Condividi:        

Cosa significa questo messaggio da Avast?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Cosa significa questo messaggio da Avast?

Postdi lucaeffe » 27/11/09 15:39

Troppe email identiche nell'intervallo di tempo selezionato


Mittente: "Wesley Weber" <westedoh@tiscali.it>
Destinatario: <cmcloughlin@accucomci.com>
Oggetto: You don't have to worry about paying exorbitant prices for your medications anymore.Troppe email identiche nell'intervallo di tempo selezionato


Mittente: "Riley Gonzalez" <sama37@tiscali.it>
Destinatario: <cmcloughlin@accucomci.com>; <kontakt@msxstudios.de>
Oggetto: You don't have to worry about paying exorbitant prices for your medications anymore.Troppe email identiche nell'intervallo di tempo selezionato


Mittente: "Elena Bowen" <snubdn0@tiscali.it>
Destinatario: <cmcloughlin@accucomci.com>; <kontakt@msxstudios.de>; <lena.sorensen@worldtek.com>
Oggetto: You don't have to worry about paying exorbitant prices for your medications anymore.Troppe email identiche nell'intervallo di tempo selezionato


Mittente: "Adrian Little" <randi3@tiscali.it>
Destinatario: <cmcloughlin@accucomci.com>; <kontakt@msxstudios.de>; <lena.sorensen@worldtek.com>; <djb@djb29.fsnet.co.uk>
Oggetto: You don't have to worry about paying exorbitant prices for your medications anymore.Troppe email identiche nell'intervallo di tempo selezionato


Mittente: "Jake Wise" <personaas@tiscali.it>
Destinatario: <cmcloughlin@accucomci.com>; <kontakt@msxstudios.de>; <lena.sorensen@worldtek.com>; <djb@djb29.fsnet.co.uk>; <linkmanager@elenasmodels.com>
Oggetto: You don't have to worry about paying exorbitant prices for your medications anymore.Troppe email identiche nell'intervallo di tempo selezionato


Mittente: "Gabriel Hoffman" <abaciqkh@tiscali.it>
Destinatario: <cmcloughlin@accucomci.com>; <kontakt@msxstudios.de>; <lena.sorensen@worldtek.com>; <djb@djb29.fsnet.co.uk>; <linkmanager@elenasmodels.com>; <klynch@classicnet.net>
Oggetto: You don't have to worry about paying exorbitant prices for your medications anymore.Troppe email identiche nell'intervallo di tempo selezionato


Mittente: "Max Garza" <shenyangk@tiscali.it>
Destinatario: <cmcloughlin@accucomci.com>; <kontakt@msxstudios.de>; <lena.sorensen@worldtek.com>; <djb@djb29.fsnet.co.uk>; <linkmanager@elenasmodels.com>; <klynch@classicnet.net>; <fields@multiviewcorp.com>
Oggetto: You don't have to worry about paying exorbitant prices for your medications anymore.Troppe email identiche nell'intervallo di tempo selezionato


Mittente: "Julianna Bryan" <tintir004@tiscali.it>
Destinatario: <cmcloughlin@accucomci.com>; <kontakt@msxstudios.de>; <lena.sorensen@worldtek.com>; <djb@djb29.fsnet.co.uk>; <linkmanager@elenasmodels.com>; <klynch@classicnet.net>; <fields@multiviewcorp.com>; <kmolina@oas.org>
Oggetto: You don't have to worry about paying exorbitant prices for your medications anymore.Troppe email identiche nell'intervallo di tempo selezionato


Mittente: "Sofia Roberson" <constituentsqq@tiscali.it>
Destinatario: <cmcloughlin@accucomci.com>; <kontakt@msxstudios.de>; <lena.sorensen@worldtek.com>; <djb@djb29.fsnet.co.uk>; <linkmanager@elenasmodels.com>; <klynch@classicnet.net>; <fields@multiviewcorp.com>; <kmolina@oas.org>; <sharp@multiviewcorp.com>
Oggetto: You don't have to worry about paying exorbitant prices for your medications anymore.Troppe email identiche nell'intervallo di tempo selezionato


Mittente: "Mckenzie Roberson" <substratums47@tiscali.it>
Destinatario: <cmcloughlin@accucomci.com>; <kontakt@msxstudios.de>; <lena.sorensen@worldtek.com>; <djb@djb29.fsnet.co.uk>; <linkmanager@elenasmodels.com>; <klynch@classicnet.net>; <fields@multiviewcorp.com>; <kmolina@oas.org>; <sharp@multiviewcorp.com>; <budgiese22@gustavoferrada.com>
Oggetto: You don't have to worry about paying exorbitant prices for your medications anymore.Troppe email identiche nell'intervallo di tempo selezionato


Mittente: "Carlos Pineda" <hensonn@tiscali.it>
Destinatario: <cmcloughlin@accucomci.com>; <kontakt@msxstudios.de>; <lena.sorensen@worldtek.com>; <djb@djb29.fsnet.co.uk>; <linkmanager@elenasmodels.com>; <klynch@classicnet.net>; <fields@multiviewcorp.com>; <kmolina@oas.org>; <sharp@multiviewcorp.com>; <budgiese22@gustavoferrada.com>; <stephan@cambridgegroup.com>
Oggetto: You don't have to worry about paying exorbitant prices for your medications anymore.
lucaeffe
Utente Junior
 
Post: 42
Iscritto il: 29/10/09 12:08

Sponsor
 

Re: Cosa significa questo messaggio da Avast?

Postdi gahan » 27/11/09 18:46

Scarica Hijackthis da questo link:

http://www.hijackthis.de/downloads/HJTInstall.exe

Installalo ed eseguilo;

clicca su "do a system scan and save logfile";

attendi la fine della scansione;

Alla fine verrà salvato un logfile;

copia ed incolla il contenuto qui nel forum.
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: Cosa significa questo messaggio da Avast?

Postdi lucaeffe » 28/11/09 03:17

Si è aperto un file blocco note cn questo


Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3.16.38, on 28/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\windows\SOUNDMAN.EXE
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\photo_id.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Programmi\ASUS\NB Probe\SPM\spmgr.exe
C:\Programmi\ASUS\Asus ChkMail\ChkMail.exe
C:\windows\system32\svchost.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\windows\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\TEMP\~TM10.tmp
C:\Programmi\Mozilla Firefox\firefox.exe
C:\windows\System32\svchost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://123medlab.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Softonic VLC IT Toolbar - {edca0f41-f79d-4126-a176-a1b258e033f8} - C:\Programmi\Softonic_VLC_IT\tbSoft.dll
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Softonic VLC IT Toolbar - {edca0f41-f79d-4126-a176-a1b258e033f8} - C:\Programmi\Softonic_VLC_IT\tbSoft.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Softonic VLC IT Toolbar - {edca0f41-f79d-4126-a176-a1b258e033f8} - C:\Programmi\Softonic_VLC_IT\tbSoft.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [photo_id] C:\windows\system32\photo_id.exe
O4 - HKLM\..\Run: [Regedit32] C:\windows\system32\regedit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [photo_id] C:\Documents and Settings\principale\photo_id.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: algqeh32.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248959278979
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F41B9F7-55BE-4ED6-B41A-64D04494B3EC}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate1ca689f136ebd56) (gupdate1ca689f136ebd56) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: spmgr - Unknown owner - C:\Programmi\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 8037 bytes
lucaeffe
Utente Junior
 
Post: 42
Iscritto il: 29/10/09 12:08

Re: Cosa significa questo messaggio da Avast?

Postdi Luke57 » 28/11/09 09:23

Ciao, sei infetto, esegui queste operazioni:
scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
mettilo sul desktop e avvialo
attendi il messaggio di conferma (attendere prego...combofix è pronto a lavorare)
attendi che finisca la scansione (50 stage) può impiegarci anche un'ora
(non fare assolutamente nulla durante lo scan, se spariscono le icone del desktop è normale)
al termine verra rilasciato un report C:\ComboFix.txt dove sono contenute tutte le operazioni di rimozione effettuate
2) scarica malware bytes da qui:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
installalo e aggiornalo. Poi esegui una scansione completa del computer e metti in quarantena i file infetti eventualmente trovati
3) scarica ccleante da qui:
http://www.ccleaner.com/download/downloading
(ultima versione)
installalo, aprilo e da opzioni>avanzate togli la spunta a "cancella file di winsows più vecchi di 48 ore", poi eseguilo con avvia pulizia.
Al termine di queste operazioni posta il report di combofix e di malwarebytes.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Cosa significa questo messaggio da Avast?

Postdi lucaeffe » 29/11/09 13:49

Ecco i due report.
Il pc da ieri da quando ho finito le tre scansioni ha cominciato a impallarsi ogni due minuti e a qualunque azione facessi,impedendomi qualunque tipo di operazione.
Grazie mille




COMBOFIX


Codice: Seleziona tutto
ComboFix 09-11-28.03 - principale 29/11/2009 12.11.43.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1023.394 [GMT 1:00]
Eseguito da: c:\documents and settings\principale\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1367 [VPS 091129-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HelpAssistant\oashdihasidhasuidhiasdhiashdiuasdhasd

.
(((((((((((((((((((((((((   Files Creati Da 2009-10-28 al 2009-11-29  )))))))))))))))))))))))))))))))))))
.

2009-11-29 10:54 . 2009-11-29 10:54   --------   d-----w-   c:\windows\LastGood
2009-11-28 19:32 . 2009-11-28 19:32   --------   d-----w-   c:\documents and settings\HelpAssistant\WINDOWS
2009-11-28 19:32 . 2009-11-28 19:32   --------   d-----w-   c:\documents and settings\HelpAssistant\UserData
2009-11-28 18:28 . 2009-07-30 12:37   --------   d--h--w-   c:\documents and settings\HelpAssistant\Modelli
2009-11-28 18:28 . 2009-07-30 10:59   --------   d--h--w-   c:\documents and settings\HelpAssistant\Risorse di stampa
2009-11-28 18:28 . 2009-07-30 10:59   --------   d--h--w-   c:\documents and settings\HelpAssistant\Risorse di rete
2009-11-28 18:28 . 2009-11-29 11:57   --------   d-----w-   c:\documents and settings\HelpAssistant
2009-11-28 02:16 . 2009-11-28 02:16   --------   d-----w-   c:\programmi\Trend Micro
2009-11-27 13:37 . 2009-11-28 15:35   --------   d-----w-   c:\documents and settings\principale\Impostazioni locali\Dati applicazioni\AskToolbar
2009-11-27 12:10 . 2009-11-28 22:07   148768   -c--a-w-   c:\windows\system32\dllcache\atapi.sys
2009-11-27 09:56 . 2009-11-24 23:48   23120   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-11-27 09:56 . 2009-11-24 23:49   48560   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-11-27 09:56 . 2009-11-24 23:47   27408   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2009-11-27 09:56 . 2009-11-24 23:51   93424   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2009-11-27 09:56 . 2009-11-24 23:50   94160   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2009-11-27 09:56 . 2009-11-24 23:50   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-11-27 09:56 . 2009-11-24 23:50   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-11-27 09:56 . 2009-11-24 23:47   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-11-27 09:55 . 2009-11-24 23:54   1280480   ----a-w-   c:\windows\system32\aswBoot.exe
2009-11-26 11:18 . 2009-11-26 11:18   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\ALM
2009-11-25 10:43 . 2009-11-25 10:43   --------   d-----w-   c:\programmi\Alwil Software
2009-11-19 20:45 . 2009-11-19 20:45   --------   d-----w-   c:\programmi\Ask.com
2009-11-19 20:44 . 2009-11-28 21:48   --------   d-----w-   c:\documents and settings\principale\Dati applicazioni\BitTorrent
2009-11-19 20:43 . 2009-11-19 20:44   --------   d-----w-   c:\programmi\BitTorrent
2009-11-19 09:39 . 2009-11-19 09:39   --------   d-----w-   c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2009-11-18 22:39 . 2009-11-18 22:39   --------   d-----w-   c:\documents and settings\principale\Dati applicazioni\DivX
2009-11-18 22:31 . 2009-11-18 22:36   --------   d-----w-   c:\documents and settings\principale\Impostazioni locali\Dati applicazioni\Google
2009-11-18 22:31 . 2009-11-18 22:32   --------   d-----w-   c:\programmi\File comuni\DivX Shared
2009-11-18 22:31 . 2009-11-18 22:35   --------   d-----w-   c:\programmi\Google
2009-11-18 22:31 . 2009-11-18 22:34   --------   d-----w-   c:\programmi\DivX
2009-11-17 22:12 . 2009-11-03 17:10   52224   ----a-w-   c:\documents and settings\principale\Dati applicazioni\Mozilla\Firefox\Profiles\7txte3od.default\extensions\{edca0f41-f79d-4126-a176-a1b258e033f8}\components\FFExternalAlert.dll
2009-11-17 22:12 . 2009-11-03 17:10   114688   ----a-w-   c:\documents and settings\principale\Dati applicazioni\Mozilla\Firefox\Profiles\7txte3od.default\extensions\{edca0f41-f79d-4126-a176-a1b258e033f8}\components\npmozax.dll
2009-11-15 12:19 . 2008-05-29 06:03   37176   ----a-w-   c:\documents and settings\principale\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-14 00:47 . 2009-11-14 00:47   90112   ----a-w-   c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47   856064   ----a-w-   c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47   856064   ----a-w-   c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47   847872   ----a-w-   c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47   843776   ----a-w-   c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47   839680   ----a-w-   c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47   696320   ----a-w-   c:\windows\system32\DivX.dll
2009-11-10 14:01 . 2009-11-10 14:01   --------   d-----w-   c:\documents and settings\principale\Dati applicazioni\MozillaControl
2009-11-10 14:00 . 2009-11-22 22:06   --------   d-----w-   c:\documents and settings\principale\Dati applicazioni\FontExplorerX
2009-11-10 14:00 . 2009-11-10 14:00   --------   d-----w-   c:\programmi\Linotype FontExplorer X
2009-11-04 15:29 . 2009-11-04 15:29   --------   d-----w-   c:\programmi\DsNET Corp
2009-11-04 14:36 . 2002-08-13 23:08   264704   ----a-w-   c:\windows\system32\MaggiUninstall60.exe
2009-11-04 14:36 . 2009-11-04 14:42   --------   d-----w-   c:\programmi\sollab
2009-11-04 14:36 . 1999-03-23 08:12   299520   ----a-w-   c:\windows\uninst.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 22:07 . 2006-03-02 12:00   148768   ----a-w-   c:\windows\system32\drivers\atapi.sys
2009-11-28 18:08 . 2009-08-13 19:11   --------   d-----w-   c:\documents and settings\principale\Dati applicazioni\vlc
2009-11-28 14:41 . 2009-09-30 13:41   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-11-28 13:30 . 2006-03-02 12:00   479418   ----a-w-   c:\windows\system32\perfh010.dat
2009-11-28 13:30 . 2006-03-02 12:00   79712   ----a-w-   c:\windows\system32\perfc010.dat
2009-11-28 01:46 . 2009-11-27 12:09   20   ----a-w-   c:\documents and settings\NetworkService\Dati applicazioni\cbqozg.dat
2009-11-27 12:09 . 2009-11-27 12:09   4   ----a-w-   c:\documents and settings\principale\Dati applicazioni\avdrn.dat
2009-11-26 11:18 . 2009-08-04 10:03   --------   d-----w-   c:\programmi\File comuni\Adobe
2009-11-25 10:31 . 2009-10-29 18:25   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-11-23 11:08 . 2009-08-03 09:43   48488   ----a-w-   c:\documents and settings\principale\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-15 12:08 . 2009-07-31 07:22   --------   d-----w-   c:\programmi\Windows Media Connect 2
2009-11-14 13:00 . 2009-08-27 18:18   --------   d-----w-   c:\documents and settings\principale\Dati applicazioni\uTorrent
2009-11-14 00:49 . 2009-11-18 22:33   43528   ------w-   c:\windows\system32\drivers\PxHelp20.sys
2009-11-14 00:49 . 2009-11-18 22:33   9336   ------w-   c:\windows\system32\drivers\cdr4_xp.sys
2009-11-14 00:49 . 2009-11-18 22:33   9464   ------w-   c:\windows\system32\drivers\cdralw2k.sys
2009-11-14 00:49 . 2009-11-18 22:33   120056   ------w-   c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2009-11-18 22:33   129784   ------w-   c:\windows\system32\pxafs.dll
2009-11-14 00:49 . 2009-11-18 22:33   118520   ------w-   c:\windows\system32\pxinsi64.exe
2009-11-05 22:59 . 2009-08-08 10:38   1   ----a-w-   c:\documents and settings\principale\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-29 22:51 . 2009-10-29 22:51   --------   d-----w-   c:\documents and settings\principale\Dati applicazioni\Malwarebytes
2009-10-29 22:51 . 2009-10-29 22:49   --------   d-----w-   c:\programmi\Malwarebytes' Anti-Malware
2009-10-29 22:51 . 2009-10-29 22:51   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-10-29 18:48 . 2009-10-29 18:48   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\IObit
2009-10-29 18:48 . 2009-10-29 18:48   --------   d-----w-   c:\documents and settings\principale\Dati applicazioni\IObit
2009-10-29 18:48 . 2009-10-29 18:48   --------   d-----w-   c:\programmi\IObit
2009-10-29 18:00 . 2009-10-29 18:00   --------   d-----w-   c:\documents and settings\NetworkService\Dati applicazioni\Yahoo!
2009-10-29 18:00 . 2009-07-31 08:47   --------   d-----w-   c:\programmi\Wireless Console 2
2009-10-21 18:01 . 2009-10-29 18:48   114688   ----a-w-   c:\documents and settings\principale\Dati applicazioni\Mozilla\Firefox\Profiles\7txte3od.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\npmozax.dll
2009-10-21 18:01 . 2009-10-29 18:48   52224   ----a-w-   c:\documents and settings\principale\Dati applicazioni\Mozilla\Firefox\Profiles\7txte3od.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
2009-10-19 12:30 . 2009-10-29 18:48   624464   ----a-w-   c:\documents and settings\principale\Dati applicazioni\IObit\Common\TB_Helper.exe
2009-10-16 22:17 . 2009-10-16 22:17   --------   d-----w-   c:\programmi\ffdshow
2009-10-16 19:26 . 2009-10-16 19:26   --------   d-----w-   c:\programmi\Veoh Networks
2009-10-04 15:05 . 2009-08-07 11:21   --------   d-----w-   c:\documents and settings\principale\Dati applicazioni\Download Manager
2009-09-25 05:35 . 2006-03-02 12:00   669696   ----a-w-   c:\windows\system32\wininet.dll
2009-09-25 05:35 . 2009-06-26 16:49   81920   ----a-w-   c:\windows\system32\ieencode.dll
2009-09-11 14:17 . 2006-03-02 12:00   136192   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-10 13:54 . 2009-10-29 22:51   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-10-29 22:50   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2006-03-02 12:00   58880   ----a-w-   c:\windows\system32\msasn1.dll
.

------- Sigcheck -------

[-] 2009-11-28 22:07 . 054CC21832F277167D6432353585992E . 148768 . . [------] . . c:\windows\system32\dllcache\atapi.sys
[-] 2009-11-28 22:07 . 054CC21832F277167D6432353585992E . 148768 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2006-03-02 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
(((((((((((((((((((((((((((((   SnapShot@2009-11-28_13.26.04   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-29 10:49 . 2009-11-29 10:49   16384              c:\windows\Temp\Perflib_Perfdata_6d0.dat
- 2008-04-14 02:14 . 2009-07-14 11:03   46080              c:\windows\system32\tzchange.exe
+ 2008-04-14 02:14 . 2009-10-28 15:07   46080              c:\windows\system32\tzchange.exe
+ 2009-07-31 07:22 . 2009-05-26 11:41   18808              c:\windows\system32\spmsg.dll
- 2009-07-31 07:22 . 2008-07-08 13:06   18808              c:\windows\system32\spmsg.dll
+ 2006-03-02 12:00 . 2009-11-28 13:30   67646              c:\windows\system32\perfc009.dat
- 2006-03-02 12:00 . 2009-10-28 18:10   67646              c:\windows\system32\perfc009.dat
- 2009-06-26 16:49 . 2009-06-26 16:49   81920              c:\windows\system32\dllcache\ieencode.dll
+ 2009-06-26 16:49 . 2009-09-25 05:35   81920              c:\windows\system32\dllcache\ieencode.dll
- 2006-03-02 12:00 . 2008-04-14 02:13   485376              c:\windows\system32\wmspdmod.dll
+ 2006-03-02 12:00 . 2009-04-03 11:15   485376              c:\windows\system32\wmspdmod.dll
+ 2006-03-02 12:00 . 2009-07-12 11:21   233472              c:\windows\system32\wmpdxm.dll
- 2006-03-02 12:00 . 2008-04-14 02:13   233472              c:\windows\system32\wmpdxm.dll
+ 2006-03-02 12:00 . 2009-09-25 05:35   627712              c:\windows\system32\urlmon.dll
+ 2009-07-30 12:36 . 2009-07-30 12:36   296960              c:\windows\system32\termsrv32.dll
+ 2006-03-02 12:00 . 2009-11-28 13:30   432690              c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2009-10-28 18:10   432690              c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2008-05-09 10:53   512000              c:\windows\system32\jscript.dll
+ 2006-03-02 12:00 . 2009-08-13 15:15   512000              c:\windows\system32\jscript.dll
- 2006-03-02 12:00 . 2008-04-14 02:13   485376              c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-03-02 12:00 . 2009-04-03 11:15   485376              c:\windows\system32\dllcache\wmspdmod.dll
- 2006-03-02 12:00 . 2008-04-14 02:13   233472              c:\windows\system32\dllcache\wmpdxm.dll
+ 2006-03-02 12:00 . 2009-07-12 11:21   233472              c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-09-25 05:35 . 2009-09-25 05:35   669696              c:\windows\system32\dllcache\wininet.dll
+ 2009-09-25 05:35 . 2009-09-25 05:35   627712              c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-09 10:53 . 2009-08-13 15:15   512000              c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53   512000              c:\windows\system32\dllcache\jscript.dll
+ 2006-03-02 12:00 . 2009-05-26 15:53   2174976              c:\windows\system32\WMVCore.dll
- 2006-03-02 12:00 . 2008-11-07 14:45   2174976              c:\windows\system32\wmvcore.dll
- 2006-03-02 12:00 . 2008-04-14 02:13   4874240              c:\windows\system32\wmp.dll
+ 2006-03-02 12:00 . 2009-07-12 11:21   4874240              c:\windows\system32\wmp.dll
+ 2006-03-02 12:00 . 2009-08-14 15:12   1850624              c:\windows\system32\win32k.sys
- 2006-03-02 12:00 . 2009-07-18 16:03   1510400              c:\windows\system32\shdocvw.dll
+ 2006-03-02 12:00 . 2009-09-25 05:35   1510400              c:\windows\system32\shdocvw.dll
+ 2008-04-14 02:13 . 2009-07-31 09:02   1372672              c:\windows\system32\msxml6.dll
+ 2006-03-02 12:00 . 2009-07-31 04:32   1172480              c:\windows\system32\msxml3.dll
+ 2006-03-02 12:00 . 2009-09-25 05:35   3091968              c:\windows\system32\mshtml.dll
+ 2009-07-30 10:58 . 2009-11-28 18:23   1713568              c:\windows\system32\FNTCACHE.DAT
- 2009-07-30 10:58 . 2009-11-23 10:29   1713568              c:\windows\system32\FNTCACHE.DAT
+ 2006-03-02 12:00 . 2009-05-26 15:53   2174976              c:\windows\system32\dllcache\WMVCore.dll
- 2006-03-02 12:00 . 2008-11-07 14:45   2174976              c:\windows\system32\dllcache\wmvcore.dll
- 2006-03-02 12:00 . 2008-04-14 02:13   4874240              c:\windows\system32\dllcache\wmp.dll
+ 2006-03-02 12:00 . 2009-07-12 11:21   4874240              c:\windows\system32\dllcache\wmp.dll
+ 2009-04-19 19:47 . 2009-08-14 15:12   1850624              c:\windows\system32\dllcache\win32k.sys
+ 2009-09-25 05:35 . 2009-09-25 05:35   1510400              c:\windows\system32\dllcache\shdocvw.dll
+ 2008-04-14 02:13 . 2009-07-31 09:02   1372672              c:\windows\system32\dllcache\msxml6.dll
+ 2009-07-30 15:14 . 2009-07-31 04:32   1172480              c:\windows\system32\dllcache\msxml3.dll
+ 2009-09-25 05:35 . 2009-09-25 05:35   3091968              c:\windows\system32\dllcache\mshtml.dll
+ 2009-07-30 15:23 . 2009-11-05 17:36   26768832              c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{edca0f41-f79d-4126-a176-a1b258e033f8}"= "c:\programmi\Softonic_VLC_IT\tbSoft.dll" [2009-07-15 2224152]

[HKEY_CLASSES_ROOT\clsid\{edca0f41-f79d-4126-a176-a1b258e033f8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28   1174920   ----a-w-   c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{edca0f41-f79d-4126-a176-a1b258e033f8}]
2009-07-15 08:09   2224152   ----a-w-   c:\programmi\Softonic_VLC_IT\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{edca0f41-f79d-4126-a176-a1b258e033f8}"= "c:\programmi\Softonic_VLC_IT\tbSoft.dll" [2009-07-15 2224152]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{edca0f41-f79d-4126-a176-a1b258e033f8}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EDCA0F41-F79D-4126-A176-A1B258E033F8}"= "c:\programmi\Softonic_VLC_IT\tbSoft.dll" [2009-07-15 2224152]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{edca0f41-f79d-4126-a176-a1b258e033f8}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"VeohPlugin"="c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-10-06 2075384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-30 7340032]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-07-30 1519616]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2009-08-03 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\principale\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ASUS ChkMail.lnk - c:\programmi\ASUS\Asus ChkMail\ChkMail.exe [2009-7-31 32768]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-8-4 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/11/2009 10.56.03 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/11/2009 10.56.03 20560]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [22/06/2005 13.50.12 216320]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [04/08/2009 10.47.24 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [04/08/2009 10.47.24 8278]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\PRINCI~1\IMPOST~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys --> c:\docume~1\PRINCI~1\IMPOST~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-11-18 22:31]

2009-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-11-18 22:31]

2009-11-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2009-07-10 16:29]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://123medlab.com/
TCP: {5F41B9F7-55BE-4ED6-B41A-64D04494B3EC} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\principale\Dati applicazioni\Mozilla\Firefox\Profiles\7txte3od.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=BT3&o=14979&locale=it_IT&q=
FF - component: c:\documents and settings\principale\Dati applicazioni\Mozilla\Firefox\Profiles\7txte3od.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\principale\Dati applicazioni\Mozilla\Firefox\Profiles\7txte3od.default\extensions\{edca0f41-f79d-4126-a176-a1b258e033f8}\components\FFExternalAlert.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 12:58
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x852A4F30]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7640f28
\Driver\ACPI -> 0x852a4f30
\Driver\atapi -> atapi.sys @ 0x8675f852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS:  -> SendCompleteHandler -> 0x0
 PacketIndicateHandler -> 0x0
 SendHandler -> 0x0
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0950A600
malicious code @ sector 0x0950A603 !
PE file found in sector at 0x0950A619 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
Ora fine scansione: 2009-11-29 13:37
ComboFix-quarantined-files.txt  2009-11-29 12:37
ComboFix2.txt  2009-11-28 13:34

Pre-Run: 31.976.697.856 byte disponibili
Post-Run: 31.404.982.272 byte disponibili

- - End Of File - - 28FC4380F729C5F97C91856592D187C4




MALWARE


Codice: Seleziona tutto
Malwarebytes' Anti-Malware 1.41
Versione del database: 3250
Windows 5.1.2600 Service Pack 3

28/11/2009 16.30.12
mbam-log-2009-11-28 (16-30-12).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 273750
Tempo trascorso: 1 hour(s), 25 minute(s), 30 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\principale\Documenti\Downloads\Adobe Illustrator CS4\Key\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
lucaeffe
Utente Junior
 
Post: 42
Iscritto il: 29/10/09 12:08


Torna a Sicurezza e Privacy


Topic correlati a "Cosa significa questo messaggio da Avast?":


Chi c’è in linea

Visitano il forum: Nessuno e 38 ospiti