Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

firefox apre finestre (allego hijackthis)

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

firefox apre finestre (allego hijackthis)

Postdi wittelsbach » 16/11/08 17:19

Improvvisamente firefox 3 apre finestre pubblicitarie spesso inerenti a pagine che visito in quel momento (in ogni caso si tratta di navigazione "pulita").
Uso Avast, Zone Alarm, Spyware Doctor e Ad-Aware. Ho fatto una scansione con tutti ma non ho risolto il problema.
Questo è il log di hijackthis con Firefox in modalità provvisoria:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7.25.56, on 17/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\iscsiexe.exe
E:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
E:\Programmi\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\CTsvcCDA.exe
E:\Programmi\Creative\Shared Files\CTDevSrv.exe
E:\Programmi\Executive Software\DiskeeperLite\DKService.exe
E:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe
E:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
E:\Programmi\Spyware Doctor\pctsAuxs.exe
E:\Programmi\Spyware Doctor\pctsSvc.exe
E:\WINDOWS\system32\SLEE503.exe
E:\Programmi\Spyware Doctor\pctsTray.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
E:\WINDOWS\system32\CTHELPER.EXE
E:\WINDOWS\System32\alg.exe
E:\Programmi\Alwil Software\Avast4\ashWebSv.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Programmi\CS Fire Monitor\CSFireMon.exe
E:\Programmi\Creative\SBLive\AudioHQ\AHQTBU.EXE
E:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
E:\Programmi\AvaFind\AvaFind.exe
E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
E:\Programmi\Portrait Displays\forteManager\DTHtml.exe
E:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe
E:\Programmi\File comuni\Portrait Displays\Shared\HookManager.exe
E:\documents and settings\luca\impostazioni locali\dati applicazioni\gywesaw.exe
E:\Programmi\Vidalia Bundle\Privoxy\privoxy.exe
E:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Programmi\BORGChat\BORGChat.exe
E:\Programmi\Mozilla Firefox\firefox.exe
E:\Programmi\Trend Micro\HijackThis\HijackThis.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = xxxxxxxxx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {xxxxxxxxxxxxxx} - E:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {xxxxxxxxxxxxxxxx} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {xxxxxxxxxxxxxxxxx} - E:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {xxxxxxxxxxxxxxxx} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {xxxxxxxxxxxxxxxx} - E:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ooVoo Toolbar - {xxxxxxxxxxxxxxxxx} - E:\Programmi\oovooToolbar\oovooToolbar.dll
O3 - Toolbar: Share Accelerator Toolbar - {xxxxxxxxxxxxxxxxxxxxxx} - E:\Programmi\Share_Accelerator\tbShar.dll (file missing)
O3 - Toolbar: ooVoo Toolbar - {xxxxxxxxxxxxxxxxxxxx} - E:\Programmi\oovooToolbar\oovooToolbar.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] E:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] E:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CS Fire Monitor] E:\Programmi\CS Fire Monitor\CSFireMon.exe /startup
O4 - HKLM\..\Run: [AudioHQU] E:\Programmi\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [OpwareSE2] "E:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ISUSPM] "E:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [ATIPTA] E:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AvaFind] "E:\Programmi\AvaFind\AvaFind.exe" /minimized
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DT LGE] E:\Programmi\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [StartCCC] "E:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ISTray] "E:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SoonR] "E:\Programmi\SoonR\SoonR Desktop Client\SoonrClient.exe" -boot
O4 - HKCU\..\Run: [mpeg team] E:\DOCUME~1\Luca\DATIAP~1\VIEWDE~1\warnfast.exe
O4 - HKCU\..\Run: [Vidalia] "E:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [RSS Reader] ""
O4 - HKCU\..\Run: [gywesaw] "e:\documents and settings\luca\impostazioni locali\dati applicazioni\gywesaw.exe" gywesaw
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "E:\Programmi\Steganos Security Suite 6\sss.exe" /booting (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "E:\Programmi\Steganos Security Suite 6\safe.exe" /booting (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "E:\Programmi\Steganos Security Suite 6\spm.exe" /booting (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Run BORGChat.lnk = E:\Programmi\BORGChat\BORGChat.exe
O4 - Global Startup: Privoxy.lnk = E:\Programmi\Vidalia Bundle\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {xxxxxxxxxxxxxxxxx} - E:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {xxxxxxxxxxxxxxxx} - E:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {xxxxxxxxxxxxxx} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {xxxxxxxxxxxxxx} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {xxxxxxxxxxxxxxxxxxx} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {xxxxxxxxxxxxxxxxxxxxxxx} - E:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {xxxxxxxxxxxxxxxxxxxx} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {xxxxxxxxxxxx} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {xxxxxxxxxxxxxxx} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {xxxxxxxxxxxxxxxx} - E:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {xxxxxxxxxxxxxxxxx} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1192432974593
O17 - HKLM\System\CCS\Services\Tcpip\..\{70BF3CF6-B28A-4B93-93D0-BB0BE5CB832D}: NameServer = xxx.xxx.xxx.xxx
O18 - Protocol: grooveLocalGWS - {xxxxxxxxxxxxxx} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {xxxxxxxxxxxxxxx} - E:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - E:\Programmi\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Programmi\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - E:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - E:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - E:\WINDOWS\system32\SLEE503.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11406 bytes
wittelsbach
Utente Senior
 
Post: 249
Iscritto il: 17/09/05 08:55

Sponsor
 

Re: firefox apre finestre (allego hijackthis)

Postdi Luke57 » 17/11/08 09:05

Ciao, apri hijackthis, premi "config", "misc tools", "open process manager", cerca tra i processi:
E:\documents and settings\luca\impostazioni locali\dati applicazioni\gywesaw.exe
se presenti lo evidenzi e premi kill process.
Torni al menu principale con back, premi "scan", cerchi e spunti le voci seguenti:
O3 - Toolbar: Share Accelerator Toolbar - {xxxxxxxxxxxxxxxxxxxxxx} - E:\Programmi\Share_Accelerator\tbShar.dll (file missing)
O4 - HKCU\..\Run: [gywesaw] "e:\documents and settings\luca\impostazioni locali\dati applicazioni\gywesaw.exe" gywesaw

premi fix checked.

Chiudi hijackthis, da risorse del computer>strumenti>opzioni cartella>visualizzazione, metti la spunta a "visualizza file e cartelle nascosti">OK.

Cerchi ed elimini il seguente file:
e:\documents and settings\luca\impostazioni locali\dati applicazioni\gywesaw.exe

Poi scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Poi avvia combofix.exe, parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se dovessero scomparire le icone sul desktop e la barra delle applicazioni, non è nulla di cui preoccuparsi),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , allegalo o posta il contenuto del file.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: firefox apre finestre (allego hijackthis)

Postdi wittelsbach » 17/11/08 11:23

grazie mille. Allego il log di combofix:

ComboFix 08-11-16.05 - Luca 2008-11-17 15.03.31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.120 [GMT 1:00]
Eseguito da: e:\documents and settings\Luca\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
e:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
e:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
e:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
e:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
e:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
e:\programmi\webmediaplayer
e:\programmi\webmediaplayer\resources\wmp_translation_file.xml
e:\programmi\webmediaplayer\skins\classic.skn
e:\programmi\webmediaplayer\sqlite3.dll
e:\programmi\webmediaplayer\uninst.exe
e:\programmi\webmediaplayer\WebMediaPlayer.exe
e:\windows\system32\_004076_.tmp.dll
e:\windows\system32\_004077_.tmp.dll
e:\windows\system32\_004078_.tmp.dll
e:\windows\system32\_004079_.tmp.dll
e:\windows\system32\_004086_.tmp.dll
e:\windows\system32\_004087_.tmp.dll
e:\windows\system32\_004088_.tmp.dll
e:\windows\system32\_004090_.tmp.dll
e:\windows\system32\_004091_.tmp.dll
e:\windows\system32\_004094_.tmp.dll
e:\windows\system32\_004095_.tmp.dll
e:\windows\system32\_004097_.tmp.dll
e:\windows\system32\_004098_.tmp.dll
e:\windows\system32\_004099_.tmp.dll
e:\windows\system32\_004101_.tmp.dll
e:\windows\system32\_004104_.tmp.dll
e:\windows\system32\_004105_.tmp.dll
e:\windows\system32\_004109_.tmp.dll
e:\windows\system32\_004110_.tmp.dll
e:\windows\system32\_004112_.tmp.dll
e:\windows\system32\_004115_.tmp.dll
e:\windows\system32\_004117_.tmp.dll
e:\windows\system32\_004118_.tmp.dll
e:\windows\system32\_004119_.tmp.dll
e:\windows\system32\_004120_.tmp.dll
e:\windows\system32\_004123_.tmp.dll
e:\windows\system32\_004124_.tmp.dll
e:\windows\system32\_004125_.tmp.dll
e:\windows\system32\_004126_.tmp.dll
e:\windows\system32\_004127_.tmp.dll
e:\windows\system32\_004132_.tmp.dll
e:\windows\system32\_004134_.tmp.dll
e:\windows\system32\_006159_.tmp.dll
e:\windows\system32\_006160_.tmp.dll
e:\windows\system32\_006161_.tmp.dll
e:\windows\system32\_006162_.tmp.dll
e:\windows\system32\_006169_.tmp.dll
e:\windows\system32\_006170_.tmp.dll
e:\windows\system32\_006171_.tmp.dll
e:\windows\system32\_006172_.tmp.dll
e:\windows\system32\_006174_.tmp.dll
e:\windows\system32\_006175_.tmp.dll
e:\windows\system32\_006178_.tmp.dll
e:\windows\system32\_006179_.tmp.dll
e:\windows\system32\_006181_.tmp.dll
e:\windows\system32\_006182_.tmp.dll
e:\windows\system32\_006183_.tmp.dll
e:\windows\system32\_006185_.tmp.dll
e:\windows\system32\_006188_.tmp.dll
e:\windows\system32\_006189_.tmp.dll
e:\windows\system32\_006193_.tmp.dll
e:\windows\system32\_006194_.tmp.dll
e:\windows\system32\_006196_.tmp.dll
e:\windows\system32\_006199_.tmp.dll
e:\windows\system32\_006201_.tmp.dll
e:\windows\system32\_006202_.tmp.dll
e:\windows\system32\_006203_.tmp.dll
e:\windows\system32\_006204_.tmp.dll
e:\windows\system32\_006205_.tmp.dll
e:\windows\system32\_006208_.tmp.dll
e:\windows\system32\_006209_.tmp.dll
e:\windows\system32\_006210_.tmp.dll
e:\windows\system32\_006211_.tmp.dll
e:\windows\system32\_006212_.tmp.dll
e:\windows\system32\_006217_.tmp.dll
e:\windows\system32\_006219_.tmp.dll
e:\windows\system32\dao350.dll
e:\windows\system32\MSINET.oca

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive


((((((((((((((((((((((((( Files Creati Da 2008-10-17 al 2008-11-17 )))))))))))))))))))))))))))))))))))
.

2008-11-17 14:31 . 2008-11-17 14:31 <DIR> d-------- e:\programmi\PrevxCSI
2008-11-17 14:31 . 2008-11-17 14:32 <DIR> d-------- e:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2008-11-17 14:31 . 2008-11-17 15:21 26,680 --a------ e:\windows\system32\drivers\pxark.sys
2008-11-17 14:30 . 2008-11-17 14:30 250 --a------ e:\windows\gmer.ini
2008-11-17 14:25 . <DIR> e:\windows\LastGood.Tmp
2008-11-17 14:24 . 2008-11-17 14:24 <DIR> d-------- E:\Kaspersky Lab Tool
2008-11-17 14:24 . 2008-07-08 13:54 148,496 --a------ e:\windows\system32\drivers\19356518.sys
2008-11-17 14:23 . 2008-11-17 14:23 <DIR> d-------- e:\programmi\a-squared Free
2008-11-17 14:20 . 2008-11-17 14:20 <DIR> d-------- e:\programmi\Malwarebytes' Anti-Malware
2008-11-17 14:20 . 2008-11-17 14:20 <DIR> d-------- e:\documents and settings\Luca\Dati applicazioni\Malwarebytes
2008-11-17 14:20 . 2008-11-17 14:20 <DIR> d-------- e:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-17 14:20 . 2008-10-22 16:10 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2008-11-17 14:20 . 2008-10-22 16:10 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2008-11-17 07:13 . 2008-11-17 07:13 <DIR> d-------- e:\programmi\Trend Micro
2008-11-17 04:33 . 2008-11-17 04:33 <DIR> d-------- e:\programmi\ESET
2008-11-10 05:54 . 2008-11-10 06:04 81,288 --a------ e:\windows\system32\drivers\iksyssec.sys
2008-11-10 05:54 . 2008-11-10 06:05 66,952 --a------ e:\windows\system32\drivers\iksysflt.sys
2008-11-10 05:54 . 2008-11-10 06:04 40,840 --a------ e:\windows\system32\drivers\ikfilesec.sys
2008-11-10 05:54 . 2008-06-02 15:19 29,576 --a------ e:\windows\system32\drivers\kcom.sys
2008-11-10 05:53 . 2008-11-17 00:04 <DIR> d-------- e:\programmi\Spyware Doctor
2008-11-10 05:53 . 2008-11-10 05:53 <DIR> d-------- e:\documents and settings\Luca\Dati applicazioni\PC Tools
2008-11-09 05:28 . 2008-11-09 05:28 <DIR> d-------- e:\documents and settings\All Users\Dati applicazioni\ATI
2008-11-09 05:18 . 2008-11-09 05:28 <DIR> d-------- e:\programmi\ATI
2008-11-07 23:48 . 2008-11-07 23:49 <DIR> d-------- e:\documents and settings\Luca\Dati applicazioni\DisplayTune
2008-11-07 20:42 . 2006-11-16 17:20 15,920 --a------ e:\windows\system32\drivers\PdiPorts.sys
2008-11-07 20:42 . 2007-06-12 11:27 11,776 --a------ e:\windows\system32\drivers\pdiddcci.sys
2008-11-07 20:40 . 2008-11-07 20:40 <DIR> d-------- e:\programmi\Portrait Displays
2008-11-07 20:40 . 2008-11-07 20:41 <DIR> d-------- e:\programmi\File comuni\Portrait Displays
2008-11-07 18:22 . 2008-11-07 18:22 <DIR> d-------- e:\programmi\File comuni\Wise Installation Wizard
2008-11-06 23:44 . 2000-08-10 13:09 228 --a------ e:\windows\system32\mdaccore.rsp
2008-11-06 23:44 . 2000-08-10 13:09 181 --a------ e:\windows\system32\sqlclnt.rsp
2008-11-06 23:44 . 2000-08-10 13:09 28 --a------ e:\windows\system32\redist.rsp
2008-11-06 23:41 . 2008-08-21 03:01 10,084,352 --a------ e:\windows\system32\atioglxx.dll
2008-11-06 23:41 . 2008-08-21 02:55 4,094,560 --a------ e:\windows\system32\ati3duag.dll
2008-11-06 23:41 . 2008-08-21 05:52 3,299,840 --a------ e:\windows\system32\drivers\ati2mtag.sys
2008-11-06 23:41 . 2008-08-21 05:52 3,299,840 --a--c--- e:\windows\system32\dllcache\ati2mtag.sys
2008-11-06 23:41 . 2008-08-21 03:05 573,440 --a------ e:\windows\system32\ati2evxx.exe
2008-11-06 23:41 . 2008-08-21 03:18 314,880 --a------ e:\windows\system32\ati2dvag.dll
2008-11-06 23:41 . 2008-08-21 02:50 307,200 --a------ e:\windows\system32\atiiiexx.dll
2008-11-06 23:41 . 2008-08-21 03:08 184,320 --a------ e:\windows\system32\atipdlxx.dll
2008-11-06 23:41 . 2008-08-21 03:08 143,360 --a------ e:\windows\system32\Oemdspif.dll
2008-11-06 23:41 . 2008-08-21 03:04 53,248 --a------ e:\windows\system32\ATIDDC.DLL
2008-11-06 23:41 . 2008-08-21 03:07 26,112 --a------ e:\windows\system32\Ati2mdxx.exe
2008-11-06 23:41 . 2008-08-21 02:18 17,408 --a------ e:\windows\system32\atitvo32.dll
2008-11-06 22:08 . 2008-11-06 22:08 0 --a------ e:\windows\ativpsrm.bin
2008-11-05 11:51 . 2008-11-17 08:22 <DIR> d-------- e:\documents and settings\All Users\Dati applicazioni\TrackMania
2008-11-05 11:44 . 2008-11-05 11:48 <DIR> d-------- e:\programmi\TmNationsForever
2008-11-04 22:35 . 2008-11-04 22:35 <DIR> d-------- e:\documents and settings\Luca\Dati applicazioni\Thunderbird
2008-11-04 22:34 . 2008-11-04 22:36 <DIR> d-------- e:\programmi\Mozilla Thunderbird
2008-10-30 12:49 . 2008-10-30 12:49 54,156 --ah----- e:\windows\QTFont.qfn
2008-10-30 12:49 . 2008-10-30 12:49 1,409 --a------ e:\windows\QTFont.for
2008-10-29 20:42 . 2008-10-29 20:42 <DIR> d-------- e:\documents and settings\All Users\Dati applicazioni\wmp
2008-10-23 19:22 . 2008-10-23 19:22 <DIR> d-------- e:\programmi\PowerISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 22:41 8,820,224 ----a-w e:\windows\Internet Logs\xDB37.tmp
2008-11-17 14:22 --------- d---a-w e:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-17 14:21 18,933,792 --sha-w e:\windows\system32\drivers\fidbox.dat
2008-11-17 14:19 --------- d-----w e:\documents and settings\Luca\Dati applicazioni\AvaFind Data
2008-11-17 14:15 21,077,979 -c--a-w e:\windows\Internet Logs\tvDebug.zip
2008-11-17 14:13 257,288 --sha-w e:\windows\system32\drivers\fidbox.idx
2008-11-17 13:43 --------- d-----w e:\programmi\eMule
2008-11-17 10:04 --------- d-----w e:\documents and settings\Luca\Dati applicazioni\Azureus
2008-11-17 05:24 --------- d-----w e:\programmi\FreeRIP3
2008-11-11 23:37 --------- d-----w e:\programmi\MessengerDiscovery
2008-11-11 05:57 --------- d-----w e:\documents and settings\Luca\Dati applicazioni\Vidalia
2008-11-10 23:42 --------- d--h--w e:\programmi\InstallShield Installation Information
2008-11-09 04:59 --------- d-----w e:\programmi\SpeedFan
2008-11-09 04:17 --------- d-----w e:\programmi\ATI Technologies
2008-11-07 17:23 --------- d-----w e:\programmi\Lavasoft
2008-11-07 17:20 --------- d-----w e:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-11-06 22:00 5,423,616 ----a-w e:\windows\Internet Logs\xDB3E.tmp
2008-10-31 16:35 --------- d-----w e:\programmi\TVAnts
2008-10-29 19:00 --------- d-----w e:\documents and settings\Luca\Dati applicazioni\oovooToolbar
2008-10-25 03:00 --------- d-----w e:\programmi\Azureus
2008-10-22 21:06 --------- d-----w e:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-10-16 13:13 202,776 ----a-w e:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w e:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w e:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w e:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w e:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w e:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w e:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w e:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w e:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w e:\windows\system32\muweb.dll
2008-10-16 12:09 --------- d-----w e:\documents and settings\All Users\Dati applicazioni\Azureus
2008-10-15 15:39 --------- d-----w e:\documents and settings\Luca\Dati applicazioni\SopCast
2008-10-12 19:05 4,682,752 ----a-w e:\windows\Internet Logs\xDB3A.tmp
2008-10-12 19:05 3,291,136 ----a-w e:\windows\Internet Logs\xDB39.tmp
2008-10-12 13:28 --------- d-----w e:\programmi\uusee
2008-10-11 22:15 --------- d-----w e:\programmi\Java
2008-10-11 21:30 --------- d-----w e:\documents and settings\Luca\Dati applicazioni\dvdcss
2008-10-11 09:38 --------- d-----w e:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2008-10-11 09:24 6,270,976 ----a-w e:\windows\Internet Logs\xDB3C.tmp
2008-10-11 09:24 4,756,480 ----a-w e:\windows\Internet Logs\xDB3D.tmp
2008-10-08 20:43 --------- d-----w e:\documents and settings\Luca\Dati applicazioni\ooVoo Details
2008-10-08 20:41 --------- d-----w e:\programmi\ooVoo
2008-10-08 20:40 --------- d-----w e:\programmi\oovooToolbar
2008-10-06 22:51 --------- d-----w e:\documents and settings\Luca\Dati applicazioni\Nokia
2008-10-06 19:54 --------- d-----w e:\documents and settings\Luca\Dati applicazioni\PC Suite
2008-10-06 19:53 0 ---ha-w e:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-06 19:53 0 ---ha-w e:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-06 19:53 --------- d-----w e:\documents and settings\All Users\Dati applicazioni\PC Suite
2008-10-06 19:48 --------- d-----w e:\programmi\Nokia
2008-10-06 19:48 --------- d-----w e:\programmi\File comuni\PCSuite
2008-10-06 19:48 --------- d-----w e:\programmi\File comuni\Nokia
2008-10-06 19:47 --------- d-----w e:\programmi\PC Connectivity Solution
2008-10-06 19:47 --------- d-----w e:\programmi\DIFX
2008-10-06 19:44 --------- d-----w e:\documents and settings\All Users\Dati applicazioni\Installations
2008-10-03 18:12 --------- d-----w e:\programmi\Virtual Earth 3D
2008-09-29 14:36 --------- d-----w e:\programmi\KlaimSMS
2008-09-22 15:14 --------- d-----w e:\documents and settings\Luca\Dati applicazioni\tor
2008-09-20 16:45 4,068,864 -c--a-w e:\windows\Internet Logs\xDB3B.tmp
2008-09-18 22:13 --------- d-----w e:\documents and settings\Luca\Dati applicazioni\ppStream
2008-09-17 18:53 --------- d-----w e:\programmi\sina
2008-09-15 15:38 1,846,016 ----a-w e:\windows\system32\win32k.sys
2008-09-11 20:42 1,161,728 -c--a-w e:\windows\Internet Logs\xDB38.tmp
2008-08-26 07:57 826,368 ----a-w e:\windows\system32\wininet.dll
2008-08-21 02:19 425,984 ----a-w e:\windows\system32\ATIDEMGX.dll
2008-08-21 02:07 43,520 ----a-w e:\windows\system32\ati2edxx.dll
2008-08-21 02:07 143,360 ----a-w e:\windows\system32\ati2evxx.dll
2008-08-21 01:38 2,377,856 ----a-w e:\windows\system32\ativvaxx.dll
2008-08-21 01:23 48,640 ----a-w e:\windows\system32\amdpcom32.dll
2008-08-21 01:19 380,928 ----a-w e:\windows\system32\atikvmag.dll
2008-08-21 01:18 37,376 ----a-w e:\windows\system32\atiadlxx.dll
2008-08-21 01:17 253,952 ----a-w e:\windows\system32\atiok3x2.dll
2008-08-21 01:11 561,152 ----a-w e:\windows\system32\ati2cqag.dll
2008-08-20 20:05 593,920 ------w e:\windows\system32\ati2sgag.exe
2008-04-29 15:28 15,574 -c--a-w e:\programmi\messages.log
2007-11-30 22:40 103,328 -c--a-w e:\documents and settings\Luca\Dati applicazioni\GDIPFONTCACHEV1.DAT
2006-08-27 15:38 1,015,973 -csha-r e:\programmi\serial.zip
2006-08-27 15:38 1,015,973 -csha-r e:\programmi\serial.tde
2005-11-03 23:29 72,832 -c--a-r e:\windows\inf\CamAvb.sys
2008-03-19 12:46 952 -csha-w e:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}]
2008-07-29 20:56 1987544 --a------ e:\programmi\oovooToolbar\oovooToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}"= "e:\programmi\oovooToolbar\oovooToolbar.dll" [2008-07-29 1987544]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}"= "e:\programmi\oovooToolbar\oovooToolbar.dll" [2008-07-29 1987544]

[HKEY_CLASSES_ROOT\clsid\{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}]
[HKEY_CLASSES_ROOT\oovooToolbar.OOVOOTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Vidalia"="e:\programmi\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 11852288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="e:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="e:\programmi\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="e:\programmi\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"SunJavaUpdateSched"="e:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CS Fire Monitor"="e:\programmi\CS Fire Monitor\CSFireMon.exe" [2006-04-02 2805760]
"AudioHQU"="e:\programmi\Creative\SBLive\AudioHQ\AHQTBU.EXE" [2002-01-18 176128]
"OpwareSE2"="e:\programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"ATIPTA"="e:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 294912]
"AvaFind"="e:\programmi\AvaFind\AvaFind.exe" [2004-01-06 660992]
"PinnacleDriverCheck"="e:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"ZoneAlarm Client"="e:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"DT LGE"="e:\programmi\Portrait Displays\forteManager\DTHtml.exe" [2007-06-12 291328]
"StartCCC"="e:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"ISTray"="e:\programmi\Spyware Doctor\pctsTray.exe" [2008-11-10 1168264]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 e:\windows\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
"SSS6_Suite"="e:\programmi\Steganos Security Suite 6\sss.exe" [2004-01-29 827392]
"SSS6_SAFE"="e:\programmi\Steganos Security Suite 6\safe.exe" [2004-02-02 204800]
"SSS6_SPM"="e:\programmi\Steganos Security Suite 6\spm.exe" [2004-01-29 180224]
"DWQueuedReporting"="e:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

e:\documents and settings\Luca\Menu Avvio\Programmi\Esecuzione automatica\
Run BORGChat.lnk - e:\programmi\BORGChat\BORGChat.exe [2004-10-30 846336]

e:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Privoxy.lnk - e:\programmi\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 00000000
"NoLogOff"= 00000000
"NoClose"= 00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.CDVC"= cdvccodc.dll
"vidc.SEDG"= mcs_vfw.dll
"msacm.WRPR"= aviwrap.dll
"vidc.WRPR"= aviwrap.dll
"VIDC.MJPG"= Pvmjpg30.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"vidc.i263"= i263_32.drv

[HKLM\~\startupfolder\E:^Documents and Settings^Luca^Menu Avvio^Programmi^Esecuzione automatica^SunClock5.lnk]
path=e:\documents and settings\Luca\Menu Avvio\Programmi\Esecuzione automatica\SunClock5.lnk
backup=e:\windows\pss\SunClock5.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I downloaded pirated Software from P2P]
GTR 2 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 e:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 e:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 e:\programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)
"ose"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"e:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"e:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"e:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"e:\\Programmi\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"e:\\Programmi\\PPMate\\ppmate.exe"=
"e:\\Programmi\\PPMate\\ppamnet.exe"=
"e:\\Programmi\\Skype\\Phone\\Skype.exe"=
"e:\programmi\RSS Reader\RSSReader.exe"= e:\programmi\RSS Reader\RSSReader.exe
"e:\\WINDOWS\\system32\\iscsiexe.exe"=
"e:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Programmi\\uusee\\UUSeePlayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:azureus2
"6881:UDP"= 6881:UDP:Azureus
"443:TCP"= 443:TCP:*:Disabled:Porta TCP ooVoo 443
"443:UDP"= 443:UDP:*:Disabled:Porta UDP ooVoo 443
"37674:TCP"= 37674:TCP:*:Disabled:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:*:Disabled:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:*:Disabled:Porta UDP ooVoo 37675

R0 hotcore;hotcore;e:\windows\system32\drivers\hotcore.sys [2006-11-17 30820]
R0 hotcore2;hotcore2;e:\windows\system32\drivers\hotcore2.sys [2007-04-26 30808]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);e:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;e:\windows\system32\DRIVERS\si3112r.sys [2006-11-16 84529]
R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [2008-04-03 110160]
R1 is-BM4KUdrv;is-BM4KUdrv;e:\windows\system32\DRIVERS\19356518.sys [2008-11-17 148496]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-03 20560]
R2 ithsgt;ithsgt;e:\windows\system32\DRIVERS\ithsgt.sys [2007-06-01 162432]
R2 lilsgt;lilsgt;e:\windows\system32\DRIVERS\lilsgt.sys [2007-06-01 12032]
R2 mp3mplus;mp3mplus;\??\e:\windows\system32\drivers\mp3mplus.sys [2006-12-20 5513]
R2 SLEE_503_DRIVER;Steganos Live Encryption Engine (Version 503) [Driver];\??\e:\windows\system32\drivers\SLEE503.sys [2002-11-28 09:10:02 84736]
R3 Cap7134;Philips Proteus (7134) WDM Video Capture;e:\windows\system32\DRIVERS\Cap7134.sys [2006-12-19 421792]
R3 iScsiPrt;iScsiPort Driver;e:\windows\system32\DRIVERS\msiscsi.sys [2007-08-13 159608]
R3 PhTVTune;Philips WDM TVTuner;e:\windows\system32\DRIVERS\PhTVTune.sys [2006-12-19 17632]
R3 Tetris;Tetris driver;e:\windows\system32\Drivers\Tetris.sys [2007-06-01 48928]
S? pxark;pxark; []
S3 UltraMonMirror;UltraMonMirror;e:\windows\system32\DRIVERS\UltraMonMirror.sys []
S4 hpt3xx;hpt3xx; []
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-17 e:\windows\Tasks\AA585A279117D0AF.job
- e:\docume~1\luca\datiap~1\viewde~1\readme bike first.exe []
.
- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-SoonR - e:\programmi\SoonR\SoonR Desktop Client\SoonrClient.exe
HKCU-Run-mpeg team - e:\docume~1\Luca\DATIAP~1\VIEWDE~1\warnfast.exe
HKCU-Run-ATI Launchpad - (no file)
HKCU-Run-RSS Reader - (no file)
HKLM-Run-ISUSPM - e:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
Notify-dimsntfy - (no file)
MSConfigStartUp-AliceMessenger - e:\programmi\Alice Messenger\alicemessenger.exe


.
------- Supplementare di scansione -------
.
FireFox -: Profile - e:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\2tsnegku.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
FF -: plugin - e:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\2tsnegku.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF -: plugin - e:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\2tsnegku.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF -: plugin - e:\documents and settings\Luca\Dati applicazioni\Mozilla\plugins\npPxPlay.dll
FF -: plugin - e:\programmi\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - e:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - e:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - e:\programmi\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 15:16:22
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = e:\programmi\Creative\Splash Screen\CTEaxSpl.EXE /run???????h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????=3???9~??9~????????\???\???????????U?9~??9~\???\?????????_??????C@?\???\??????s????\??????s\????=3?A??s?=3??C@?x???`|?w\?????@

Scansione files nascosti ...


**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
e:\windows\system32\ati2evxx.exe
e:\windows\system32\ati2evxx.exe
e:\windows\system32\ZoneLabs\vsmon.exe
e:\windows\system32\iscsiexe.exe
e:\programmi\Lavasoft\Ad-Aware\aawservice.exe
e:\programmi\Alwil Software\Avast4\aswUpdSv.exe
e:\programmi\Alwil Software\Avast4\ashServ.exe
e:\programmi\a-squared Free\a2service.exe
e:\windows\system32\CTSVCCDA.EXE
e:\programmi\PrevxCSI\prevxcsi.exe
e:\programmi\Creative\Shared Files\CTDevSrv.exe
e:\programmi\Executive Software\DiskeeperLite\DKService.exe
e:\programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe
e:\programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
e:\programmi\File comuni\Portrait Displays\Shared\HookManager.exe
e:\programmi\Spyware Doctor\pctsAuxs.exe
e:\windows\system32\slee503.exe
e:\windows\system32\MsPMSPSv.exe
e:\programmi\Alwil Software\Avast4\ashMaiSv.exe
e:\programmi\Alwil Software\Avast4\ashWebSv.exe
e:\programmi\Spyware Doctor\pctsSvc.exe
e:\programmi\Spyware Doctor\pctsGui.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-17 15:40:28 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-17 14:38:37

Pre-Run: 10.002.051.072 byte disponibili
Post-Run: 9,918,541,824 byte disponibili

422 --- E O F --- 2008-10-27 22:26:47
wittelsbach
Utente Senior
 
Post: 249
Iscritto il: 17/09/05 08:55

Re: firefox apre finestre (allego hijackthis)

Postdi Luke57 » 17/11/08 12:13

Ciao, bene, Apri un file di testo dal blocco note di windows, all'interno di esso copia e incolla il seguente codice:


Codice: Seleziona tutto
Driver::
sK9Ou0

File::
e:\windows\system32\drivers\19356518.sys



salvalo con il nome obbligatorio di CFscript.txt nella stessa direzione di combofix trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione. Riavvia il computer e posta il nuovo report, se prodotto.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: firefox apre finestre (allego hijackthis)

Postdi wittelsbach » 17/11/08 12:49

ciao e grazie ancora. E' proprio indispensabile fare quello che dici adesso? In pratica a cosa serve? Te lo chiedo perché il problema non si presenta più. Era proprio il processo che mi hai detto di eliminare con hijackthis...
wittelsbach
Utente Senior
 
Post: 249
Iscritto il: 17/09/05 08:55

Re: firefox apre finestre (allego hijackthis)

Postdi Luke57 » 17/11/08 12:59

Ciao, nel report di combofix si trova quel servizio is-BM4KUdrv (fra l'altro,nello script ho indicato uno sbagliato) e il file collegato
e:\windows\system32\drivers\19356518.sys
che dovrebbe essere un malware, anche se non particolarmente insidioso.
Semmai, cerca ed elimina il file suddetto, anche manualmente, senza ricorrere a combofix.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: firefox apre finestre (allego hijackthis)

Postdi wittelsbach » 17/11/08 13:30

il file in questione non risulta essere infetto, dopo varie scansioni con anti-virus e anti-spyware. In ogni caso si tratta di un file legato all'anti-virus Kaspersky. Per adesso lascio tutto così. Grazie per l'aiuto. Ciao
wittelsbach
Utente Senior
 
Post: 249
Iscritto il: 17/09/05 08:55


Torna a Sicurezza e Privacy


Topic correlati a "firefox apre finestre (allego hijackthis)":

Analisi log HijackThis
Autore: Sanko
Forum: Sicurezza e Privacy
Risposte: 2
Problema con firefox
Autore: Girod
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti