Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » firefox è già avviato...controllo file di log, grazie!

firefox è già avviato...controllo file di log, grazie! Opzioni
Topic Precedente · Topic Sucessivo
bluntedmind
Inviato: Monday, September 28, 2009 3:35:36 PM

Rank: Newbie

Iscritto dal : 9/9/2008
Posts: 8
Buongiorno a tutti, scrivo per sapere se qualcuno può aiutarmi:

lo stato:

ho un notebook toshiba portégé con win vista business (ahimé!) direi aggiornatissimo.
utilizzo per la navigazione mozilla firefox 3.5.3
antivirus: avast!
firewall: zone alarm
utilità: spyboot S&D, spydoctor, cCleaner


il problema:
dopo un po' che navigo la connessione diventa impossibile, lentissima se non addirittura assente, ma solo per firefox, gli altri software che accedono alla rete funzionano bene (thunderbird, last.fm e quant'altro)

chiudo firefox e alla riapertura mi dà un messaggio di errore tipo "Firefox è già avviato ma non risponde".

allora ripiego si internet explorer il quale funziona per un po', anche se molto lento, ma poi smette di funzionare anch'esso e spesso(non sempre) quando chiudo la finestra di IE se ne apre un'altra, e un'altra e un'altra...

per fare rifunzionare il tutto devo riavviare il sistema che diventa di una lentezza allucinante, tipo 5 minuti per il riavvio completo.

soluzioni che ho tentato:
ho controllato che i vari software di difesa non blocchino FF

ho letto sul forum mozilla che il fatto che FF non si riavvia dipende da un file diciamo di registro che non viene rimosso alla chiusura del software, a causa di un malware.

ho fatto le scansioni con i soft diagnostici che ho sia in modalità provvisoria che normale ma non hanno trovato nulla.

vorrei evitare di formattare completamente il sistema ma non so che strada intraprendere.

spero che qualche anima pia mi possa aiutare, che ringrazio anticipatamente.

con cordialità

Blunted

allego il file di log di HijackThis fosse di qualche utilità:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.34.00, on 28/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\Program Files\TrueSuite Access Manager\PwdBank.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\TrueSuite Access Manager\CssSvr.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FingerPrintNotifer] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
O4 - HKLM\..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe
O4 - HKLM\..\Run: [PwdBank] C:\Program Files\TrueSuite Access Manager\PwdBank.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Canon LBP5000 Finestra di stato.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: TOSHIBA Face Recognition Watcher.lnk = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Inizia a fare affari su eBay.it! - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/724-44559-9400-3/4 (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servizio di Google Update (gupdate1c9b7baef91a6e7) (gupdate1c9b7baef91a6e7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11571 bytes
Torna in alto
 
Sponsor
Inviato: Monday, September 28, 2009 3:35:36 PM

 
Torna in alto
 
r16
Inviato: Monday, September 28, 2009 4:36:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FingerPrintNotifer] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: Inizia a fare affari su eBay.it! - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/724-44559-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=h ome (file missing)

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Riavvia il pc.

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
Torna in alto
 
bluntedmind
Inviato: Monday, September 28, 2009 11:00:01 PM

Rank: Newbie

Iscritto dal : 9/9/2008
Posts: 8
ecco fatto....

ho proceduto a far tutto ciò che mi hai detto, ed ecco qui il log di malawarebytes'....speriamo che sia la volta buona....


Malwarebytes' Anti-Malware 1.41
Versione del database: 2867
Windows 6.0.6002 Service Pack 2

28/09/2009 22.54.24
mbam-log-2009-09-28 (22-54-24).txt

Tipo di scansione: Scansione completa (C:\|E:\|)
Elementi scansionati: 221163
Tempo trascorso: 46 minute(s), 45 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
r16
Inviato: Monday, September 28, 2009 11:47:02 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non credo proprio che si "la volta buona".
Non è stata rilevata nessuna infezione.

Prova questa scansione eseguendo le indicazioni alla lettera:
Disattiva il UAC :
http://www.faqwindows.com/public/post/disabilitare-uac-da-pannello-di-controllo-disable-uac-12.asp

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)
Torna in alto
 
bluntedmind
Inviato: Tuesday, September 29, 2009 8:17:34 AM

Rank: Newbie

Iscritto dal : 9/9/2008
Posts: 8
infatti ieri sera si è bloccata la connessione nuovamente...ora comincio a eseguire ciò che mi hai detto...

grazie tante!
Torna in alto
 
bluntedmind
Inviato: Tuesday, September 29, 2009 10:23:54 AM

Rank: Newbie

Iscritto dal : 9/9/2008
Posts: 8
ecco fatto...ho seguito tutto e fatto lo scan...

vedo che però non ho disabilitato win defender....spero non sia un problema....

ti posto in ogni caso il log generato da combofix...



ComboFix 09-09-28.01 - Corrado 29/09/2009 9.58.38.1.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Business 6.0.6002.2.1252.39.1040.18.2936.1845 [GMT 2:00]
Eseguito da: c:\users\Corrado\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1b93a.msi

.
((((((((((((((((((((((((( Files Creati Da 2009-08-28 al 2009-09-29 )))))))))))))))))))))))))))))))))))
.

2009-09-28 15:03 . 2009-09-28 15:03 -------- d-----w- c:\users\Corrado\AppData\Roaming\Malwarebytes
2009-09-28 15:03 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 15:03 . 2009-09-28 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 15:03 . 2009-09-28 15:03 -------- d-----w- c:\programdata\Malwarebytes
2009-09-28 15:03 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-22 09:29 . 2009-09-22 09:29 -------- d-----w- c:\program files\Common Files\Apple
2009-09-22 09:29 . 2009-09-22 09:29 -------- d-----w- c:\program files\QuickTime
2009-09-22 09:29 . 2009-09-22 09:29 -------- d-----w- c:\programdata\Apple Computer
2009-09-14 14:45 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-14 14:45 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-14 14:44 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-14 14:44 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-14 14:44 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-14 14:44 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-14 14:44 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-14 14:44 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-14 14:44 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-14 14:44 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-08 11:11 . 2009-09-08 11:11 -------- d-----w- c:\program files\JRE
2009-08-31 13:54 . 2009-08-31 13:54 -------- d-----w- c:\programdata\Adobe Systems
2009-08-31 13:48 . 2009-08-31 13:48 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 07:52 . 2009-04-07 19:55 -------- d-----w- c:\programdata\Google Updater
2009-09-29 06:45 . 2008-01-21 06:45 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-09-29 06:45 . 2008-01-21 06:45 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-09-29 06:39 . 2009-07-08 21:45 352615 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-09-28 21:39 . 2009-04-06 19:10 -------- d-----w- c:\users\Corrado\AppData\Roaming\Skype
2009-09-28 07:49 . 2009-07-23 07:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-26 22:01 . 2009-08-12 07:25 -------- d-----w- c:\users\Corrado\AppData\Roaming\Nokia
2009-09-25 06:29 . 2009-08-13 19:02 -------- d-----w- c:\users\Corrado\AppData\Roaming\vlc
2009-09-24 08:57 . 2009-07-23 08:02 -------- d-----w- c:\program files\RegCleaner
2009-09-24 08:46 . 2009-07-22 16:02 -------- d-----w- c:\program files\Spyware Doctor
2009-09-24 08:26 . 2009-07-23 07:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-21 18:54 . 2009-06-20 22:01 -------- d-----w- c:\users\Corrado\AppData\Roaming\dvdcss
2009-09-11 08:00 . 2009-04-08 11:30 -------- d-----w- c:\users\Corrado\AppData\Roaming\Winamp
2009-09-10 10:57 . 2009-04-11 07:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 11:22 . 2009-04-06 17:43 102024 ----a-w- c:\users\Corrado\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-08 11:11 . 2009-04-08 23:54 -------- d-----w- c:\program files\OpenOffice.org 3
2009-08-31 13:48 . 2008-07-07 21:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-31 13:44 . 2008-07-07 20:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-27 10:31 . 2009-08-27 10:31 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-26 15:12 . 2009-08-26 15:12 -------- d-----w- c:\programdata\Macrovision
2009-08-26 15:12 . 2009-08-26 15:12 -------- d-----w- c:\program files\Common Files\Macromedia Shared
2009-08-26 15:12 . 2009-08-26 15:11 -------- d-----w- c:\program files\Common Files\Macromedia
2009-08-26 15:12 . 2009-08-26 15:09 -------- d-----w- c:\program files\Macromedia
2009-08-26 15:12 . 2008-07-07 20:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-24 09:25 . 2009-04-14 09:08 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-08-21 21:53 . 2009-04-07 18:48 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-21 10:33 . 2009-08-21 10:31 -------- d-----w- c:\program files\Canon
2009-08-19 21:02 . 2009-08-19 21:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-17 16:10 . 2009-04-06 20:27 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2009-04-06 20:28 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-04-06 20:28 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2009-04-06 20:27 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2009-04-06 20:28 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-04-06 20:28 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2009-04-06 20:28 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-14 16:27 . 2009-09-10 09:51 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 09:51 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 09:51 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 09:51 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 09:51 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 09:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 09:51 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 09:51 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 09:51 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 09:51 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 09:51 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-13 18:52 . 2009-08-13 18:52 -------- d-----w- c:\programdata\Nokia
2009-08-13 18:51 . 2009-08-12 07:13 -------- d-----w- c:\program files\Common Files\Nokia
2009-08-13 18:51 . 2009-08-12 07:09 -------- d-----w- c:\program files\Nokia
2009-08-13 18:50 . 2009-08-12 07:00 -------- d-----w- c:\programdata\Installations
2009-08-12 07:30 . 2009-08-12 07:25 -------- d-----w- c:\users\Corrado\AppData\Roaming\PC Suite
2009-08-12 07:30 . 2009-08-12 07:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-08-12 07:29 . 2009-08-12 07:25 -------- d-----w- c:\programdata\PC Suite
2009-08-12 07:14 . 2009-08-12 07:12 -------- d-----w- c:\program files\DIFX
2009-08-12 07:13 . 2009-08-12 07:13 -------- d-----w- c:\program files\Common Files\PCSuite
2009-08-12 07:12 . 2009-08-12 07:12 -------- d-----w- c:\program files\PC Connectivity Solution
2009-08-05 07:29 . 2008-07-07 20:45 -------- d-----w- c:\program files\Java
2009-07-25 03:23 . 2009-04-06 20:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 07:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 07:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 07:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 07:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-11 19:23 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-11 19:23 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-11 19:23 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-11 19:23 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-11 19:23 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-10 09:51 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-10 09:51 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-10 09:51 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-10 09:51 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-10 09:51 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2008-01-21 02:23 . 2008-01-21 02:23 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
2008-01-21 02:23 . 2008-01-21 02:23 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2009-01-16 10:22 122880 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2009-01-16 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2009-01-16 3200000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-20 198160]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-04-21 1045904]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"NDSTray.exe"="NDSTray.exe" [BU]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

c:\users\Corrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-15 113664]
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-15 113664]
Canon LBP5000 Finestra di stato.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE [2009-8-21 50848]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-9 809488]
TOSHIBA Face Recognition Watcher.lnk - c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2008-8-25 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"VistaSp2"=hex(b):e8,65,60,d6,50,04,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{543D4FC8-7718-45A3-BC90-4B35E7324803}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B2E073D8-0A66-4578-8EEE-2919BDBA57D6}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8E694F27-F124-4CCF-A832-C17272C06AEA}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{BE6392F9-2348-4D59-86EB-36F4D63E7AAD}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2B69CCC7-C1CC-4315-877F-8140F81A3BF7}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{2B731437-B419-4490-B037-12A583EABB78}"= UDP:c:\program files\CCleaner\CCleaner.exe:CCleaner.exe
"{2FE0583B-FE27-43B2-891A-1943C6508A2C}"= TCP:c:\program files\CCleaner\CCleaner.exe:CCleaner.exe
"{609470F4-7B83-4402-8849-F008FC7E36C1}"= UDP:c:\windows\System32\CNAC4RPK.EXE:Canon LBP5000 RPC Server Process
"{54D9DB60-1798-4E7B-A966-DA92C103D741}"= TCP:c:\windows\System32\CNAC4RPK.EXE:Canon LBP5000 RPC Server Process

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AlfaFF;AlfaFF;c:\windows\System32\drivers\AlfaFF.sys [21/10/2008 16.18.38 42608]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [22/07/2009 18.03.28 130936]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [06/04/2009 22.28.20 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [06/04/2009 22.28.20 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [06/04/2009 22.27.55 53328]
R2 Authentec memory manager;Authentec memory manager service;system32\TAMSvr.exe --> system32\TAMSvr.exe [?]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [17/04/2008 0.19.48 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [23/07/2009 9.55.50 1153368]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [21/04/2009 17.36.06 116104]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [03/12/2007 17.03.52 126976]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [07/07/2008 22.25.41 112128]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 15.40.22 3668480]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15/04/2008 4.13.14 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [09/04/2007 17.13.00 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [25/08/2008 9.58.20 77824]
S2 gupdate1c9b7baef91a6e7;Servizio di Google Update (gupdate1c9b7baef91a6e7);c:\program files\Google\Update\GoogleUpdate.exe [07/04/2009 21.56.26 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 14.48.18 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 14.48.12 8320]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [22/07/2009 18.02.54 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-09-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-07 19:55]

2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 19:56]

2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 19:56]

2009-09-29 c:\windows\Tasks\User_Feed_Synchronization-{D54BF728-DD62-45EB-9488-88509BE612E9}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\Corrado\AppData\Roaming\Mozilla\Firefox\Profiles\qnin6qgt.default\
FF - prefs.js: browser.search.selectedEngine - Flickr Tags
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it&source=iglk
FF - component: c:\users\Corrado\AppData\Roaming\Mozilla\Firefox\Profiles\qnin6qgt.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 10:06
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{0d444799-23c3-4cdb-b59a-4c9c35a82918}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d001e68
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{11ef4321-6ec7-4786-bab7-73145ff0ea0f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0016ea
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{233e1091-cb04-40ce-9ea7-837cdbc368c4}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{2805e90c-341c-495d-8d89-0c1a790bfd7c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{47212c04-f333-4460-9c5a-3ed68a277729}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f000000
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{63c6161c-b636-4767-b403-9c7c8c8f1137}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001143
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{64917989-f217-4a0b-a68a-d36ae2060ab5}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:16000000
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{bd629d31-6637-48ef-96cd-de022f0c8664}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1500037a
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d49b0fb5-de02-4e28-ae91-94565eaf16b8}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001143
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d7524eaa-2b81-4a49-b42b-f11072ef1f08}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001e68
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f8b9ab0c-f9e8-47f4-ba0b-9ddcc01bffb2}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
Ora fine scansione: 2009-09-29 10.07.40
ComboFix-quarantined-files.txt 2009-09-29 08:07

Pre-Run: 59.209.379.840 byte disponibili
Post-Run: 59.129.524.224 byte disponibili

327 --- E O F --- 2009-09-29 06:18
Torna in alto
 
r16
Inviato: Tuesday, September 29, 2009 3:22:47 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Hai qualche programma di sicurezza in "tempo reale" di troppo.

Windows Defender.
Tea Timer di SpyBot.
McAfeeAntiSpyware.
Zone Allarm.
Avast!
Spyware Doctor. (questo non sò se lavora in tempo reale)

In ogni caso, sono troppi.
Comincia con disistallare (da Installazione Applicazioni):
McAfeeAntiSpyware.
Spyware Doctor.
Tea Timer di SpyBot.(disistalla completamente SpyBot+Tea Timer).
Vedi se la connessione migliora.
Torna in alto
 
bluntedmind
Inviato: Tuesday, September 29, 2009 4:28:24 PM

Rank: Newbie

Iscritto dal : 9/9/2008
Posts: 8
bene...

ho disinstallato Spyware Doctor e SpyBot completamente...

ma di McAfeeAntiSpyware su installazione programmi non c'è traccia....forse era insieme a spybot? in realtà non sapevo di avere questo McAfee installato...

vediamo se la connessione migliora...ti tengo informato...grazie!

che faccio, lo tolgo combofix?
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » firefox è già avviato...controllo file di log, grazie!


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.