toreLELLA ha scritto:SI! Tu sei un genio ed io devo farti un monumento!
Ciao a tutti,
ho registrato anche io il problema che è stato segnalato sul vostro forum qualche tempo fa. Nessun antivirus nè antispyware registrano anomalie al mio sistema durante la scansione tuttavia la connessione a questi siti appare bloccata, pur riuscendo a navigare su tutti gli altri. Non ho installato nessun firewall e non ho alcuna impostazione di sicurezza personalizzata.
Dunque, dopo avere eseguito le istruzioni in risposta all'utente vengo ad allegarvi il log di combofix :
-------------------
ComboFix 08-08-19.06 - Mauro 2008-08-21 2:35:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.133 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Mauro\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mauro\Impostazioni locali\Dati applicazioni\bnbnzn.dat
C:\Documents and Settings\Mauro\Impostazioni locali\Dati applicazioni\bnbnzn.exe
C:\Documents and Settings\Mauro\Impostazioni locali\Dati applicazioni\bnbnzn_nav.dat
C:\Documents and Settings\Mauro\Impostazioni locali\Dati applicazioni\bnbnzn_navps.dat
.
((((((((((((((((((((((((( Files Creati Da 2008-07-21 al 2008-08-21 )))))))))))))))))))))))))))))))))))
.
2008-08-19 13:54 . 2008-08-19 13:54 85 --a------ C:\WINDOWS\wininit.ini
2008-08-17 15:26 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-08-17 15:26 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-08-17 15:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-08-17 15:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-17 15:26 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-08-17 13:43 . 2008-08-17 13:43 268 --ah----- C:\sqmdata19.sqm
2008-08-17 13:43 . 2008-08-17 13:43 244 --ah----- C:\sqmnoopt19.sqm
2008-08-16 14:33 . 2008-08-16 14:33 268 --ah----- C:\sqmdata18.sqm
2008-08-16 14:33 . 2008-08-16 14:33 244 --ah----- C:\sqmnoopt18.sqm
2008-08-14 10:00 . 2008-08-14 10:00 268 --ah----- C:\sqmdata17.sqm
2008-08-14 10:00 . 2008-08-14 10:00 244 --ah----- C:\sqmnoopt17.sqm
2008-08-12 12:54 . 2008-08-12 12:54 268 --ah----- C:\sqmdata16.sqm
2008-08-12 12:54 . 2008-08-12 12:54 244 --ah----- C:\sqmnoopt16.sqm
2008-08-12 12:51 . 2008-08-12 12:51 268 --ah----- C:\sqmdata15.sqm
2008-08-12 12:51 . 2008-08-12 12:51 244 --ah----- C:\sqmnoopt15.sqm
2008-08-11 22:55 . 2008-08-11 22:55 268 --ah----- C:\sqmdata14.sqm
2008-08-11 22:55 . 2008-08-11 22:55 244 --ah----- C:\sqmnoopt14.sqm
2008-08-10 17:44 . 2008-08-10 17:44 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-08-03 14:02 . 2008-08-03 14:02 268 --ah----- C:\sqmdata13.sqm
2008-08-03 14:02 . 2008-08-03 14:02 244 --ah----- C:\sqmnoopt13.sqm
2008-08-03 13:53 . 2008-08-14 10:02 <DIR> d-------- C:\Documents and Settings\Mauro\Contacts
2008-08-03 13:53 . 2008-08-03 13:53 268 --ah----- C:\sqmdata12.sqm
2008-08-03 13:53 . 2008-08-03 13:53 244 --ah----- C:\sqmnoopt12.sqm
2008-08-03 12:45 . 2008-08-03 12:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-03 12:39 . 2008-08-03 12:39 169 --a------ C:\WINDOWS\RtlRack.ini
2008-08-02 19:56 . 2008-08-02 19:56 268 --ah----- C:\sqmdata11.sqm
2008-08-02 19:56 . 2008-08-02 19:56 244 --ah----- C:\sqmnoopt11.sqm
2008-08-02 19:24 . 2008-08-02 19:24 268 --ah----- C:\sqmdata10.sqm
2008-08-02 19:24 . 2008-08-02 19:24 244 --ah----- C:\sqmnoopt10.sqm
2008-08-02 13:09 . 2008-08-02 13:09 268 --ah----- C:\sqmdata09.sqm
2008-08-02 13:08 . 2008-08-02 13:08 244 --ah----- C:\sqmnoopt09.sqm
2008-08-01 17:05 . 2008-08-01 17:05 268 --ah----- C:\sqmdata08.sqm
2008-08-01 17:05 . 2008-08-01 17:05 244 --ah----- C:\sqmnoopt08.sqm
2008-08-01 17:02 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-01 17:02 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-01 15:05 . 2008-08-01 15:05 268 --ah----- C:\sqmdata07.sqm
2008-08-01 15:05 . 2008-08-01 15:05 244 --ah----- C:\sqmnoopt07.sqm
2008-08-01 14:09 . 2008-08-01 14:09 268 --ah----- C:\sqmdata06.sqm
2008-08-01 14:09 . 2008-08-01 14:09 244 --ah----- C:\sqmnoopt06.sqm
2008-08-01 14:04 . 2008-08-01 14:04 <DIR> d---s---- C:\Documents and Settings\Mauro\UserData
2008-08-01 14:00 . 2008-08-01 14:00 268 --ah----- C:\sqmdata05.sqm
2008-08-01 14:00 . 2008-08-01 14:00 244 --ah----- C:\sqmnoopt05.sqm
2008-08-01 13:59 . 2008-08-01 13:59 <DIR> d-------- C:\Programmi\Aethra
2008-08-01 13:59 . 2004-04-20 17:24 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2008-08-01 13:59 . 2004-04-20 17:24 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-08-01 13:58 . 2008-08-01 13:58 <DIR> d-------- C:\WINDOWS\Motive
2008-08-01 13:58 . 2008-08-01 13:58 <DIR> d-------- C:\Programmi\Motive
2008-08-01 13:58 . 2008-08-01 13:58 <DIR> d-------- C:\Programmi\Common Files
2008-08-01 13:57 . 2008-08-01 13:59 <DIR> d-------- C:\Programmi\Alice ti aiuta
2008-08-01 13:56 . 2008-08-01 13:56 <DIR> d-------- C:\Programmi\Telecom Italia
2008-07-31 15:55 . 2008-07-31 15:55 268 --ah----- C:\sqmdata04.sqm
2008-07-31 15:55 . 2008-07-31 15:55 244 --ah----- C:\sqmnoopt04.sqm
2008-07-31 14:46 . 2008-07-31 14:46 268 --ah----- C:\sqmdata03.sqm
2008-07-31 14:46 . 2008-07-31 14:46 244 --ah----- C:\sqmnoopt03.sqm
2008-07-30 18:30 . 2008-07-30 18:30 268 --ah----- C:\sqmdata02.sqm
2008-07-30 18:30 . 2008-07-30 18:30 244 --ah----- C:\sqmnoopt02.sqm
2008-07-30 12:48 . 2008-07-30 12:48 268 --ah----- C:\sqmdata01.sqm
2008-07-30 12:48 . 2008-07-30 12:48 244 --ah----- C:\sqmnoopt01.sqm
2008-07-29 19:51 . 2008-08-18 12:41 268 --ah----- C:\sqmdata00.sqm
2008-07-29 19:51 . 2008-08-18 12:41 244 --ah----- C:\sqmnoopt00.sqm
2008-07-29 19:50 . 2008-08-18 13:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-29 04:13 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-29 04:13 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-29 04:13 . 2004-08-19 15:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-29 04:13 . 2004-08-19 15:39 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-29 04:13 . 2004-08-19 15:30 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-29 04:13 . 2004-08-19 15:30 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-28 21:24 . 2008-07-28 21:24 <DIR> d-------- C:\Programmi\CCleaner
2008-07-28 20:50 . 2008-08-21 01:14 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-07-28 20:50 . 2008-08-10 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-28 20:19 . 2008-07-28 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-07-28 19:52 . 2008-07-28 19:52 <DIR> d-------- C:\Documents and Settings\Mauro\Dati applicazioni\vlc
2008-07-28 15:43 . 2008-07-28 15:52 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-07-28 15:14 . 2008-08-19 16:39 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-28 15:10 . 2001-08-30 20:41 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-28 15:10 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-28 14:01 . 2008-07-28 15:14 <DIR> d-------- C:\Documents and Settings\Mauro\Dati applicazioni\Ahead
2008-07-28 13:58 . 2008-07-28 13:58 <DIR> d-------- C:\Programmi\Nero
2008-07-28 13:58 . 2008-07-28 13:58 <DIR> d-------- C:\Programmi\File comuni\Ahead
2008-07-26 01:19 . 2008-07-26 01:19 <DIR> d-------- C:\Programmi\Alwil Software
2008-07-26 01:09 . 2008-08-10 17:44 <DIR> d-------- C:\Programmi\Lavasoft
2008-07-26 01:09 . 2008-08-10 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-07-26 01:06 . 2008-07-26 01:06 <DIR> d-------- C:\Programmi\DVD Decrypter
2008-07-26 01:05 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-26 01:05 . 2008-07-26 01:05 376 --a------ C:\WINDOWS\ODBC.INI
2008-07-26 01:04 . 2008-07-26 01:04 <DIR> d-------- C:\Programmi\VideoLAN
2008-07-26 01:04 . 2008-07-26 01:04 <DIR> d-------- C:\Programmi\Microsoft.NET
2008-07-26 01:03 . 2008-07-26 01:03 <DIR> d-------- C:\Programmi\Microsoft ActiveSync
2008-07-26 01:02 . 2008-07-26 01:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-26 00:58 . 2008-08-21 00:33 <DIR> d-------- C:\Programmi\eMule
2008-07-26 00:58 . 2008-07-26 00:58 <DIR> d-------- C:\Programmi\DVD Shrink
2008-07-26 00:58 . 2008-07-26 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2008-07-26 00:57 . 2008-07-26 00:57 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-26 00:57 . 2008-07-26 00:57 <DIR> d-------- C:\WINDOWS\Profiles
2008-07-26 00:57 . 2008-08-11 22:16 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-07-26 00:57 . 2008-07-26 00:57 <DIR> d-------- C:\Documents and Settings\Mauro\Dati applicazioni\InterTrust
2008-07-26 00:57 . 1998-11-13 12:07 307,712 --a------ C:\WINDOWS\IsUn0410.exe
2008-07-26 00:56 . 2008-07-29 17:43 <DIR> d-------- C:\Programmi\SlySoft
2008-07-26 00:56 . 2008-07-29 17:44 <DIR> d-------- C:\Programmi\Elaborate Bytes
2008-07-26 00:55 . 2002-05-06 12:01 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-07-26 00:55 . 2002-05-06 12:01 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-07-26 00:55 . 2001-04-19 18:34 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-07-26 00:55 . 2001-04-19 18:34 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-07-26 00:53 . 2008-07-26 00:53 <DIR> d-------- C:\totalcmd
2008-07-26 00:53 . 2008-07-28 20:47 1,562 --a------ C:\WINDOWS\wincmd.ini
2008-07-26 00:53 . 2004-04-16 06:03 545 --a------ C:\WINDOWS\UC.PIF
2008-07-26 00:53 . 2004-04-16 06:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-07-26 00:53 . 2004-04-16 06:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-07-26 00:53 . 2004-04-16 06:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-07-26 00:53 . 2004-04-16 06:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-07-26 00:53 . 2004-04-16 06:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-07-26 00:53 . 2004-04-16 06:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-07-26 00:48 . 2008-07-26 00:48 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Avvio
2008-07-26 00:47 . 2008-07-26 00:47 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-07-26 00:39 . 2008-07-26 00:49 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-26 00:37 . 2004-08-19 17:14 141,702 --a--c--- C:\WINDOWS\system32\dllcache\netfx.cat
2008-07-26 00:35 . 2008-07-26 00:35 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-26 00:30 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\
002248_.tmp
2008-07-26 00:30 . 2004-08-03 22:43 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-26 00:27 . 2008-07-26 00:38 <DIR> d-------- C:\WINDOWS\EHome
2008-07-26 00:17 . 2008-07-26 00:17 <DIR> d-------- C:\Programmi\AMD
2008-07-26 00:17 . 2005-03-09 15:53 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-07-26 00:17 . 2008-08-21 01:53 39,291 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-26 00:16 . 2008-07-26 00:20 <DIR> d-------- C:\WINDOWS\nview
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 11:57 155,995 ----a-w C:\WINDOWS\java\Packages\UIDJ9F53.ZIP
2008-07-25 14:25 --------- d-----w C:\Programmi\microsoft frontpage
2008-07-25 14:23 --------- d-----w C:\Programmi\Servizi in linea
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-10-10 15:49 7286784]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-10-10 15:49 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"CnxTrApp"="C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll" [2004-04-20 17:24 247296]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 10:42 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-10-10 15:49 1519616 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-08-01 13:58:47 212992]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{120f124c-6d34-11dd-aa9d-0009f37bbd8f}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-MsnMsgr - C:\Programmi\MSN Messenger\MsnMsgr.Exe
HKCU-Run-bnbnzn - c:\documents and settings\mauro\impostazioni locali\dati applicazioni\bnbnzn.exe
HKLM-Run-NWEReboot - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mauro\Dati applicazioni\Mozilla\Firefox\Profiles\aei1lg4u.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
www.google.itFF -: plugin - C:\Programmi\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-21 02:37:50
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-08-21 2:39:08
ComboFix-quarantined-files.txt 2008-08-21 00:39:05
Pre-Run: 2,684,375,040 byte disponibili
Post-Run: 2,677,805,056 byte disponibili
206
ComboFix 08-08-19.06 - Mauro 2008-08-21 19:31:26.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.176 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Mauro\Desktop\Setup\ComboFix.exe
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((( Files Creati Da 2008-07-21 al 2008-08-21 )))))))))))))))))))))))))))))))))))
.
2008-08-19 13:54 . 2008-08-19 13:54 85 --a------ C:\WINDOWS\wininit.ini
2008-08-17 15:26 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-08-17 15:26 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-08-17 15:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-08-17 15:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-17 15:26 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-08-17 13:43 . 2008-08-17 13:43 268 --ah----- C:\sqmdata19.sqm
2008-08-17 13:43 . 2008-08-17 13:43 244 --ah----- C:\sqmnoopt19.sqm
2008-08-16 14:33 . 2008-08-16 14:33 268 --ah----- C:\sqmdata18.sqm
2008-08-16 14:33 . 2008-08-16 14:33 244 --ah----- C:\sqmnoopt18.sqm
2008-08-14 10:00 . 2008-08-14 10:00 268 --ah----- C:\sqmdata17.sqm
2008-08-14 10:00 . 2008-08-14 10:00 244 --ah----- C:\sqmnoopt17.sqm
2008-08-12 12:54 . 2008-08-12 12:54 268 --ah----- C:\sqmdata16.sqm
2008-08-12 12:54 . 2008-08-12 12:54 244 --ah----- C:\sqmnoopt16.sqm
2008-08-12 12:51 . 2008-08-12 12:51 268 --ah----- C:\sqmdata15.sqm
2008-08-12 12:51 . 2008-08-12 12:51 244 --ah----- C:\sqmnoopt15.sqm
2008-08-11 22:55 . 2008-08-11 22:55 268 --ah----- C:\sqmdata14.sqm
2008-08-11 22:55 . 2008-08-11 22:55 244 --ah----- C:\sqmnoopt14.sqm
2008-08-10 17:44 . 2008-08-10 17:44 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-08-03 14:02 . 2008-08-03 14:02 268 --ah----- C:\sqmdata13.sqm
2008-08-03 14:02 . 2008-08-03 14:02 244 --ah----- C:\sqmnoopt13.sqm
2008-08-03 13:53 . 2008-08-14 10:02 <DIR> d-------- C:\Documents and Settings\Mauro\Contacts
2008-08-03 13:53 . 2008-08-03 13:53 268 --ah----- C:\sqmdata12.sqm
2008-08-03 13:53 . 2008-08-03 13:53 244 --ah----- C:\sqmnoopt12.sqm
2008-08-03 12:45 . 2008-08-03 12:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-03 12:39 . 2008-08-03 12:39 169 --a------ C:\WINDOWS\RtlRack.ini
2008-08-02 19:56 . 2008-08-02 19:56 268 --ah----- C:\sqmdata11.sqm
2008-08-02 19:56 . 2008-08-02 19:56 244 --ah----- C:\sqmnoopt11.sqm
2008-08-02 19:24 . 2008-08-02 19:24 268 --ah----- C:\sqmdata10.sqm
2008-08-02 19:24 . 2008-08-02 19:24 244 --ah----- C:\sqmnoopt10.sqm
2008-08-02 13:09 . 2008-08-02 13:09 268 --ah----- C:\sqmdata09.sqm
2008-08-02 13:08 . 2008-08-02 13:08 244 --ah----- C:\sqmnoopt09.sqm
2008-08-01 17:05 . 2008-08-01 17:05 268 --ah----- C:\sqmdata08.sqm
2008-08-01 17:05 . 2008-08-01 17:05 244 --ah----- C:\sqmnoopt08.sqm
2008-08-01 17:02 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-01 17:02 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-01 15:05 . 2008-08-01 15:05 268 --ah----- C:\sqmdata07.sqm
2008-08-01 15:05 . 2008-08-01 15:05 244 --ah----- C:\sqmnoopt07.sqm
2008-08-01 14:09 . 2008-08-01 14:09 268 --ah----- C:\sqmdata06.sqm
2008-08-01 14:09 . 2008-08-01 14:09 244 --ah----- C:\sqmnoopt06.sqm
2008-08-01 14:04 . 2008-08-01 14:04 <DIR> d---s---- C:\Documents and Settings\Mauro\UserData
2008-08-01 14:00 . 2008-08-01 14:00 268 --ah----- C:\sqmdata05.sqm
2008-08-01 14:00 . 2008-08-01 14:00 244 --ah----- C:\sqmnoopt05.sqm
2008-08-01 13:59 . 2008-08-01 13:59 <DIR> d-------- C:\Programmi\Aethra
2008-08-01 13:59 . 2004-04-20 17:24 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2008-08-01 13:59 . 2004-04-20 17:24 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-08-01 13:58 . 2008-08-01 13:58 <DIR> d-------- C:\WINDOWS\Motive
2008-08-01 13:58 . 2008-08-01 13:58 <DIR> d-------- C:\Programmi\Motive
2008-08-01 13:58 . 2008-08-01 13:58 <DIR> d-------- C:\Programmi\Common Files
2008-08-01 13:57 . 2008-08-01 13:59 <DIR> d-------- C:\Programmi\Alice ti aiuta
2008-08-01 13:56 . 2008-08-01 13:56 <DIR> d-------- C:\Programmi\Telecom Italia
2008-07-31 15:55 . 2008-07-31 15:55 268 --ah----- C:\sqmdata04.sqm
2008-07-31 15:55 . 2008-07-31 15:55 244 --ah----- C:\sqmnoopt04.sqm
2008-07-31 14:46 . 2008-07-31 14:46 268 --ah----- C:\sqmdata03.sqm
2008-07-31 14:46 . 2008-07-31 14:46 244 --ah----- C:\sqmnoopt03.sqm
2008-07-30 18:30 . 2008-07-30 18:30 268 --ah----- C:\sqmdata02.sqm
2008-07-30 18:30 . 2008-07-30 18:30 244 --ah----- C:\sqmnoopt02.sqm
2008-07-30 12:48 . 2008-07-30 12:48 268 --ah----- C:\sqmdata01.sqm
2008-07-30 12:48 . 2008-07-30 12:48 244 --ah----- C:\sqmnoopt01.sqm
2008-07-29 19:51 . 2008-08-18 12:41 268 --ah----- C:\sqmdata00.sqm
2008-07-29 19:51 . 2008-08-18 12:41 244 --ah----- C:\sqmnoopt00.sqm
2008-07-29 19:50 . 2008-08-18 13:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-29 04:13 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-29 04:13 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-29 04:13 . 2004-08-19 15:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-29 04:13 . 2004-08-19 15:39 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-29 04:13 . 2004-08-19 15:30 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-29 04:13 . 2004-08-19 15:30 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-28 21:24 . 2008-07-28 21:24 <DIR> d-------- C:\Programmi\CCleaner
2008-07-28 20:50 . 2008-08-21 01:14 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-07-28 20:50 . 2008-08-10 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-28 20:19 . 2008-07-28 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-07-28 19:52 . 2008-07-28 19:52 <DIR> d-------- C:\Documents and Settings\Mauro\Dati applicazioni\vlc
2008-07-28 15:43 . 2008-07-28 15:52 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-07-28 15:14 . 2008-08-19 16:39 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-28 15:10 . 2001-08-30 20:41 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-28 15:10 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-28 14:01 . 2008-07-28 15:14 <DIR> d-------- C:\Documents and Settings\Mauro\Dati applicazioni\Ahead
2008-07-28 13:58 . 2008-07-28 13:58 <DIR> d-------- C:\Programmi\Nero
2008-07-28 13:58 . 2008-07-28 13:58 <DIR> d-------- C:\Programmi\File comuni\Ahead
2008-07-26 01:19 . 2008-07-26 01:19 <DIR> d-------- C:\Programmi\Alwil Software
2008-07-26 01:09 . 2008-08-10 17:44 <DIR> d-------- C:\Programmi\Lavasoft
2008-07-26 01:09 . 2008-08-10 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-07-26 01:06 . 2008-07-26 01:06 <DIR> d-------- C:\Programmi\DVD Decrypter
2008-07-26 01:05 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-26 01:05 . 2008-07-26 01:05 376 --a------ C:\WINDOWS\ODBC.INI
2008-07-26 01:04 . 2008-07-26 01:04 <DIR> d-------- C:\Programmi\VideoLAN
2008-07-26 01:04 . 2008-07-26 01:04 <DIR> d-------- C:\Programmi\Microsoft.NET
2008-07-26 01:03 . 2008-07-26 01:03 <DIR> d-------- C:\Programmi\Microsoft ActiveSync
2008-07-26 01:02 . 2008-07-26 01:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-26 00:58 . 2008-08-21 00:33 <DIR> d-------- C:\Programmi\eMule
2008-07-26 00:58 . 2008-07-26 00:58 <DIR> d-------- C:\Programmi\DVD Shrink
2008-07-26 00:58 . 2008-07-26 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2008-07-26 00:57 . 2008-07-26 00:57 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-26 00:57 . 2008-07-26 00:57 <DIR> d-------- C:\WINDOWS\Profiles
2008-07-26 00:57 . 2008-08-11 22:16 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-07-26 00:57 . 2008-07-26 00:57 <DIR> d-------- C:\Documents and Settings\Mauro\Dati applicazioni\InterTrust
2008-07-26 00:57 . 1998-11-13 12:07 307,712 --a------ C:\WINDOWS\IsUn0410.exe
2008-07-26 00:56 . 2008-07-29 17:43 <DIR> d-------- C:\Programmi\SlySoft
2008-07-26 00:56 . 2008-07-29 17:44 <DIR> d-------- C:\Programmi\Elaborate Bytes
2008-07-26 00:55 . 2002-05-06 12:01 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-07-26 00:55 . 2002-05-06 12:01 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-07-26 00:55 . 2001-04-19 18:34 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-07-26 00:55 . 2001-04-19 18:34 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-07-26 00:53 . 2008-07-26 00:53 <DIR> d-------- C:\totalcmd
2008-07-26 00:53 . 2008-07-28 20:47 1,562 --a------ C:\WINDOWS\wincmd.ini
2008-07-26 00:53 . 2004-04-16 06:03 545 --a------ C:\WINDOWS\UC.PIF
2008-07-26 00:53 . 2004-04-16 06:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-07-26 00:53 . 2004-04-16 06:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-07-26 00:53 . 2004-04-16 06:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-07-26 00:53 . 2004-04-16 06:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-07-26 00:53 . 2004-04-16 06:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-07-26 00:53 . 2004-04-16 06:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-07-26 00:48 . 2008-07-26 00:48 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Avvio
2008-07-26 00:47 . 2008-07-26 00:47 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-07-26 00:39 . 2008-07-26 00:49 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-26 00:37 . 2004-08-19 17:14 141,702 --a--c--- C:\WINDOWS\system32\dllcache\netfx.cat
2008-07-26 00:35 . 2008-07-26 00:35 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-26 00:30 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\
002248_.tmp
2008-07-26 00:30 . 2004-08-03 22:43 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-26 00:27 . 2008-07-26 00:38 <DIR> d-------- C:\WINDOWS\EHome
2008-07-26 00:17 . 2008-07-26 00:17 <DIR> d-------- C:\Programmi\AMD
2008-07-26 00:17 . 2005-03-09 15:53 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-07-26 00:17 . 2008-08-21 19:13 39,291 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-26 00:16 . 2008-07-26 00:20 <DIR> d-------- C:\WINDOWS\nview
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 11:57 155,995 ----a-w C:\WINDOWS\java\Packages\UIDJ9F53.ZIP
2008-07-25 14:25 --------- d-----w C:\Programmi\microsoft frontpage
2008-07-25 14:23 --------- d-----w C:\Programmi\Servizi in linea
.
((((((((((((((((((((((((((((( snapshot@2008-08-21_ 2.38.50.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-21 17:13:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_770.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-10-10 15:49 7286784]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-10-10 15:49 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"CnxTrApp"="C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll" [2004-04-20 17:24 247296]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 10:42 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-10-10 15:49 1519616 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-08-01 13:58:47 212992]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{120f124c-6d34-11dd-aa9d-0009f37bbd8f}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mauro\Dati applicazioni\Mozilla\Firefox\Profiles\aei1lg4u.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
www.google.itFF -: plugin - C:\Programmi\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-21 19:33:46
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-08-21 19:35:07
ComboFix-quarantined-files.txt 2008-08-21 17:35:02
ComboFix2.txt 2008-08-21 00:39:09
Pre-Run: 2,628,325,376 byte disponibili
Post-Run: 2,622,607,360 byte disponibili
197
--------------------------------------------
Tengo a fare presente che questo è l'unico forum su cui sia stato affrontato e risolto un problema di questo tipo, per cui mi auguro che possiate essere di aiuto anche al sottoscritto
L.