Apertura finestre indesiderate con IE7 e mozilla

[MGNFBA72]

Ciao
Volevo un aiuto per risolvere questo fastidioso problema, premetto che ho provato diverse soluzioni: scansione online ad-aware, spy-boot se posto il log di hijack potrebbe qualcuno aiutarmi ??
Grazie

[Sam]

Certo che si

[MGNFBA72]

Eccomi !!!!!!!!!!!!!
Grazie per la risposta, anche se penso che da questo log non si capira' tanto avevo infatti trovato una pagina internet dove incollare il log per una analisi on line e piu' volte niente di particolare, ho fatto scansione specifica per " vundo" ma ancora niente.
Ciao



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.14.11, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\uTorrent\utorrent.exe
C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\WINDOWS\VPro500.exe
C:\Documents and Settings\d\Menu Avvio\Programmi\Esecuzione automatica\ee3.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Programmi\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [VisualTooltip] C:\Programmi\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Programmi\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Programmi\Styler\Styler.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SWN2] C:\Programmi\Spyware Nuker\swnxt.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Programmi\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [AWMON] "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ee3.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: VPro500.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8998 bytes

[MGNFBA72]

E per dare migliori indicazioni posto pure il log di combo fix (in 2 parti e' troppo lungo)

Di nuovo grazie per futuri interventi e suggerimenti


ComboFix 08-01-23.1C - d 2008-01-27 16.28.50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1226 [GMT 1:00]
Eseguito da: C:\Documents and Settings\d\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Privacy Policy.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Terms and conditions.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.lnk
c:\Documents and Settings\d\Impostazioni locali\Dati applicazioni\jzwglozh.dat
c:\documents and settings\d\impostazioni locali\dati applicazioni\jzwglozh.exe
c:\Documents and Settings\d\Impostazioni locali\Dati applicazioni\jzwglozh_nav.dat
c:\Documents and Settings\d\Impostazioni locali\Dati applicazioni\jzwglozh_navps.dat
C:\Programmi\webmediaplayer
C:\Programmi\webmediaplayer\dxva_sig.txt
C:\Programmi\webmediaplayer\sqlite3.dll
C:\Programmi\webmediaplayer\uninst.exe
C:\Programmi\webmediaplayer\WebMediaPlayer.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\prsgrc.dll
C:\WINDOWS\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Creati Da 2007-12-27 al 2008-01-27 )))))))))))))))))))))))))))))))))))
.

2008-01-27 16:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 13:36 . 2008-01-27 13:36 <DIR> d-------- C:\VundoFix Backups
2008-01-24 19:33 . 2008-01-24 19:33 <DIR> d-------- C:\Programmi\Sega
2008-01-24 19:29 . 2008-01-24 19:29 <DIR> d-------- C:\Programmi\Activision Value
2008-01-24 10:25 . 1996-10-16 11:49 301,568 --a------ C:\WINDOWS\unin0410.exe
2008-01-23 15:07 . 2008-01-23 16:10 <DIR> d-------- C:\Programmi\Lavasoft
2008-01-23 15:06 . 2008-01-23 15:06 <DIR> d-------- C:\Programmi\THQ
2008-01-23 12:40 . 2008-01-23 12:40 681,984 --a------ C:\WINDOWS\isRS-000.tmp
2008-01-23 11:56 . 2008-01-23 11:56 <DIR> d-------- C:\Programmi\Enigma Software Group
2008-01-21 22:24 . 2008-01-23 15:07 <DIR> d-------- C:\Programmi\XoftSpySE
2008-01-21 12:42 . 2008-01-23 15:07 <DIR> d-------- C:\blockcad
2008-01-19 12:28 . 2008-01-19 12:28 1,409 --a------ C:\WINDOWS\system32\tmp598D2.FOT
2008-01-18 20:08 . 2008-01-18 20:08 <DIR> d-------- C:\Programmi\INAC
2008-01-18 19:39 . 2008-01-18 19:39 <DIR> d-------- C:\Programmi\Trend Micro
2008-01-18 11:42 . 2008-01-19 19:42 <DIR> d-------- C:\Programmi\Ea Sports
2008-01-18 02:46 . 2008-01-18 02:46 165,376 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-18 02:46 . 2008-01-18 02:46 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-18 02:45 . 2008-01-18 02:45 <DIR> d-------- C:\Programmi\Ligos
2008-01-18 02:45 . 2000-06-23 14:05 136,704 --a------ C:\WINDOWS\system32\iacenc.dll
2008-01-18 02:45 . 2000-06-22 13:09 56,320 --------- C:\WINDOWS\system32\iyvu9_32.dll
2008-01-18 02:43 . 1998-10-29 19:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-18 02:41 . 2008-01-21 14:01 <DIR> d-------- C:\Programmi\MotoRacer3
2008-01-17 15:20 . 2008-01-17 15:20 <DIR> d-------- C:\Programmi\Raptisoft
2008-01-17 15:20 . 2008-01-17 15:20 352,256 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-01-17 15:20 . 2008-01-24 20:20 40 --a------ C:\WINDOWS\RSoftInfo.dat
2008-01-16 19:43 . 2008-01-16 19:43 1,409 --a------ C:\WINDOWS\system32\tmpB9295.FOT
2008-01-15 18:43 . 2008-01-15 18:43 <DIR> d-------- C:\Programmi\Alawar
2008-01-15 09:29 . 2008-01-15 09:29 <DIR> d-------- C:\Programmi\KONAMI
2008-01-14 21:37 . 2008-01-14 21:37 1,409 --a------ C:\WINDOWS\system32\tmp59256.FOT
2008-01-13 19:41 . 2008-01-13 19:49 <DIR> d-------- C:\Programmi\Fab Fashion
2008-01-12 11:37 . 2008-01-12 11:40 <DIR> d-------- C:\Programmi\DAEMON Tools Lite
2008-01-10 16:28 . 2008-01-10 16:28 <DIR> d-------- C:\Programmi\Super Granny 4
2008-01-09 18:37 . 2008-01-09 18:37 <DIR> d-------- C:\dd530d3350763b188a789f7c030e
2008-01-08 19:59 . 2008-01-08 19:59 <DIR> d-------- C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
2008-01-08 19:53 . 2008-01-08 19:53 <DIR> d-------- C:\Programmi\Sierra Entertainment
2008-01-08 19:41 . 2006-04-29 14:25 40,960 --a------ C:\WINDOWS\system32\psfind.dll
2008-01-07 19:00 . 2008-01-07 19:00 1,142 --a------ C:\WINDOWS\mozver.dat
2008-01-07 15:10 . 2008-01-07 15:38 <DIR> d-------- C:\Programmi\AstroAvenger
2008-01-07 14:53 . 2008-01-09 18:06 <DIR> d-------- C:\Programmi\Crimsonland
2008-01-07 09:36 . 2008-01-07 09:36 <DIR> d-------- C:\Programmi\KaraFun
2008-01-06 16:49 . 2008-01-06 16:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-04 00:57 . 2008-01-04 00:57 <DIR> d-------- C:\Programmi\Pegtop
2008-01-04 00:40 . 2008-01-04 00:40 <DIR> d-------- C:\Programmi\Fantastic Flame Screensaver
2008-01-04 00:40 . 2008-01-13 02:29 507 --a------ C:\WINDOWS\Fantastic Flame Screensaver.ini
2008-01-03 20:45 . 2008-01-20 16:59 <DIR> d-------- C:\Programmi\Activision
2008-01-03 20:43 . 2008-01-03 20:43 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-01-02 23:28 . 2008-01-02 23:28 <DIR> d-------- C:\Programmi\Nero
2008-01-02 23:28 . 2008-01-02 23:29 <DIR> d-------- C:\Programmi\File comuni\Ahead
2008-01-02 21:26 . 2008-01-13 02:26 <DIR> d-------- C:\Programmi\Dream Aquarium
2008-01-02 21:21 . 2008-01-02 21:21 <DIR> d-------- C:\Programmi\Astro Gemini Software
2008-01-02 21:21 . 2007-09-19 18:16 16,277,504 --a------ C:\WINDOWS\system32\Marine Life 3D Screensaver.scr
2008-01-02 21:21 . 2007-01-17 12:57 528,384 --a------ C:\WINDOWS\system32\Astro Gemini Screensaver Manager.scr
2008-01-02 21:21 . 2006-02-15 17:26 92,216 --a------ C:\WINDOWS\system32\bass.dll
2008-01-02 21:21 . 2007-09-19 18:16 3,169 --a------ C:\WINDOWS\system32\MarineLife3DScreensaver.html
2008-01-02 21:10 . 2008-01-02 21:23 2,094,491 --a------ C:\WINDOWS\DreamAquariumXPFull.dai
2008-01-02 09:31 . 2004-08-19 18:27 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-02 02:30 . 2008-01-02 02:30 <DIR> d-------- C:\WINDOWS\Sun
2008-01-02 02:29 . 2008-01-02 02:29 <DIR> d-------- C:\Programmi\Java
2008-01-02 02:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-02 02:27 . 2008-01-02 02:27 <DIR> d-------- C:\Programmi\File comuni\Java
2008-01-01 17:28 . 2008-01-06 13:01 <DIR> d-------- C:\Programmi\Sigma_Team
2008-01-01 17:27 . 2008-01-20 16:38 <DIR> d-------- C:\Programmi\Sigma Team
2008-01-01 12:05 . 2008-01-01 15:46 <DIR> d-------- C:\Programmi\Alien Shooter
2007-12-31 09:49 . 2007-12-31 09:51 <DIR> d-------- C:\Programmi\vanBasco's Karaoke Player
2007-12-31 09:31 . 2007-12-31 09:31 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2007-12-31 09:31 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-31 09:31 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-31 09:31 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-31 09:30 . 2007-12-31 09:30 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-30 19:31 . 2007-12-30 19:31 <DIR> d-------- C:\WINDOWS\system32\3Planesoft
2007-12-30 19:31 . 2007-12-30 19:31 <DIR> d-------- C:\Programmi\Tropical Fish 3D Screensaver
2007-12-30 19:31 . 2007-12-30 19:31 <DIR> d-------- C:\Programmi\3Planesoft Screensaver Manager
2007-12-30 19:31 . 2007-11-09 12:17 7,265,792 --a------ C:\WINDOWS\system32\Tropical Fish 3D Screensaver.exe
2007-12-30 19:31 . 2007-11-09 12:17 799,744 --a------ C:\WINDOWS\system32\Tropical_Fish_3D_Screensaver.s cr
2007-12-30 19:31 . 2007-10-17 15:54 413,696 --a------ C:\WINDOWS\system32\3Planesoft_Screensaver_Manager .scr
2007-12-30 19:31 . 2006-07-19 14:47 7,893 --a------ C:\WINDOWS\Tropical Fish 3D Screensaver.html
2007-12-30 17:36 . 2007-12-30 17:36 <DIR> d-------- C:\Programmi\innotek VirtualBox
2007-12-29 21:08 . 2007-12-29 09:32 30,688 --a------ C:\WINDOWS\system32\drivers\VBoxUSB.sys
2007-12-29 21:08 . 2007-12-29 09:32 27,808 --a------ C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2007-12-29 21:07 . 2007-12-29 09:32 40,960 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys
2007-12-28 18:33 . 2007-12-28 18:33 <DIR> d-------- C:\Programmi\Caricature Studio 3.0

.

[MGNFBA72]

2° parte log Combofix


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-01-24 18:33 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-24 16:28 --------- d-----w C:\Programmi\Imperivm - Le Guerre Puniche
2008-01-24 09:26 --------- d-----w C:\Programmi\LucasArts
2008-01-23 14:18 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-01-19 20:51 921,632 ----a-w C:\SPC610NC.DAT
2008-01-11 20:21 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-07 19:50 --------- d-----w C:\Programmi\Thoosje Sidebar V2.3
2008-01-01 19:23 --------- d-----w C:\Programmi\UBISOFT
2007-12-26 13:35 --------- d-----w C:\Programmi\USB Vibration
2007-12-26 13:32 --------- d-----w C:\Programmi\Twin USB Vibration Gamepad
2007-12-25 11:17 --------- d-----w C:\Programmi\VisualTooltip
2007-12-25 11:17 --------- d-----w C:\Programmi\Styler
2007-12-23 18:01 --------- d-----w C:\Programmi\Flower Shop Big City Break
2007-12-23 17:02 --------- d-----w C:\Programmi\Microsoft Games
2007-12-19 15:34 --------- d-----w C:\Programmi\Electronic Arts
2007-12-18 19:19 --------- d-----w C:\Programmi\CAPCOM
2007-12-13 20:53 --------- d-----w C:\Programmi\VideoLAN
2007-12-13 19:05 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-12 14:50 --------- d--h--w C:\Programmi\FX Uninstall Information
2007-12-11 20:15 --------- d-----w C:\Programmi\uTorrent
2007-12-11 10:59 --------- d-----w C:\Programmi\DCVEditor
2007-12-10 22:05 --------- d-----w C:\Programmi\Baby Luv
2007-12-09 20:07 --------- d-----w C:\Programmi\Alien Shooter - Vengeance
2007-12-08 23:57 --------- d-----w C:\Programmi\Disney Interactive
2007-12-08 20:19 --------- d-----w C:\Programmi\WIDCOMM
2007-12-08 17:02 --------- d-----w C:\Programmi\AGEIA Technologies
2007-12-08 00:13 --------- d-----w C:\Programmi\Vertus Fluid Mask 3
2007-12-07 22:49 --------- d-----w C:\Programmi\Bonjour
2007-12-07 22:48 --------- d-----w C:\Programmi\File comuni\Adobe
2007-12-07 22:42 --------- d-----w C:\Programmi\File comuni\Macrovision Shared
2007-12-07 22:11 --------- d-----w C:\Programmi\Skype
2007-12-07 22:11 --------- d-----w C:\Programmi\File comuni\Skype
2007-12-07 14:34 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-07 14:27 --------- d-----w C:\Programmi\JoWooD Productions
2007-12-07 13:47 --------- d-----w C:\Programmi\File comuni\SPC500NC
2007-12-07 13:39 --------- d-----w C:\Programmi\linguatec
2007-12-07 13:15 --------- d-----w C:\Programmi\MagicISO
2007-12-07 11:22 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-12-07 11:22 --------- d-----w C:\Programmi\Alcohol Soft
2007-12-07 10:23 --------- d-----w C:\Programmi\ReflexiveArcade
2007-12-07 08:56 --------- d-----w C:\Programmi\Torrent Harvester
2007-12-07 08:25 --------- d-----w C:\Programmi\D-Link
2007-12-07 08:25 --------- d-----w C:\Programmi\ANI
2007-12-05 15:24 --------- d-----w C:\Programmi\Microsoft Encarta
2007-12-05 15:16 --------- d-----w C:\Programmi\Microsoft Works
2007-12-05 15:15 --------- d-----w C:\Programmi\Microsoft.NET
2007-12-05 03:59 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2007-12-05 03:59 --------- d-----w C:\Programmi\File comuni\ODBC
2007-12-05 03:34 --------- d-----w C:\Programmi\ASUS
2007-12-05 03:31 --------- d-----w C:\Programmi\Network Associates
2007-12-05 03:31 --------- d-----w C:\Programmi\File comuni\Cisco Systems
2007-12-05 03:30 --------- d-----w C:\Programmi\File comuni\Network Associates
2007-12-05 03:23 --------- d-----w C:\Programmi\ATI Technologies
2007-12-05 03:21 --------- d-----w C:\Programmi\File comuni\InstallShield
2007-12-05 03:21 --------- d-----w C:\Programmi\File comuni\ATI Technologies
2007-12-05 03:13 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-05 03:13 --------- d-----w C:\Programmi\Realtek
2007-12-05 03:11 --------- d-----w C:\Programmi\Intel
2007-12-05 03:09 --------- d--h--w C:\Programmi\Uninstall Information
2007-12-05 03:06 --------- d-----w C:\Programmi\microsoft frontpage
2007-12-05 03:05 --------- d-----w C:\Programmi\Servizi in linea
2007-12-05 03:04 --------- d-----w C:\Programmi\File comuni\MSSoap
2007-12-04 21:52 --------- d-----w C:\Programmi\MSXML 4.0
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:27 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"uTorrent"="C:\Programmi\uTorrent\utorrent.exe " [2008-01-18 20:21 219952]
"µTorrent"="C:\Programmi\uTorrent\utorrent.exe " [2008-01-18 20:21 219952]
"AWMON"="C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12 517632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ShStatEXE"="C:\Programmi\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"D-Link AirPlus G"="C:\Programmi\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"LClock"="C:\Programmi\LClock\LClock.exe" [ ]
"SkyTel"="SkyTel.EXE" [2007-04-04 18:22 1822720 C:\WINDOWS\SkyTel.exe]
"SWN2"="C:\Programmi\Spyware Nuker\swnxt.exe" [ ]
"Styler"="C:\Programmi\Styler\Styler.exe" [ ]
"Blaero Start Orb"="C:\Programmi\Blaero Start Orb\Blaero Start Orb.exe" [ ]
"VisualTooltip"="C:\Programmi\VisualTooltip\Visual ToolTip.exe" [ ]
"VMware hqtray"="C:\Programmi\VMware\VMware Player\hqtray.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 18:27 15360]

C:\Documents and Settings\d\Menu Avvio\Programmi\Esecuzione automatica\
ee3.exe [2008-01-12 19:10:16 481814]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-09-19 16:02:54 581693]
VPro500.lnk - C:\WINDOWS\VPro500.exe [2007-12-07 14:47:08 470016]

R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2007-12-29 09:32]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2007-12-29 09:32]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 12:06]
R3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid790 6.sys [2006-07-04 17:17]
R3 SPC610NC;Philips SPC500NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC610NC.SYS [2005-10-13 16:41]
S3 VBoxUSB;VirtualBox USB;C:\WINDOWS\system32\Drivers\VBoxUSB.sys [2007-12-29 09:32]

*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-27 13:14:04 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Programmi\XoftSpySE\XoftSpy.exe
"2008-01-26 02:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Programmi\XoftSpySE\XoftSpy.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 16:31:54
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"AWMON"="\"C:\\Programmi\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
.
Ora fine scansione: 2008-01-27 16.32.11
ComboFix-quarantined-files.txt 2008-01-27 15:32:09
.
2008-01-23 14:17:48 --- E O F ---