Condividi:        

infetta da centinaia di virus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

infetta da centinaia di virus

Postdi flipper86 » 15/12/08 16:23

Salve, vorrei chiedere l'aiuto di un esperto... Vi prego aiutatemi, nn so + cosa fare.
Allora spiego il mio prolema:
sabato pomeriggio ho scaricato un file da emule, una cartella in winzip che ho provato ad aprire, ma all'apertura mi sono trovata il pc invaso da centinaia di virus, credo (colpa mia che nn ho fatto la scansione prima di aprire la cartella). Detto questo, il desktop si è oscurato e lampeggiava una grossa scritta WARNING. mi hanno consigliato di scaricare questo programma: 1-2-3 spyware free...prima di questo però ho istallato un programma di nome malwarebytes anti-malware, in quanto il pc si connetteva in automatico ad internet e si apriva una pagina con scritto REAL ANTIVIRUS.Ho cercato in internet ed ho scoperto che è praticamente un virus,altro che antivirus, e per eliminarlo ho dovuto adottare questo sistema con il programma su detto! e nn vi dico cosa ci è voluto per istallare il programma...si aprivano finestre in continuazione, il programma mi scappava dalle mani... suppongo siano stati i virus. poi finalmente sono riuscita a istallare il programma e dalla scansione sono usciti fuori + di 100 file infetti o cose del genere..poi ho fatto una nuova scansione con avg e poi con 1-2-3 spyware free e sono venuti fuori ulteriori virus. il problema ora è un altro, che quando faccio la scansione con il programma malwarebytes mi escono sempre 2 avvisi che nn riesco ad eliminare(sono qualcosa tipo trojan.agent), in + ho risolto un pò di problemi, ma ora ho ancora il desktop oscurato, o meglio è tutto blu!! poi ci sono stati problemi con la connessione ad internet che cmq ho risolto.. quindi mi resta il fatto che ogni qualvolta intrapendo una scansione succede che rileva qualche virus o cookie(si chiamano così???) (apparte quei 2 di prima che nn si eliminano proprio) e poi il pc continua ad essere lento lento lento... saranno altri virus???
spero che possiate aiutarmi..ho letto che siete molto esperti..
per qualsiasi chiarimento, sono a piena disposizione...
grazie :P :cry: :cry: :cry:
flipper86
Utente Junior
 
Post: 10
Iscritto il: 15/12/08 15:48

Sponsor
 

Re: infetta da centinaia di virus

Postdi Luke57 » 15/12/08 16:55

Ciao, spiegazione fluviale ma un pò caotica ;)
Chiudi i programmi di sicurezza e scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
1. Doppio click su combofix.exe
2. Digita 1, premi Invio e segui le indicazioni (non fare altre manovre durante la scansione).
3. Al termine, verrà creato un file log chiamato C:\ComboFix.txt.
4. Posta il log creato che troverai in C:\combofix.txt.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: infetta da centinaia di virus

Postdi flipper86 » 16/12/08 14:19

ciao Luke, speravo che mi rispondessi tu... ho letto parecchi interventi tuoi, anche su altri siti, e speravo mi aiutassi... sei gentilissimo. tornando al mio problema, scusa per la confusione, ma mi sono capitate troppe cose insieme... cmq nn so cosa significhi "postare il log"(sono molto ingnorante in questo campo...) ma questo è il risultato del programma che mi hai consigliato :

ComboFix 08-12-15.05 - Principale 2008-12-16 14.00.55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.511.244 [GMT 1:00]
Eseguito da: c:\documents and settings\Principale\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\PRINCI~1\IMPOST~1\Temp\tmp1.tmp
c:\docume~1\PRINCI~1\IMPOST~1\Temp\tmp2.tmp
c:\documents and settings\Principale\Dati applicazioni\FunWebProducts
c:\windows\system32\test.ttt
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
c:\windows\Tasks\kbubbifu.job

c:\windows\system32\userinit.exe . . . è infetto!!

.
((((((((((((((((((((((((( Files Creati Da 2008-11-16 al 2008-12-16 )))))))))))))))))))))))))))))))))))
.

2008-12-14 14:35 . 2008-12-14 14:35 <DIR> d-------- c:\programmi\Smart PC Solutions
2008-12-13 16:48 . 2008-12-13 16:48 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-13 16:48 . 2008-12-13 16:48 <DIR> d-------- c:\documents and settings\Principale\Dati applicazioni\Malwarebytes
2008-12-13 16:48 . 2008-12-13 16:48 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-13 16:48 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-13 16:48 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-13 15:02 . 2008-12-15 15:36 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-11 11:34 . 2008-12-12 17:57 116 --a------ c:\windows\NeroDigital.ini
2008-12-04 09:20 . 2003-05-22 16:31 55,808 --a------ c:\windows\system32\lfpsd13n.dll
2008-11-23 12:29 . 2008-12-16 13:46 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-23 12:29 . 2008-11-23 12:29 <DIR> d-------- c:\programmi\AVG
2008-11-23 12:29 . 2008-11-23 12:29 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\avg8
2008-11-23 12:29 . 2008-11-23 12:29 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-23 12:29 . 2008-11-23 12:29 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-23 12:29 . 2008-11-23 12:29 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-18 18:03 . 1999-07-25 18:12 36,864 --a------ c:\windows\Photo Express 3.scr
2008-11-18 18:02 . 2008-11-18 18:02 <DIR> d-------- c:\programmi\Ulead Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 13:55 --------- d-----w c:\programmi\eMule
2008-11-26 20:30 --------- d-----w c:\documents and settings\Principale\Dati applicazioni\mIRC
2008-11-23 11:24 --------- d-----w c:\programmi\Ahead
2008-11-23 11:14 --------- d-----w c:\programmi\Google
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-20 17:39 --------- d-----w c:\programmi\Multi_Media_Italy
2008-10-20 17:39 --------- d-----w c:\programmi\Conduit
2008-10-20 16:25 --------- d-----w c:\programmi\MTA San Andreas
2008-10-19 13:43 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 15:06 --------- d-----w c:\programmi\MSN Messenger
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-07 20:07 230,432 ----a-w C:\StiImg.dat
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"EPSON Stylus C44 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-12-10 75776]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll jytbwc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:eMule_TCP
"4672:UDP"= 4672:UDP:eMule_UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-23 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-23 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-23 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-23 76040]
R3 PAC207;NX-Vega;c:\windows\system32\DRIVERS\pfc027.sys [2005-01-25 154112]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {91C566B7-B30E-4D15-A8CB-874989E08ED0} = 195.210.91.100,193.70.192.100
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 14:04:13
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\rundll32.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PAStiSvc.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\programmi\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-16 14:06:50 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-16 13:06:32

Pre-Run: 15.413.039.104 byte disponibili
Post-Run: 15,634,718,720 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

143 --- E O F --- 2008-12-11 11:21:23


GRAZIEEEEEEEEEEEEEEEEEEEEEEEEE
flipper86
Utente Junior
 
Post: 10
Iscritto il: 15/12/08 15:48

Re: infetta da centinaia di virus

Postdi flipper86 » 16/12/08 14:22

ho capito solo una cosa: il pc è ancora infetto, ma nn so da cosa e anke se lo sapessi nn saprei come risolvere il problema..
ti ringrazio in anticipo per la disponibilità
CIAO :)
flipper86
Utente Junior
 
Post: 10
Iscritto il: 15/12/08 15:48

Re: infetta da centinaia di virus

Postdi Luke57 » 16/12/08 19:54

Ciao,scarica sul desktop systemscan
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verranno rilasciati (sempre sul desktop all'interno della cartella suspectfile) due file. Allega il file con estensione .zip nella tua prossima risposta.

Ricordati d'effettuare la scansione senza connessione attiva e con l'antivirus disabilitato salvo poi riattivarlo a scansione terminata.

NB
la durata della scansione può risultare lunga, potrebbe addirittura sembrare che il programma non stia lavorando, non preoccuparti non è così ;)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: infetta da centinaia di virus

Postdi flipper86 » 16/12/08 22:14

Ciao, sono pronta a fare ciò che mi hai detto. solo una cosa: ho AVG, malwarebytes anti-malware e 1-2-3 spyware free, devo disattivare tutti e 3?? se si, come si disattivano?? scusa ancora per l'ignoranza...
GRAZIE!!!
flipper86
Utente Junior
 
Post: 10
Iscritto il: 15/12/08 15:48

Re: infetta da centinaia di virus

Postdi Luke57 » 16/12/08 22:27

Ciao, solo avg.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: infetta da centinaia di virus

Postdi flipper86 » 16/12/08 22:29

scusa ancora, ma come si disattiva???? :cry:
flipper86
Utente Junior
 
Post: 10
Iscritto il: 15/12/08 15:48

Re: infetta da centinaia di virus

Postdi Luke57 » 16/12/08 22:48

Ciao, prova tasto dx del mouse sull'icona e scegli la voce corrispondente. Altrimenti prova a fare la scansione lo stesso.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: infetta da centinaia di virus

Postdi flipper86 » 16/12/08 23:17

eccoti i risultati
Allegati

[L’estensione txt è stata disattivata e non puó essere visualizzata.]

[L’estensione zip è stata disattivata e non puó essere visualizzata.]

flipper86
Utente Junior
 
Post: 10
Iscritto il: 15/12/08 15:48

Re: infetta da centinaia di virus

Postdi Luke57 » 16/12/08 23:38

Ciao, manda un log con hijacktjhis (nel forum trovare come fare) , nel report ho trovato solo un valore infetto.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: infetta da centinaia di virus

Postdi flipper86 » 22/12/08 10:29

ciao, scusa se mi faccio viva solo adesso, ma nn ho proprio potuto fare ciò che mi hai detto prima... cmq nn riesco a scaricare il programma che mi hai consigliato!!! spero che tu mi possa ancora aiutare :neutral:
!!! ciao
flipper86
Utente Junior
 
Post: 10
Iscritto il: 15/12/08 15:48

Re: infetta da centinaia di virus

Postdi ultimoarrivato » 28/01/09 10:09

Ho il problema di tanti, ho fatto scansione con COMBOFIX mi aiutate per favore, non riesco a togliere nemmeno nel registro il file avgtdix... non mi fa reistallare AVG....
ComboFix 09-01-21.04 - utente 2009-01-28 9.50.58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.511.203 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\MIDI FILES DA CORREGGERE\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated)
AV: Kaspersky Anti-Virus 6.0 *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
FW: Bitdefender Firewall *disabled*
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\utente\Dati applicazioni\inst.exe
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\cioqe.dat
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\cioqe.exe
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\cioqe_nav.dat
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\cioqe_navps.dat

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive


((((((((((((((((((((((((( Files Creati Da 2008-12-28 al 2009-01-28 )))))))))))))))))))))))))))))))))))
.

2009-01-28 02:57 . 2009-01-28 02:57 <DIR> d-------- c:\documents and settings\NetworkService\Menu Avvio
2009-01-28 02:24 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-27 23:36 . 2008-08-14 14:42 2,184,064 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-27 23:36 . 2008-08-14 14:42 2,139,648 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-27 23:36 . 2008-08-14 14:42 2,061,440 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-27 23:36 . 2008-08-14 14:42 2,019,328 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-27 20:05 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-27 15:01 . 2001-08-31 16:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2009-01-27 14:59 . 2004-08-03 21:31 482,304 --a--c--- c:\windows\system32\dllcache\pintlgnt.ime
2009-01-27 14:58 . 2001-08-31 16:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2009-01-27 14:57 . 2001-08-31 16:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-01-27 14:56 . 2001-08-31 16:00 1,677,824 --a--c--- c:\windows\system32\dllcache\chsbrkr.dll
2009-01-27 14:55 . 2004-08-19 14:39 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2009-01-27 14:52 . 2009-01-27 14:52 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-27 14:52 . 2009-01-27 14:52 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-27 14:52 . 2009-01-27 14:52 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-01-27 14:52 . 2009-01-27 14:52 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-01-27 14:52 . 2009-01-27 14:52 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-01-27 14:52 . 2009-01-27 14:52 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-01-27 14:51 . 2001-08-31 16:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-01-27 14:38 . 2004-08-19 15:39 4,274,816 --a------ c:\windows\system32\nv4_disp.dll
2009-01-27 14:38 . 2004-08-03 22:29 1,897,408 --a------ c:\windows\system32\drivers\nv4_mini.sys
2009-01-27 14:37 . 2001-08-17 20:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys
2009-01-24 19:54 . 2009-01-24 18:05 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-24 18:05 . 2009-01-24 18:05 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-24 17:58 . 2009-01-24 17:58 <DIR> d--h-c--- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-21 16:28 . 2009-01-21 16:28 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\FDRLab
2009-01-14 16:31 . 2009-01-14 16:32 <DIR> d-------- c:\programmi\File Scavenger 3.0
2009-01-03 21:26 . 2004-08-19 14:39 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-03 17:52 . 2009-01-03 17:52 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\ACD Systems
2009-01-03 17:50 . 2009-01-03 17:50 <DIR> d-------- c:\programmi\File comuni\ACD Systems
2009-01-03 17:50 . 2009-01-03 17:50 <DIR> d-------- c:\programmi\ACD Systems
2009-01-03 17:50 . 2009-01-03 17:50 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ACD Systems
2009-01-03 09:31 . 2009-01-03 09:31 <DIR> d-------- c:\programmi\Extension Changer
2008-12-30 10:08 . 2008-12-30 10:08 <DIR> d-------- c:\programmi\Google Video
2008-12-28 16:32 . 2008-12-28 16:44 <DIR> d-------- c:\programmi\Hotspot Shield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 08:40 --------- d-----w c:\programmi\MOZILLA FIREFOX 2
2009-01-28 07:59 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-01-28 07:18 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-27 21:30 --------- d-----w c:\programmi\Spyware Doctor
2009-01-25 07:02 --------- d-----w c:\programmi\Free FLV Converter
2009-01-24 16:58 --------- d-----w c:\programmi\Lavasoft
2009-01-20 14:47 --------- d-----w c:\documents and settings\utente\Dati applicazioni\Vso
2009-01-19 14:19 --------- d-----w c:\programmi\FairUse Wizard 2
2009-01-14 00:28 --------- d-----w c:\programmi\eMule
2009-01-12 20:30 --------- d-----w c:\programmi\QuickTime
2009-01-03 07:32 --------- d-----w c:\programmi\Erickson
2009-01-02 09:34 --------- d-----w c:\programmi\CCleaner
2009-01-02 09:06 --------- d-----w c:\programmi\Unlocker
2008-12-26 21:54 --------- d-----w c:\programmi\Java
2008-12-26 16:11 --------- d-----w c:\documents and settings\utente\Dati applicazioni\Desktopicon
2008-12-22 09:12 --------- d-----w c:\programmi\Alchemy Mindworks
2008-12-21 14:21 --------- d-----w c:\programmi\Giotec
2008-12-21 14:07 --------- d-----w c:\programmi\Disney Interactive
2008-12-21 14:04 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-21 14:00 --------- d-----w c:\programmi\Formosoft
2008-12-21 07:42 --------- d-----w c:\programmi\RadioXpi
2008-12-19 11:03 --------- d-----w c:\documents and settings\utente\Dati applicazioni\LaParola
2008-12-15 19:36 --------- d-----w c:\documents and settings\utente\Dati applicazioni\uTorrent
2008-12-15 12:05 --------- d-----w c:\documents and settings\utente\Dati applicazioni\iSpring Solutions
2008-12-15 11:58 --------- d-----w c:\programmi\iSpring
2008-12-15 11:58 --------- d-----w c:\programmi\File comuni\iSpring Solutions
2008-12-12 08:43 --------- d-----w c:\programmi\iSpring Free 3
2008-12-12 08:43 --------- d-----w c:\programmi\File comuni\CPS Labs Ltd
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 19:27 --------- d-----w c:\documents and settings\utente\Dati applicazioni\CPS Labs
2008-12-08 13:53 --------- d-----w c:\programmi\PDFCreator
2008-12-08 13:52 15,251 ----a-w c:\programmi\settings.dat
2008-12-08 13:39 --------- d-----w c:\programmi\File comuni\Apple
2008-12-08 13:39 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-12-06 07:03 --------- d-----w c:\programmi\Security Task Manager
2008-12-06 07:03 --------- d-----w c:\programmi\Photo to VCD SVCD DVD Converter
2008-12-05 08:16 --------- d-----w c:\documents and settings\utente\Dati applicazioni\Apple Computer
2008-12-05 08:03 --------- d-----w c:\programmi\Apple Software Update
2008-12-05 08:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple
2008-09-30 07:55 47,360 ----a-w c:\documents and settings\utente\Dati applicazioni\pcouffin.sys
2002-07-26 15:02 153,088 ----a-w c:\programmi\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 49,152 2001-12-19 10:59:50 c:\programmi\Elaborate Bytes\CloneCD\bak\CloneCDTray.exe

----a-w 45,056 2001-12-06 11:09:08 c:\programmi\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe

----a-w 36,975 2005-04-13 02:48:52 c:\programmi\Java\jre1.5.0_03\bin\bak\jusched.exe

----a-w 421,888 2006-04-19 23:17:05 c:\programmi\Picasa2\bak\PicasaMediaDetector.exe
----a-w 443,968 2008-02-26 01:23:34 c:\programmi\Picasa2\PicasaMediaDetector.exe

----a-w 192,512 2004-04-23 09:00:36 c:\programmi\Pinnacle\Shared Files\Programs\USBTip\bak\USBTip.exe

----a-w 98,304 2005-04-30 10:52:56 c:\programmi\QuickTime\bak\qttask.exe
----a-w 413,696 2008-09-06 14:09:14 c:\programmi\QuickTime\QTTask.exe

----a-w 15,360 2004-08-19 13:39:36 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 13:39:36 c:\windows\system32\ctfmon.exe

----a-w 155,648 2001-07-09 10:50:42 c:\windows\system32\bak\NeroCheck.exe

----a-w 303,104 2005-10-13 15:52:42 c:\windows\system32\bak\sistray.EXE

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Picasa Media Detector"="c:\programmi\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"msnmsgr"="c:\programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"cioqe"="c:\documents and settings\utente\impostazioni locali\dati applicazioni\cioqe.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-24 507224]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 c:\windows\SOUNDMAN.EXE]
"Cmaudio"="cmicnfg.cpl" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"MSACM.CEGSM"= mobilev.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Device Detector 3.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Device Detector 3.lnk
backup=c:\windows\pss\Device Detector 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^LG SyncManager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\LG SyncManager.lnk
backup=c:\windows\pss\LG SyncManager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceRE_McciTrayApp]
--a------ 2006-11-21 15:26 936960 c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 14:39 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E08IXLRD_10662281]
--a------ 2007-06-12 22:09 351000 c:\programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-10-14 17:59 1168264 c:\programmi\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-04-21 14:41 438359 c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
c:\windows\system32\NeroCheck.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Tray]
c:\windows\System32\sistray.EXE [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XMS7 StartUp]
c:\programmi\XMS7\XMS7.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SBService"=2 (0x2)
"MDM"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eBay\\Turbo Lister2\\Tl.exe"=
"c:\\Documents and Settings\\utente\\Desktop\\FUSIONSCRIPT\\mirc.exe"=
"c:\\Documents and Settings\\utente\\Documenti\\FUSIONSCRIPT\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-24 64160]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-10-14 160792]
R4 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DlPortIO.sys [2007-10-05 3584]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
R4 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2008-10-12 8192]
R4 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [2008-10-14 356920]
S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [2007-05-30 30368]
S3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\DRIVERS\zd1211u.sys --> c:\windows\system32\DRIVERS\zd1211u.sys [?]
S4 FILESpy;FILESpy;\??\c:\programmi\Softwin\BitDefender9\filespy.sys --> c:\programmi\Softwin\BitDefender9\filespy.sys [?]
S4 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [2004-10-11 91520]
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-24 18:05]

2009-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\programmi\File comuni\PC Tools\LSP\PCTLsp.dll
Trusted Zone: imageshack.us\toolbar
TCP: {2C9E2C8D-C231-4899-B288-91A83208EAE5} = 85.37.17.39 85.38.28.71
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\ucgupdqs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8 ... e=vdio5&p=
FF - component: c:\programmi\MOZILLA FIREFOX 2\components\xpinstal.dll
FF - component: c:\programmi\MOZILLA FIREFOX 2\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 09:54:51
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,32,1b,d8,fe,3d,
2e,cf,97,2e,e8,e1,00,eb,16,2b,de,46,c7,fb,6e,74,05,9c,f3,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,74,7f,7f,dd,6c,
3a,63,5e,46,47,15,b0,92,4b,c7,ef,7e,6e,ba,08,69,d1,5d,73,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,fe,00,92,7d,ee,
b0,35,19,7a,45,05,fd,91,e8,6f,31,da,e2,67,b0,d9,f3,3c,cf,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,72,f6,48,68,12,
8f,a0,76,6b,65,49,6a,7e,99,74,f7,67,2a,05,39,84,91,f0,c2,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,53,5c,e8,f4,bb,
de,28,a9,e9,02,6c,fa,fb,1d,47,57,9a,83,bb,69,0f,55,82,3c,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,cd,c8,34,55,40,
a4,38,78,50,93,e5,ab,ec,6a,4e,ab,41,70,ed,5b,90,4e,72,67,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c5,9f,f8,bd,d4,
97,33,c6,97,20,4e,9a,c7,f1,35,ee,fa,8c,06,e2,7d,d7,75,1c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,1b,dd,ce,13,ef,
6d,ce,65,aa,52,c6,00,84,3c,26,64,de,6f,e7,2f,22,4a,3b,9d,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,91,d9,7f,8e,c8,
84,f7,4f,b2,46,9a,e2,1b,fe,1b,94,7d,d1,0d,30,df,ca,80,db,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,f6,92,46,e8,6f,
60,9f,f0,37,a4,aa,c3,a6,15,56,0a,a6,36,6e,e8,bc,6e,65,c9,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,4f,b2,a2,68,de,
c3,58,73,f8,31,0f,a9,5f,a0,ec,fb,29,a2,d1,0f,11,62,da,87,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,df,63,65,85,8c,
5b,ea,d2,05,73,21,dd,54,d8,4a,c5,14,33,b6,64,ea,6e,3f,d0,6c,43,2d,1e,aa,22,\
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programmi\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-01-28 10:06:13 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-01-28 09:06:10
ComboFix2.txt 2008-07-10 11:06:26

Pre-Run: 20.386.856.960 byte disponibili
Post-Run: 20,470,255,616 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

351 --- E O F --- 2009-01-28 02:01:02
ultimoarrivato
Utente Junior
 
Post: 26
Iscritto il: 04/02/06 17:17


Torna a Sicurezza e Privacy


Topic correlati a "infetta da centinaia di virus":


Chi c’è in linea

Visitano il forum: Nessuno e 64 ospiti