Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » computer lento, si blocca

computer lento, si blocca Opzioni
Topic Precedente · Topic Sucessivo
paose
Inviato: Friday, January 08, 2010 4:12:53 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
Salve, il computer è mltolento e si blocca,

potreste controllare il log? Grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.10.30, on 08/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Java\j2re1.4.2_12\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Student\Microsoft Encarta 2008 - Premium + Student DVD\EDICT.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Dati applicazioni\flag ace stupid data\Time Date.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_12\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L08IXLRD_8918390] "C:\Programmi\Microsoft Student\Microsoft Encarta 2008 - Premium + Student DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{25D36AEC-D909-4EEC-ADA7-EBF7939CA535}: NameServer = 85.37.17.17 85.38.28.72
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9887e47a616b6) (gupdate1c9887e47a616b6) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10072 bytes
Torna in alto
 
Sponsor
Inviato: Friday, January 08, 2010 4:12:53 PM

 
Torna in alto
 
bazzurlone
Inviato: Friday, January 08, 2010 4:20:41 PM

Rank: AiutAmico

Iscritto dal : 1/20/2005
Posts: 1,537
Usa Malawarebytes, lo trovi in software,sicurezza
Installa ,aggiornalo e fai una scansione completa. alla fine ti dara' un log,postalo
http://www.aiutamici.com/software?ID=80346
Torna in alto
 
stefanofragliasso10
Inviato: Friday, January 08, 2010 4:31:02 PM
Rank: AiutAmico

Iscritto dal : 1/6/2010
Posts: 37
per caso l'antivirus non parte?
Torna in alto
 
fdaccc
Inviato: Friday, January 08, 2010 4:35:41 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
fixa:
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Dati applicazioni\flag ace stupid data\Time Date.exe

elimina la cartella in maiuscolo:
C:\Documents and Settings\All Users\Dati applicazioni\FLAG ACE STUPID DATA
Torna in alto
 
paose
Inviato: Friday, January 08, 2010 5:46:58 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
fatto tutto ecco il log

Malwarebytes' Anti-Malware 1.44
Versione del database: 3517
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

08/01/2010 17.34.43
mbam-log-2010-01-08 (17-34-43).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 136118
Tempo trascorso: 10 minute(s), 56 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\Paola\Impostazioni locali\Temp\yjkatp.dll (Malware.Packer) -> Quarantined and deleted successfully.


In quarantena ci sono 4 file di novembre 2009: 2 trojan e 2 Rogue resicue, li posso eliminare?

Grazie
Torna in alto
 
paolopa
Inviato: Friday, January 08, 2010 5:59:39 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
i file in quarantena sono in prigione,non possono nuocere.di solito ci si lasciano nell eventualita' che possano essere falsi positivi,per poterli ripristinare.credo che tu ormai li possa anche eliminare,ma se li lasci non succede nulla,stai tranquillo.
Torna in alto
 
fdaccc
Inviato: Friday, January 08, 2010 6:54:34 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
esegui queste operazioni

Innanzitutto possiamo utilizzare gli strumenti del sistema:
- Start/tutti i programmi/accessori/utilità di sistema/pulitura disco
- Start/tutti i programmi/accessori/utilità di sistema/utilità di deframmentazione dischi

E ancora:

File- Esegui- %temp% :elimina i file e le sottocartelle

File- Esegui- msconfig :configura i programmi all'avvio automatico

Elimina il contenuto della cartella(solo sottocartelle e file):
C:/Windows/Prefetch

Come primo software consiglio caldamente Ccleaner (http://www.aiutamici.com/software?ID=11223)
Pulisce il registro in maniera rapida e sicura ed è una valida alternativa a molti programmi a pagamento.

Come secondo Glary Utilities (http://software.aiutamici.com/software?ID=80312)


Dimmi se riesci ad utilizzare questi programmi o se hai bisogno di aiuto :)
Torna in alto
 
r16
Inviato: Friday, January 08, 2010 11:01:05 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
fdaccc ha scritto:
esegui queste operazioni
E ancora:
File- Esegui- %temp% :elimina i file e le sottocartelle
File- Esegui- msconfig :configura i programmi all'avvio automatico
Dimmi se riesci ad utilizzare questi programmi o se hai bisogno di aiuto :)

Cosa sono, quelle indicazioni?
Cosa vuol dire: File- Esegui- msconfig :configura i programmi all'avvio automatico.
A cosa servono?
Ti rendi conto, che stai facendo confusione?
E che anche l'utente, che stà chiedendo aiuto, si trova disorientato?
La priorità, è levare i virus, che eventualmente si annidano nel pc.
E quella procedura non và bene.

@paose

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
fdaccc
Inviato: Saturday, January 09, 2010 12:15:43 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
intendevo, dopo la pulizia da virus si fa la pulizia dalla spazzatura =)
Torna in alto
 
r16
Inviato: Saturday, January 09, 2010 2:36:41 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
fdaccc ha scritto:
intendevo, dopo la pulizia da virus si fa la pulizia dalla spazzatura =)

E allora aspetta che la pulizia dei virus, sia completata.
Un passo alla volta.Drool
Torna in alto
 
fdaccc
Inviato: Saturday, January 09, 2010 3:12:03 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
scusa r16, come al solito hai ragione tu =)
Torna in alto
 
paose
Inviato: Thursday, January 14, 2010 6:12:04 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
eccolo:

ComboFix 10-01-13.0C - Paola 14/01/2010 17.46.40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.512.291 [GMT 1:00]
Eseguito da: c:\documents and settings\Paola\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 100114-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Paola\IMPOST~1\Temp\install_flash_player.exe
c:\documents and settings\Paola\Dati applicazioni\Desktopicon
c:\documents and settings\Paola\Impostazioni locali\Dati applicazioni\gwqeoac.dat
c:\documents and settings\Paola\Impostazioni locali\Dati applicazioni\gwqeoac_nav.dat
c:\documents and settings\Paola\Impostazioni locali\Dati applicazioni\gwqeoac_navps.dat
c:\windows\TEMP\logishrd\LVPrcInj03.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-12-14 al 2010-01-14 )))))))))))))))))))))))))))))))))))
.

2010-01-13 14:34 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-03 20:23 . 2010-01-03 20:23 -------- d-----w- c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 17:00 . 2008-11-28 16:19 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-14 16:17 . 2009-02-06 17:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-01-08 16:01 . 2009-04-02 11:54 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-08 16:01 . 2009-05-11 16:02 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-04-02 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-02 11:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-23 13:45 . 2008-12-21 21:28 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2009-12-10 08:06 . 2006-03-02 12:00 81206 ----a-w- c:\windows\system32\perfc010.dat
2009-12-10 08:06 . 2006-03-02 12:00 483286 ----a-w- c:\windows\system32\perfh010.dat
2009-12-09 17:43 . 2009-01-27 19:15 -------- d-----w- c:\documents and settings\Paola\Dati applicazioni\Canon
2009-11-21 15:54 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 12:52 . 2009-11-21 12:52 -------- d-----w- c:\documents and settings\Francesco\Dati applicazioni\Malwarebytes
2009-10-29 07:42 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 11:25 . 2009-08-21 06:44 308160 ----a-w- c:\programmi\avast_home_setup.exe
2009-10-19 11:23 . 2008-11-28 16:29 50832 ----a-w- c:\documents and settings\Paola\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-18 17:17 . 2009-10-18 17:17 39079849 ----a-w- c:\programmi\finaldraft8.zip
2009-10-09 17:56 . 2009-10-09 17:55 93074728 ----a-w- c:\programmi\iTunesSetup.exe
2009-04-02 11:53 . 2009-04-02 11:53 2882679 ----a-w- c:\programmi\Malwarebytes.zip
2009-04-02 11:37 . 2009-04-02 11:37 911723 ----a-w- c:\programmi\ccleaner.zip
2009-04-02 07:14 . 2009-04-02 07:13 812344 ----a-w- c:\programmi\HJTInstall.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L08IXLRD_8918390"="c:\programmi\Microsoft Student\Microsoft Encarta 2008 - Premium + Student DVD\EDICT.EXE" [2007-06-12 351000]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2008-08-05 2611096]
"CnxDslTaskBar"="c:\programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 462848]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-11-30 185872]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SunJavaUpdateSched"="c:\programmi\Java\j2re1.4.2_12\bin\jusched.exe" [2006-05-09 32881]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-2 113664]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-28 66864]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=sb16snd.dll
"MIDI1"=sb16snd.dll
"aux1"=sb16snd.dll
"mixer1"=sb16snd.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\FileZilla Client\\filezilla.exe"=
"c:\\Programmi\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19/10/2009 12.43.12 114768]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [28/11/2008 17.19.03 160792]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/10/2009 12.43.12 20560]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [28/11/2008 17.26.47 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [28/11/2008 17.26.47 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [28/11/2008 17.26.47 108675]
R3 FWAuth;FWAuth Driver;c:\windows\system32\drivers\FWAuthdriver.sys [28/11/2008 17.19.02 58136]
S2 gupdate1c9887e47a616b6;Google Update Service (gupdate1c9887e47a616b6);c:\programmi\Google\Update\GoogleUpdate.exe [06/02/2009 18.13.45 133104]
S2 spd3ssl;Spyware-Process-Detector v3.15.3;\??\c:\programmi\Spyware Process Detector\spd315.sys --> c:\programmi\Spyware Process Detector\spd315.sys [?]
S3 sb16snd;sb16snd;c:\windows\system32\drivers\sb16snd.sys [29/11/2008 9.26.11 70672]
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-14 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-06 20:56]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-06 17:13]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-06 17:13]

2010-01-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 21:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-msnmsgr - c:\programmi\Windows Live\Messenger\msnmsgr.exe
AddRemove-gwqeoac - c:\documents and settings\paola\impostazioni locali\dati applicazioni\gwqeoac.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 18:00
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(6416)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\programmi\Unlocker\UnlockerHook.dll
c:\programmi\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\fxssvc.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-14 18:11:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-14 17:11

Pre-Run: 97.043.832.832 byte disponibili
Post-Run: 98.018.856.960 byte disponibili

- - End Of File - - 24D27135357521948E3297F436638911
Torna in alto
 
fdaccc
Inviato: Thursday, January 14, 2010 6:14:14 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
attendi che r16 controlli il tuo log di Combofix =)
Torna in alto
 
paose
Inviato: Saturday, January 16, 2010 9:38:58 AM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
log combo fix

ComboFix 10-01-13.0C - Paola 14/01/2010 17.46.40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.512.291 [GMT 1:00]
Eseguito da: c:\documents and settings\Paola\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 100114-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Paola\IMPOST~1\Temp\install_flash_player.exe
c:\documents and settings\Paola\Dati applicazioni\Desktopicon
c:\documents and settings\Paola\Impostazioni locali\Dati applicazioni\gwqeoac.dat
c:\documents and settings\Paola\Impostazioni locali\Dati applicazioni\gwqeoac_nav.dat
c:\documents and settings\Paola\Impostazioni locali\Dati applicazioni\gwqeoac_navps.dat
c:\windows\TEMP\logishrd\LVPrcInj03.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-12-14 al 2010-01-14 )))))))))))))))))))))))))))))))))))
.

2010-01-13 14:34 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-03 20:23 . 2010-01-03 20:23 -------- d-----w- c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 17:00 . 2008-11-28 16:19 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-14 16:17 . 2009-02-06 17:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-01-08 16:01 . 2009-04-02 11:54 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-08 16:01 . 2009-05-11 16:02 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-04-02 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-02 11:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-23 13:45 . 2008-12-21 21:28 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2009-12-10 08:06 . 2006-03-02 12:00 81206 ----a-w- c:\windows\system32\perfc010.dat
2009-12-10 08:06 . 2006-03-02 12:00 483286 ----a-w- c:\windows\system32\perfh010.dat
2009-12-09 17:43 . 2009-01-27 19:15 -------- d-----w- c:\documents and settings\Paola\Dati applicazioni\Canon
2009-11-21 15:54 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 12:52 . 2009-11-21 12:52 -------- d-----w- c:\documents and settings\Francesco\Dati applicazioni\Malwarebytes
2009-10-29 07:42 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 11:25 . 2009-08-21 06:44 308160 ----a-w- c:\programmi\avast_home_setup.exe
2009-10-19 11:23 . 2008-11-28 16:29 50832 ----a-w- c:\documents and settings\Paola\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-18 17:17 . 2009-10-18 17:17 39079849 ----a-w- c:\programmi\finaldraft8.zip
2009-10-09 17:56 . 2009-10-09 17:55 93074728 ----a-w- c:\programmi\iTunesSetup.exe
2009-04-02 11:53 . 2009-04-02 11:53 2882679 ----a-w- c:\programmi\Malwarebytes.zip
2009-04-02 11:37 . 2009-04-02 11:37 911723 ----a-w- c:\programmi\ccleaner.zip
2009-04-02 07:14 . 2009-04-02 07:13 812344 ----a-w- c:\programmi\HJTInstall.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L08IXLRD_8918390"="c:\programmi\Microsoft Student\Microsoft Encarta 2008 - Premium + Student DVD\EDICT.EXE" [2007-06-12 351000]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2008-08-05 2611096]
"CnxDslTaskBar"="c:\programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 462848]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-11-30 185872]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SunJavaUpdateSched"="c:\programmi\Java\j2re1.4.2_12\bin\jusched.exe" [2006-05-09 32881]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-2 113664]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-28 66864]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=sb16snd.dll
"MIDI1"=sb16snd.dll
"aux1"=sb16snd.dll
"mixer1"=sb16snd.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\FileZilla Client\\filezilla.exe"=
"c:\\Programmi\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19/10/2009 12.43.12 114768]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [28/11/2008 17.19.03 160792]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/10/2009 12.43.12 20560]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [28/11/2008 17.26.47 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [28/11/2008 17.26.47 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [28/11/2008 17.26.47 108675]
R3 FWAuth;FWAuth Driver;c:\windows\system32\drivers\FWAuthdriver.sys [28/11/2008 17.19.02 58136]
S2 gupdate1c9887e47a616b6;Google Update Service (gupdate1c9887e47a616b6);c:\programmi\Google\Update\GoogleUpdate.exe [06/02/2009 18.13.45 133104]
S2 spd3ssl;Spyware-Process-Detector v3.15.3;\??\c:\programmi\Spyware Process Detector\spd315.sys --> c:\programmi\Spyware Process Detector\spd315.sys [?]
S3 sb16snd;sb16snd;c:\windows\system32\drivers\sb16snd.sys [29/11/2008 9.26.11 70672]
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-14 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-06 20:56]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-06 17:13]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-06 17:13]

2010-01-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 21:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-msnmsgr - c:\programmi\Windows Live\Messenger\msnmsgr.exe
AddRemove-gwqeoac - c:\documents and settings\paola\impostazioni locali\dati applicazioni\gwqeoac.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 18:00
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(6416)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\programmi\Unlocker\UnlockerHook.dll
c:\programmi\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\fxssvc.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-14 18:11:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-14 17:11

Pre-Run: 97.043.832.832 byte disponibili
Post-Run: 98.018.856.960 byte disponibili

- - End Of File - - 24D27135357521948E3297F436638911
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » computer lento, si blocca


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.