01-17 17:34 . 2010-01-17 17:25 -------- d-----w- c:\programmi\File comuni\Research In Motion
2010-01-17 17:34 . 2010-01-17 17:34 -------- d-----w- c:\programmi\File comuni\Roxio Shared
2010-01-11 15:28 . 2010-01-11 15:28 113152 ----a-w- c:\windows\svcadmin.exe
2010-01-05 09:53 . 2006-03-02 11:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:53 . 2006-03-02 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2006-03-02 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2006-03-02 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 13:05 . 2009-12-29 13:05 1024 ----a-w- c:\windows\system32\pwdremover.dat
2009-12-17 07:40 . 2009-02-04 20:07 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-03-02 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:07 . 2006-03-02 11:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2004-08-19 15:34 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 13:05 . 2010-02-27 13:05 119808 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\DropboxExt.3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\programmi\File comuni\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-07-16 25604904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"accrdsub"="c:\programmi\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
"XboxStat"="c:\programmi\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"BlackBerryAutoUpdate"="c:\programmi\File comuni\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
"CSILauncherService"="c:\programmi\file comuni\adobe\cs4servicemanager\managerservice.exe" [2010-02-02 131072]
"Module Loader"="c:\programmi\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"Creative KSRun Persistence Module"="KSRun.dll" [2009-12-07 24064]
"VolPanel"="c:\programmi\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RemoteControl9"="c:\programmi\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\programmi\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-27 30192]
"pluginPhone1.0.1.11"="c:\programmi\skype\toolbars\shared\pluginnumber.exe" [2010-02-02 131072]
"ServiceCS4ServiceManager"="c:\programmi\file comuni\adobe\cs4servicemanager\managerservice.exe" [2010-02-02 131072]
"HighQuality"="c:\programmi\adobe\acrobat 9.0\acrobat\settings\qualityhigh.exe" [2010-02-02 131072]
"ApplicationMicrosoft"="c:\programmi\file comuni\microsoft shared\dw\1049\reportingdwintl2012.0.4518.1014.exe" [2010-02-02 131072]
"cjstylecjstyle"="c:\programmi\artisteer 2\library\styles\cjstylecjstyle.exe" [2010-02-02 131072]
"ReportingDWIntl20"="c:\programmi\file comuni\microsoft shared\dw\1049\reportingdwintl2012.0.4518.1014.exe" [2010-02-02 131072]
"DefaultShortcuts9741"="c:\programmi\adobe\adobe photoshop cs4\locales\it_it\support files\shortcuts\win\shortcutsdefault14081.exe" [2010-02-02 131072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Phoneplugin"="c:\programmi\skype\toolbars\shared\pluginnumber.exe" [2010-02-02 131072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 15:08 281088 ----a-w- c:\programmi\ActivIdentity\ActivClient\acunlock.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Dropbox.lnk]
path=c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-02-27 10:14 640376 ----a-w- c:\programmi\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-02-27 14:54 38768 ----a-w- c:\programmi\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DefaultKeyboard]
2010-02-02 19:00 131072 ----a-w- c:\programmi\Adobe\Adobe Photoshop CS4\Locales\it_IT\Support Files\Shortcuts\Win\ShortcutsDefault14081.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DefaultShortcuts]
2010-02-02 19:00 131072 ----a-w- c:\programmi\Adobe\Adobe Photoshop CS4\Locales\it_IT\Support Files\Shortcuts\Win\ShortcutsDefault14081.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-21 18:25 133104 ----atw- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HighQuality]
2010-02-02 19:00 131072 ----a-w- c:\programmi\Adobe\Acrobat 9.0\Acrobat\Settings\QualityHigh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pluginPhone1.0.1.11]
2010-02-02 19:00 131072 ----a-w- c:\programmi\Skype\Toolbars\Shared\pluginnumber.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReportingDWIntl20]
2010-02-02 19:00 131072 ----a-w- c:\programmi\File comuni\Microsoft Shared\DW\1049\ReportingDWIntl2012.0.4518.1014.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReportingError]
2010-02-02 19:00 131072 ----a-w- c:\programmi\File comuni\Microsoft Shared\DW\1049\ReportingDWIntl2012.0.4518.1014.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkypeSkye]
2010-02-02 19:00 131072 ----a-w- c:\programmi\Skype\Toolbars\Shared\pluginnumber.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\PhotoPRINT SERVER Floraprint Edition 5.0v3\\Program\\App2.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\UltraVNC\\winvnc.exe"=
"c:\\Programmi\\UltraVNC\\vncviewer.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [26/10/2007 18.25.14 174600]
R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [04/02/2009 21.50.01 15416]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [24/02/2010 19.21.08 207792]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [04/02/2009 21.39.43 24064]
R2 accoca;ActivClient Middleware Service;c:\programmi\ActivIdentity\ActivClient\accoca.exe [15/05/2007 16.08.40 182576]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmi\Spyware Doctor\BDT\BDTUpdateService.exe [24/02/2010 19.54.18 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [24/02/2010 19.20.46 359624]
R2 SentinelKeysServer;Sentinel Keys Server;c:\programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27/04/2007 1.00.04 316992]
R3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [04/02/2009 21.55.56 193840]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [08/11/2009 16.58.17 135664]
S2 RunTiang;RunTiang.Sys Video USB Device Class;c:\windows\system32\drivers\RunTiang.sys [17/11/2009 19.29.08 37536]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programmi\File comuni\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 5.46.20 284016]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programmi\File comuni\Creative Labs Shared\Service\CTAELicensing.exe [15/02/2010 12.43.56 79360]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [28/07/2009 8.39.46 34639]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [27/02/2010 14.04.28 30192]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [15/10/2004 8.54.56 44344]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [15/02/2010 13.00.25 857472]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [15/02/2010 13.00.25 1830912]
S3 npggsvc;nProtect GameGuard Service; [x]
S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;\??\c:\progra~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS --> c:\progra~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS [?]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:\programmi\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [03/06/2004 12.28.00 22131]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/06/2007 4.40.02 56448]
S3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [11/02/2010 15.54.04 437760]
S4 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe [11/01/2010 16.28.34 113152]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/02/2009 8.01.45 717296]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - PCTSDInjDriver32
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 14:25 451872 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
2010-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-11-08 15:58]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-11-08 15:58]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1547161642-839522115-500Core.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-21 18:25]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1547161642-839522115-500UA.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-21 18:25]
2010-03-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {0895D74A-5784-4AFF-BB7D-7433D3364E62} = 151.99.125.2,151.99.125.3
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\nu89vcf3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\programmi\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Veetle\Player\npvlc.dll
FF - plugin: c:\programmi\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmi\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 14:12
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-842925246-1547161642-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0B9818BC-20D9-393F-4324-849173287CAB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"haocnmannimmdhak"=hex:66,61,62,68,61,6f,6f,66,70,67,6d,6c,00,00
"iapdkmehigfkebflmb"=hex:6b,61,6b,6a,70,6d,65,66,6e,6f,62,6b,69,69,6b,66,69,68,
6a,65,64,6b,00,7c
"hajdinpofbndgakc"=hex:69,61,6c,6a,69,6d,63,63,68,6e,68,61,69,68,64,70,6a,6b,
00,00
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\programmi\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\programmi\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\programmi\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\programmi\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\programmi\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\programmi\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\WININET.dll
c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\DropboxExt.3.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Creative\Shared Files\CTAudSvc.exe
c:\windows\System32\SCardSvr.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\windows\system32\agrsmsvc.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmi\Spyware Doctor\pctsSvc.exe
c:\programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\RunDll32.exe
c:\programmi\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-07 14:23:44 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-07 13:23
ComboFix2.txt 2010-02-21 11:55
ComboFix3.txt 2010-02-02 20:47
ComboFix4.txt 2009-03-14 23:53
Pre-Run: 62.545.428.480 byte disponibili
Post-Run: 62.575.534.080 byte disponibili
- - End Of File - - 981F7D3CFF2D2110ACEA414B7BBE9280
|
Malwarebytes
| Codice: | Malwarebytes' Anti-Malware 1.44
Versione del database: 3868
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
15/03/2010 14.18.29
mbam-log-2010-03-15 (14-18-29).txt
Tipo di scansione: Scansione rapida
Elementi scansionati: 121475
Tempo trascorso: 9 minute(s), 7 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
|
E' un casino... Forse una formattazione nn sarebbe una brutta idea.
Beh vedi se trovi il colpevole... Anke solo per una questione di principio ora lo voglio morto quel rogue!  |
|
| Top |
|
|
JeanGrey
Eroe in grazia degli dei
Registrato: 21/12/08 22:00
Messaggi: 142
|
| Inviato: 15 Mar 2010 21:34 Oggetto: |
|
|
Ciao marcus88, l'infezione non è più presente.
Segui questi passi.
1) Scarica the Avenger
http://swandog46.geekstogo.com/avenger.zip
Lo salvi in una cartella, scompatti il file .zip
Individua avenger.exe, lo avvii
Inserisci questo script nel box bianco
| Codice: | folders to delete:
C:\WINDOWS\temp
C:\WINDOWS\Tasks
c:\documents and settings\Administrator\Dati applicazioni\Desktop Security 2010 |
Clicca su Execute
Il pc dovrebbe riavviarsi (se così non fosse, fallo tu)
Posta il log che verrà creato in C:\Avenger
2) Con tutte le applicazioni chiuse e disconnesso da internet
Avvia Hijackthis e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"
| Codice: | O4 - HKLM\..\Run: [XboxStat] "c:\Programmi\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl9] C:\Programmi\CyberLink\PowerDVD9\PDVD9Serv.exe
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] C:\Programmi\CyberLink\PowerDVD9\Language\Language.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [pluginPhone1.0.1.11] C:\programmi\Skype\toolbars\shared\pluginnumber.exe
O4 - HKLM\..\RunServices: [Phoneplugin] C:\programmi\Skype\toolbars\shared\pluginnumber.exe
O4 - HKLM\..\RunServices: [ServiceManager] C:\programmi\file comuni\adobe\cs4servicemanager\managerservice.exe
O4 - HKLM\..\RunServices: [ReportingError] C:\programmi\file comuni\microsoft shared\dw\1049\reportingdwintl2012.0.4518.1014.exe
O4 - HKLM\..\RunServices: [QualityHigh] c:\programmi\adobe\acrobat 9.0\acrobat\settings\qualityhigh.exe
O4 - HKLM\..\RunServices: [cjstylecjstyle] C:\programmi\artisteer 2\library\styles\cjstylecjstyle.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\DTLite.exe" -autorun |
3) Scarica TFC by OldTimer sul desktop
chiudi tutti i programmi
avvia TFC, clicca su "star"
al termine della scansione ti chiederà il riavvio, dai ok.
4) Esegui una scansione online con Kaspersky usando IE | *Guida*
Allega il risultato
Domanda
Hai installato tu RealVNC - UltraVNC ?? |
|
| Top |
|
|
marcus88
Comune mortale
Registrato: 15/03/10 01:41
Messaggi: 3
|
| Inviato: 16 Mar 2010 12:03 Oggetto: |
|
|
| JeanGrey ha scritto: |
Domanda
Hai installato tu RealVNC - UltraVNC ?? |
Si perchè?
Comunque ora provo a fare quelle operazioni che mi hai consigliato.
Ho visto che mi consigli di fixare alcuni processi con hiJack, che sono progammi che ho installato io. Non è che se li fixo, poi comprometto il funzionamento del software. Tipo ho visto processi come Photoshop, o Catalyst Control Center, Daemon Tools, Xbox 360 Accessories,ecc...
Hai trovato qualcosa nei log che pensi possa essere quel virus?
Fammi sapere. Intanto grazie. |
|
| Top |
|
|
JeanGrey
Eroe in grazia degli dei
Registrato: 21/12/08 22:00
Messaggi: 142
|
| Inviato: 16 Mar 2010 13:09 Oggetto: |
 |
|
| marcus88 ha scritto: | | JeanGrey ha scritto: |
Domanda
Hai installato tu RealVNC - UltraVNC ?? |
Si perchè? |
Ok, sarebbe stato grave se fosse li a tua insaputa 
| Citazione: |
Ho visto che mi consigli di fixare alcuni processi con hiJack, che sono progammi che ho installato io. Non è che se li fixo, poi comprometto il funzionamento del software. Tipo ho visto processi come Photoshop, o Catalyst Control Center, Daemon Tools, Xbox 360 Accessories,ecc...
|
Fixando quelle voci renderai più veloce l'avvio del pc e i programmi continueranno a funzionare.
In caso di problemi il backup si trova in
Hijackthis > Open the misc tools section > backups
metta la spunta alla voce che rivuoi in avvio automatico e clicchi su "restore"
| Citazione: | | Hai trovato qualcosa nei log che pensi possa essere quel virus? |
No, come ti dicevo l'infezione non è più presente, ma aspettiamo il responso di Kaspersky. |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
