Condividi:        

help virus install_crack

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

help virus install_crack

Postdi RiO1986 » 08/12/08 12:50

Ragazzi scusate se posso essere ripetitivo ma sto avendo molti problemi con questo virus. E' entrato nel pc sotto forma di install_crack.exe e ora nn mi si apre più l'antivirus all'avvio e nn mi si connette più il pc a internet con la rete wifi. Chiedo un vostro aiuto. Grazie per la vostra disponibilità
RiO1986
Newbie
 
Post: 6
Iscritto il: 08/12/08 12:45

Sponsor
 

Re: help virus install_crack

Postdi RiO1986 » 08/12/08 13:32

come sistema operativo uso windows vista. Help !!
RiO1986
Newbie
 
Post: 6
Iscritto il: 08/12/08 12:45

Re: help virus install_crack

Postdi Luke57 » 08/12/08 16:01

Ciao, scarica combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
devi rinominare il file prima di salvarlo sul desktop in abc.exe
(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file" ,basta che cambi il nome che ti appare in abc.exe)

Fatto ciò, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:
"%userprofile%\desktop\abc.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , riavvia e posta il contenuto del file.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: help virus install_crack

Postdi RiO1986 » 08/12/08 17:14

ComboFix 08-12-07.01 - Ferruccio 2008-12-08 17:00:55.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1040.18.1268 [GMT 1:00]
Eseguito da: c:\users\Ferruccio\Desktop\abc.exe
Interruttori di comando utilizzati :: /killall
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\igfxres.dll
.
---- Previous Run -------
.
c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
c:\windows\svchost.exe
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\igfxres.dll
c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Creati Da 2008-11-08 al 2008-12-08 )))))))))))))))))))))))))))))))))))
.

2008-12-08 17:05 . 2008-12-08 17:06 188,416 --a------ c:\windows\System32\igfxres.dll
2008-12-07 11:09 . 2008-12-07 11:09 <DIR> d-------- c:\users\Ferruccio\AppData\Roaming\Malwarebytes
2008-12-07 11:09 . 2008-12-07 11:09 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-07 11:09 . 2008-12-07 11:09 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-07 11:09 . 2008-12-07 11:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 11:09 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-07 11:09 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-07 11:00 . 2008-12-07 11:04 <DIR> d-------- c:\program files\FindyKill
2008-12-07 02:53 . 2008-12-07 02:53 512,096 --a------ c:\windows\System32\drivers\amon.sys
2008-12-07 02:53 . 2008-12-07 02:53 299,392 --a------ c:\windows\System32\imon.dll
2008-12-07 02:53 . 2008-12-07 02:53 15,424 --a------ c:\windows\System32\drivers\nod32drv.sys
2008-12-04 20:48 . 2008-12-04 20:49 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-04 20:48 . 2008-12-04 20:49 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-04 20:48 . 2008-12-04 20:49 <DIR> d-------- c:\program files\iTunes
2008-12-04 20:48 . 2008-12-04 20:48 <DIR> d-------- c:\program files\iPod
2008-12-04 20:44 . 2008-12-04 20:45 <DIR> d-------- c:\program files\QuickTime
2008-12-04 02:15 . 2008-12-04 11:35 <DIR> d-------- c:\program files\Invisible IP Map
2008-11-29 22:05 . 2008-11-29 22:05 <DIR> d-------- c:\program files\Illustrate
2008-11-29 22:05 . 2008-11-29 22:05 131,072 --a------ c:\windows\System32\SpoonUninstall.exe
2008-11-29 22:05 . 2008-11-29 22:05 36,604 --a------ c:\windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-11-29 22:05 . 2008-11-29 22:05 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2008-11-26 04:40 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 04:40 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 04:40 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 04:40 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 04:40 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 04:40 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 04:40 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-25 18:36 . 2008-11-25 18:36 <DIR> d-------- c:\program files\Pegasys Inc
2008-11-25 18:30 . 2008-11-10 05:43 410,984 --a------ c:\windows\System32\deploytk.dll
2008-11-21 15:51 . 2008-11-21 15:51 <DIR> d-------- c:\program files\TeamViewer3
2008-11-21 15:47 . 2008-11-21 15:47 <DIR> d-------- c:\users\Ferruccio\temp
2008-11-21 15:47 . 2008-11-21 15:47 <DIR> d-------- c:\users\Ferruccio\AppData\Roaming\TeamViewer
2008-11-16 22:21 . 2008-11-16 22:21 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-16 22:12 . 2008-11-16 22:12 <DIR> d-------- C:\My Music
2008-11-15 18:12 . 2008-12-06 13:28 <DIR> d-------- C:\Downloads
2008-11-15 18:07 . 2008-12-06 22:43 <DIR> d-------- c:\users\Ferruccio\AppData\Roaming\Free Download Manager
2008-11-15 18:07 . 2008-11-15 18:07 <DIR> d-------- c:\users\All Users\FreeDownloadManager.ORG
2008-11-15 18:07 . 2008-11-15 18:07 <DIR> d-------- c:\programdata\FreeDownloadManager.ORG
2008-11-15 18:07 . 2008-11-15 18:07 <DIR> d-------- c:\program files\Free Download Manager
2008-11-15 10:16 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-15 10:16 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-15 10:16 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-15 10:16 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-15 10:15 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-15 10:15 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-15 10:15 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-15 10:15 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-15 10:15 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-14 03:06 . 2008-11-14 03:06 <DIR> d-------- c:\program files\Drive Rescue
2008-11-12 05:23 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-12 05:23 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 05:23 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-12 05:20 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-12 05:20 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 16:05 --------- d---a-w c:\programdata\TEMP
2008-12-07 01:57 --------- d-----w c:\program files\ESET
2008-12-06 21:38 --------- d-----w c:\users\Ferruccio\AppData\Roaming\Skype
2008-12-06 21:37 --------- d-----w c:\users\Ferruccio\AppData\Roaming\skypePM
2008-12-04 20:27 --------- d-----w c:\users\Ferruccio\AppData\Roaming\mIRC
2008-12-04 19:48 --------- d-----w c:\program files\Common Files\Apple
2008-12-03 08:55 --------- d-----w c:\program files\Java
2008-11-29 21:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 21:08 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-29 17:35 --------- d-----w c:\users\Ferruccio\AppData\Roaming\uTorrent
2008-11-19 08:55 --------- d-----w c:\programdata\Microsoft Help
2008-11-16 21:21 --------- d-----w c:\program files\Common Files\Real
2008-11-16 21:12 --------- d-----w c:\program files\Real
2008-11-13 00:30 --------- d-----w c:\program files\PokerStars.IT
2008-11-07 12:10 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-11-07 12:10 56 ---ha-w c:\programdata\ezsidmv.dat
2008-11-07 12:10 --------- d-----w c:\program files\Common Files\Skype
2008-10-30 12:04 --------- d-----w c:\users\Ferruccio\AppData\Roaming\Apple Computer
2008-10-29 17:16 --------- d-----w c:\program files\Apple Software Update
2008-10-29 17:12 --------- d-----w c:\program files\Bonjour
2008-10-28 09:18 --------- d-----w c:\program files\Winamp
2008-10-27 17:20 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-27 17:03 --------- d-----w c:\program files\VirtualDJ
2008-10-27 16:39 --------- d-----w c:\program files\AtomixMP3
2008-10-24 12:32 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-22 07:17 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 11:47 --------- d-----w c:\program files\Common Files\SWF Studio
2008-10-20 16:46 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-20 13:18 --------- d-----w c:\program files\PokerStars.NET
2008-10-18 16:21 --------- d-----w c:\program files\Garmin GPS Plugin
2008-10-18 11:29 --------- d-----w c:\program files\Easy CD-DA Extractor 12
2008-10-15 08:08 --------- d-----w c:\program files\Windows Mail
2008-10-13 15:01 --------- d-----w c:\users\Ferruccio\AppData\Roaming\GetRight
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-07-09 20:45 174 --sha-w c:\program files\desktop.ini
2007-12-12 15:05 32 ----a-w c:\users\All Users\ezsid.dat
2007-12-12 15:05 32 ----a-w c:\programdata\ezsid.dat
2007-12-02 18:36 111,258 ----a-w c:\users\All Users\firstlsp.reg.dat
2007-12-02 18:36 111,258 ----a-w c:\programdata\firstlsp.reg.dat
2007-12-02 20:17 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-02 20:17 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-02 20:17 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-08_15.53.36.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-08 14:48:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-08 16:05:51 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-08 16:05:51 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-08 14:48:36 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-08 16:05:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-08 16:05:51 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-08 14:36:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-08 15:59:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-08 14:36:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-08 15:59:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-08 14:36:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-08 15:59:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-08 14:38:29 13,000 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1927192671-3056111476-2040781451-1000_UserData.bin
+ 2008-12-08 16:00:46 13,662 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1927192671-3056111476-2040781451-1000_UserData.bin
- 2008-12-08 14:38:29 88,582 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-08 16:00:45 88,776 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-08 14:38:28 53,788 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-08 16:00:37 54,184 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [BU]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [BU]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"Google Update"="c:\users\Ferruccio\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-14 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"recinfo973"="c:\recinfo\RecInfo.exe" [2007-06-06 2768896]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-12-07 517768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-07 950664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"RevHDD"="c:\windows\SYSTEM\RevHDD.exe" [BU]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-03-27 3057152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-16 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-13 c:\windows\RtHDVCpl.exe]
"recinfo"="RecInfo.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-11-17 12:53 171464 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
c:\program files\Pando Networks\Pando\Pando.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1927192671-3056111476-2040781451-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{71355172-E366-47DC-847F-FA400EF81614}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{99068DA5-6557-45A5-84C2-38D7FA0EE608}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5B579BBC-C824-4283-8492-1992958F28FD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{074E6B64-BAC6-4FBF-AD4A-8A6273EC3ED9}c:\\program files\\adunanza\\emule_adnza.exe"= UDP:c:\program files\adunanza\emule_adnza.exe:eMule
"UDP Query User{1AA69B7C-9C43-4069-A2C2-4CDF3ED3AE0C}c:\\program files\\adunanza\\emule_adnza.exe"= TCP:c:\program files\adunanza\emule_adnza.exe:eMule
"TCP Query User{77F86060-1819-416B-8332-C8C0B6A7FA23}c:\\program files\\common files\\system\\dns.exe"= UDP:c:\program files\common files\system\dns.exe:dns
"UDP Query User{0886D0AA-84E7-47D1-B595-1F840CFBEB3B}c:\\program files\\common files\\system\\dns.exe"= TCP:c:\program files\common files\system\dns.exe:dns
"TCP Query User{9E211808-1A4A-4C57-AE56-956F839AAB7E}c:\\program files\\common files\\system\\dns.exe"= UDP:c:\program files\common files\system\dns.exe:dns
"UDP Query User{D2848065-1F2A-4A79-8B04-BF2E35204599}c:\\program files\\common files\\system\\dns.exe"= TCP:c:\program files\common files\system\dns.exe:dns
"{41B81DB3-3D4D-474B-81F8-4FD8D8AE314A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F3D2F554-91CE-4C4A-B028-67E2EC6E3290}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2CFE4ED8-7F4E-483B-B1DE-C8D2B2747B54}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{62D80731-7D6F-40C1-B02B-C41ECB8C0912}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{28D02A40-22F0-4D28-856E-24E62CDF0B8D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FDABE022-97EF-408B-B107-AB35B1A7CF16}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C591E2FD-5280-46EA-9C6D-335E48D9E3E6}"= UDP:57243:Pando P2P TCP Listening Port
"{521E3F18-1DF7-429A-91D6-EE3365CDB137}"= TCP:57243:Pando P2P UDP Listening Port
"{F2E27B26-EEBE-4488-8D3A-A9585E77B996}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{00CD4F65-266D-4232-9425-AC35215BE15D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{F66C2322-3F00-4334-8987-FF5D744F0FD0}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{4D00DE10-EE34-44BF-AF1C-DD330FA75DC6}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{3344D3FD-F522-4789-95DC-194D78A8DB06}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{C91083B9-C096-42F9-963A-B78E2B0131BB}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{D29574ED-4E0C-4314-9F30-B83EAC4D6AF9}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{9875F1B6-8EF3-489A-9AF2-13DEE2E07221}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{EC7F43D3-B56A-47F4-9F62-7C87700F5CE4}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{CB68C4BB-5330-4136-A334-B4C264F4134B}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{94AD8E8B-CC76-473C-8104-B2B569EFDECB}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{FA1D2483-5715-439E-9B81-9019F8F1BC5F}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{3EB8459C-A408-4873-814C-34801BF2E1BD}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{AEB4AB74-E944-4C55-A1CE-562C2DC73D10}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{874DB4F1-DD39-4AB9-91BD-7F2608AF513B}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{069CFB6C-7E45-4D7D-8FCA-CCE615E12B2B}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{7635FD46-39BA-4FFF-A62C-B153DBC713CA}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{6DBBB84D-654A-458D-A34E-5F7C8985BD73}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{34F4601D-287C-48C1-8CB3-6860210E48EF}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{01E5EA2D-96F9-42D1-A7F0-896A669E43C8}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D3304442-9E74-41F0-B11D-32305FF38644}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{71D26DDF-7963-4B9A-B630-FA0C7D63D19D}"= UDP:c:\users\Ferruccio\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2A323B4D-C2F5-4642-AF74-E461119779A7}"= TCP:c:\users\Ferruccio\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{AF68B32E-97BB-40B7-8DE4-BB264C9FB9A6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{93E7BDF5-45BD-4913-9673-7B123595BB84}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{46439698-A76A-4FA3-B0A7-E224F05F1383}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3E4C8326-318E-4710-8746-C462DD2AB901}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D99DF33D-EDF1-4FC5-AD36-155D4F0A0A31}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\System\\dns.exe"= c:\program files\Common Files\System\dns.exe:*:Enabled:Windows Update
"c:\\Program Files\\PPStream\\PPStream.exe"= c:\program files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ
"c:\\Program Files\\PPStream\\PPSAP.exe"= c:\program files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-07 15424]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2008-01-19 178913]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{691af320-a340-11dc-ae29-00030d784965}]
\shell\AutoRun\command - F:\autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-19 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Ferruccio\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-14 20:19]

2008-12-08 c:\windows\Tasks\User_Feed_Synchronization-{D876D74D-FD24-4067-87D0-D57B29A0A660}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]

2007-12-03 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyServer = 68.50.199.210:2301
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Salva oggetto con NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Salva tutti gli oggetti con NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Scarica con Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: {C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
IE: {C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe -
LSP: c:\windows\system32\imon.dll
TCP: {2A27B14C-5A07-4A95-9A56-84CC3621B862} = 192.168.0.1
FireFox -: Profile - c:\users\Ferruccio\AppData\Roaming\Mozilla\Firefox\Profiles\kz6jnikp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\users\Ferruccio\AppData\Local\Google\Update\1.2.131.27\npGoogleOneClick6.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 17:06:01
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\TeamViewer3\TeamViewer_Service.exe
c:\program files\Fujitsu Siemens Computers\FirstSteps Diagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-08 17:12:07 - macchina è stato riavviato [Ferruccio]
ComboFix-quarantined-files.txt 2008-12-08 16:11:39

Pre-Run: 12,673,126,400 byte disponibili
Post-Run: 12,627,013,632 byte disponibili

349 --- E O F --- 2008-12-04 23:03:52
RiO1986
Newbie
 
Post: 6
Iscritto il: 08/12/08 12:45

Re: help virus install_crack

Postdi Luke57 » 08/12/08 17:25

Ciao, adesso apri un file di testo dal blocco note di windows e incollaci questo codice:

Codice: Seleziona tutto
File::
F:\autorun.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"recinfo"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{691af320-a340-11dc-ae29-00030d784965}]



salvalo nella stessa direzione di combofix.exe (o abc.exe)chiamandolo obbligatoriamente CFScript.txt
trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione. Al riavvio, posta il nuovo report, se prodotto.

Prova poi a reinstallare l'antivirus (il suo eseguibile è stato corrotto definitivamente dal virus)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: help virus install_crack

Postdi RiO1986 » 08/12/08 17:43

ComboFix 08-12-07.01 - Ferruccio 2008-12-08 17.38.10.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1040.18.1050 [GMT 1:00]
Eseguito da: c:\users\Ferruccio\Desktop\abc.exe
Interruttori di comando utilizzati :: c:\users\Ferruccio\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
* Resident AV is active


FILE ::
F:\autorun.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-11-08 al 2008-12-08 )))))))))))))))))))))))))))))))))))
.

2008-12-08 17:05 . 2008-12-08 17:06 188,416 --a------ c:\windows\System32\igfxres.dll
2008-12-07 11:09 . 2008-12-07 11:09 <DIR> d-------- c:\users\Ferruccio\AppData\Roaming\Malwarebytes
2008-12-07 11:09 . 2008-12-07 11:09 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-07 11:09 . 2008-12-07 11:09 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-07 11:09 . 2008-12-07 11:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 11:09 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-07 11:09 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-07 11:00 . 2008-12-07 11:04 <DIR> d-------- c:\program files\FindyKill
2008-12-07 02:53 . 2008-12-07 02:53 512,096 --a------ c:\windows\System32\drivers\amon.sys
2008-12-07 02:53 . 2008-12-07 02:53 299,392 --a------ c:\windows\System32\imon.dll
2008-12-07 02:53 . 2008-12-07 02:53 15,424 --a------ c:\windows\System32\drivers\nod32drv.sys
2008-12-04 20:48 . 2008-12-04 20:49 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-04 20:48 . 2008-12-04 20:49 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-04 20:48 . 2008-12-04 20:49 <DIR> d-------- c:\program files\iTunes
2008-12-04 20:48 . 2008-12-04 20:48 <DIR> d-------- c:\program files\iPod
2008-12-04 20:44 . 2008-12-04 20:45 <DIR> d-------- c:\program files\QuickTime
2008-12-04 02:15 . 2008-12-04 11:35 <DIR> d-------- c:\program files\Invisible IP Map
2008-11-29 22:05 . 2008-11-29 22:05 <DIR> d-------- c:\program files\Illustrate
2008-11-29 22:05 . 2008-11-29 22:05 131,072 --a------ c:\windows\System32\SpoonUninstall.exe
2008-11-29 22:05 . 2008-11-29 22:05 36,604 --a------ c:\windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-11-29 22:05 . 2008-11-29 22:05 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2008-11-26 04:40 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 04:40 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 04:40 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 04:40 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 04:40 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 04:40 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 04:40 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-25 18:36 . 2008-11-25 18:36 <DIR> d-------- c:\program files\Pegasys Inc
2008-11-25 18:30 . 2008-11-10 05:43 410,984 --a------ c:\windows\System32\deploytk.dll
2008-11-21 15:51 . 2008-11-21 15:51 <DIR> d-------- c:\program files\TeamViewer3
2008-11-21 15:47 . 2008-11-21 15:47 <DIR> d-------- c:\users\Ferruccio\temp
2008-11-21 15:47 . 2008-11-21 15:47 <DIR> d-------- c:\users\Ferruccio\AppData\Roaming\TeamViewer
2008-11-16 22:21 . 2008-11-16 22:21 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-16 22:12 . 2008-11-16 22:12 <DIR> d-------- C:\My Music
2008-11-15 18:12 . 2008-12-06 13:28 <DIR> d-------- C:\Downloads
2008-11-15 18:07 . 2008-12-06 22:43 <DIR> d-------- c:\users\Ferruccio\AppData\Roaming\Free Download Manager
2008-11-15 18:07 . 2008-11-15 18:07 <DIR> d-------- c:\users\All Users\FreeDownloadManager.ORG
2008-11-15 18:07 . 2008-11-15 18:07 <DIR> d-------- c:\programdata\FreeDownloadManager.ORG
2008-11-15 18:07 . 2008-11-15 18:07 <DIR> d-------- c:\program files\Free Download Manager
2008-11-15 10:16 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-15 10:16 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-15 10:16 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-15 10:16 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-15 10:15 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-15 10:15 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-15 10:15 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-15 10:15 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-15 10:15 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-14 03:06 . 2008-11-14 03:06 <DIR> d-------- c:\program files\Drive Rescue
2008-11-12 05:23 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-12 05:23 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 05:23 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-12 05:20 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-12 05:20 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 16:05 --------- d---a-w c:\programdata\TEMP
2008-12-07 01:57 --------- d-----w c:\program files\ESET
2008-12-06 21:38 --------- d-----w c:\users\Ferruccio\AppData\Roaming\Skype
2008-12-06 21:37 --------- d-----w c:\users\Ferruccio\AppData\Roaming\skypePM
2008-12-04 20:27 --------- d-----w c:\users\Ferruccio\AppData\Roaming\mIRC
2008-12-04 19:48 --------- d-----w c:\program files\Common Files\Apple
2008-12-03 08:55 --------- d-----w c:\program files\Java
2008-11-29 21:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 21:08 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-29 17:35 --------- d-----w c:\users\Ferruccio\AppData\Roaming\uTorrent
2008-11-19 08:55 --------- d-----w c:\programdata\Microsoft Help
2008-11-16 21:21 --------- d-----w c:\program files\Common Files\Real
2008-11-16 21:12 --------- d-----w c:\program files\Real
2008-11-13 00:30 --------- d-----w c:\program files\PokerStars.IT
2008-11-07 12:10 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-11-07 12:10 56 ---ha-w c:\programdata\ezsidmv.dat
2008-11-07 12:10 --------- d-----w c:\program files\Common Files\Skype
2008-10-30 12:04 --------- d-----w c:\users\Ferruccio\AppData\Roaming\Apple Computer
2008-10-29 17:16 --------- d-----w c:\program files\Apple Software Update
2008-10-29 17:12 --------- d-----w c:\program files\Bonjour
2008-10-28 09:18 --------- d-----w c:\program files\Winamp
2008-10-27 17:20 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-27 17:03 --------- d-----w c:\program files\VirtualDJ
2008-10-27 16:39 --------- d-----w c:\program files\AtomixMP3
2008-10-24 12:32 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-22 07:17 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 11:47 --------- d-----w c:\program files\Common Files\SWF Studio
2008-10-20 16:46 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-20 13:18 --------- d-----w c:\program files\PokerStars.NET
2008-10-18 16:21 --------- d-----w c:\program files\Garmin GPS Plugin
2008-10-18 11:29 --------- d-----w c:\program files\Easy CD-DA Extractor 12
2008-10-15 08:08 --------- d-----w c:\program files\Windows Mail
2008-10-13 15:01 --------- d-----w c:\users\Ferruccio\AppData\Roaming\GetRight
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-07-09 20:45 174 --sha-w c:\program files\desktop.ini
2007-12-12 15:05 32 ----a-w c:\users\All Users\ezsid.dat
2007-12-12 15:05 32 ----a-w c:\programdata\ezsid.dat
2007-12-02 18:36 111,258 ----a-w c:\users\All Users\firstlsp.reg.dat
2007-12-02 18:36 111,258 ----a-w c:\programdata\firstlsp.reg.dat
2007-12-02 20:17 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-02 20:17 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-02 20:17 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-08_15.53.36.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-08 16:05:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-08 16:05:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-08 14:48:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-08 16:05:51 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-08 16:05:51 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-08 14:48:36 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-08 16:08:08 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-08 16:08:08 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-08 14:36:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-08 16:07:15 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-08 14:36:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-08 16:07:15 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-08 14:36:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-08 16:07:15 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-08 14:38:29 13,000 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1927192671-3056111476-2040781451-1000_UserData.bin
+ 2008-12-08 16:09:35 13,868 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1927192671-3056111476-2040781451-1000_UserData.bin
- 2008-12-08 14:38:29 88,582 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-08 16:09:35 88,830 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-08 14:38:28 53,788 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-08 16:09:24 54,350 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [BU]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [BU]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"Google Update"="c:\users\Ferruccio\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-14 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"recinfo973"="c:\recinfo\RecInfo.exe" [2007-06-06 2768896]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-12-07 517768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-07 950664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"RevHDD"="c:\windows\SYSTEM\RevHDD.exe" [BU]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-03-27 3057152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-16 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-13 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-11-17 12:53 171464 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
c:\program files\Pando Networks\Pando\Pando.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1927192671-3056111476-2040781451-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{71355172-E366-47DC-847F-FA400EF81614}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{99068DA5-6557-45A5-84C2-38D7FA0EE608}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5B579BBC-C824-4283-8492-1992958F28FD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{074E6B64-BAC6-4FBF-AD4A-8A6273EC3ED9}c:\\program files\\adunanza\\emule_adnza.exe"= UDP:c:\program files\adunanza\emule_adnza.exe:eMule
"UDP Query User{1AA69B7C-9C43-4069-A2C2-4CDF3ED3AE0C}c:\\program files\\adunanza\\emule_adnza.exe"= TCP:c:\program files\adunanza\emule_adnza.exe:eMule
"TCP Query User{77F86060-1819-416B-8332-C8C0B6A7FA23}c:\\program files\\common files\\system\\dns.exe"= UDP:c:\program files\common files\system\dns.exe:dns
"UDP Query User{0886D0AA-84E7-47D1-B595-1F840CFBEB3B}c:\\program files\\common files\\system\\dns.exe"= TCP:c:\program files\common files\system\dns.exe:dns
"TCP Query User{9E211808-1A4A-4C57-AE56-956F839AAB7E}c:\\program files\\common files\\system\\dns.exe"= UDP:c:\program files\common files\system\dns.exe:dns
"UDP Query User{D2848065-1F2A-4A79-8B04-BF2E35204599}c:\\program files\\common files\\system\\dns.exe"= TCP:c:\program files\common files\system\dns.exe:dns
"{41B81DB3-3D4D-474B-81F8-4FD8D8AE314A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F3D2F554-91CE-4C4A-B028-67E2EC6E3290}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2CFE4ED8-7F4E-483B-B1DE-C8D2B2747B54}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{62D80731-7D6F-40C1-B02B-C41ECB8C0912}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{28D02A40-22F0-4D28-856E-24E62CDF0B8D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FDABE022-97EF-408B-B107-AB35B1A7CF16}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C591E2FD-5280-46EA-9C6D-335E48D9E3E6}"= UDP:57243:Pando P2P TCP Listening Port
"{521E3F18-1DF7-429A-91D6-EE3365CDB137}"= TCP:57243:Pando P2P UDP Listening Port
"{F2E27B26-EEBE-4488-8D3A-A9585E77B996}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{00CD4F65-266D-4232-9425-AC35215BE15D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{F66C2322-3F00-4334-8987-FF5D744F0FD0}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{4D00DE10-EE34-44BF-AF1C-DD330FA75DC6}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{3344D3FD-F522-4789-95DC-194D78A8DB06}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{C91083B9-C096-42F9-963A-B78E2B0131BB}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{D29574ED-4E0C-4314-9F30-B83EAC4D6AF9}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{9875F1B6-8EF3-489A-9AF2-13DEE2E07221}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{EC7F43D3-B56A-47F4-9F62-7C87700F5CE4}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{CB68C4BB-5330-4136-A334-B4C264F4134B}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{94AD8E8B-CC76-473C-8104-B2B569EFDECB}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{FA1D2483-5715-439E-9B81-9019F8F1BC5F}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{3EB8459C-A408-4873-814C-34801BF2E1BD}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{AEB4AB74-E944-4C55-A1CE-562C2DC73D10}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{874DB4F1-DD39-4AB9-91BD-7F2608AF513B}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{069CFB6C-7E45-4D7D-8FCA-CCE615E12B2B}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{7635FD46-39BA-4FFF-A62C-B153DBC713CA}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{6DBBB84D-654A-458D-A34E-5F7C8985BD73}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{34F4601D-287C-48C1-8CB3-6860210E48EF}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{01E5EA2D-96F9-42D1-A7F0-896A669E43C8}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D3304442-9E74-41F0-B11D-32305FF38644}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{71D26DDF-7963-4B9A-B630-FA0C7D63D19D}"= UDP:c:\users\Ferruccio\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2A323B4D-C2F5-4642-AF74-E461119779A7}"= TCP:c:\users\Ferruccio\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{AF68B32E-97BB-40B7-8DE4-BB264C9FB9A6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{93E7BDF5-45BD-4913-9673-7B123595BB84}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{46439698-A76A-4FA3-B0A7-E224F05F1383}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3E4C8326-318E-4710-8746-C462DD2AB901}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D99DF33D-EDF1-4FC5-AD36-155D4F0A0A31}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\System\\dns.exe"= c:\program files\Common Files\System\dns.exe:*:Enabled:Windows Update
"c:\\Program Files\\PPStream\\PPStream.exe"= c:\program files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ
"c:\\Program Files\\PPStream\\PPSAP.exe"= c:\program files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-07 15424]
R2 TeamViewer;TeamViewer 3;"c:\program files\TeamViewer3\TeamViewer_Service.exe" -service [2008-11-17 185640]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2008-01-19 178913]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-19 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Ferruccio\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-14 20:19]

2008-12-08 c:\windows\Tasks\User_Feed_Synchronization-{D876D74D-FD24-4067-87D0-D57B29A0A660}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]

2007-12-03 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyServer = 68.50.199.210:2301
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Salva oggetto con NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Salva tutti gli oggetti con NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Scarica con Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: {C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
IE: {C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe -
LSP: c:\windows\system32\imon.dll
TCP: {2A27B14C-5A07-4A95-9A56-84CC3621B862} = 192.168.0.1
FireFox -: Profile - c:\users\Ferruccio\AppData\Roaming\Mozilla\Firefox\Profiles\kz6jnikp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\users\Ferruccio\AppData\Local\Google\Update\1.2.131.27\npGoogleOneClick6.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 17:39:42
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************
.
Ora fine scansione: 2008-12-08 17.41.53
ComboFix-quarantined-files.txt 2008-12-08 16:40:33
ComboFix2.txt 2008-12-08 16:12:08

Pre-Run: 12.551.270.400 byte disponibili
Post-Run: 12,412,583,936 byte disponibili

322 --- E O F --- 2008-12-04 23:03:52
RiO1986
Newbie
 
Post: 6
Iscritto il: 08/12/08 12:45

Re: help virus install_crack

Postdi RiO1986 » 08/12/08 18:01

ora all'avvio mi esce una finestrella di windows che menca questo file in sisytem32 : igfxres.dll

per internet nn si collega anzi nn mi trova proprio nessuna rete wifi.

per l'antivirus l'ho reinstallato ma nn può aggiornare perkè il pc nn è collegato a internet
RiO1986
Newbie
 
Post: 6
Iscritto il: 08/12/08 12:45

Re: help virus install_crack

Postdi Luke57 » 08/12/08 18:16

Ciao, vai qui:
http://www.megalab.it/2657/4/bagle-un-w ... -antivirus
è descritto come fare per riattivare alcune applicazioni disattivate dal virus compresa la connessione a internet.
Nel report di combofix quel file è presente.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: help virus install_crack

Postdi Luke57 » 08/12/08 18:35

Ciao, in effetti quel file è stato elimnato da combofix.
I files eliminati vengono salvati nella cartella C:\QooBox da cui possono essere ripristinati
Per cui vai nella cartella suddetta, individua:
c:\windows\System32\igfxres.dll
ripristinalo nella cartella system32, se fosse stato rinominato in igfxres.dll,vir ad esempio, togli l'estensione .vir
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: help virus install_crack

Postdi RiO1986 » 09/12/08 03:45

grazie ora il pc dovrebbe andare bene .. se ho qualke altro probl vi faccio sapere . Grazie di nuovo
RiO1986
Newbie
 
Post: 6
Iscritto il: 08/12/08 12:45


Torna a Sicurezza e Privacy


Topic correlati a "help virus install_crack":

Virus o cosa?
Autore: danibi60
Forum: Sicurezza e Privacy
Risposte: 26

Chi c’è in linea

Visitano il forum: Nessuno e 83 ospiti