problema virus grep.3xe o cosa?grazie!

guerro · 26 Febbraio 2012

[FONT=&quot][/FONT]

Buongiorno.Spero possiate aiutarmi.

Ogni 2 minuti compare questa immagine ,con diverse voci nelle istruzioni ma è costante la voce 0x86…

"istruzione a 0x86c3dd5b ha fatto riferim. alla memoria 0x86c3dd5b memoria non poteva essere letta" ( ho notato che se la lascio da una parte il pc lavora ugualmente... )

Subito dopo la precedente appare una scritta ” firefox :configurazione impostazioni personalizzate “che dopo 2 secondi sparisce…

Combofix si blocca a grep.3xe…ho letto che è un virus o sbaglio?
premetto che il pc è aziendale e non è possibile perché non vi è la voce (salvo Vs. consigli per farlo altrimenti!) disattivare l'antivirus McAfee .

Sia McAfee che Malawarebytes non rilevano virus

Che fare?

grazie

tecnico24 · 26 Febbraio 2012

Per analizzare il computer servono i log di Hijackthis e Combofix:
http://www.tomshw.it/forum/sicurezza/106542-guida-hijackthis-come-creare-e-allegare-il-log.html
http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
Affinchè combofix non si blocchi , avvia il pc in modalità provvisoria ed avvialo con i permessi di amministratore.
Inviaci il log di Hijackthis in modalità normale.

guerro · 26 Febbraio 2012

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.38.43, on 26/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
D:\samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
C:\WINDOWS\system32\svchost.exe
D:\Dati\en16867\tuneup2011\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
D:\Dati\en16867\tuneup2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
D:\DATI\en16867\flashgetnew\flashget.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\System32\svchost.exe
D:\Dati\en16867\mozilla 9.0\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
D:\hicjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myeni.eni.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail.fr, Messenger, Actualité, Sport, People, Femmes - MSN France
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://legalarchives.eni.it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\DATI\en16867\flashgetnew\jccatch.dll
O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Flashget] D:\DATI\en16867\flashgetnew\flashget.exe /min
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LicenseValidator] C:\Documents and Settings\en16867\Application Data\Microsoft\{850B91B0-8C24-4386-866C-5BFCDB531A14}\LicenseValidator.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Scarica con FlashGet - D:\DATI\en16867\flashgetnew\jc_link.htm
O8 - Extra context menu item: &Scarica tutto con FlashGet - D:\DATI\en16867\flashgetnew\jc_all.htm
O8 - Extra context menu item: Aggiungi a PDF esistente - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\en16867\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Invia a Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Salva oggetto con NetXfer - D:\DATI\en16867\Documenti_D\tariffe\multimedia lettori\NetXfer\NXAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con NetXfer - D:\DATI\en16867\Documenti_D\tariffe\multimedia lettori\NetXfer\NXAddList.html
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eni.pri
O17 - HKLM\Software\..\Telephony: DomainName = eni.pri
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eni.pri
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = eni.pri
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CDMA Device Service - Unknown owner - D:\samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Servizio McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Qualcomm Gobi 2000 Download Service (Dell) (QDLService2kDell) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - d:\dell latitude e6410\drivers\audio\r255264\payload\wdm\stacsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Dati\en16867\tuneup2011\TuneUpUtilitiesService32.exe

--
End of file - 12439 bytes

Codice:

combofix

ComboFix 12-02-25.02 - EN16867 26/02/2012 17.58.01.4.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1033.18.2998.2633 [GMT 1:00]
Eseguito da: c:\documents and settings\en16867\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\en16867\Application Data\Help\coredb\storage
c:\documents and settings\NetworkService\Application Data\Remote
c:\documents and settings\NetworkService\Application Data\Remote\al_shrd
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Creati Da 2012-01-26 al 2012-02-26 )))))))))))))))))))))))))))))))))))
.
.
2012-02-26 09:36 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4513CF7-96DB-48C2-8721-787F722620A9}\mpengine.dll
2012-02-25 22:04 . 2012-02-25 22:08 247296 ----a-w- c:\documents and settings\en16867\Application Data\Microsoft\{850B91B0-8C24-4386-866C-5BFCDB531A14}\LicenseValidator.exe
2012-02-25 22:04 . 2012-02-25 22:04 -------- d-----w- c:\documents and settings\en16867\Application Data\TeamViewer
2012-02-24 16:31 . 2012-02-24 16:31 -------- d-----w- c:\documents and settings\en16867\Application Data\ElevatedDiagnostics
2012-02-16 17:03 . 2012-02-16 17:15 -------- d-----w- c:\documents and settings\en16867\Application Data\Kiuka
2012-02-16 17:03 . 2012-02-16 17:04 -------- d-----w- c:\documents and settings\en16867\Application Data\Ciud
2012-02-13 20:43 . 2012-02-13 20:43 -------- d-----w- c:\documents and settings\en16867\Application Data\Apple
2012-02-12 21:29 . 2012-02-12 21:29 -------- d-----w- c:\documents and settings\en16867\Local Settings\Application Data\David_Rudie
2012-02-04 14:24 . 2012-02-04 16:30 -------- d-----w- c:\documents and settings\en16867\Application Data\Baubupe
2012-02-04 14:24 . 2012-02-04 14:29 -------- d-----w- c:\documents and settings\en16867\Application Data\Xeisgy
2012-02-03 19:59 . 2012-02-03 19:59 -------- d-----w- c:\documents and settings\en16867\Local Settings\Application Data\Identities
2012-02-03 19:59 . 2012-02-05 02:51 -------- d-----w- c:\documents and settings\en16867\Application Data\Ofcyx
2012-02-03 19:59 . 2012-02-04 14:30 -------- d-----w- c:\documents and settings\en16867\Application Data\Esdizu
2012-01-30 10:28 . 2012-01-30 10:28 -------- d-----w- c:\documents and settings\en16867\Local Settings\Application Data\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:03 . 2011-12-09 08:00 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-05-30 12:31 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-27 08:18 . 2011-06-06 11:14 5343997 ----a-w- c:\windows\FramePkg.exe
2012-01-03 07:28 . 2012-01-03 07:28 2570286 ----a-w- c:\windows\system32\abgx360.exe
2011-12-10 14:24 . 2012-01-02 16:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 08:09 . 2011-12-07 08:09 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-07 08:09 . 2011-12-07 08:09 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-30 07:59 . 2011-06-16 07:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-14_15.38.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-24 16:27 . 2007-11-01 04:48 20992 c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9855d3fb15e6c63a811b1f0b66d78428\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7618f444d33b1311e952ba9285e4a4b2\Microsoft.PowerShell.Security.resources.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1b23e2c0707d81e7eb14f78552562635\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05bbffbe100ede49139819641a41dfda\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 65536 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 32768 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 11264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2012-02-24 16:27 . 2007-06-30 18:49 4608 c:\windows\system32\windowspowershell\v1.0\pwrshmsg.dll
+ 2012-02-24 16:38 . 2012-02-14 13:43 9610 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1040.dat
+ 2012-02-24 16:28 . 2012-02-24 16:28 8704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
+ 2012-02-24 16:27 . 2007-10-30 09:15 330240 c:\windows\system32\windowspowershell\v1.0\powershell.exe
+ 2012-02-24 17:43 . 2012-02-24 17:43 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\5d6a0e02b8e1cff94d07d2507667edc7\System.Management.Automation.resources.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d29ea7e7bbc981d8e9d4df4419707b4f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b0c56fa3e83bbf43637c8e19632ac3a9\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8b107a8a8ac94ba2206c35e685c265b9\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\612ab580b36369611744dcf73bd4b9c4\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 163840 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 294912 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 139264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\ab8103058e876daf2f11027bdc15e0f6\System.Management.Automation.ni.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 1564672 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LicenseValidator"="c:\documents and settings\en16867\Application Data\Microsoft\{850B91B0-8C24-4386-866C-5BFCDB531A14}\LicenseValidator.exe" [2012-02-25 247296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2010-04-26 737280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Flashget"="d:\dati\en16867\flashgetnew\flashget.exe" [2007-09-25 2007088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-06 111952]
"NVHotkey"="nvHotkey.dll" [2010-02-19 86016]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2009-12-11 5114208]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-7-15 6144]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logoff\0\0]
"Script"=Logout.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logoff\0\1]
"Script"=LogoutNotes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\0\0]
"Script"=Cscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\1\0]
"Script"=cscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\1\1]
"Script"=ChangeOutlookSecureTempFolder.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\2\0]
"Script"=Cscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\3\0]
"Script"=OCSBulderMulti1.2.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\4\0]
"Script"=SetUserInfoOfficeXP.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\5\0]
"Script"=Main.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\6\0]
"Script"=RDTFolderSecurity.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- d:\dati\en16867\Documenti_D\DAEMON Tools Lite\daemon.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"KiesPDLR"=d:\samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"DAEMON Tools Lite"="d:\dati\en16867\Documenti_D\DAEMON Tools Lite\daemon.exe" -autorun
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /installquiet
"Flashget"=d:\dati\en16867\flashgetnew\flashget.exe /min
"SysTrayApp"=%ProgramFiles%\IDT\WDM\sttray.exe
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"KiesHelper"=d:\samsung\Kies\KiesHelper.exe /s
"KiesTrayAgent"=d:\samsung\Kies\KiesTrayAgent.exe
"CloneCDTray"="d:\dati\en16867\clone CD\CloneCD\CloneCDTray.exe" /s
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" /fromrunkey
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"TkBellExe"=c:\program files\Common Files\Real\Update_OB\realsched.exe -osboot
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"Apoint"=c:\program files\DellTPad\Apoint.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Acrobat Assistant 8.0"="d:\appl\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Persistence"=c:\windows\system32\igfxpers.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco Unified Video Advantage\\VideoAdvantage.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"d:\\Dati\\en16867\\flashgetnew\\flashget.exe"=
"d:\\Dati\\en16867\\Documenti_D\\tariffe\\Wrestlg\\Xbox 360 utilities\\Modio\\Modio.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\Jubler.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Dati\\en16867\\Documenti_D\\tariffe\\Wrestlg\\utorrent.exe"=
"d:\\Dati\\en16867\\utorrent\\uTorrent.exe"=
"d:\\Dati\\en16867\\RapidShareManager\\RapidShareManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
"d:\\Dati\\en16867\\Documenti_D\\tariffe\\Wrestlg\\ComboFix.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [14/07/2010 11.59.30 17072]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [14/07/2010 11.44.02 59904]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [14/07/2010 11.59.30 42672]
R3 d554bus;Dell Wireless 5540 HSPA Mini-Card Device driver (WDM);c:\windows\system32\drivers\d554bus.sys [01/10/2010 4.24.16 98560]
R3 d554nd5;Dell Wireless 5540 HSPA Mini-Card Network Adapter (NDIS);c:\windows\system32\drivers\d554nd5.sys [01/10/2010 4.24.24 25216]
R3 d554unic;Dell Wireless 5540 HSPA Mini-Card Network Adapter (WDM);c:\windows\system32\drivers\d554unic.sys [01/10/2010 4.24.22 130560]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [12/07/2010 10.57.28 167080]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/05/2011 11.10.54 721904]
S1 qeilvwmj;qeilvwmj;\??\c:\windows\system32\drivers\qeilvwmj.sys --> c:\windows\system32\drivers\qeilvwmj.sys [?]
S2 CDMA Device Service;CDMA Device Service;d:\samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [25/09/2011 22.56.30 63488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12.16.28 130384]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [11/11/2008 16.35.20 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [11/11/2008 16.35.22 20840]
S2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;c:\windows\system32\drivers\Ndiscdp.sys [15/07/2010 15.41.39 22776]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files\QUALCOMM\QDLService2k\QDLService2kDell.exe [14/01/2010 6.30.16 330488]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\dati\en16867\tuneup2011\TuneUpUtilitiesService32.exe [14/12/2010 13.41.10 1517376]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [14/07/2010 11.37.42 113664]
S3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [10/02/2009 10.04.47 12840]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [12/07/2010 11.51.23 134144]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/07/2010 11.51.24 143968]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [10/02/2009 10.04.13 32808]
S3 d554gps;Dell Wireless 5540 HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps.sys [01/10/2010 4.24.24 82984]
S3 d554mdfl;Dell Wireless 5540 HSPA Mini-Card Data Modem Filter;c:\windows\system32\drivers\d554mdfl.sys [01/10/2010 4.24.19 14976]
S3 d554mdm;Dell Wireless 5540 HSPA Mini-Card Data Modem Driver;c:\windows\system32\drivers\d554mdm.sys [01/10/2010 4.24.19 123904]
S3 d554mgmt;DellWireless5540 HSPA Mini-Card Device Management Drivers (WDM);c:\windows\system32\drivers\d554mgmt.sys [01/10/2010 4.24.22 117888]
S3 d554scard;Dell Wireless 5540 HSPA Mini-Card USIM Port;c:\windows\system32\drivers\d554scard.sys [01/10/2010 4.24.22 47744]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [25/09/2011 22.56.24 77624]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [13/01/2009 11.10.57 244368]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [12/07/2010 10.57.27 132480]
S3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\drivers\IntcDAud.sys [01/10/2010 4.49.45 235520]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/02/2009 9.58.46 110080]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/07/2010 10.57.22 58600]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [25/09/2011 22.56.25 181432]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\dati\en16867\tuneup2011\TuneUpUtilitiesDriver32.sys [29/11/2010 18.27.40 10064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12.16.28 753504]
S4 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [04/09/2008 17.28.42 406808]
S4 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [11/11/2008 15.00.26 451872]
S4 gupdate;Servizio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/08/2011 14.06.05 136176]
S4 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23/08/2011 14.06.05 136176]
S4 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [14/07/2010 11.59.30 60928]
S4 WMCoreService;Mobile Broadband Service;c:\program files\Dell\Dell WWAN\WMCore\WMCore.exe servicemode --> c:\program files\Dell\Dell WWAN\WMCore\WMCore.exe servicemode [?]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MDMXSDK
*NewlyCreated* - PXHELP20
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
2008-04-14 03:41 99840 ----a-w- c:\windows\system32\advpack.dll
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 13:05]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 13:05]
.
2012-02-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://myeni.eni.it
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://legalarchives.eni.it
uInternet Settings,ProxyOverride = local
IE: &Scarica con FlashGet - d:\dati\en16867\flashgetnew\jc_link.htm
IE: &Scarica tutto con FlashGet - d:\dati\en16867\flashgetnew\jc_all.htm
IE: Aggiungi a PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\en16867\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Invia a Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Salva oggetto con NetXfer - d:\dati\en16867\Documenti_D\tariffe\multimedia lettori\NetXfer\NXAddLink.html
IE: Salva tutti gli oggetti con NetXfer - d:\dati\en16867\Documenti_D\tariffe\multimedia lettori\NetXfer\NXAddList.html
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\en16867\Application Data\Mozilla\Firefox\Profiles\lbd2c61s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&q=
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-26 18:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Ora fine scansione: 2012-02-26 18:03:30
ComboFix-quarantined-files.txt 2012-02-26 17:03
ComboFix2.txt 2012-02-14 15:41
ComboFix3.txt 2012-01-14 14:09
ComboFix4.txt 2011-12-24 06:44
.
Pre-Run: 13.713.240.064 bytes free
Post-Run: 13.700.128.768 bytes free
.
- - End Of File - - D74AA66B20168B86F5D5F2E2B9DFA2B4

Codice:

[CODE]

[/CODE]

grazie

tecnico24 · 26 Febbraio 2012

Da Hijackthis , spunta queste voci e clicca sotto su Fix Checked:

Codice:

[COLOR=#3E3E3E]O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eni.pri[/COLOR]
O17 - HKLM\Software\..\Telephony: DomainName = eni.pri
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eni.pri
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = eni.pri
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [LicenseValidator] C:\Documents and Settings\en16867\Application Data\Microsoft\{850B91B0-8C24-4386-866C-5BFCDB531A14}\LicenseValidator.exe

Scarica e installa Virit Explorer Lite
Avvia l'installazione
Attiva la versione di prova di 60 gg
Esegui una scansione completa del sistema e aspetta che finisce di rimuovere eventuali malware
Posta il suo rapporto in allegato sul forum

Avevi postato anche qui:
http://www.tomshw.it/forum/sicurezz...xplorer-lapplicazione-verra-chiusa-aiuto.html
I problemi sono stati risolti?

guerro · 26 Febbraio 2012

grazie,provvedo.

Noto che ora ogni volta lancio un .exe compare il problema "istruzione a 0x8...... ha fatto riferim. alla memoria 0x8..... memoria non poteva essere letta" .Devo fare ok,si chiude, poi posso aprire l'applicativo.

Poi stranamente : voglio vedere un file .avi, non lo posso aprire con ad es vlc , ma devo Prima aprire VLC e poi aprire il file..?!

mah...

---------- Post added at 19:06 ---------- Previous post was at 19:02 ----------

quando lancio Virit Explorer Lite mi dice impossibile impostazioni di configurazione e mi chiude la cartella..!?....Notare che ora se apro un qualsiasi programma l'errore explorer mi chiude sempre la cartella ....aiuto!

tecnico24 · 26 Febbraio 2012

Devi essere più preciso : l'errore l'istruzione alla memoria etc..a quale file si riferisce?
Virit che errore ti da precisamente?
hai provato ad avviarlo dalla modalità provvisoria?

guerro · 27 Febbraio 2012

tecnico24 ha detto:
Devi essere più preciso : l'errore l'istruzione alla memoria etc..a quale file si riferisce?
Virit che errore ti da precisamente?
hai provato ad avviarlo dalla modalità provvisoria?

in modalità provvisoria non parte.Temo il problema sia un altro.Ho provato a lanciare roxio ( installato di default nel pc che è aziendale , un dell latitude e4300) per masterizzare ma lo stesso non rileva più l'unità dvd ( che invece il pc vede in gestione periferiche) per cui temo sia un problema software .Probabilmente avendo forzato due gg. fa il pc a vedere un masterizzatore esterno che non lo rilevava si è s*******to -scusate il termine - roxio.Notare che se metto un dvd nel lettore questo lo vede.

In sostanza ora qualsiasi cartella o applicativo apro compare la solita scritta explorer "istruzione a 0x8...qualcosa ha fatto riferim. alla memoria 0x8..qualcosa e la memoria non poteva essere letta" .

Dovrei provare a reinstallare dall'ufficio roxio....mah

---------- Post added 27-02-2012 at 01:41 ---------- Previous post was 26-02-2012 at 23:52 ----------

guerro ha detto:
in modalità provvisoria non parte.Temo il problema sia un altro.Ho provato a lanciare roxio ( installato di default nel pc che è aziendale , un dell latitude e4300) per masterizzare ma lo stesso non rileva più l'unità dvd ( che invece il pc vede in gestione periferiche) per cui temo sia un problema software .Probabilmente avendo forzato due gg. fa il pc a vedere un masterizzatore esterno che non lo rilevava si è s*******to -scusate il termine - roxio.Notare che se metto un dvd nel lettore questo lo vede.

In sostanza ora qualsiasi cartella o applicativo apro compare la solita scritta explorer "istruzione a 0x8...qualcosa ha fatto riferim. alla memoria 0x8..qualcosa e la memoria non poteva essere letta" .

Dovrei provare a reinstallare dall'ufficio roxio....mah

alloar roxio sono riuscito a fixarlo ma appena clicco sull'exe di virit explore lite (l'ho fatto 3 volte!) mi si chide esplora risorse e appare explorer.exe errore applicazione.la istruzione "0x86b3ebcb" ha fatto riferimento alla memoria a "idem" .la memoria non poteva essere read.

allego nuovo hcjack file

grazie

Scan saved at 1.31.20, on 27/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
D:\samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
C:\WINDOWS\system32\svchost.exe
D:\Dati\en16867\tuneup2011\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Dati\en16867\tuneup2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
D:\DATI\en16867\flashgetnew\flashget.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe
D:\Dati\en16867\mozilla 9.0\firefox.exe
D:\Dati\en16867\mozilla 9.0\plugin-container.exe
C:\WINDOWS\explorer.exe
D:\hicjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myeni.eni.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail.fr, Messenger, Actualité, Sport, People, Femmes - MSN France
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://legalarchives.eni.it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\DATI\en16867\flashgetnew\jccatch.dll
O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Flashget] D:\DATI\en16867\flashgetnew\flashget.exe /min
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [LicenseValidator] C:\Documents and Settings\en16867\Application Data\Microsoft\{850B91B0-8C24-4386-866C-5BFCDB531A14}\LicenseValidator.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Scarica con FlashGet - D:\DATI\en16867\flashgetnew\jc_link.htm
O8 - Extra context menu item: &Scarica tutto con FlashGet - D:\DATI\en16867\flashgetnew\jc_all.htm
O8 - Extra context menu item: Aggiungi a PDF esistente - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\en16867\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Invia a Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Salva oggetto con NetXfer - D:\DATI\en16867\Documenti_D\tariffe\multimedia lettori\NetXfer\NXAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con NetXfer - D:\DATI\en16867\Documenti_D\tariffe\multimedia lettori\NetXfer\NXAddList.html
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eni.pri
O17 - HKLM\Software\..\Telephony: DomainName = eni.pri
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eni.pri
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = eni.pri
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CDMA Device Service - Unknown owner - D:\samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Servizio McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Qualcomm Gobi 2000 Download Service (Dell) (QDLService2kDell) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - d:\dell latitude e6410\drivers\audio\r255264\payload\wdm\stacsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Dati\en16867\tuneup2011\TuneUpUtilitiesService32.exe

--
End of file - 12543 bytes

Codice:

tecnico24 · 27 Febbraio 2012

Scarica il file che ti allego (CFScript.txt) e posizionalo sul desktop.
A questo punto trascina file CFScript.txt nell'icona di combofix posizionata sul desktop ed attendi il lavoro.
Al termine il pc si riavvierà , inviaci il log delle operazioni.

Scarica Tcp/ip Repair
http://www.xp-smoker.com/downloads/xptcprep.exe
Chiudi la connessione
Avvia il tool
Clicca su Reset TCP/IP
Riavvia il Computer

Fai questa verifica:
Portati nelle proprietà della tua scheda di rete:
Apri il centro connessione di rete e condivisione
A sinistra su Modifica Impostazioni scheda , tasto destro su di essa e clicca su Proprietà.
Seleziona il protocollo tcp/ipv4 e ancora su proprietà.
Assicurati che siano spuntati Ottieni automaticamente Indirizzo IP e Ottieni server DNS automaticamente.

PER LA MODALITA' PROVVISORIA:
Scarica Safeboot.zip che ti ho allegato
Estrai il file e salva il file safeboot for windows xp-sp3.reg sul desktop
Doppio click su di esso e conferma con OK per la richiesta di aggiunta al registro.

A questo punto avvia il pc in modalità provvisoria con rete ed esegui la scansione completa con virit aggiornato.

guerro · 27 Febbraio 2012

grazie ,sono riuscito a far partire virit lite e ho postato qui le ultimissime : http://www.tomshw.it/forum/sicurezza/223111-explorer-exe-errore-applicazione.html.Procedo ugualmente ?grazie

guerro · 27 Febbraio 2012

il problema ahimè persiste

ecco i files

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
27/02/2012 - 10:06:14

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK

[D:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK

D:\Dati\en16867\Documenti_D\tariffe\multimedia lettori\AVIAddXSub\AVI Info.exe Infetto da Backdoor.Win32.Bancodor.BW
D:\Dati\en16867\Documenti_D\tariffe\multimedia lettori\AVIAddXSub\AVIAddXSubs.exe Infetto da Backdoor.Win32.Bancodor.BW
D:\Dati\en16867\Documenti_D\tariffe\multimedia lettori\AVIAddXSub\AVIBitrate.exe Infetto da Backdoor.Win32.Bancodor.BW
D:\Dati\en16867\Documenti_D\tariffe\multimedia lettori\AVIAddXSub\SUBRenamer.exe Infetto da Backdoor.Win32.Bancodor.BW
D:\Dati\en16867\Trainers\Documenti_D\tariffe\multim\utilities\utilitiesdasalvare\Copia di Crackdiskeeper\diskeeper7\Crack_Diskeeper7.exe Infetto da Win32.Kriz.4029
D:\Dati\en16867\Trainers\Documenti_D\tariffe\multim\utilities\utilitiesdasalvare\Crackdiskeeper\diskeeper7\Crack_Diskeeper7.exe Infetto da Win32.Kriz.4029
D:\Dati\en16867\Trainers\Documenti_D\tariffe\multim\utilities\UTILITIESWINXP\Crackdiskeeper\diskeeper7\Crack_Diskeeper7.exe Infetto da Win32.Kriz.4029

[E:]

[F:]

[V:]

[Z:]

Chiavi Registro infette: 0.
Files Infetti: 7.
Files Sospetti: 0.
Files Analizzati: 146984.
Files Totali: 146984.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
27/02/2012 - 17:13:07

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK

[D:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK

D:\DATI\EN16867\DOCUMENTI_D\TARIFFE\MULTIM\UTILITIES\MOTHERBOARD_MONITOR_5370_2.ZIP -> mbm5370.exe Infetto da Trojan.Win32.SHeur3.CNFQ
* * * RIMOSSO * * *
D:\DATI\EN16867\DOCUMENTI_D\TARIFFE\MULTIM\UTILITIES\PDMDRKTR.ZIP -> PDMDKTR.exe Infetto da Win32.Sality.F
* * * RIMOSSO * * *
D:\Dati\en16867\Documenti_D\tariffe\multimedia lettori\AVIAddXSub\AVI Info.exe Infetto da Backdoor.Win32.Bancodor.BW
D:\Dati\en16867\Documenti_D\tariffe\multimedia lettori\AVIAddXSub\AVIAddXSubs.exe Infetto da Backdoor.Win32.Bancodor.BW
D:\Dati\en16867\Documenti_D\tariffe\multimedia lettori\AVIAddXSub\AVIBitrate.exe Infetto da Backdoor.Win32.Bancodor.BW
D:\Dati\en16867\Documenti_D\tariffe\multimedia lettori\AVIAddXSub\SUBRenamer.exe Infetto da Backdoor.Win32.Bancodor.BW
D:\DATI\EN16867\DOCUMENTI_D\TARIFFE\WRESTLG\UTILITIES PC E4300\AVIADDXSUB.ZIP -> AVIAddXSubs.exe Infetto da Backdoor.Win32.Bancodor.BW
* * * RIMOSSO * * *
D:\DATI\EN16867\TRAINERS\DOCUMENTI_D\TARIFFE\MULTIM\UTILITIES\MOTHERBOARD_MONITOR_5370_2.ZIP -> mbm5370.exe Infetto da Trojan.Win32.SHeur3.CNFQ
* * * RIMOSSO * * *
D:\DATI\EN16867\TRAINERS\DOCUMENTI_D\TARIFFE\MULTIM\UTILITIES\PDMDRKTR.ZIP -> PDMDKTR.exe Infetto da Win32.Sality.F
* * * RIMOSSO * * *
D:\Dati\en16867\Trainers\Documenti_D\tariffe\multim\utilities\utilitiesdasalvare\Copia di Crackdiskeeper\diskeeper7\Crack_Diskeeper7.exe Infetto da Win32.Kriz.4029
D:\Dati\en16867\Trainers\Documenti_D\tariffe\multim\utilities\utilitiesdasalvare\Crackdiskeeper\diskeeper7\Crack_Diskeeper7.exe Infetto da Win32.Kriz.4029
D:\Dati\en16867\Trainers\Documenti_D\tariffe\multim\utilities\UTILITIESWINXP\Crackdiskeeper\diskeeper7\Crack_Diskeeper7.exe Infetto da Win32.Kriz.4029

[V:]

[Z:]

Chiavi Registro infette: 0.
Files Infetti: 12.
Files Sospetti: 0.
Files Analizzati: 147668.
Files Totali: 147668.
Chiavi Registro rimosse: 0.
Virus Rimossi: 5.

Codice:

ComboFix 12-02-25.02 - EN16867 27/02/2012 16.37.24.5.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1033.18.2998.2441 [GMT 1:00]
Eseguito da: c:\documents and settings\en16867\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\en16867\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\program files\Microsoft Security Client\msseces.exe"
"c:\windows\Tasks\MP Scheduled Scan.job"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\en16867\Application Data\Help\coredb\storage
c:\documents and settings\en16867\Application Data\Identities\{EB66AF2F-207B-438C-95A5-C92D0581870E}\LicenseValidator.exe
c:\program files\Microsoft Security Client
c:\program files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.cat
c:\program files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.inf
c:\program files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.sys
c:\program files\Microsoft Security Client\Antimalware\Drivers\mpnwmon\mpnwmon.cat
c:\program files\Microsoft Security Client\Antimalware\Drivers\mpnwmon\mpnwmon.inf
c:\program files\Microsoft Security Client\Antimalware\Drivers\mpnwmon\mpnwmon.sys
c:\program files\Microsoft Security Client\Antimalware\EN-US\MpAsDesc.dll.mui
c:\program files\Microsoft Security Client\Antimalware\EN-US\mpevmsg.dll.mui
c:\program files\Microsoft Security Client\Antimalware\MpAsDesc.dll
c:\program files\Microsoft Security Client\Antimalware\MpClient.dll
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\program files\Microsoft Security Client\Antimalware\MpCommu.dll
c:\program files\Microsoft Security Client\Antimalware\MpEvMsg.dll
c:\program files\Microsoft Security Client\Antimalware\MpOAv.dll
c:\program files\Microsoft Security Client\Antimalware\MpRTP.dll
c:\program files\Microsoft Security Client\Antimalware\MpSvc.dll
c:\program files\Microsoft Security Client\Antimalware\MsMpCom.dll
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpLics.dll
c:\program files\Microsoft Security Client\Backup\en-us\amhelp.chm
c:\program files\Microsoft Security Client\Backup\en-us\epploc.cab
c:\program files\Microsoft Security Client\Backup\en-us\epploc_x86.msi
c:\program files\Microsoft Security Client\Backup\en-us\eula.rtf
c:\program files\Microsoft Security Client\Backup\en-us\setupres.dll.mui
c:\program files\Microsoft Security Client\Backup\eppmanifest.dll
c:\program files\Microsoft Security Client\Backup\it-it\amhelp.chm
c:\program files\Microsoft Security Client\Backup\it-it\epploc.cab
c:\program files\Microsoft Security Client\Backup\it-it\epploc_x86.msi
c:\program files\Microsoft Security Client\Backup\it-it\eula.rtf
c:\program files\Microsoft Security Client\Backup\it-it\setupres.dll.mui
c:\program files\Microsoft Security Client\Backup\it-it\x86\amloc-it-it.msi
c:\program files\Microsoft Security Client\Backup\setupres.dll
c:\program files\Microsoft Security Client\Backup\x86\dw20shared.msi
c:\program files\Microsoft Security Client\Backup\x86\epp.msi
c:\program files\Microsoft Security Client\Backup\x86\legitlib.dll
c:\program files\Microsoft Security Client\Backup\x86\mp_ambits.msi
c:\program files\Microsoft Security Client\Backup\x86\setup.exe
c:\program files\Microsoft Security Client\Backup\x86\sqmapi.dll
c:\program files\Microsoft Security Client\Backup\x86\windows6.0-kb981889-v2.msu
c:\program files\Microsoft Security Client\Backup\x86\windows6.1-kb981889.msu
c:\program files\Microsoft Security Client\CleanUpPolicy.xml
c:\program files\Microsoft Security Client\ConfigSecurityPolicy.exe
c:\program files\Microsoft Security Client\en-us\amhelp.chm
c:\program files\Microsoft Security Client\en-us\eula.rtf
c:\program files\Microsoft Security Client\en-us\MsMpRes.dll.mui
c:\program files\Microsoft Security Client\en-us\setupres.dll.mui
c:\program files\Microsoft Security Client\en-us\shellext.dll.mui
c:\program files\Microsoft Security Client\eppmanifest.dll
c:\program files\Microsoft Security Client\it-it\amhelp.chm
c:\program files\Microsoft Security Client\it-it\eula.rtf
c:\program files\Microsoft Security Client\it-it\MsMpRes.dll.mui
c:\program files\Microsoft Security Client\it-it\setupres.dll.mui
c:\program files\Microsoft Security Client\it-it\shellext.dll.mui
c:\program files\Microsoft Security Client\LegitLib.dll
c:\program files\Microsoft Security Client\MsMpRes.dll
c:\program files\Microsoft Security Client\msseces.exe
c:\program files\Microsoft Security Client\MsseWat.dll
c:\program files\Microsoft Security Client\setup.exe
c:\program files\Microsoft Security Client\setupres.dll
c:\program files\Microsoft Security Client\shellext.dll
c:\program files\Microsoft Security Client\sqmapi.dll
c:\windows\Tasks\MP Scheduled Scan.job
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MsMpSvc
-------\Legacy_MsMpSvc
-------\Service_MsMpSvc
-------\Service_MsMpSvc
.
.
((((((((((((((((((((((((( Files Creati Da 2012-01-27 al 2012-02-27 )))))))))))))))))))))))))))))))))))
.
.
2012-02-27 11:45 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E5F1FA88-1B4D-40B8-8EC4-92763ABECC9E}\mpengine.dll
2012-02-27 11:25 . 2012-02-27 11:25 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-27 11:10 . 2012-02-27 11:10 32490 ----a-w- c:\windows\SCHEDLGU.TXT.TMP
2012-02-27 08:52 . 2012-02-27 08:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{50DB8392-5787-4044-B241-1E1694663ECB}
2012-02-27 08:51 . 2012-02-27 08:51 -------- d-----w- c:\documents and settings\en16867\Local Settings\Application Data\PackageAware
2012-02-25 22:04 . 2012-02-26 23:42 -------- d-----w- c:\documents and settings\en16867\Application Data\TeamViewer
2012-02-25 22:04 . 2012-02-25 22:08 247296 ----a-w- c:\documents and settings\en16867\Application Data\Microsoft\{850B91B0-8C24-4386-866C-5BFCDB531A14}\LicenseValidator.exe
2012-02-24 16:31 . 2012-02-24 16:31 -------- d-----w- c:\documents and settings\en16867\Application Data\ElevatedDiagnostics
2012-02-16 17:03 . 2012-02-16 17:15 -------- d-----w- c:\documents and settings\en16867\Application Data\Kiuka
2012-02-16 17:03 . 2012-02-16 17:04 -------- d-----w- c:\documents and settings\en16867\Application Data\Ciud
2012-02-13 20:43 . 2012-02-13 20:43 -------- d-----w- c:\documents and settings\en16867\Application Data\Apple
2012-02-12 21:29 . 2012-02-12 21:29 -------- d-----w- c:\documents and settings\en16867\Local Settings\Application Data\David_Rudie
2012-02-04 14:24 . 2012-02-04 16:30 -------- d-----w- c:\documents and settings\en16867\Application Data\Baubupe
2012-02-04 14:24 . 2012-02-04 14:29 -------- d-----w- c:\documents and settings\en16867\Application Data\Xeisgy
2012-02-03 19:59 . 2012-02-03 19:59 -------- d-----w- c:\documents and settings\en16867\Local Settings\Application Data\Identities
2012-02-03 19:59 . 2012-02-05 02:51 -------- d-----w- c:\documents and settings\en16867\Application Data\Ofcyx
2012-02-03 19:59 . 2012-02-04 14:30 -------- d-----w- c:\documents and settings\en16867\Application Data\Esdizu
2012-01-30 10:28 . 2012-01-30 10:28 -------- d-----w- c:\documents and settings\en16867\Local Settings\Application Data\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 08:55 . 2011-12-29 17:38 82424 ----a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2012-02-08 06:03 . 2011-12-09 08:00 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-05-30 12:31 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-27 08:18 . 2011-06-06 11:14 5343997 ----a-w- c:\windows\FramePkg.exe
2012-01-03 07:28 . 2012-01-03 07:28 2570286 ----a-w- c:\windows\system32\abgx360.exe
2011-12-10 14:24 . 2012-01-02 16:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 08:09 . 2011-12-07 08:09 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-07 08:09 . 2011-12-07 08:09 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-30 07:59 . 2011-06-16 07:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-14_15.38.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-27 15:43 . 2012-02-27 15:43 16384 c:\windows\temp\Perflib_Perfdata_514.dat
+ 2012-02-24 16:27 . 2007-11-01 04:48 20992 c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9855d3fb15e6c63a811b1f0b66d78428\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7618f444d33b1311e952ba9285e4a4b2\Microsoft.PowerShell.Security.resources.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1b23e2c0707d81e7eb14f78552562635\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05bbffbe100ede49139819641a41dfda\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 65536 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 32768 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 11264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2012-02-24 16:27 . 2007-06-30 18:49 4608 c:\windows\system32\windowspowershell\v1.0\pwrshmsg.dll
+ 2012-02-24 16:38 . 2012-02-14 13:43 9610 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1040.dat
+ 2012-02-24 16:28 . 2012-02-24 16:28 8704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
+ 2012-02-24 16:27 . 2007-10-30 09:15 330240 c:\windows\system32\windowspowershell\v1.0\powershell.exe
+ 2012-02-27 08:52 . 2012-02-27 08:52 325632 c:\windows\Installer\57164.msi
+ 2012-02-24 17:43 . 2012-02-24 17:43 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\5d6a0e02b8e1cff94d07d2507667edc7\System.Management.Automation.resources.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d29ea7e7bbc981d8e9d4df4419707b4f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b0c56fa3e83bbf43637c8e19632ac3a9\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8b107a8a8ac94ba2206c35e685c265b9\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\612ab580b36369611744dcf73bd4b9c4\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 163840 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 294912 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 139264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2012-02-26 23:42 . 2012-02-27 11:26 2025468 c:\windows\system32\Restore\rstrlog.dat
+ 2012-02-24 17:43 . 2012-02-24 17:43 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\ab8103058e876daf2f11027bdc15e0f6\System.Management.Automation.ni.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 1564672 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpgradeChecker"="c:\documents and settings\en16867\Application Data\TeamViewer\{E19C3A79-5B64-4011-9B7C-981FC12024D5}\UpgradeChecker.exe" [2012-02-26 250880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2010-04-26 737280]
"Flashget"="d:\dati\en16867\flashgetnew\flashget.exe" [2007-09-25 2007088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-06 111952]
"NVHotkey"="nvHotkey.dll" [2010-02-19 86016]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2009-12-11 5114208]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-7-15 6144]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logoff\0\0]
"Script"=Logout.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logoff\0\1]
"Script"=LogoutNotes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\0\0]
"Script"=Cscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\1\0]
"Script"=cscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\1\1]
"Script"=ChangeOutlookSecureTempFolder.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\2\0]
"Script"=Cscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\3\0]
"Script"=OCSBulderMulti1.2.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\4\0]
"Script"=SetUserInfoOfficeXP.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\5\0]
"Script"=Main.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\6\0]
"Script"=RDTFolderSecurity.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- d:\dati\en16867\Documenti_D\DAEMON Tools Lite\daemon.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"KiesPDLR"=d:\samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"DAEMON Tools Lite"="d:\dati\en16867\Documenti_D\DAEMON Tools Lite\daemon.exe" -autorun
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /installquiet
"Flashget"=d:\dati\en16867\flashgetnew\flashget.exe /min
"SysTrayApp"=%ProgramFiles%\IDT\WDM\sttray.exe
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"KiesHelper"=d:\samsung\Kies\KiesHelper.exe /s
"KiesTrayAgent"=d:\samsung\Kies\KiesTrayAgent.exe
"CloneCDTray"="d:\dati\en16867\clone CD\CloneCD\CloneCDTray.exe" /s
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" /fromrunkey
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"TkBellExe"=c:\program files\Common Files\Real\Update_OB\realsched.exe -osboot
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"Apoint"=c:\program files\DellTPad\Apoint.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Acrobat Assistant 8.0"="d:\appl\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Persistence"=c:\windows\system32\igfxpers.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco Unified Video Advantage\\VideoAdvantage.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"d:\\Dati\\en16867\\flashgetnew\\flashget.exe"=
"d:\\Dati\\en16867\\Documenti_D\\tariffe\\Wrestlg\\Xbox 360 utilities\\Modio\\Modio.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\Jubler.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Dati\\en16867\\Documenti_D\\tariffe\\Wrestlg\\utorrent.exe"=
"d:\\Dati\\en16867\\utorrent\\uTorrent.exe"=
"d:\\Dati\\en16867\\RapidShareManager\\RapidShareManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/05/2011 11.10.54 721904]
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [14/07/2010 11.59.30 17072]
R2 CDMA Device Service;CDMA Device Service;d:\samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [25/09/2011 22.56.30 63488]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [11/11/2008 16.35.20 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [11/11/2008 16.35.22 20840]
R2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;c:\windows\system32\drivers\Ndiscdp.sys [15/07/2010 15.41.39 22776]
R2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files\QUALCOMM\QDLService2k\QDLService2kDell.exe [14/01/2010 6.30.16 330488]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [14/07/2010 11.44.02 59904]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\dati\en16867\tuneup2011\TuneUpUtilitiesService32.exe [14/12/2010 13.41.10 1517376]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [14/07/2010 11.59.30 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [14/07/2010 11.37.42 113664]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [10/02/2009 10.04.47 12840]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/07/2010 11.51.24 143968]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [10/02/2009 10.04.13 32808]
R3 d554bus;Dell Wireless 5540 HSPA Mini-Card Device driver (WDM);c:\windows\system32\drivers\d554bus.sys [01/10/2010 4.24.16 98560]
R3 d554gps;Dell Wireless 5540 HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps.sys [01/10/2010 4.24.24 82984]
R3 d554mdfl;Dell Wireless 5540 HSPA Mini-Card Data Modem Filter;c:\windows\system32\drivers\d554mdfl.sys [01/10/2010 4.24.19 14976]
R3 d554mdm;Dell Wireless 5540 HSPA Mini-Card Data Modem Driver;c:\windows\system32\drivers\d554mdm.sys [01/10/2010 4.24.19 123904]
R3 d554mgmt;DellWireless5540 HSPA Mini-Card Device Management Drivers (WDM);c:\windows\system32\drivers\d554mgmt.sys [01/10/2010 4.24.22 117888]
R3 d554nd5;Dell Wireless 5540 HSPA Mini-Card Network Adapter (NDIS);c:\windows\system32\drivers\d554nd5.sys [01/10/2010 4.24.24 25216]
R3 d554scard;Dell Wireless 5540 HSPA Mini-Card USIM Port;c:\windows\system32\drivers\d554scard.sys [01/10/2010 4.24.22 47744]
R3 d554unic;Dell Wireless 5540 HSPA Mini-Card Network Adapter (WDM);c:\windows\system32\drivers\d554unic.sys [01/10/2010 4.24.22 130560]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [12/07/2010 10.57.28 167080]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [12/07/2010 10.57.27 132480]
R3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\drivers\IntcDAud.sys [01/10/2010 4.49.45 235520]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\dati\en16867\tuneup2011\TuneUpUtilitiesDriver32.sys [29/11/2010 18.27.40 10064]
S1 qeilvwmj;qeilvwmj;\??\c:\windows\system32\drivers\qeilvwmj.sys --> c:\windows\system32\drivers\qeilvwmj.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12.16.28 130384]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [12/07/2010 11.51.23 134144]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [25/09/2011 22.56.24 77624]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [13/01/2009 11.10.57 244368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/02/2009 9.58.46 110080]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/07/2010 10.57.22 58600]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [25/09/2011 22.56.25 181432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12.16.28 753504]
S4 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [04/09/2008 17.28.42 406808]
S4 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [11/11/2008 15.00.26 451872]
S4 gupdate;Servizio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/08/2011 14.06.05 136176]
S4 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23/08/2011 14.06.05 136176]
S4 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [14/07/2010 11.59.30 60928]
S4 WMCoreService;Mobile Broadband Service;c:\program files\Dell\Dell WWAN\WMCore\WMCore.exe servicemode --> c:\program files\Dell\Dell WWAN\WMCore\WMCore.exe servicemode [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
2008-04-14 03:41 99840 ----a-w- c:\windows\system32\advpack.dll
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 13:05]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 13:05]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://myeni.eni.it
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://legalarchives.eni.it
uInternet Settings,ProxyOverride = local
IE: &Scarica con FlashGet - d:\dati\en16867\flashgetnew\jc_link.htm
IE: &Scarica tutto con FlashGet - d:\dati\en16867\flashgetnew\jc_all.htm
IE: Aggiungi a PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\en16867\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Invia a Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Salva oggetto con NetXfer - d:\dati\en16867\Documenti_D\tariffe\multimedia lettori\NetXfer\NXAddLink.html
IE: Salva tutti gli oggetti con NetXfer - d:\dati\en16867\Documenti_D\tariffe\multimedia lettori\NetXfer\NXAddList.html
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\en16867\Application Data\Mozilla\Firefox\Profiles\lbd2c61s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&q=
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
SafeBoot-MsMpSvc
MSConfigStartUp-LicenseValidator - c:\documents and settings\en16867\Application Data\Identities\{EB66AF2F-207B-438C-95A5-C92D0581870E}\LicenseValidator.exe
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-27 16:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(1904)
d:\dati\en16867\flashgetnew\fgmgr.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
d:\dati\en16867\tuneup2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\McTray.exe
.
**************************************************************************
.
Ora fine scansione: 2012-02-27 16:58:31 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-02-27 15:58
ComboFix2.txt 2012-02-26 17:03
ComboFix3.txt 2012-02-14 15:41
ComboFix4.txt 2012-01-14 14:09
ComboFix5.txt 2012-02-27 14:57
.
Pre-Run: 13.330.714.624 bytes free
Post-Run: 13.058.416.640 byte disponibili
.
- - End Of File - - 1B22E6E62EF950FF06EA3500B4152821

grazie

tecnico24 · 27 Febbraio 2012

Domanda , conosci queste applicazioni ?:

c:\documents and settings\en16867\Application Data\Ciud
c:\documents and settings\en16867\Local Settings\Application Data\David_Rudie
c:\documents and settings\en16867\Application Data\Baubupe
c:\documents and settings\en16867\Application Data\Xeisgy
c:\documents and settings\en16867\Local Settings\Application Data\Identities
c:\documents and settings\en16867\Application Data\Ofcyx
c:\documents and settings\en16867\Application Data\Esdizu

guerro · 27 Febbraio 2012

tecnico24 ha detto:
Domanda , conosci queste applicazioni ?:

c:\documents and settings\en16867\Application Data\Ciud
c:\documents and settings\en16867\Local Settings\Application Data\David_Rudie
c:\documents and settings\en16867\Application Data\Baubupe
c:\documents and settings\en16867\Application Data\Xeisgy
c:\documents and settings\en16867\Local Settings\Application Data\Identities
c:\documents and settings\en16867\Application Data\Ofcyx
c:\documents and settings\en16867\Application Data\Esdizu

mai sentite..che roba sarà?!?

tecnico24 · 27 Febbraio 2012

Ciao ,
I dubbi mi sono venuti nel momento in cui mi hai detto che il pc è aziendale.
Scarica il file CFscript.txt sul desktop e trascinalo nell'icona di combofix.
Attendi il lavoro del programma e il conseguente riavvio.
Ripostaci il log delle operazioni.

guerro · 27 Febbraio 2012

grazie ma l'ultimo combofix che ti ho allegato due ore fa l 'ho fatto con lo cfscript come da tuo precedente consiglio...lo rifaccio?grazie x la pazienza...

tecnico24 · 27 Febbraio 2012

Si , precedentemente abbiamo rimosso Microsoft security Essentials , visto che hai come antivirus Mcafee.

Quindi procedi con il file CFScript.exe che ti ho allegato e riposta il nuovo log delle operazioni.

Cerca

problema virus grep.3xe o cosa?grazie!

guerro

Utente Attivo

tecnico24

guerro

Utente Attivo

tecnico24

guerro

Utente Attivo

tecnico24

guerro

Utente Attivo

tecnico24

Allegati

guerro

Utente Attivo

guerro

Utente Attivo

tecnico24

guerro

Utente Attivo

tecnico24

Allegati

guerro

Utente Attivo

tecnico24

Entra