Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Computer bloccato 2/3 muinuti quando effettuo connessione ADSL

Computer bloccato 2/3 muinuti quando effettuo connessione ADSL Opzioni
Topic Precedente · Topic Sucessivo
enzino85
Inviato: Friday, November 27, 2009 10:41:27 PM

Rank: AiutAmico

Iscritto dal : 9/12/2008
Posts: 76
Allego il log di HijackThis, per scoprire se "qualche cosa di strano", mi blocca dopo la connessione ad Internet, con ADSL.
Ringrazio anticipatamente e saluto.

****************************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.11.36, on 27/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
d:\Programmi\Burn\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
d:\Programmi\DiskUtility\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\Programmi\DiskUtility\totalcmd\TOTALCMD.EXE
c:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nontipago.it/Servizi/Notizie.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeSearchInstallRTM?clid=1040&ver=12&app=outlook.exe&p1=32&p2=5&p3=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BA66152-A1CC-4104-9874-570B63BEEA3F}: NameServer = 85.37.17.5 85.38.28.77
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BA66152-A1CC-4104-9874-570B63BEEA3F}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - D:\Programmi\Burn\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - d:\Programmi\Burn\CDBurnerXP\NMSAccessU.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - d:\Programmi\DiskUtility\Spyware Terminator\sp_rsser.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 8350 bytes
Torna in alto
 
Sponsor
Inviato: Friday, November 27, 2009 10:41:27 PM

 
Torna in alto
 
r16
Inviato: Friday, November 27, 2009 10:49:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Il log non presenta infezioni.
Prova a fare una scansione con Malwarebytes:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
Torna in alto
 
enzino85
Inviato: Sunday, November 29, 2009 3:55:07 PM

Rank: AiutAmico

Iscritto dal : 9/12/2008
Posts: 76
Malwarebytes' Anti-Malware 1.41
Versione del database: 3255
Windows 5.1.2600 Service Pack 3

29/11/2009 15.52.23
mbam-log-2009-11-29 (15-52-03).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 450061
Tempo trascorso: 4 hour(s), 50 minute(s), 49 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 3

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
D:\bbaa\System\keygen\keygen.exe (Trojan.Downloader) -> No action taken.
D:\Programmi\Internet\Smart Protector\SmartProtectorPro.exe (Trojan.Downloader) -> No action taken.
D:\Programmi\Utility\Everest\keygen.exe (Trojan.Downloader) -> No action taken.
Torna in alto
 
r16
Inviato: Sunday, November 29, 2009 4:19:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
La partizione (o periferica) D:\ sembra abbia delle infezioni.
Elimina quello che ha trovato Malwarebytes.
Poi:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
enzino85
Inviato: Sunday, November 29, 2009 11:01:25 PM

Rank: AiutAmico

Iscritto dal : 9/12/2008
Posts: 76
ComboFix 09-11-29.02 - desktop 29/11/2009 22.27.21.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1600 [GMT 1:00]
Eseguito da: c:\documents and settings\desktop\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-430008000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4116899310-64440567-312699812-1000
c:\$recycle.bin\S-1-5-21-614998965-1462833163-3692451610-1001
c:\windows\system32\setup.exe.tmp

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP


((((((((((((((((((((((((( Files Creati Da 2009-10-28 al 2009-11-29 )))))))))))))))))))))))))))))))))))
.

2009-11-23 21:17 . 2004-05-27 15:46 872448 ----a-w- c:\windows\system32\libgfl211.dll
2009-11-23 21:17 . 2004-05-19 09:02 49152 ----a-w- c:\windows\system32\Xsusie.dll
2009-11-23 21:17 . 2004-05-19 09:02 225280 ----a-w- c:\windows\system32\Xjp2.dll
2009-11-23 21:17 . 2004-05-19 09:02 114688 ----a-w- c:\windows\system32\Xjpegls.dll
2009-11-23 21:17 . 2004-05-19 09:01 81920 ----a-w- c:\windows\system32\Xjbig.dll
2009-11-23 21:17 . 2004-05-19 09:01 49152 ----a-w- c:\windows\system32\Xjng.dll
2009-11-23 21:17 . 2004-05-19 09:01 364544 ----a-w- c:\windows\system32\Xfpx.dll
2009-11-23 21:17 . 2004-02-04 05:33 307200 ----a-w- c:\windows\system32\libmng.dll
2009-11-21 11:27 . 2009-11-21 11:26 5098496 ----a-w- C:\unetbtin.exe
2009-11-20 13:42 . 2009-11-20 13:42 -------- d-----w- c:\programmi\TitanTV
2009-11-19 14:25 . 2009-08-13 14:40 43008 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Mozilla\Firefox\Profiles\vtjs5iq8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 14:25 . 2009-08-13 14:39 340480 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Mozilla\Firefox\Profiles\vtjs5iq8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 14:25 . 2009-08-13 14:39 346112 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Mozilla\Firefox\Profiles\vtjs5iq8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-17 15:17 . 2009-11-17 15:17 -------- d-----w- C:\ubuntu
2009-11-14 18:52 . 2009-11-14 23:52 -------- d-----w- C:\win
2009-11-12 01:31 . 2009-11-12 01:31 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\PeerNetworking
2009-11-10 09:58 . 2009-09-04 16:08 416824 ----a-w- c:\windows\system32\pwNative.exe
2009-11-10 09:58 . 2009-09-04 16:08 16456 ----a-w- c:\windows\system32\pwdrvio.sys
2009-11-10 09:58 . 2009-09-04 16:07 11088 ----a-w- c:\windows\system32\pwdspio.sys
2009-11-10 09:32 . 2001-07-13 12:56 14976 ----a-w- c:\windows\system32\drivers\SBKUPNT.SYS
2009-11-10 09:32 . 1997-02-08 16:11 13312 ----a-w- c:\windows\system32\DEVLOAD.EXE
2009-11-10 00:31 . 2003-11-25 14:58 38305 ----a-w- c:\windows\AFUDOS.exe
2009-11-10 00:30 . 2009-11-10 00:31 416970 ----a-w- c:\windows\P4P81016.zip
2009-11-06 16:07 . 2009-11-06 16:07 -------- d-----w- c:\programmi\File comuni\ATI
2009-11-06 15:23 . 2006-05-03 10:57 520192 ------w- c:\windows\system32\ati2sgag.exe
2009-11-06 14:10 . 2009-11-06 14:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-05 22:15 . 2009-11-05 22:15 -------- d-----w- c:\programmi\ASUS
2009-11-05 22:15 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-11-05 21:23 . 2009-11-05 21:24 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\Download Manager
2009-11-04 19:50 . 2009-11-04 19:50 -------- d-----w- c:\documents and settings\desktop\Impostazioni locali\Dati applicazioni\NeoSmart_Technologies
2009-11-04 19:45 . 2009-11-04 19:45 -------- d-----w- c:\programmi\NeoSmart Technologies
2009-11-04 00:05 . 2009-11-04 00:05 152576 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-03 16:57 . 2009-11-03 16:57 -------- d-----w- c:\programmi\Microsoft Office Outlook Connector
2009-11-03 16:54 . 2009-11-03 16:54 -------- d-----w- c:\programmi\Microsoft
2009-11-03 15:13 . 2009-11-03 15:14 1925024 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-02 20:06 . 2009-11-06 15:29 -------- d-----w- c:\documents and settings\desktop\Impostazioni locali\Dati applicazioni\ATI
2009-11-02 20:06 . 2009-11-06 15:29 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\ATI
2009-11-02 20:03 . 2009-11-02 20:03 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\X10 Commander
2009-11-02 19:59 . 2009-11-02 19:59 -------- d-----w- C:\ATI
2009-11-02 18:56 . 2009-11-02 18:56 -------- d-----w- c:\windows\system32\windows media
2009-11-02 18:56 . 2009-11-20 13:42 -------- d--h--w- c:\windows\msdownld.tmp
2009-11-02 18:56 . 2009-11-02 18:56 -------- d-----w- c:\programmi\Windows Media Components
2009-11-02 18:55 . 2009-11-02 18:55 -------- d-----w- c:\programmi\File comuni\CyberLink
2009-11-02 18:54 . 2004-08-04 01:07 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll
2009-11-02 18:54 . 2004-08-04 01:07 32768 ----a-w- c:\windows\system32\ativtmxx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 00:30 . 2009-01-14 23:31 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\MailWasherFree
2009-11-26 23:16 . 2001-08-31 12:00 92408 ----a-w- c:\windows\system32\perfc010.dat
2009-11-26 23:16 . 2001-08-31 12:00 511376 ----a-w- c:\windows\system32\perfh010.dat
2009-11-19 00:19 . 2009-01-14 22:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-11-17 00:20 . 2009-10-06 22:39 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\Spyware Terminator
2009-11-10 23:35 . 2009-10-06 22:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-11-10 17:44 . 2009-01-15 09:55 -------- d-----w- c:\programmi\Lexmark 1200 Series
2009-11-06 16:07 . 2009-01-14 19:35 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-06 16:07 . 2009-01-15 22:18 -------- d-----w- c:\programmi\ATI Multimedia
2009-11-06 15:25 . 2009-01-15 08:22 -------- d-----w- c:\programmi\ATI Technologies
2009-11-06 14:53 . 2009-01-15 22:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ATI MMC
2009-11-04 00:06 . 2009-01-14 13:45 -------- d-----w- c:\programmi\Java
2009-11-03 23:57 . 2009-09-13 21:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-11-03 00:02 . 2009-08-18 21:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Adobe Systems
2009-11-02 20:07 . 2009-01-14 13:52 219672 ----a-w- c:\documents and settings\desktop\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-02 14:48 . 2009-09-14 13:18 -------- d-----w- c:\programmi\QuickTime
2009-11-02 14:34 . 2009-09-13 19:39 154444 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-28 11:04 . 2009-01-14 22:14 -------- d-----w- c:\programmi\Microsoft Works
2009-10-23 14:03 . 2009-10-23 14:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-10-23 14:03 . 2009-10-23 14:03 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-10-23 14:03 . 2009-02-03 23:40 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\Nokia
2009-10-23 14:02 . 2009-10-23 14:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-10-23 14:02 . 2009-10-23 14:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-10-23 13:54 . 2009-10-23 13:54 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-10-23 13:54 . 2009-10-23 13:54 -------- d-----w- c:\programmi\File comuni\Nokia
2009-10-23 13:54 . 2009-02-03 23:40 -------- d-----w- c:\programmi\DIFX
2009-10-23 13:53 . 2009-10-23 13:53 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-10-23 13:53 . 2009-02-03 23:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-10-23 13:53 . 2009-10-23 13:53 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-10-23 13:53 . 2009-10-23 13:53 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-23 13:53 . 2009-10-23 13:53 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-23 13:53 . 2009-10-23 13:53 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-23 13:43 . 2009-10-23 13:53 33853800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ita_web.exe
2009-10-19 19:43 . 2009-10-17 22:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-10-12 23:23 . 2009-02-15 11:18 -------- d-----w- c:\programmi\DesktopEarth
2009-10-12 21:01 . 2009-10-12 20:47 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\Any Video Converter Professional
2009-10-11 20:43 . 2009-10-11 20:43 29926 ----a-r- c:\documents and settings\desktop\Dati applicazioni\Microsoft\Installer\{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}\ARPPRODUCTICON.exe
2009-10-11 03:17 . 2009-06-12 07:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-09 08:45 . 2009-03-10 12:22 -------- d-----w- c:\programmi\Virtual Earth 3D
2009-10-08 13:57 . 2008-07-29 17:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2001-08-31 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2001-08-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 08:37 . 2009-02-04 18:01 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\Nero
2009-10-08 08:23 . 2009-10-08 08:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PicturesToExe
2009-10-08 08:04 . 2009-02-27 00:01 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\Ulead Systems
2009-10-08 07:53 . 2009-10-08 07:53 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\kiwi.software.NET
2009-10-08 07:41 . 2009-10-03 23:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MAGIX
2009-10-08 00:24 . 2009-02-27 00:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2009-10-07 23:53 . 2009-10-03 01:28 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\MAGIX
2009-10-06 22:39 . 2009-10-06 22:39 6144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2009-10-06 22:39 . 2009-10-06 22:39 5632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2009-10-06 22:39 . 2009-10-06 22:39 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-10-06 21:29 . 2009-02-04 18:03 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\Simple Star
2009-10-06 20:31 . 2009-01-30 17:12 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\U3
2009-10-06 11:12 . 2009-10-06 11:12 25214 ----a-r- c:\documents and settings\desktop\Dati applicazioni\Microsoft\Installer\{EEECE229-49F6-4851-A73A-99B058221F8C}\ARPPRODUCTICON.exe
2009-10-05 23:15 . 2009-10-05 23:15 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\Media Player Classic
2009-10-05 22:53 . 2009-10-05 22:53 -------- d-----w- c:\programmi\Xvid
2009-10-05 22:45 . 2009-10-05 22:45 -------- d-----w- c:\programmi\AviSynth 2.5
2009-10-05 22:44 . 2009-10-05 22:42 4284535 ----a-w- c:\documents and settings\desktop\Dati applicazioni\ffdshow.exe
2009-10-05 22:44 . 2009-10-05 22:42 4284535 ----a-w- c:\documents and settings\desktop\Dati applicazioni\ffdshow.exe
2009-10-05 22:42 . 2009-10-05 22:42 642685 ----a-w- c:\documents and settings\desktop\Dati applicazioni\xvid.exe
2009-10-05 22:42 . 2009-10-05 22:42 642685 ----a-w- c:\documents and settings\desktop\Dati applicazioni\xvid.exe
2009-10-05 22:42 . 2009-10-05 22:41 2169915 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Imgburn.exe
2009-10-05 22:42 . 2009-10-05 22:41 2169915 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Imgburn.exe
2009-10-05 22:41 . 2009-10-05 22:39 4182178 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Avisynth.exe
2009-10-05 22:41 . 2009-10-05 22:39 4182178 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Avisynth.exe
2009-10-05 21:56 . 2009-01-14 13:38 -------- d-----w- c:\programmi\Windows Sidebar
2009-10-05 18:05 . 2009-02-20 15:39 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-10-05 17:55 . 2009-01-20 14:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-10-05 13:52 . 2009-10-05 13:52 -------- d-----w- c:\programmi\Trend Micro
2009-10-05 12:35 . 2009-10-05 12:35 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\.clamwin
2009-10-04 21:40 . 2009-01-15 21:43 -------- d-----w- c:\programmi\Creative
2009-10-04 21:39 . 2009-01-15 15:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Creative
2009-10-04 11:27 . 2009-02-04 18:07 -------- d-----w- c:\programmi\File comuni\Simple Star Shared
2009-10-04 11:27 . 2009-02-04 18:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-10-04 01:27 . 2009-10-04 01:27 -------- d-----w- c:\programmi\File comuni\Fellowes
2009-10-04 00:10 . 2009-10-04 00:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\QuickTime
2009-10-03 14:27 . 2009-10-03 14:27 110304 ----a-w- c:\windows\system32\drivers\ACEDRV09.sys
2009-10-03 14:21 . 2009-10-03 14:17 -------- d-----w- c:\programmi\File comuni\MAGIX Shared
2009-09-28 14:49 . 2009-02-20 15:51 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-28 13:50 . 2009-09-28 13:50 29926 ----a-r- c:\documents and settings\desktop\Dati applicazioni\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
2009-09-25 09:24 . 2009-09-25 09:16 17561072 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\rp\.exe
2009-09-25 09:16 . 2009-09-25 09:15 8405312 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-09-25 09:11 . 2009-09-25 09:11 10309448 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\chr\ChromeInstaller.exe
2009-09-25 09:05 . 2009-09-25 09:05 64000 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\RUP\inst_config\gcapi_dll.dll
2009-09-25 09:05 . 2009-09-25 09:05 52288 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\RUP\inst_config\gtapi.dll
2009-09-25 09:05 . 2009-09-25 09:05 50688 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\RUP\inst_config\fftbapi.dll
2009-09-25 09:05 . 2009-09-25 09:05 114688 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\RUP\inst_config\compat.dll
2009-09-24 20:56 . 2009-08-28 19:47 2019 ----a-w- c:\windows\NewRecorder.reg
2009-09-24 19:28 . 2009-09-24 19:28 435720 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\setup.exe
2009-09-24 13:16 . 2009-04-01 20:27 4045528 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-11 14:14 . 2008-08-15 08:26 136704 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2009-01-16 02:21 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-01-16 02:21 19160 ------w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2008-04-13 17:13 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 15:44 . 2009-09-14 11:17 515416 ------w- c:\windows\system32\XAudio2_5.dll
2009-09-04 15:44 . 2009-09-14 11:17 238936 ------w- c:\windows\system32\xactengine3_5.dll
2009-09-04 15:44 . 2009-09-13 21:09 69464 ------w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 15:29 . 2009-09-14 11:17 453456 ------w- c:\windows\system32\d3dx10_42.dll
2009-09-04 15:29 . 2009-09-14 11:17 235344 ------w- c:\windows\system32\d3dx11_42.dll
.

------- Sigcheck -------

[-] 2008-08-15 . E88631E21A9CACA06104802F9E915115 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe runtime -Delay" [X]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"Sidebar"="c:\programmi\Windows Sidebar\sidebar.exe" [2008-08-15 1274880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice.lnk]
backup=c:\windows\pss\Alice.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di HP Image Zone.lnk]
backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^McAfee Security Scan.lnk]
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^desktop^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^desktop^Menu Avvio^Programmi^Esecuzione automatica^HDDlife.lnk]
backup=c:\windows\pss\HDDlife.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^desktop^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"PinnacleDriverCheck"=c:\windows\system32\\PSDrvCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Programmi\\Internet\\uTorrent\\uTorrent.exe"=
"d:\\Programmi\\Internet\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"d:\\Programmi\\Internet\\Skype\\Phone\\Skype.exe"=
"d:\\Programmi\\Video\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"d:\\Programmi\\Video\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"d:\\Programmi\\Video\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"d:\\Programmi\\Video\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"d:\\Programmi\\Video\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"d:\\Programmi\\Video\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"d:\\Programmi\\Video\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\ASUS\\AsusUpdate\\Update.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [03/10/2009 1.48.53 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [03/10/2009 1.48.53 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20/02/2009 16.43.15 64160]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [06/10/2009 23.39.39 142592]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [03/10/2009 15.27.35 110304]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [10/11/2009 10.32.54 14976]
R3 TTDec;ATI WDM Teletext Decoder;c:\windows\system32\drivers\atinttxx.sys [14/01/2009 15.35.01 13824]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [10/11/2009 10.58.40 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [10/11/2009 10.58.40 11088]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [03/10/2009 15.21.59 544768]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [15/01/2009 22.10.28 7424]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [15/01/2009 22.10.25 170368]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection WSidebar.inf,Registrazione_SideBar
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-29 c:\windows\Tasks\RegCure Program Check.job
- d:\programmi\DiskUtility\RegCure\RegCure.exe [2007-08-02 07:20]

2009-11-26 c:\windows\Tasks\RegCure.job
- d:\programmi\DiskUtility\RegCure\RegCure.exe [2007-08-02 07:20]

2009-11-29 c:\windows\Tasks\User_Feed_Synchronization-{BAA84876-83C2-408E-B173-4487A0AA420E}.job
- c:\windows\system32\msfeedssync.exe [2001-08-31 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.nontipago.it/Servizi/Notizie.htm
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\desktop\Dati applicazioni\Mozilla\Firefox\Profiles\vtjs5iq8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.nontipago.it/Servizi/Notizie.htm
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13153&gct=&gc=1&q=
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-Alice ti aiuta - c:\progra~1\ALICET~1\Uninstall.exe AliceRE
AddRemove-RealJukebox 1.0 - c:\programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 22:36
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(492)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3852)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
d:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
d:\programmi\Burn\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\tcpsvcs.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
d:\programmi\DiskUtility\Spyware Terminator\sp_rsser.exe
c:\windows\system32\SearchIndexer.exe
c:\programmi\ATI Technologies\ATI.ACE\cli.exe
c:\windows\system32\wscntfy.exe
c:\programmi\ATI Technologies\ATI.ACE\cli.exe
c:\programmi\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-29 22:43 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-29 21:43
ComboFix2.txt 2009-10-05 08:28

Pre-Run: 39.076.069.376 byte disponibili
Post-Run: 38.935.855.104 byte disponibili

- - End Of File - - 0BA9BBCD8760CE7C48D4CA3A83961B3D
Torna in alto
 
r16
Inviato: Monday, November 30, 2009 12:11:06 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Nessun risultato positivo?
Torna in alto
 
enzino85
Inviato: Monday, November 30, 2009 9:11:41 AM

Rank: AiutAmico

Iscritto dal : 9/12/2008
Posts: 76
Mi sembra di aver risolto il problema iniziale.
Grazie.
Torna in alto
 
r16
Inviato: Monday, November 30, 2009 2:04:40 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Un pò di pulizia al pc non guasta:
Disattiva il ripristino configurazione di sistema;
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected

Fai uno ScanDisk approfondito, e una deframmentazione del HD.

Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Computer bloccato 2/3 muinuti quando effettuo connessione ADSL


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.