minore di capitale

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware e sicurezza
Reload this Page

Iexplore.exe

Registrati Sito Spy Elenco membri Donazione Ricerca Today's Posts Mark Forums Read Regole Forum

Register


 Default 

Iexplore.exe




Reply
Pagina 1 di 2 1 2
 
Thread Tools
  #1  
Old 15 Gennaio 2008, 11:50
Membro Gruppo
  
Ho letto che questo è un male, non ho aperto Internet Explorer, ma è ancora in corso nel mio task manager (di cui io credo che si suppone essere in lettere maiuscole), è rallentare il mio computer. E 'un virus? spyware ecc?

Come faccio a rimuoverlo?
  #2  
Old 15 Gennaio 2008, 11:59
Moderatore del Gruppo
  
Diamo un rapido sguardo.
Scarica e rinominare HijackThis (HJT)
  • Fare doppio clic su HJTInstall.
  • Fare clic sul Installare pulsante.
  • Sarà automaticamente posto in HJT C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
  • Su installare, HijackThis dovrebbe aprire per voi.
    • Chiudi HijackThis e rinominarlo.
    • Vai alla cartella C: \ Program Files \ Trend Micro \HijackThis.exe
    • Fai clic destro su HijackThis.exe e selezionare Rinomina.
    • Digitare sniper.exe e premere Inserisci.
    • Fare clic col tasto destro su sniper.exe e selezionare Invia a > Desktop (creare il collegamento)
  • Dal desktop aperto HiackThis.
  • Se si utilizza Windows Vista, assicurarsi di Esegui come amministratore
  • Fare clic sul Eseguire una scansione del sistema e salvare un file di log pulsante
  • HijackThis effettua la scansione e poi si aprirà un log in notepad.
  • Copiare e incollare il log in tuo post.
    • Non HijackThis fissare hanno ancora nulla. La maggior parte di ciò che si ritiene essere innocui o addirittura richiesto.
Anche se abbiamo ribattezzato HijackThis di cecchino, si continua a fare riferimento ad esso, come HijackThis o HJT.
__________________
  #3  
Old 15 Gennaio 2008, 12:08
Membro Gruppo
  
Per qualche motivo, I cant vedere IEXPLORE.exe qui, ma è sicuramente in tm

Logfile di Trend Micro HijackThis v2.0.2
Scan salvato a 7:02:55 PM, il 1/15/2008
Piattaforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Windows Live \ Messenger \ usnsvc.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Windows Media Player \ wmplayer.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Seconda bat picco creativo] C: \ Documents and Settings \ All Users \ Dati applicazioni \ Asse Leggimi Seconda Bat \ morti lite.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb più noun.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SERVIZIO LOCALE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra pulsante: Invia a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & fine a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra pulsante: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
Ø18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Sconosciuto proprietario - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
Fine del file - 7104 bytes
  #4  
Old 15. Gen 2008, 12:29
Moderatore del Gruppo
  
Sì avete qualche cattivo infezioni.

Fase 1

Si prega di scaricare NoLop.exe sul desktop:
  • Chiudere tutti i programmi in esecuzione, poiché è necessario un riavvio
  • Fare doppio clic NoLop.exe per eseguirlo
  • Avanti, fare clic sul pulsante: Search and Destroy
    <<your computer saranno ora analizzati per infetti files>>
  • Quando finisce la scansione, se infetti, viene chiesto di riavviare
  • Fare clic su OK
  • Ora fai clic su: REBOOT
  • Un messaggio di popup dovrebbe NoLop. In caso contrario, fare doppio clic sul programma di nuovo e si concluderà.
  • Posta il contenuto del C: \ NoLop.log nella prossima risposta.
Nota: Se si riceve un errore ", mscomctl.ocx o in una delle sue dipendenze non sono registrati correttamente", si prega di scaricare mscomctl.ocx alla tua cartella system32 quindi eseguire nuovamente il programma.

---------------

Fase 2
Scaricare SUPERAntiSpyware Free Edition (SAS)
  • Fare doppio clic sull'icona sul desktop per eseguire il programma di installazione.
  • Quando viene chiesto di Aggiornamento definizioni del programma, fare clic su
  • Avanti fare clic sul Preferenze pulsante.
  • Fare clic sul Scansione di controllo scheda.
  • Sotto Scanner Opzioni assicurarsi che solo le seguenti sono verificati:
    • Chiudi browser prima della scansione
    • Analisi per il monitoraggio dei cookie
    • Termina memoria le minacce prima quarantena
    • Si prega di lasciare gli altri deselezionata.
    • Fare clic sul pulsante Chiudi per uscire dal centro di controllo schermo.
  • Fare clic sul Chiudere pulsante di lasciare il centro di controllo schermo.
  • Sulla schermata principale fare clic su Eseguire la scansione del computer
  • Sulla sinistra verificare C: \ Drive fisso
  • Sulla destra scegliere Eseguire la scansione completa
  • Fare clic sul pulsante Successivo per avviare la scansione. Vi preghiamo di essere paziente mentre si esegue la scansione del computer.
  • Dopo la scansione è completata una sintesi casella verrà visualizzato. Fare clic sul pulsante OK
  • Assicurarsi che tutto il bianco ha una casella di controllo accanto ad essa, quindi fare clic su Successivo
  • E 'ciò che si trova in quarantena e, se si chiede se si desidera riavviare, fare clic su
  • Per recuperare la rimozione di informazioni si prega di effettuare le seguenti operazioni:
    • Dopo il riavvio, fare doppio clic sul SUPERAntiSpyware icona sul desktop.
    • Fare clic sul pulsante Preferenze. Fare clic sul Statistiche / Logs scheda.
    • Sotto Scanner log, fare doppio clic SUPERAntiSpyware Scan Entra.
    • Si aprirà nel vostro editor di testo di default (ad esempio il Blocco note / Wordpad).
    • Salvare il notepad file sul desktop, facendo clic (in blocco note) "File""Salva con nome"
  • Salva il log da qualche parte si può facilmente trovare. (normalmente il desktop)
  • Fare clic su Chiudi e chiudere di nuovo per uscire dal programma.
  • Si prega di copiare e incollare il log in tuo post.
----------

Fase 3

Esegui una nuova scansione HijackThis e postare il log

----------

Next post aggiungere.
Il contenuto di C: \ NoLop.log
SUPERAntiSpyware Accedi
Nuovo log HijackThis

Esso può durare più di un posto per ottenere tutti i registri inseriti. Questo va bene, se necessario.
__________________
  #5  
Old 15 Gennaio 2008, 13:41
Membro Gruppo
  
Nolop log:

NoLop! Entra da Skate_Punk_21

Fix in esecuzione di: C: \ Program Files \ Mozilla Firefox
[1/15/2008]
[7:34:10 PM]

--- Infezione File Found/Removed---
C: \ WINDOWS \ compiti \ ADB7C425918477B9.job

Inizio di rimozione ...
Riavvio ...
Rimozione del Lop rimasto file / cartelle ...
Modifica del Registro di ...
** Fix completo! **

--- Inserzione AppData sottodirectory ---

C: \ Documents and Settings \ All Users \ Dati applicazioni \ Adobe
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple Computer
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Avg7
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Asse Leggimi Seconda Bat
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Grisoft
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Messenger Plus! - Directory vuota
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Microsoft
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Microsoft Help
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Nvidia - directory vuota
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Sony
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Temp - directory vuota
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Windows Genuine Advantage
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Wlinstaller
C: \ Documents and Settings \ Default User \ Dati applicazioni \ Microsoft
C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Avg7 - directory vuota
C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Microsoft
C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Xfire - directory vuota
C: \ Documents and Settings \ NetworkService \ Dati applicazioni \ Microsoft
C: \ Documents and Settings \ NetworkService \ Dati applicazioni \ Xfire - directory vuota
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Adobe
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Apple Computer
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Avg7
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Bittorrent
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Divx
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Dna
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Dvdcss
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Fotowire
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Gtk-2,0
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Identities
C: \ Documents and Settings \ Richard \ Dati applicazioni \ InstallShield
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Macromedia
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Microsoft
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Monkeyjam
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Mozilla
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Pubblica Provider - directory vuota
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Real
C: \ Documents and Settings \ Richard \ Dati applicazioni \ SmartFTP
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Sony
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Sony Setup
C: \ Documents and Settings \ Richard \ Dati applicazioni \ domenica
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Systemrequirementslab
C: \ Documents and Settings \ Richard \ Dati applicazioni \ vlc
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Waybowsreal
C: \ Documents and Settings \ Richard \ Dati applicazioni \ Xfire


Super Anti Spyware log:

SUPERAntiSpyware Scan Entra
http://www.superantispyware.com

Generata 01/15/2008 alle 08:32 PM

Applicazione Versione: 3/9/1008

Core Regole Database Version: 3380
Trace Regole Database Version: 1374

Tipo di scansione: Scansione completa
Totale Scan Time: 00:46:41

Memoria oggetti scanditi: 385
Memoria minacce rilevate: 0
Registro di oggetti scanditi: 5574
Registro di minacce rilevate: 0
File oggetti scanditi: 40825
File minacce rilevate: 66

Adware.Tracking Cookie
C: \ Documents and Settings \ Richard \ Cookies \ richard @ cassava [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ fastclick [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@server.lon.livepe rson [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ casalemedia [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.ppctracking [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ sys-servizio [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.adserver5 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard carphonewarehouse @ .112.2 o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@m1.webstats.motig o [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.vlaze [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@reduxads.valuead [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@rotator.adjuggler [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 888 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ uk [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 247realmedia [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adfarm1.adition [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@login.tracking101 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@stats.channel4 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ azjmp [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@partygaming.122.2 o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ @ richard doppio [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ @ richard pubblicità [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ bluestreak [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@anad.tacoda [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ehg-youtube.hitbox [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.carnavalca ma [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ @ richard 60915153 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@tracking.foxnews [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.veoh [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.clash-media [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@a.websponsors [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.casino.bla ckpoolclub.co [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@prospect.adbureau [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard AdRevolver @ [3]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.bingo.blac kpoolclub.co [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ cgi-bin [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ p [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ lycos-de [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@eas.apm.emediate [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ad.zanox [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ net-entrate [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ hitbox [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ revsci [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@statse.webtrendsl ive [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ questionmarket [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.addynamix [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 2o7 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ pacificpoker [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard Mediaplex @ [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@media.xfire [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ atdmt [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ apmebf [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ PartyPoker richard @ [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard Zedo @ [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard AdRevolver @ [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adserver.filefron t [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ @ richard uno [1]. Txt

Adware.180solutions/ZangoSearch
C: \ System Volume Information \ (_RESTORE 39B7D61A-C471-441E-B6D4-5930E1D582CD) \ RP37 \ A0003673.EXE

Hi Jack log:

Logfile di Trend Micro HijackThis v2.0.2
Scan salvato a 8:38:58 PM, il 1/15/2008
Piattaforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Seconda bat picco creativo] C: \ Documents and Settings \ All Users \ Dati applicazioni \ Asse Leggimi Seconda Bat \ morti lite.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb più noun.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SERVIZIO LOCALE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra pulsante: Invia a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & fine a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra pulsante: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
Ø18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Sconosciuto proprietario - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
Fine del file - 7041 bytes


Spero che questo sia sufficiente
  #6  
Old 15 Gennaio 2008, 13:57
Moderatore del Gruppo
  
Apri HijackThis e selezionare Non solo un sistema di scansione quindi un segno di spunta accanto a:

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)


Chiudere tutte le finestre, ad eccezione di HijackThis e fare clic su Fix controllati

Uscita HijackThis.

----------

Si prega di scaricare da SUBS Combofix da uno dei link qui sotto.
(Prova a tutti e tre, se necessario)IMPORTANTE - Combofix.exe VA essere salvati sul vostro Desktop.
  • Chiudere tutti i browser Web aperto. (Firefox, Internet Explorer, etc)
  • Chiudi / disabilitare tutti gli anti virus e anti malware programmi in modo da non interferire con Combofix. <- IMPORTANTE
    • Fare clic su questo link per visualizzare un elenco di programmi che dovrebbero essere disattivati. Se la vostra non è elencato e non sapete come disabilitare questa funzione, ti chiedo.
  • Fare doppio clic su combofix.exe e segui le istruzioni.
    • Da tastiera selezionare 1 e premere Inserisci
  • Una volta terminato, si produrrà un log per voi.
  • Post che accedi al tuo prossimo risposta.
Non clic combofix della finestra, mentre è in esecuzione.
La scansione sarà disattivare temporaneamente il tuo desktop.
Se interrotto può lasciare il computer bloccato.
Se ciò si verifica, si prega di riavviare per ripristinare il desktop.


----------

Next post
Combofix log
__________________
  #7  
Old 15 Gennaio 2008, 14:06
Membro Gruppo
  
ComboFix 08-01-15.4 - Richard 2008-01-15 21:03:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.587 [GMT 0:00]
Running da: C: \ Documents and Settings \ Richard \ Desktop \ ComboFix.exe
* Creato un nuovo punto di ripristino

AVVERTENZA-Questa macchina NON HANNO IL RECUPERO CONSOLE INSTALLED!
.

((((((((((((((((((((((((( I file creati dal 2007/12/15 al 2008/01/15 ))))))))))) ))))))))))))))))))))
.

2008-01-15 21:03. 2000-08-31 08:00 51.200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 19:41. 2008-01-15 20:38 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ SUPERAntiSpyware.com
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ SUPERAntiSpyware.com
2008-01-15 19:34. 2008-01-15 19:36 <DIR> d -------- C: \ NoLopBackups
2008-01-15 19:01. 2008-01-15 19:01 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-01-15 16:32. 2008-01-15 16:32 <DIR> d -------- C: \ Program Files \ WayBowsReal
2008-01-11 10:27. 2005-05-26 15:34 2.297.552 - un ------ C: \ WINDOWS \ system32 \ d3dx9_26.dll
2008-01-11 10:26. 2008-01-11 10:26 22.328 - a ------ C: \ Documents and Settings \ Richard \ Dati applicazioni \ PnkBstrK.sys
2008-01-11 10:25. 2008-01-11 10:25 319 - a ------ C: \ WINDOWS \ game.ini
2008-01-11 10:15. 2008-01-11 10:15 <DIR> d -------- C: \ Program Files \ Activision
2008-01-11 10:14. 2008-01-11 10:14 <DIR> d - hs ---- C: \ WINDOWS \ ftpcache
2008-01-11 00:29. 2008-01-11 00:29 54.608 - a ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008-01-05 21:00. 2008-01-05 21:00 <DIR> d - h ----- C: \ WINDOWS \ $ $ hf_mig
2008-01-03 18:41. 2008-01-03 18:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Messenger Plus!
2008-01-03 18:00. 2008-01-03 18:00 <DIR> d -------- C: \ Program Files \ Messenger Plus! Vivere
2008-01-03 18:00. 2008-01-15 19:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ WayBowsReal
2008-01-03 18:00. 2008-01-15 16:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Asse Leggimi Seconda Bat
2007-12-30 16:54. 2007-12-30 16:54 <DIR> d -------- C: \ Program Files \ Whisper Tecnologia
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client 2,5 file di installazione
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ SmartFTP
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ Sony
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ Pubblica Provider
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Vstplugins
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Sony
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Sony
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Program Files \ Setup Sony
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ Sony Setup
2007-12-29 23:30. 2008-01-15 17:00 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2007-12-29 23:30. 2007-12-29 23:30 1.409 - un ------ C: \ WINDOWS \ QTFont.for
2007-12-29 15:45. 2007-12-29 15:45 <DIR> d -------- C: \ Program Files \ FPS
2007-12-29 15:45. 2007-12-29 15:45 286.720 --------- C: \ WINDOWS \ Setup1.exe
2007-12-29 15:45. 2007-12-29 15:45 73.216 - a ------ C: \ WINDOWS \ ST6UNST.EXE
2007-12-29 12:08. 2004-08-03 23:10 10.880 - a ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007-12-29 12:08. 2004-08-03 23:10 10.880 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - un ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ SXS
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Logitech
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Common Files \ FotoWire
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ FotoWire
2007-12-29 12:03. 2007-12-29 12:03 <DIR> d -------- C: \ Program Files \ Common Files \ Logitech
2007-12-28 19:09. 2007-12-28 19:46 <DIR> d -------- C: \ Program Files \ eMule
2007-12-28 17:29. 2007-12-28 17:29 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ DivX
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ vicino Fraps
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ TEMP
2007-12-24 17:11. 2007-07-30 19:19 271.224 - un ------ C: \ WINDOWS \ system32 \ mucltui.dll
2007-12-24 17:11. 2007-07-30 19:19 207.736 - un ------ C: \ WINDOWS \ system32 \ muweb.dll
2007-12-24 17:11. 2007-07-30 19:19 30.072 - a ------ C: \ WINDOWS \ system32 \ mucltui.dll.mui
2007-12-23 21:01. 2008-01-03 20:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ gtk-2.0
2007-12-23 21:01. 2007-12-23 21:01 <DIR> d -------- C: \ Documents and Settings \ Richard \. Miniature
2007-12-23 21:00. 2007-12-23 21:00 <DIR> d -------- C: \ Program Files \ GIMP-2.0
2007-12-23 21:00. 2008-01-03 20:54 <DIR> d -------- C: \ Documents and Settings \ Richard \. Gimp-2.4
2007-12-22 15:39. 2007-12-22 15:39 <DIR> d -------- C: \ Program Files \ DNA
2007-12-22 15:39. 2008-01-15 20:56 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ DNA
2007-12-22 15:39. 2007-12-28 19:40 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ BitTorrent
2007-12-22 15:22. 2007-12-22 15:22 <DIR> d -------- C: \ Program Files \ Audacity
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Program Files \ MonkeyJam
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ MonkeyJam
2007-12-22 15:21. 2005-02-27 17:11 424.960 - un ------ C: \ WINDOWS \ system32 \ wavdest.ax
2007-12-21 15:27. 2007-12-21 15:27 <DIR> d -------- C: \ Program Files \ Microsoft Works
2007-12-21 15:27. 2006-10-26 19:56 32.592 - a ------ C: \ WINDOWS \ system32 \ msonpmon.dll
2007-12-21 15:26. 2007-12-21 15:26 <DIR> d -------- C: \ Program Files \ MSBuild
2007-12-21 15:23. 2007-12-21 15:26 <DIR> d -------- C: \ WINDOWS \ SHELLNEW
2007-12-21 15:22. 2007-12-21 15:22 <DIR> dr-h ----- C: \ MSOCache
2007-12-21 15:22. 2007-12-21 15:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Microsoft Help
2007-12-19 19:56. 2007-12-28 13:01 <DIR> d -------- C: \ Program Files \ DivX
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Program Files \ VideoLAN
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ vlc
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ dvdcss
2007-12-15 23:36. 2007-12-22 15:29 <DIR> d -------- C: \ Program Files \ Real
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Programmi \ File comuni \ xing condivisa
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 19:36 --------- d ----- w C: \ Program Files \ Xfire
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ Richard \ Dati applicazioni \ AVG7
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ avg7
2008-01-15 17:46 22.328 ---- aw C: \ WINDOWS \ system32 \ drivers \ PnkBstrK.sys
2008-01-15 17:46 107.832 ---- aw C: \ WINDOWS \ system32 \ PnkBstrB.exe
2008-01-15 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Dati applicazioni \ Xfire
2008-01-11 23:18 --------- d ----- w C: \ Program Files \ SpeedFan
2008-01-11 22:26 5.615 ---- aw C: \ Program Files \ install.log
2008-01-11 19:06 66.872 ---- aw C: \ WINDOWS \ system32 \ PnkBstrA.exe
2008-01-11 10:25 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2007-12-22 15:26 --------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2007-12-21 18:56 --------- d ----- w C: \ Program Files \ Wolfenstein - Enemy Territory
2007-12-12 21:45 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2007-12-12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ NVIDIA
2007-12-12 21:31 --------- d ----- w C: \ Program Files \ SystemRequirementsLab
2007-12-12 20:38 --------- d ----- w C: \ Documents and Settings \ Richard \ Dati applicazioni \ Apple Computer
2007-12-12 20:32 --------- d ----- w C: \ Program Files \ Windows Media Connect 2
2007-12-12 20:04 --------- d ----- w C: \ Program Files \ QuickTime
2007-12-12 20:03 --------- d ----- w C: \ Program Files \ Apple Software Update
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple Computer
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple
2007-12-10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Xfire
2007-12-10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Dati applicazioni \ Xfire
2007-12-10 18:58 --------- d ----- w C: \ Program Files \ CCleaner
2007-12-10 18:02 --------- d ----- w C: \ Program Files \ Java
2007-12-10 18:02 --------- d ----- w C: \ Documents and Settings \ Richard \ Dati applicazioni \ SystemRequirementsLab
2007-12-10 18:00 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007-12-10 17:54 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2007-12-10 17:54 --------- d ----- w C: \ Program Files \ Windows Live
2007-12-10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ WLInstaller
2007-12-10 17:39 --------- d ----- w C: \ Program Files \ RivaTuner v2.06
2007-12-08 22:50 12.464 ---- aw C: \ WINDOWS \ system32 \ drivers \ secdrv.sys
2007-12-07 18:43 499.712 ---- aw C: \ WINDOWS \ system32 \ msvcp71.dll
2007-12-07 18:43 348.160 ---- aw C: \ WINDOWS \ system32 \ msvcr71.dll
2007-12-07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Dati applicazioni \ AVG7
2007-12-07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ Grisoft
2007-12-07 18:24 --------- d ----- w C: \ Program Files \ AquaMark3
2007-12-07 17:45 --------- d ----- w C: \ Program Files \ Realtek
2007-12-07 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Dati applicazioni \ InstallShield
2007-12-07 17:44 4.716 ---- aw C: \ WINDOWS \ gdrv.sys
2007-12-07 17:43 --------- d ----- w C: \ Program Files \ Intel
2007-12-07 17:42 --------- d ----- w C: \ Program Files \ Yahoo!
2007-12-07 17:37 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
2007-12-04 01:33 823.296 ---- aw C: \ WINDOWS \ system32 \ divx_xx0c.dll
2007-12-04 01:33 823.296 ---- aw C: \ WINDOWS \ system32 \ divx_xx07.dll
2007-12-04 01:33 802.816 ---- aw C: \ WINDOWS \ system32 \ divx_xx11.dll
2007-12-04 01:33 682.496 ---- aw C: \ WINDOWS \ system32 \ DivX.dll
2007-11-29 22:30 524.288 ---- aw C: \ WINDOWS \ system32 \ DivXsm.exe
2007-11-29 22:30 3.596.288 ---- aw C: \ WINDOWS \ system32 \ qt-dx331.dll
2007-11-29 22:30 200.704 ---- aw C: \ WINDOWS \ system32 \ ssldivx.dll
2007-11-29 22:30 1.044.480 ---- aw C: \ WINDOWS \ system32 \ libdivx.dll
2007-11-29 22:28 81.920 ---- aw C: \ WINDOWS \ system32 \ dpl100.dll
2007-11-29 22:28 196.608 ---- aw C: \ WINDOWS \ system32 \ dtu100.dll
2007-11-28 21:55 156.992 ---- aw C: \ WINDOWS \ system32 \ DivXCodecVersionChecker.exe
2007-11-28 21:53 593.920 ---- aw C: \ WINDOWS \ system32 \ dpuGUI11.dll
2007-11-28 21:53 57.344 ---- aw C: \ WINDOWS \ system32 \ dpv11.dll
2007-11-28 21:53 53.248 ---- aw C: \ WINDOWS \ system32 \ dpuGUI10.dll
2007-11-28 21:53 344.064 ---- aw C: \ WINDOWS \ system32 \ dpus11.dll
2007-11-28 21:53 294.912 ---- aw C: \ WINDOWS \ system32 \ dpu11.dll
2007-11-28 21:53 294.912 ---- aw C: \ WINDOWS \ system32 \ dpu10.dll
2007-11-28 21:52 12.288 ---- aw C: \ WINDOWS \ system32 \ DivXWMPExtType.dll
2007-11-21 18:23 81.920 ---- aw C: \ WINDOWS \ system32 \ frapsvid.dll
2007-10-18 11:31 51.224 ---- aw C: \ WINDOWS \ system32 \ sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * vuoto voci & legit default voci non vengono visualizzate
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-04 12:00 15360]
"BitTorrent DNA" = "C: \ Program Files \ DNA \ btdna.exe" [2007-12-22 15:39 290112]
"curblicense" = "C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb più noun.exe" [2008-01-15 16:32 443904]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006-11-14 09:21 16270848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 10:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz" = "nwiz.exe" [2007-09-17 01:07 1626112 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2007-09-17 01:07 81920]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX" = "C: \ WINDOWS \ system32 \ LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair" = "C: \ Program Files \ Logitech \ Video \ ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray" = "C: \ Program Files \ Logitech \ Video \ LogiTray.exe" [2004-02-25 17:06 212992]
"Seconda bat creativo di picco" = "C: \ Documents and Settings \ All Users \ Dati applicazioni \ Asse Leggimi Seconda Bat \ lite.exe morti" [2008-01-15 20:37 1348608]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-07 18:42 219136]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv; C: \ WINDOWS \ gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0); C: \ WINDOWS \ system32 \ drivers \ CamDrL2 1.sys [2004-02-14 04:09]

* * Servizio di nuova costituzione - PROCEXP90
.
Indice dell ' "Operazioni pianificate' cartella
"2007-12-12 20:03:45 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Programmi \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 21:04:58
5/1/2600 Windows Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

scansione di file nascosti ...

scansione completata con successo
i file nascosti: 0

************************************************** ************************
.
Completamento orario: 2008-01-15 21:05:11
.
2008-01-05 21:00:15 --- EOF ---
  #8  
Old 15 Gennaio 2008, 14:58
Moderatore del Gruppo
  
Elimina i file / cartelle, come segue:

1. Vai a Inizio > Correre > Tipo Notepad.exe e fare clic su OK per aprire il Blocco note.
Esso dovere essere il Blocco note, non Wordpad.
  • Fare clic sul pulsante Inizio , Quindi Correre
  • Tipo + + digitare notepad.exe Nella casella Esegui.
2. Copiare il grassetto qui di seguito il testo, mettendo in evidenza tutto il testo e premendo Ctrl + C


File::
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Asse Leggimi Seconda Bat \ morti lite.exe
C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb più noun.exe

Registro::
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"curblicense" =-
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Secondo bat picco creativo" =-


3. Vai alla finestra e fare clic su Blocco note Modifica > Incolla
4. Quindi, fare clic su File > Salvare
5. Nome del file CFScript.txt - Salva il file sul tuo desktop
6. Quindi, trascinare il CFScript (tenere premuto il tasto sinistro del mouse mentre si trascina il file) e rilasciarlo (rilasciare il tasto sinistro del mouse) in ComboFix.exe come potete vedere nella schermata qui sotto. Importante: Eseguire questa attentamente le istruzioni!



ComboFix inizierà a eseguire, basta seguire le istruzioni.
Dopo il reboot (nel caso in cui si chiede di riavviare), che produrrà un log per voi.
Post che log (Combofix.txt) nella prossima risposta.

Nota: Non clic combofix della finestra, mentre è in esecuzione. Questo può causare il sistema per congelare

----------

Esegui una nuova scansione HijackThis e postare il log.

----------

Next post
Combofix log
Nuovo log HijackThis
__________________
  #9  
Old 15 Gennaio 2008, 15:07
Membro Gruppo
  
ComboFix 08-01-15.4 - Richard 2008-01-15 22:03:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.560 [GMT 0:00]
Running da: C: \ Documents and Settings \ Richard \ Desktop \ ComboFix.exe
Interruttori di comando utilizzati:: C: \ Documents and Settings \ Richard \ Desktop \ CFScript.txt
* Creato un nuovo punto di ripristino

AVVERTENZA-Questa macchina NON HANNO IL RECUPERO CONSOLE INSTALLED!

FILE
C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb più noun.exe
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Asse Leggimi Seconda Bat \ morti lite.exe
.

Altri ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb più noun.exe
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Asse Leggimi Seconda Bat \ morti lite.exe

.
((((((((((((((((((((((((( I file creati dal 2007/12/15 al 2008/01/15 ))))))))))) ))))))))))))))))))))
.

2008-01-15 21:03. 2000-08-31 08:00 51.200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 19:41. 2008-01-15 20:38 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ SUPERAntiSpyware.com
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ SUPERAntiSpyware.com
2008-01-15 19:34. 2008-01-15 19:36 <DIR> d -------- C: \ NoLopBackups
2008-01-15 19:01. 2008-01-15 19:01 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-01-15 16:32. 2008-01-15 16:32 <DIR> d -------- C: \ Program Files \ WayBowsReal
2008-01-11 10:27. 2005-05-26 15:34 2.297.552 - un ------ C: \ WINDOWS \ system32 \ d3dx9_26.dll
2008-01-11 10:26. 2008-01-11 10:26 22.328 - a ------ C: \ Documents and Settings \ Richard \ Dati applicazioni \ PnkBstrK.sys
2008-01-11 10:25. 2008-01-11 10:25 319 - a ------ C: \ WINDOWS \ game.ini
2008-01-11 10:15. 2008-01-11 10:15 <DIR> d -------- C: \ Program Files \ Activision
2008-01-11 10:14. 2008-01-11 10:14 <DIR> d - hs ---- C: \ WINDOWS \ ftpcache
2008-01-11 00:29. 2008-01-11 00:29 54.608 - a ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008-01-05 21:00. 2008-01-05 21:00 <DIR> d - h ----- C: \ WINDOWS \ $ $ hf_mig
2008-01-03 18:41. 2008-01-03 18:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Messenger Plus!
2008-01-03 18:00. 2008-01-03 18:00 <DIR> d -------- C: \ Program Files \ Messenger Plus! Vivere
2008-01-03 18:00. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ WayBowsReal
2008-01-03 18:00. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Asse Leggimi Seconda Bat
2007-12-30 16:54. 2007-12-30 16:54 <DIR> d -------- C: \ Program Files \ Whisper Tecnologia
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client 2,5 file di installazione
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ SmartFTP
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ Sony
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ Pubblica Provider
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Vstplugins
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Sony
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Sony
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Program Files \ Setup Sony
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ Sony Setup
2007-12-29 23:30. 2008-01-15 17:00 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2007-12-29 23:30. 2007-12-29 23:30 1.409 - un ------ C: \ WINDOWS \ QTFont.for
2007-12-29 15:45. 2007-12-29 15:45 <DIR> d -------- C: \ Program Files \ FPS
2007-12-29 15:45. 2007-12-29 15:45 286.720 --------- C: \ WINDOWS \ Setup1.exe
2007-12-29 15:45. 2007-12-29 15:45 73.216 - a ------ C: \ WINDOWS \ ST6UNST.EXE
2007-12-29 12:08. 2004-08-03 23:10 10.880 - a ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007-12-29 12:08. 2004-08-03 23:10 10.880 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - un ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ SXS
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Logitech
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Common Files \ FotoWire
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ FotoWire
2007-12-29 12:03. 2007-12-29 12:03 <DIR> d -------- C: \ Program Files \ Common Files \ Logitech
2007-12-28 19:09. 2007-12-28 19:46 <DIR> d -------- C: \ Program Files \ eMule
2007-12-28 17:29. 2007-12-28 17:29 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ DivX
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ vicino Fraps
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ TEMP
2007-12-24 17:11. 2007-07-30 19:19 271.224 - un ------ C: \ WINDOWS \ system32 \ mucltui.dll
2007-12-24 17:11. 2007-07-30 19:19 207.736 - un ------ C: \ WINDOWS \ system32 \ muweb.dll
2007-12-24 17:11. 2007-07-30 19:19 30.072 - a ------ C: \ WINDOWS \ system32 \ mucltui.dll.mui
2007-12-23 21:01. 2008-01-03 20:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ gtk-2.0
2007-12-23 21:01. 2007-12-23 21:01 <DIR> d -------- C: \ Documents and Settings \ Richard \. Miniature
2007-12-23 21:00. 2007-12-23 21:00 <DIR> d -------- C: \ Program Files \ GIMP-2.0
2007-12-23 21:00. 2008-01-03 20:54 <DIR> d -------- C: \ Documents and Settings \ Richard \. Gimp-2.4
2007-12-22 15:39. 2007-12-22 15:39 <DIR> d -------- C: \ Program Files \ DNA
2007-12-22 15:39. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ DNA
2007-12-22 15:39. 2007-12-28 19:40 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ BitTorrent
2007-12-22 15:22. 2007-12-22 15:22 <DIR> d -------- C: \ Program Files \ Audacity
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Program Files \ MonkeyJam
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ MonkeyJam
2007-12-22 15:21. 2005-02-27 17:11 424.960 - un ------ C: \ WINDOWS \ system32 \ wavdest.ax
2007-12-21 15:27. 2007-12-21 15:27 <DIR> d -------- C: \ Program Files \ Microsoft Works
2007-12-21 15:27. 2006-10-26 19:56 32.592 - a ------ C: \ WINDOWS \ system32 \ msonpmon.dll
2007-12-21 15:26. 2007-12-21 15:26 <DIR> d -------- C: \ Program Files \ MSBuild
2007-12-21 15:23. 2007-12-21 15:26 <DIR> d -------- C: \ WINDOWS \ SHELLNEW
2007-12-21 15:22. 2007-12-21 15:22 <DIR> dr-h ----- C: \ MSOCache
2007-12-21 15:22. 2007-12-21 15:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Microsoft Help
2007-12-19 19:56. 2007-12-28 13:01 <DIR> d -------- C: \ Program Files \ DivX
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Program Files \ VideoLAN
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ vlc
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Dati applicazioni \ dvdcss
2007-12-15 23:36. 2007-12-22 15:29 <DIR> d -------- C: \ Program Files \ Real
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Programmi \ File comuni \ xing condivisa
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 19:36 --------- d ----- w C: \ Program Files \ Xfire
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ Richard \ Dati applicazioni \ AVG7
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ avg7
2008-01-15 17:46 22.328 ---- aw C: \ WINDOWS \ system32 \ drivers \ PnkBstrK.sys
2008-01-15 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Dati applicazioni \ Xfire
2008-01-11 23:18 --------- d ----- w C: \ Program Files \ SpeedFan
2008-01-11 22:26 5.615 ---- aw C: \ Program Files \ install.log
2008-01-11 10:25 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2007-12-22 15:26 --------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2007-12-21 18:56 --------- d ----- w C: \ Program Files \ Wolfenstein - Enemy Territory
2007-12-12 21:45 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2007-12-12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ NVIDIA
2007-12-12 21:31 --------- d ----- w C: \ Program Files \ SystemRequirementsLab
2007-12-12 20:38 --------- d ----- w C: \ Documents and Settings \ Richard \ Dati applicazioni \ Apple Computer
2007-12-12 20:32 --------- d ----- w C: \ Program Files \ Windows Media Connect 2
2007-12-12 20:04 --------- d ----- w C: \ Program Files \ QuickTime
2007-12-12 20:03 --------- d ----- w C: \ Program Files \ Apple Software Update
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple Computer
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple
2007-12-10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Xfire
2007-12-10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Dati applicazioni \ Xfire
2007-12-10 18:58 --------- d ----- w C: \ Program Files \ CCleaner
2007-12-10 18:02 --------- d ----- w C: \ Program Files \ Java
2007-12-10 18:02 --------- d ----- w C: \ Documents and Settings \ Richard \ Dati applicazioni \ SystemRequirementsLab
2007-12-10 18:00 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007-12-10 17:54 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2007-12-10 17:54 --------- d ----- w C: \ Program Files \ Windows Live
2007-12-10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ WLInstaller
2007-12-10 17:39 --------- d ----- w C: \ Program Files \ RivaTuner v2.06
2007-12-08 22:50 12.464 ---- aw C: \ WINDOWS \ system32 \ drivers \ secdrv.sys
2007-12-07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Dati applicazioni \ AVG7
2007-12-07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ Grisoft
2007-12-07 18:24 --------- d ----- w C: \ Program Files \ AquaMark3
2007-12-07 17:45 --------- d ----- w C: \ Program Files \ Realtek
2007-12-07 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Dati applicazioni \ InstallShield
2007-12-07 17:44 4.716 ---- aw C: \ WINDOWS \ gdrv.sys
2007-12-07 17:43 --------- d ----- w C: \ Program Files \ Intel
2007-12-07 17:42 --------- d ----- w C: \ Program Files \ Yahoo!
2007-12-07 17:37 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
.

((((((((((((((((((((((((((((( Snapshot@2008-01-15_21.05.00.95 )))))))))) )))))))))))))))))))))))))))))))
.
- 2008-01-15 21:03:50 225.280 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000001 \ Ntuser.dat
+ 2008-01-15 22:03:02 225.280 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000001 \ Ntuser.dat
- 2008-01-15 21:03:50 8.192 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000002 \ UsrClass.dat
+ 2008-01-15 22:03:02 8.192 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000002 \ UsrClass.dat
- 2008-01-15 21:03:50 229.376 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000003 \ Ntuser.dat
+ 2008-01-15 22:03:02 229.376 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000003 \ Ntuser.dat
- 2008-01-15 21:03:50 8.192 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000004 \ UsrClass.dat
+ 2008-01-15 22:03:02 8.192 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000004 \ UsrClass.dat
- 2008-01-15 21:03:50 3.670.016 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000005 \ Ntuser.dat
+ 2008-01-15 22:03:02 3.670.016 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000005 \ Ntuser.dat
- 2008-01-15 21:03:50 208.896 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000006 \ UsrClass.dat
+ 2008-01-15 22:03:02 208.896 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000006 \ UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * vuoto voci & legit default voci non vengono visualizzate
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-04 12:00 15360]
"BitTorrent DNA" = "C: \ Program Files \ DNA \ btdna.exe" [2007-12-22 15:39 290112]
"curblicense" = "C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb più noun.exe" []
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006-11-14 09:21 16270848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 10:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz" = "nwiz.exe" [2007-09-17 01:07 1626112 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2007-09-17 01:07 81920]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX" = "C: \ WINDOWS \ system32 \ LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair" = "C: \ Program Files \ Logitech \ Video \ ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray" = "C: \ Program Files \ Logitech \ Video \ LogiTray.exe" [2004-02-25 17:06 212992]
"Seconda bat creativo di picco" = "C: \ Documents and Settings \ All Users \ Dati applicazioni \ Asse Leggimi Seconda Bat \ lite.exe morti" []

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-07 18:42 219136]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv; C: \ WINDOWS \ gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0); C: \ WINDOWS \ system32 \ drivers \ CamDrL2 1.sys [2004-02-14 04:09]

.
Indice dell ' "Operazioni pianificate' cartella
"2007-12-12 20:03:45 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Programmi \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:05:20
5/1/2600 Windows Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

scansione di file nascosti ...

scansione completata con successo
i file nascosti: 0

************************************************** ************************
.
Completamento orario: 2008-01-15 22:06:11 - macchina è stato riavviato
ComboFix-quarantena-files.txt 2008-01-15 22:06:09
ComboFix2.txt 2008-01-15 21:05:12
.
2008-01-05 21:00:15 --- EOF ---


Logfile di Trend Micro HijackThis v2.0.2
Scan salvato a 10:07:19 PM, il 1/15/2008
Piattaforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Seconda bat picco creativo] C: \ Documents and Settings \ All Users \ Dati applicazioni \ Asse Leggimi Seconda Bat \ morti lite.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb più noun.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SERVIZIO LOCALE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra pulsante: Invia a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & fine a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra pulsante: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
Ø18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Sconosciuto proprietario - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
Fine del file - 6716 bytes
  #10  
Old 15 Gennaio 2008, 15:29
Moderatore del Gruppo
  
Vai a Risorse del computer-> Strumenti-> Opzioni cartella-> Visualizza scheda:
  • Nascosto sotto la voce di file e cartelle:
  • Seleziona Visualizza cartelle e file nascosti.
  • Deseleziona Nascondi i file protetti di sistema (consigliato) opzione.
  • Inoltre, assicurarsi che non vi è alcun segno di spunta accanto Nascondi le estensioni dei file per i tipi di file conosciuti.
  • Fare clic sul pulsante OK

----------

Premere CTRL + ALT + CANC per portare fino processo Monitor. Fare clic sulla scheda Processi e uccidere i processi di

lite.exe <<O morti Lite.exe
noun.exe <<Oppure Nurb più noun.exe

----------

Apri HijackThis e selezionare Non solo un sistema di scansione quindi un segno di spunta accanto a: (se trovato)

O4 - HKLM \ .. \ Run: [Seconda bat picco creativo] C: \ Documents and Settings \ All Users \ Dati applicazioni \ Asse Leggimi Seconda Bat \ morti lite.exe
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb più noun.exe

Chiudere tutte le finestre, ad eccezione di HijackThis e fare clic su Fix controllati

Uscita HijackThis.

----------

Aprire Risorse del computer dal desktop e locathe ed eliminare questi file. (se trovato)

C: \ Documents and Settings \ All Users \ Dati applicazioni \ Asse Leggimi Seconda Bat \morti lite.exe

C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \Nurb più noun.exe

----------

Si prega di eseguire il F-Secure Online Scanner

Nota: Questo scanner funziona solo con Internet Explorer!
  • Scorrere fino al fondo della pagina e fare clic sul pulsante Avvia scansione. Una finestra pop-up.
  • Lasciare che il controllo Active X per essere installato sul vostro computer, quindi fare clic sul pulsante Accetto
  • Fare clic sul pulsante Scansione completa del sistema e consentono di scaricare i componenti e per la scansione completa.
  • Se il malware è rilevato, verificare Invia campioni di F-Secure quindi selezionare Pulizia automatica
  • Quando la pulizia è finitished, fare clic su Visualizza rapporto (questo si aprirà una finestra di Internet Explorer che contiene la relazione)
  • Evidenzia e copia (CTRL + C) il rapporto completo, e incolla (CTRL + V) in una nuova risposta a questo post
    • Se con la pulizia automatica Invia blocca campioni, fare clic su Annulla, Quindi Nuova Scan
  • Quando l'opzione viene presentata la pulizia, Deseleziona Invia campioni di F-Secure
  • Fare clic sul pulsante Pulizia automatica
  • Quando la pulizia è finitished, fare clic su Visualizza rapporto (questo si aprirà una finestra di Internet Explorer che contiene la relazione)
  • Evidenzia e copia (CTRL + C) il rapporto completo, e incolla (CTRL + V) in una nuova risposta a questo post
  • La scansione può prendere un po 'di tempo, vi preghiamo di essere pazienti

----------

Next post aggiungere
F-Secure log
Nuovo log HijackThis
__________________
Reply
Pagina 1 di 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Contatto -- Privacy -- Mappa del sito -- Superiore

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd. Traduzione italiana SEO by vBSEO © 2009, alla scansione, Inc.