Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

virus nel pc

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

virus nel pc

Postdi Paciotti » 26/06/08 10:06

ciao.....
avrei un urgente bispgno di voi visto che siete i migliori in questu campo......
vorrei eliminare i virus che si troano nel mio computer.
vi prego di aiutarmi.
vi ringrazio in anticipo.
questo e il mio topic:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.54.36, on 26/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Maxtor\OneTouch\utils\Onetouch.exe
C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\IVT Corporation\BlueSoleil\BtTray.exe
C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\PKR\pkrpal.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Babylon\Babylon-Pro\Babylon.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE
C:\Programmi\Winamp Remote\bin\OrbTray.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\Azureus\Azureus.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Windows Live Toolbar\msn_sl.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Ahsan_Manan_Khan_Bhutta * Internet Explorer *
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\system32\myss_sb.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: cpmsky browser optimizer - {705e56be-a7e6-67aa-2dea-4bdfefe2119b} - C:\WINDOWS\system32\{261cfa41-7077-b829-e976-3fd275abd5d9}.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Programmi\Nortek Keyboard Application\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Programmi\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [USBToolTip] "C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Programmi\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PKR Pal] "C:\Programmi\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Disk Knight] C:\WINDOWS\Knight.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [{a3c0ef6d-f096-2beb-8364-9127e635edda}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{261cfa41-7077-b829-e976-3fd275abd5d9}.dll" DllInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [E08IXLRD_22203906] "C:\Programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Netlog 24] "C:\Programmi\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [Orb] "C:\Programmi\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4630495000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4630582468
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC3A9531-EB86-48D1-9B75-F6435AF79FF2}: NameServer = 85.37.17.46 85.38.28.84
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Programmi\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Programmi\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 16551 bytes
Paciotti
Utente Junior
 
Post: 18
Iscritto il: 01/05/08 13:57

Sponsor
 

Re: virus nel pc

Postdi Luke57 » 26/06/08 10:43

Ciao, scarica questo tool
http://www.plusexpert.cl/download/AntiKnight.rar
Per usarlo, scompattare tutti i file presenti nell'archivo e cliccare sul file AntiKnight.exe
Basterà cliccare sul bottone (ce n'è uno solo)

Poi scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Per eseguirlo,doppio click su Combofix.exe
Si aprirà una finestra blu....Attendere....
Dopo qualche attimo apparirà l'avviso che declina l'autore da ogni problema legato ad una errata utilizzazione del tool.
A questo punto selezionate 1 quindi ENTER per lanciare lo scan..
Attendere.....
Un avviso vi segnalerà la fine dell'operazione e dopo qualche attimo apparirà il log con i dettagli dello scan.
IL log verrà memorizzato in C:\Combofix.txt
llegalo a un post
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: virus nel pc

Postdi Paciotti » 26/06/08 11:19

ComboFix 08-06-20.4 - Domenico 2008-06-26 12.03.59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.993 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Domenico\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Domenico\Menu Avvio\Programmi\Adzgalore Games Collection
C:\Documents and Settings\Domenico\Menu Avvio\Programmi\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk
C:\Documents and Settings\Domenico\Menu Avvio\Programmi\Adzgalore Games Collection\Crazy Blocks.lnk
C:\Documents and Settings\Domenico\Menu Avvio\Programmi\Adzgalore Games Collection\Lines.lnk
C:\Documents and Settings\Domenico\Menu Avvio\Programmi\Adzgalore Games Collection\The Battles Of Helicopters.lnk
C:\Documents and Settings\Domenico\Menu Avvio\Programmi\Adzgalore Games Collection\Video Pool.lnk
C:\Programmi\Adzgalore Games Collection
C:\Programmi\Adzgalore Games Collection\BattlesOfHelicopters.exe
C:\Programmi\Adzgalore Games Collection\BobAndBill.exe
C:\Programmi\Adzgalore Games Collection\CrazyBlocks.exe
C:\Programmi\Adzgalore Games Collection\Lines.exe
C:\Programmi\Adzgalore Games Collection\uninstall.exe
C:\Programmi\Adzgalore Games Collection\VideoPool.exe
C:\Programmi\Mozilla Firefox\components\nsBrowserGal.dll
C:\WINDOWS\recover.reg
C:\WINDOWS\system32\{261cfa41-7077-b829-e976-3fd275abd5d9}.dll
C:\WINDOWS\system32\adzgalore-remove.exe
C:\WINDOWS\system32\cpmsky-uninst.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-05-26 al 2008-06-26 )))))))))))))))))))))))))))))))))))
.

2008-06-24 12:32 . 2008-06-24 12:32 89,070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe
2008-06-24 12:32 . 2008-06-24 12:32 63,916 --a------ C:\WINDOWS\system32\{261cfa41-7077-b829-e976-3fd275abd5d9}.dll-uninst.exe
2008-06-23 16:54 . 2008-06-23 16:54 <DIR> d-------- C:\Programmi\Smart Movie Converter 3 45
2008-06-23 16:54 . 2008-06-23 16:54 <DIR> d-------- C:\Programmi\Lonely Cat Games
2008-06-23 15:41 . 2008-06-23 15:41 <DIR> d-------- C:\Programmi\Winamp Remote
2008-06-23 15:41 . 2008-06-23 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\OrbNetworks
2008-06-23 15:39 . 2008-06-23 15:42 <DIR> d-------- C:\Programmi\Winamp
2008-06-23 15:39 . 2008-06-23 19:14 <DIR> d-------- C:\Documents and Settings\Domenico\Dati applicazioni\Winamp
2008-06-21 10:22 . 2008-06-21 15:41 1,343,488 --a------ C:\WINDOWS\system\codecs.exe
2008-06-21 10:22 . 2008-06-21 10:22 357,376 --a------ C:\WINDOWS\system\gerenciador.exe
2008-06-21 10:22 . 2008-06-21 10:22 69,515 --a------ C:\WINDOWS\system\outlok.exe
2008-06-21 10:22 . 2008-06-21 10:22 60,416 --a------ C:\WINDOWS\system32\drivers\kodnkwnv.sys
2008-06-21 10:22 . 2008-06-21 10:22 6,622 --a------ C:\WINDOWS\system\regdaemon.cmd
2008-06-21 10:22 . 2008-06-21 10:22 2,453 --a------ C:\WINDOWS\system32\cleardel.reg
2008-06-21 10:22 . 2008-06-21 10:22 542 --a------ C:\WINDOWS\regdeamon2.reg
2008-06-21 10:22 . 2008-06-21 10:22 539 --a------ C:\WINDOWS\regdeamon.reg
2008-06-21 10:21 . 2008-06-21 10:22 <DIR> d-------- C:\daemon
2008-06-17 15:19 . 2008-06-17 15:19 <DIR> d-------- C:\Programmi\File comuni\PocketSoft
2008-06-17 15:19 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2008-06-17 15:16 . 2008-06-17 15:16 <DIR> d-------- C:\Programmi\Atari
2008-06-17 12:58 . 2008-06-17 12:58 <DIR> d-------- C:\Programmi\AeriaGames
2008-06-17 10:57 . 2008-06-17 15:12 <DIR> d-------- C:\Programmi\Your Uninstaller 2008
2008-06-17 10:57 . 2008-06-17 10:57 <DIR> d-------- C:\Documents and Settings\Domenico\Dati applicazioni\URSoft
2008-06-16 15:05 . 2008-06-16 15:05 <DIR> d-------- C:\Programmi\Xvid
2008-06-16 15:05 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-16 13:52 . 2008-06-16 13:52 <DIR> d-------- C:\Programmi\Webteh
2008-06-16 13:52 . 2008-06-22 10:23 <DIR> d-------- C:\Documents and Settings\Domenico\Dati applicazioni\BSplayer Pro
2008-06-16 12:53 . 2008-06-16 12:53 <DIR> d-------- C:\Programmi\GSpot
2008-06-16 12:14 . 2008-06-16 12:22 <DIR> d-------- C:\divx
2008-06-16 12:09 . 2008-06-16 12:15 <DIR> d-------- C:\Documents and Settings\Domenico\Dati applicazioni\DivX
2008-06-16 12:08 . 2008-06-16 12:13 <DIR> d-------- C:\Programmi\DivX
2008-06-16 12:08 . 2008-03-21 22:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-06-16 12:08 . 2008-03-21 22:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-06-16 12:08 . 2008-03-21 22:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-06-16 12:08 . 2008-03-21 22:30 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-16 12:08 . 2008-03-21 22:30 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-15 16:38 . 2008-06-15 17:30 <DIR> d-------- C:\FIFA Soccer Manager
2008-06-15 16:30 . 2008-06-17 10:50 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-15 16:16 . 2008-06-15 16:16 <DIR> d-------- C:\Programmi\Managed DirectX (0901)
2008-06-15 02:46 . 2008-06-15 02:46 <DIR> d-------- C:\Programmi\Ludonic
2008-06-15 01:34 . 2008-06-15 01:34 <DIR> d-------- C:\Documents and Settings\Domenico\Dati applicazioni\Atari
2008-06-11 18:21 . 2008-06-11 18:21 <DIR> d-------- C:\Programmi\Babylon
2008-06-11 18:20 . 2008-06-13 13:14 <DIR> d-------- C:\Documents and Settings\Domenico\Dati applicazioni\Babylon
2008-06-11 18:20 . 2008-06-26 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Babylon
2008-06-09 13:14 . 2008-06-09 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SlySoft
2008-06-09 13:13 . 2008-06-09 13:14 24 ---hs---- C:\WINDOWS\S62AA4315.tmp
2008-06-09 13:10 . 2008-06-09 13:10 <DIR> d-------- C:\Documents and Settings\Domenico\Dati applicazioni\SlySoft
2008-06-09 13:10 . 2008-06-09 13:10 <DIR> d-------- C:\Documents and Settings\Domenico\Dati applicazioni\Elaborate Bytes
2008-06-09 13:09 . 2008-06-09 13:09 <DIR> d-------- C:\Programmi\Elaborate Bytes
2008-06-09 12:53 . 2008-06-09 13:14 <DIR> d-------- C:\Programmi\SlySoft
2008-05-30 15:30 . 2008-06-04 19:18 <DIR> d-------- C:\Documents and Settings\Domenico\Dati applicazioni\Touchstone
2008-05-30 15:00 . 2008-05-30 15:00 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-05-30 15:00 . 2008-05-30 15:00 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-05-30 15:00 . 2008-05-30 15:00 <DIR> d-------- C:\Programmi\AGEIA Technologies
2008-05-30 14:59 . 2008-06-04 19:19 120 --a------ C:\WINDOWS\disney.ini
2008-05-29 20:13 . 2008-06-26 12:04 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-29 14:05 . 2008-06-26 09:53 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-29 14:05 . 2008-06-02 12:23 <DIR> d-------- C:\Documents and Settings\Domenico\Dati applicazioni\AVGTOOLBAR
2008-05-29 14:05 . 2008-05-29 14:05 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-29 14:05 . 2008-05-29 14:05 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-29 14:04 . 2008-05-29 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-05-28 17:20 . 2008-06-19 19:38 <DIR> d-------- C:\Programmi\PKR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 10:10 --------- d-----w C:\Documents and Settings\Domenico\Dati applicazioni\Azureus
2008-06-25 10:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-06-24 20:26 --------- d-----w C:\Programmi\eMule
2008-06-24 10:25 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-22 17:18 --------- d-----w C:\Documents and Settings\Domenico\Dati applicazioni\BearShare
2008-06-22 14:46 --------- d-----w C:\Programmi\Ubisoft
2008-06-22 13:54 --------- d-----w C:\Documents and Settings\Domenico\Dati applicazioni\Canon
2008-06-20 09:37 --------- d-----w C:\Programmi\Azureus
2008-06-17 13:13 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-16 11:22 --------- d-----w C:\Programmi\CyberLink
2008-06-16 11:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2008-06-16 08:45 230,432 ----a-w C:\StiImg.dat
2008-06-15 14:20 --------- d-----w C:\Programmi\VIRTUAL RC RACING
2008-06-08 15:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-05-24 12:57 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-05-24 10:49 --------- d-----w C:\Programmi\CDex_170b2
2008-05-15 19:16 --------- d-----w C:\Programmi\Spyware Doctor
2008-05-15 18:08 9,016 ----a-w C:\Documents and Settings\Domenico\jnwfam.exe
2008-05-14 17:58 --------- d-----w C:\Programmi\ESET
2008-05-14 17:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ESET
2008-05-13 15:32 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-13 15:32 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-13 15:26 --------- d-----w C:\Programmi\Nokia
2008-05-13 15:18 --------- d-----w C:\Programmi\File comuni\Nokia
2008-05-13 15:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-05-13 15:07 --------- d-----w C:\Programmi\Apple Software Update
2008-05-12 18:58 --------- d-----w C:\Programmi\Canon
2008-05-12 17:31 --------- d-----w C:\Programmi\ArcSoft
2008-05-11 19:54 --------- d-----w C:\Documents and Settings\Domenico\Dati applicazioni\Activision
2008-05-11 18:50 --------- d-----w C:\Programmi\Activision
2008-05-09 18:54 --------- d-----w C:\Documents and Settings\Domenico\Dati applicazioni\Ubisoft
2008-05-09 18:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Ubisoft
2008-05-08 20:38 --------- d-----w C:\Programmi\CANAL+
2008-05-07 20:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\BOONTY
2008-05-07 20:16 --------- d-----w C:\Programmi\BoontyGames
2008-05-07 20:15 --------- d-----w C:\Programmi\Boonty
2008-05-02 08:09 --------- d-----w C:\Programmi\microsoft frontpage
2008-05-01 16:12 --------- d-----w C:\Programmi\Trend Micro
2008-04-27 01:50 --------- d-----w C:\Programmi\KONAMI
2008-03-04 12:22 81,920 ----a-w C:\Documents and Settings\Domenico\Dati applicazioni\ezpinst.exe
2008-03-04 12:22 47,360 ----a-w C:\Documents and Settings\Domenico\Dati applicazioni\pcouffin.sys
2008-03-04 10:51 89 ----a-w C:\WINDOWS\system32\config\systemprofile\Del1E2D.bat
2008-03-04 10:51 89 ----a-w C:\Documents and Settings\Domenico\Del1E2D.bat
2008-03-04 10:51 89 ----a-w C:\Documents and Settings\Default User\Del1E2D.bat
2008-03-04 10:51 89 ----a-w C:\Documents and Settings\Administrator\Del1E2D.bat
2002-07-26 16:02 153,088 ----a-w C:\Programmi\UNWISE.EXE
.

------- Sigcheck -------

2007-12-07 03:40 825344 39ccda0e9b778792b06c1b9d794a9776 C:\WINDOWS\SoftwareDistribution\Download\0b52ea9d716c5c579ab4f56b7346b126\sp2qfe\wininet.dll
2008-01-13 08:31 926720 4b4bf306f9fc0d2a33595ffef591c2a6 C:\WINDOWS\system32\wininet.dll

2008-01-13 22:33 360832 ea3d7525f41beb321c3f6e2162277e92 C:\WINDOWS\system32\drivers\tcpip.sys

2008-01-13 08:28 544256 e6f62282ebaa63ba07fa2dc7198b8d0d C:\WINDOWS\system32\winlogon.exe

2007-02-28 18:06 2185856 763ea08993b467a3af048ef185b1f805 C:\WINDOWS\SoftwareDistribution\Download\2aa8f55e8af02052cea14cdae13ee2d9\sp2qfe\ntoskrnl.exe
2005-03-02 20:12 2183296 c120a33c71e706545cf26d6276bc0344 C:\WINDOWS\SoftwareDistribution\Download\a514f3026154c5be0e6900e5f0b39396\sp2qfe\ntoskrnl.exe
2008-01-16 15:01 2155008 0b9146e4bdecebf8a16ccf5615f9a4bb C:\WINDOWS\system32\ntoskrnl.exe

2008-01-16 21:08 1618944 b749c7bd63c18c18b6448c574c4ab53b C:\WINDOWS\explorer.exe

2008-01-13 08:24 25088 40de117b6ccfc031d2dc8b73d82020cf C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-16_20.51.20.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 19:01:04 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-06-17 11:01:06 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-06-15 14:16:45 43,520 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.900.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-05-11 19:01:04 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-06-17 11:01:07 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-06-15 14:16:45 13,824 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.900.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-05-11 19:01:04 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-06-17 11:01:07 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-06-15 14:16:45 274,432 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.900.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-05-11 19:01:00 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-06-17 11:00:51 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-11 19:01:01 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-06-17 11:00:53 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-11 19:01:01 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-06-17 11:00:54 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-11 19:01:01 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-06-17 11:00:56 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-11 19:01:02 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-06-17 11:00:57 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-11 19:01:02 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-06-17 11:00:58 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-11 19:01:02 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-06-17 11:01:00 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-11 19:01:03 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-06-17 11:01:01 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-11 19:01:03 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-06-17 11:01:03 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-11 19:01:05 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-06-17 11:01:09 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-06-15 14:16:46 1,701,376 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.900.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-11 19:01:05 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-06-17 11:01:09 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-06-15 14:16:46 133,120 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.900.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-05-11 19:01:05 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-06-17 11:01:10 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-06-15 14:16:46 141,824 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.900.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-05-11 19:01:06 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-06-17 11:01:12 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-06-15 14:16:46 237,056 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.900.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-05-11 19:01:06 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-06-17 11:01:12 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-06-15 14:16:46 138,752 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.900.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-05-11 19:01:04 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-06-17 11:01:04 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-06-15 14:16:46 202,752 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.900.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-05-16 18:47:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 10:11:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-10-17 11:24:00 2,526,800 ----a-w C:\WINDOWS\Install_B4Playing.exe
- 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2008-06-24 10:32:15 63,916 ----a-w C:\WINDOWS\system32\{261cfa41-7077-b829-e976-3fd275abd5d9}.dll-uninst.exe
+ 2007-07-23 07:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelFrench.dll
+ 2007-07-23 07:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelGerman.dll
+ 2007-07-23 07:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelJapanese.dll
+ 2007-07-23 07:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelKorean.dll
+ 2007-07-23 07:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelPortugese.dll
+ 2007-07-23 07:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll
+ 2007-07-23 07:03:32 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSpanish.dll
+ 2007-07-23 07:03:32 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSwedish.dll
+ 2007-07-23 07:03:32 53,248 ----a-w C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll
+ 2007-10-15 07:40:08 207,405 ----a-w C:\WINDOWS\system32\AGEIA\AG1011\app.bin
+ 2007-10-15 07:40:10 122,249 ----a-w C:\WINDOWS\system32\AGEIA\AG1011\diag.bin
+ 2007-10-15 07:40:10 214,141 ----a-w C:\WINDOWS\system32\AGEIA\AG1021\app.bin
+ 2007-10-25 06:29:50 114,505 ----a-w C:\WINDOWS\system32\AGEIA\AG1021\diag.bin
- 2008-04-26 10:29:09 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
+ 2008-05-30 13:29:34 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
+ 2008-05-30 23:22:46 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
+ 2008-05-30 23:22:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
+ 2008-05-30 23:22:46 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
+ 2008-05-30 23:22:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
+ 2008-05-30 23:22:48 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
+ 2008-05-22 22:19:12 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
+ 2008-05-22 22:22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
+ 2008-05-22 22:18:54 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
+ 2008-05-22 22:19:46 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2008-05-30 23:22:54 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
+ 2008-05-30 23:22:54 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
+ 2008-05-30 23:22:58 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
+ 2008-05-30 23:22:54 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
+ 2008-05-30 23:22:54 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
+ 2008-05-30 23:22:54 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
- 2008-03-08 12:55:32 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-05-29 12:05:07 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-08-07 19:48:33 25,160 ----a-w C:\WINDOWS\system32\drivers\ElbyCDIO.sys
+ 2005-04-12 08:41:20 4,608 ----a-w C:\WINDOWS\system32\drivers\ElbyDelay.sys
- 2005-04-15 08:58:18 20,176 ----a-r C:\WINDOWS\system32\drivers\pxhelp20.sys
+ 2008-03-21 20:30:04 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
+ 2007-09-13 05:43:00 120,320 -c--a-w C:\WINDOWS\system32\DRVSTORE\PhysX32_FFB51AAB1A2BF852A002A5B1138133BBA89337D4\physX32.sys
+ 2008-05-22 22:19:46 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
+ 2008-03-14 22:24:12 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
+ 2008-05-22 22:20:42 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
- 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-03-04 10:56:54 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-06-04 07:26:08 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-04-22 08:14:36 153,088 ----a-w C:\WINDOWS\system32\myss_sb.dll
- 2008-05-16 18:15:06 70,998 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-26 07:28:28 70,998 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-16 18:15:06 83,932 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-06-26 07:28:28 83,932 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-05-16 18:15:06 442,326 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-26 07:28:28 442,326 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-16 18:15:06 489,906 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-06-26 07:28:28 489,906 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-01-18 09:05:56 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
- 2005-04-15 08:58:02 491,520 ----a-r C:\WINDOWS\system32\px.dll
+ 2008-03-21 20:30:04 551,672 ------w C:\WINDOWS\system32\px.dll
+ 2008-03-21 20:30:04 66,296 ------w C:\WINDOWS\system32\pxcpya64.exe
- 2005-04-15 08:58:12 352,256 ----a-r C:\WINDOWS\system32\pxdrv.dll
+ 2008-03-21 20:30:04 518,904 ------w C:\WINDOWS\system32\pxdrv.dll
+ 2008-03-21 20:30:06 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2008-03-21 20:30:04 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
- 2005-04-15 08:58:18 151,552 ----a-r C:\WINDOWS\system32\pxmas.dll
+ 2008-03-21 20:30:06 187,128 ------w C:\WINDOWS\system32\pxmas.dll
+ 2008-03-21 20:30:04 1,628,920 ------w C:\WINDOWS\system32\pxsfs.dll
- 2005-04-15 08:58:22 286,720 ----a-r C:\WINDOWS\system32\pxwave.dll
+ 2008-03-21 20:30:06 379,640 ------w C:\WINDOWS\system32\pxwave.dll
+ 2008-05-22 22:22:18 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
+ 2008-05-22 22:20:42 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
- 2005-04-15 08:58:28 28,672 ----a-r C:\WINDOWS\system32\vxblock.dll
+ 2008-03-21 20:30:04 88,824 ------w C:\WINDOWS\system32\vxblock.dll
+ 2007-10-17 17:23:24 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
- 2007-04-28 13:54:36 593,920 ----a-w C:\WINDOWS\system32\xvidcore.dll
+ 2007-06-28 16:52:18 765,952 ----a-w C:\WINDOWS\system32\xvidcore.dll
- 2006-11-01 13:54:30 180,224 ----a-w C:\WINDOWS\system32\xvidvfw.dll
+ 2007-06-28 16:54:10 180,224 ----a-w C:\WINDOWS\system32\xvidvfw.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6156A32A-C512-4e23-AA9A-2315F4265681}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-13 08:24 25088]
"Sidebar"="C:\Programmi\Windows Sidebar\sidebar.exe" [2007-08-29 23:24 1233408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024]
"TaskTray"="C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe" [2001-06-29 02:00 163840]
"TaskBar"="C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe" [2002-05-08 02:00 122880]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"LaunchList"="C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 16:41 145496]
"DAEMON Tools Lite"="C:\Programmi\DAEMON Tools Lite\daemon.exe" [2008-03-14 13:55 486856]
"E08IXLRD_22203906"="C:\Programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE" [2007-06-12 15:09 351000]
"Netlog 24"="C:\Programmi\Netlog 24\Notifier\Netlog24Notifier.exe" [ ]
"Orb"="C:\Programmi\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-13 09:34 8466432]
"nwiz"="nwiz.exe" [2007-07-13 09:34 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-13 09:34 81920]
"UnlockerAssistant"="C:\Programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872]
"SMSERIAL"="sm56hlpr.exe" [2004-12-29 08:01 544768 C:\WINDOWS\sm56hlpr.exe]
"CTHelper"="CTHELPER.EXE" [2002-07-02 11:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 13:32 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"WireLessKeyboard"="C:\Programmi\Nortek Keyboard Application\PS2USBKbdDrv.exe" [2005-10-11 17:43 647168]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 11:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"Jet Detection"="C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672]
"CTStartup"="C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 02:00 28672]
"MaxtorOneTouch"="C:\Programmi\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 16:04 712704]
"mxomssmenu"="C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 17:24 81920]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"USBToolTip"="C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-10-16 14:50 202312]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 19:41 57344]
"BtTray"="C:\Programmi\IVT Corporation\BlueSoleil\BtTray.exe" [2007-09-10 12:08 258134]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"OpwareSE4"="C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"PKR Pal"="C:\Programmi\PKR\pkrpal.exe" [2008-06-19 19:38 2273896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-29 14:05 1177368]
"Babylon Client"="C:\Programmi\Babylon\Babylon-Pro\Babylon.exe" [2008-03-11 09:23 3551456]
"WinampAgent"="C:\Programmi\Winamp\winampa.exe" [2008-01-16 00:54 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-13 08:24 25088]
"Sidebar"="C:\Programmi\Windows Sidebar\sidebar.exe" [2007-08-29 23:24 1233408]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32" []
"nltide_3"="advpack.dll" [2008-01-13 06:48 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-03-30 23:09:50 212992]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-03-19 17:21:40 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerTranslator Pro OLR]
--a------ 2004-09-29 10:46 49152 C:\PROGRA~1\BVRPSO~1\POWERT~1\BVRPOlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=
"C:\\Programmi\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\File comuni\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Programmi\\AeriaGames\\Project Torque\\ProjectTorque.bin"=
"C:\\Programmi\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Programmi\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Programmi\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-29 14:05]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-29 14:04]
R2 BlueSoleilCS;BlueSoleilCS;C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-09-14 10:44]
R3 BsHelpCS;BsHelpCS;C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 16:58]
R3 PAC207;NX-Vega;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-01-25 16:20]
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys []
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Programmi\CyberLink\PowerDVD\000.fcl []
S3 kbeepm;kbeepm;C:\DOCUME~1\Domenico\IMPOST~1\Temp\kbeepm.sys []
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
S3 usb_rndis;Pirelli Alice Gate W2+ USB;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 00:04]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S4 Boonty Games;Boonty Games;"C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\DATA\AUTORUN\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b3ccaaa-2d9c-11dd-8082-001a9234d867}]
\Shell\auto\command - R:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - R:\Knight.exe open
\Shell\find\command - R:\Knight.exe open
\Shell\install\command - R:\Knight.exe open
\Shell\open\command - R:\Knight.exe open


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-24 09:07:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-06-26 09:38:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 12:12:18
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run??????????????st????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&2?T???\???????????\???\???????t???E?9~u?9~\???\?????????d?L????C@?\???\??????s????\??????s\????&2?A??s?&2??C@?x???`|?w\?????@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Programmi\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\Programmi\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Programmi\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-26 12:17:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 10:17:55
ComboFix2.txt 2008-05-17 13:26:05
ComboFix3.txt 2008-05-16 18:51:33

11 Directory 65,081,298,944 byte disponibili
15 Directory 65,555,423,232 byte disponibili

470
Paciotti
Utente Junior
 
Post: 18
Iscritto il: 01/05/08 13:57

Re: virus nel pc

Postdi Luke57 » 26/06/08 12:53

Ciao, Copia e incolla le scritte nel codice in un file di testo (dal blocco note di wndows):

Codice: Seleziona tutto
KILLALL::

File::
C:\WINDOWS\system32\myss_sb_uninstall.exe
C:\WINDOWS\system32\{261cfa41-7077-b829-e976-3fd275abd5d9}.dll-uninst.exe
C:\WINDOWS\system\codecs.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b3ccaaa-2d9c-11dd-8082-001a9234d867}]


Salva il file nella stessa posizione dove è presente combofix.exe
e chiamalo obbligatoriamente CFScript.txt
Adesso trascina il file CFScript.txt su combofix
E' probabile che debba riavviare per completare la procedura, finito tutto il programma rilasca un log(almeno si spera) in C:\ComboFix.txt , allega il report a un post.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: virus nel pc

Postdi Paciotti » 30/06/08 17:23

per favore mi spieghi l ultima parte che nn l hocapita molto bene...
ho fatto solo il pass su combofix...
ciao grazie.....
Paciotti
Utente Junior
 
Post: 18
Iscritto il: 01/05/08 13:57

Re: virus nel pc

Postdi Paciotti » 30/06/08 17:32

il log me l ha dato ma e troppo grande per usarlo come risposta......
puoi dirmi come posso fare?
grazie ciao
Paciotti
Utente Junior
 
Post: 18
Iscritto il: 01/05/08 13:57

Re: virus nel pc

Postdi Luke57 » 30/06/08 17:44

Ciao, allega il file C:\combofix.txt a un post.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: virus nel pc

Postdi Paciotti » 30/06/08 21:47

scusami ma cos e un post.
Paciotti
Utente Junior
 
Post: 18
Iscritto il: 01/05/08 13:57

Re: virus nel pc

Postdi Luke57 » 01/07/08 07:29

Ciao, un post è una risposta alla discussione.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: virus nel pc

Postdi Paciotti » 01/07/08 11:11

mi devi scusare ma l ho dovuto comprimere xke era troppo garnde
e te l ho allegato spero di aver fatto bene....ciao
cmq grazie sempre per il tuo aiuto
Allegati

[L’estensione rar è stata disattivata e non puó essere visualizzata.]

Paciotti
Utente Junior
 
Post: 18
Iscritto il: 01/05/08 13:57

Re: virus nel pc

Postdi Luke57 » 01/07/08 17:54

Ciao, scarica malwarebyte's da qui:
http://www.malwarebytes.org/mbam.php
installalo e aggiornalo. Fai una scansione completa ed elimina tutto quello che trova. Posta il report che il programma rilascerà al termine dello scan.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: virus nel pc

Postdi Paciotti » 02/07/08 17:30

Malwarebytes' Anti-Malware 1.19
Versione del database: 913
Windows 5.1.2600 Service Pack 3

18.01.21 02/07/2008
mbam-log-7-2-2008 (18-01-21).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 184434
Tempo trascorso: 1 hour(s), 5 minute(s), 45 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 10
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 6

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mySearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\QooBox\Quarantine\C\WINDOWS\system32\adzgalore-remove.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\myss_sb_uninstall.exe.vir (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84F4FC72-B662-4161-A845-2EA7B76D89A7}\RP158\A0053063.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84F4FC72-B662-4161-A845-2EA7B76D89A7}\RP220\A0062973.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84F4FC72-B662-4161-A845-2EA7B76D89A7}\RP222\A0064301.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\myss_sb.dll (Adware.Agent) -> Quarantined and deleted successfully.
Paciotti
Utente Junior
 
Post: 18
Iscritto il: 01/05/08 13:57


Torna a Sicurezza e Privacy


Topic correlati a "virus nel pc":


Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti