Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » rallentamento solo nell'apertura di qualsivoglia programma

rallentamento solo nell'apertura di qualsivoglia programma Opzioni
Topic Precedente · Topic Sucessivo
testabianca
Inviato: Saturday, March 13, 2010 9:54:43 AM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Facento la solita scansione periodica con MB ho riscontrato quanto segue.

Malwarebytes' Anti-Malware 1.44
Versione del database: 3862
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/03/2010 9.36.13
mbam-log-2010-03-13 (09-36-00).txt

Tipo di scansione: Scansione completa (C:\|D:\|I:\|L:\|)
Elementi scansionati: 208737
Tempo trascorso: 36 minute(s), 17 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\System Volume Information\_restore{9C4D4FC8-6B80-478C-AF6D-663DDA3BAF8F}\RP70\A0024234.exe (Trojan.Agent) -> No action taken.




Sono in attesa per eseguire l'azione che vorrete suggerirmi.
Per un controllo più minuzioso allego lof Hjk



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.47.59, on 13/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\ThreatFire\TFTray.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Samsung\EmoDio\SMSTray.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\FileHippo.com\UpdateChecker.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\Fastweb\PrintAndFax\FaxMonitor.exe
C:\Programmi\MRU-Blaster\scheduler.exe
C:\Programmi\Secunia\PSI\psi.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Panda USB Vaccine\USBVaccine.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\rnamfler\naofsvc.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ThreatFire\TFService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speedapps.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Programmi\File comuni\Simple Adblock\SimpleAdblock.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programmi\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FILECO~1\INSTAL~1\updateservice\isuspm.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [ThreatFire] C:\Programmi\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [RemoteCenter] C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FileHippo.com] "C:\Programmi\FileHippo.com\UpdateChecker.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Programmi\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Programmi\MRU-Blaster\mrublaster.exe
O4 - Startup: Secunia PSI.lnk = C:\Programmi\Secunia\PSI\psi.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: PrintAndFax.lnk = C:\Programmi\Fastweb\PrintAndFax\FaxMonitor.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - Unknown owner - C:\Programmi\AVG\AVG9\avgwdsvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Programmi\rnamfler\naofsvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ThreatFire - PC Tools - C:\Programmi\ThreatFire\TFService.exe

--
End of file - 8818 bytes

Ringrazio per quanto farete e conlo l'occasione per augurarvi un buon fine settimana.
Torna in alto
 
Sponsor
Inviato: Saturday, March 13, 2010 9:54:43 AM

 
Torna in alto
 
paolopa
Inviato: Saturday, March 13, 2010 11:33:50 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
mbam ha trovato un file infetto in uno dei tuoi punti di ripristino(per ora lascialo li,danni non puo' farne),il discorso è sapere quando è entrato e perchè non è stato trovato sul pc,a meno che tu non l abbia trovato e bonificato in tempi passati.il log,all ANALISI ON LINE non presenta problemi(hai disinstallato avg di recente?),ma in attesa di qualcuno piu' addentro di me a queste cose se vuoi fare ulteriori accertamenti fai quanto segue:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
testabianca
Inviato: Saturday, March 13, 2010 12:48:28 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Quindici giorni fa non era presente alla scansione.
Non ho caricato nulla ho solo disinstallato avg e sostituito con avast 5.
Per ora grazie.
Attendo altre istruzioni.
Ora provvedo con combofix-
Torna in alto
 
testabianca
Inviato: Saturday, March 13, 2010 1:37:54 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Eseguito combofix ed ecco il log:

ComboFix 10-03-12.04 - agostino 13/03/2010 12.59.48.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2558.1980 [GMT 1:00]
Eseguito da: c:\documents and settings\agostino\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG.TXT
c:\windows\AUTOLNCH.REG
c:\windows\system32\drivers\isvfihwkueci.sys
c:\windows\system32\muzapp.exe

La copia infetta di c:\windows\system32\midimap.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\VistaMizer\old\midimap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))


-------\Legacy_isvfihwkueci
-------\Service_isvfihwkueci


((((((((((((((((((((((((( Files Creati Da 2010-02-13 al 2010-03-13 )))))))))))))))))))))))))))))))))))
.

2010-03-12 19:23 . 2010-03-12 19:23 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\Nero
2010-03-10 09:51 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-04 19:26 . 2010-02-23 12:03 253952 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Mozilla\Firefox\Profiles\3h6ti7k2.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
2010-02-17 08:39 . 2010-02-17 08:39 -------- d-----w- c:\programmi\TeraCopy
2010-02-16 15:12 . 2009-11-10 23:08 180224 ----a-w- c:\windows\system32\QTCF.dll
2010-02-15 08:11 . 2010-02-15 08:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-14 08:13 . 2010-02-14 08:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Panda Security
2010-02-14 08:13 . 2010-02-14 08:13 -------- d-----w- c:\programmi\Panda USB Vaccine
2010-02-13 12:50 . 2010-02-13 13:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\KidCoaster
2010-02-13 12:44 . 2010-02-13 12:48 -------- d-----w- c:\programmi\Software Informer
2010-02-12 15:23 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-12 15:23 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-12 15:23 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-12 15:23 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-12 15:23 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-12 15:23 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-12 15:23 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-12 15:23 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-12 15:23 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-12 15:23 . 2010-02-12 15:23 -------- d-----w- c:\programmi\Alwil Software
2010-02-12 15:23 . 2010-02-12 15:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 12:21 . 2009-03-07 18:11 1616017440 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-13 12:18 . 2007-09-26 16:34 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000004-20021102}.dat
2010-03-13 12:18 . 2007-09-26 16:34 384 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000C-00001102-00000004-20021102}.dat
2010-03-13 12:18 . 2009-03-07 18:11 18940460 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-13 08:47 . 2008-08-22 11:25 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-12 19:23 . 2007-09-26 17:41 -------- d-----w- c:\programmi\Nero
2010-03-12 18:56 . 2009-08-12 11:43 -------- d-----w- c:\programmi\SpywareBlaster
2010-03-12 07:22 . 2010-01-09 14:52 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\Simple Adblock
2010-03-11 17:33 . 2008-12-08 18:44 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\TeraCopy
2010-03-11 08:29 . 2010-02-01 10:58 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\vlc
2010-03-10 10:21 . 2007-09-26 17:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-03-05 08:05 . 2010-03-05 08:05 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-27 07:19 . 2008-12-02 12:47 -------- d-----r- c:\programmi\Skype
2010-02-26 10:18 . 2008-10-18 12:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-02-26 10:08 . 2008-10-18 12:39 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\skypePM
2010-02-26 09:46 . 2001-08-31 11:00 80268 ----a-w- c:\windows\system32\perfc010.dat
2010-02-26 09:46 . 2001-08-31 11:00 481664 ----a-w- c:\windows\system32\perfh010.dat
2010-02-25 17:04 . 2010-01-18 16:09 -------- d-----w- c:\programmi\CCleaner
2010-02-24 09:24 . 2008-11-14 12:36 -------- d-----w- c:\programmi\Innovative Solutions
2010-02-16 15:12 . 2009-10-11 14:57 -------- d-----w- c:\programmi\QuickTime Alternative
2010-02-15 17:14 . 2009-09-21 18:28 -------- d-----w- c:\programmi\Defraggler
2010-02-03 11:58 . 2009-01-26 09:24 -------- d-----w- c:\programmi\Photocopier
2010-02-03 06:54 . 2010-02-03 06:54 -------- d-----w- c:\programmi\FileHippo.com
2010-01-25 19:39 . 2010-01-25 19:39 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-01-24 20:12 . 2010-01-24 20:12 503808 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2a20f565-n\msvcp71.dll
2010-01-24 20:12 . 2010-01-24 20:12 499712 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2a20f565-n\jmc.dll
2010-01-24 20:12 . 2010-01-24 20:12 348160 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2a20f565-n\msvcr71.dll
2010-01-24 20:08 . 2010-01-24 20:08 61440 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3b3ffbb8-n\decora-sse.dll
2010-01-24 20:08 . 2010-01-24 20:08 12800 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3b3ffbb8-n\decora-d3d.dll
2010-01-23 07:39 . 2010-01-23 07:39 -------- d-----w- c:\programmi\MRU-Blaster
2010-01-23 07:38 . 2010-01-23 07:37 -------- d-----w- c:\programmi\Disk Cleaner
2010-01-23 07:31 . 2010-01-23 07:31 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\Systenance
2010-01-23 07:30 . 2010-01-23 07:30 -------- d-----w- c:\programmi\Index.dat Analyzer
2010-01-22 08:27 . 2009-10-10 09:16 -------- d-----w- c:\programmi\ThreatFire
2010-01-21 10:03 . 2008-11-06 07:08 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\dvdcss
2010-01-21 07:03 . 2007-09-26 16:29 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-21 07:03 . 2009-05-24 10:57 -------- d-----w- c:\programmi\Samsung
2010-01-20 08:34 . 2009-06-30 13:11 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-20 08:10 . 2010-01-20 08:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\F-Secure
2010-01-19 06:51 . 2009-08-25 08:17 -------- d-----w- c:\programmi\AviSynth 2.5
2010-01-16 13:50 . 2010-01-16 13:48 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\PhotoFiltre
2010-01-15 08:22 . 2010-01-15 08:22 348160 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-7deaf636-n\msvcr71.dll
2010-01-15 08:22 . 2010-01-15 08:22 503808 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-7deaf636-n\msvcp71.dll
2010-01-15 08:22 . 2010-01-15 08:22 499712 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-7deaf636-n\jmc.dll
2010-01-15 08:22 . 2010-01-15 08:22 61440 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-7deaf636-n\decora-sse.dll
2010-01-15 08:22 . 2010-01-15 08:22 12800 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-7deaf636-n\decora-d3d.dll
2010-01-15 08:22 . 2010-01-15 08:22 114688 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-33290bd3-n\jogl_cg.dll
2010-01-15 08:22 . 2010-01-15 08:22 315392 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-33290bd3-n\jogl.dll
2010-01-15 08:22 . 2010-01-15 08:22 20480 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-33290bd3-n\jogl_awt.dll
2010-01-15 08:22 . 2010-01-15 08:22 20480 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-36764fa0-n\gluegen-rt.dll
2010-01-15 08:22 . 2008-08-09 18:24 -------- d-----w- c:\programmi\File comuni\Java
2010-01-15 08:21 . 2008-12-08 14:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-15 08:21 . 2010-01-15 08:21 -------- d-----w- c:\programmi\Java
2010-01-14 23:08 . 2010-01-14 22:46 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-01-14 23:08 . 2010-01-14 22:46 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-01-14 23:08 . 2010-01-14 22:45 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-01-13 17:15 . 2010-01-13 16:58 -------- d-----w- c:\programmi\Real
2010-01-13 17:06 . 2009-07-09 09:42 -------- d-----w- c:\programmi\File comuni\Real
2010-01-13 13:58 . 2007-09-26 17:14 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-08 08:01 . 2009-12-31 07:06 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-12-15 16:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-15 16:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 16:38 . 2007-09-26 17:30 76960 ----a-w- c:\documents and settings\agostino\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-31 16:50 . 2007-01-03 10:51 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:06 . 2007-01-03 10:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:40 . 2007-09-26 16:20 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-19 13:39 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\programmi\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"FileHippo.com"="c:\programmi\FileHippo.com\UpdateChecker.exe" [2010-03-03 155648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-17 45056]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"SBDrvDet"="c:\programmi\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\updateservice\isuspm.exe" [2004-06-14 221184]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"ThreatFire"="c:\programmi\ThreatFire\TFTray.exe" [2010-01-14 378128]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]
"SMSTray"="c:\programmi\Samsung\EmoDio\SMSTray.exe" [2009-10-08 479232]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\agostino\Menu Avvio\Programmi\Esecuzione automatica\
MRU-Blaster Scheduler.lnk - c:\programmi\MRU-Blaster\scheduler.exe [2003-7-19 118784]
MRU-Blaster Silent Clean.lnk - c:\programmi\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]
Secunia PSI.lnk - c:\programmi\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Pinnacle Scheduler.lnk - c:\programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2007-9-27 245760]
PrintAndFax.lnk - c:\programmi\Fastweb\PrintAndFax\FaxMonitor.exe [2005-11-3 970856]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [20/05/2008 8.32.40 15328]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [14/01/2010 23.45.54 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [14/01/2010 23.46.02 59664]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11/08/2004 17.22.54 77312]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/02/2010 16.23.35 162640]
R1 is-QVPF3drv;is-QVPF3drv;c:\windows\system32\drivers\38729904.sys [07/03/2009 19.10.59 148496]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [04/10/2009 9.44.03 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [04/10/2009 9.42.37 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/02/2010 16.23.35 19024]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [26/09/2007 17.28.18 15840]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [25/08/2009 11.16.36 220128]
R2 ThreatFire;ThreatFire;c:\programmi\ThreatFire\TFService.exe service --> c:\programmi\ThreatFire\TFService.exe service [?]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [26/09/2007 17.56.01 698368]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [04/10/2009 9.42.42 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [04/10/2009 9.43.57 257432]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [26/09/2007 18.07.59 44544]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [26/09/2007 18.11.17 6400]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17/06/2009 13.20.34 12648]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [14/01/2010 23.46.08 33552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe --> c:\programmi\AVG\AVG9\avgwdsvc.exe [?]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\agostino\IMPOST~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\agostino\IMPOST~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [02/03/2009 13.17.03 49632]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-13 c:\windows\Tasks\PandaUSBVaccine.job
- c:\programmi\Panda USB Vaccine\RunInteractiveWin.exe [2010-02-14 15:45]

2010-03-13 c:\windows\Tasks\User_Feed_Synchronization-{A6A01747-FD5F-45F8-86D4-862341F42BC4}.job
- c:\windows\system32\msfeedssync.exe [2007-01-03 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm
IE: &Clean Traces
IE: &Download with &DAP
IE: Download &all with DAP
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Scarica con Download &Express - c:\programmi\Download Express\Add_Url.htm
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
FF - ProfilePath - c:\documents and settings\agostino\Dati applicazioni\Mozilla\Firefox\Profiles\3h6ti7k2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\documents and settings\agostino\Dati applicazioni\Mozilla\Firefox\Profiles\3h6ti7k2.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-13 13:20
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(2036)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\programmi\ThreatFire\TFNI.dll
c:\programmi\ThreatFire\TFMon.dll
c:\programmi\ThreatFire\TFRK.dll
c:\programmi\ThreatFire\TFWAH.dll

- - - - - - - > 'lsass.exe'(288)
c:\windows\system32\scecli.dll
c:\windows\system32\SETUPAPI.dll
c:\programmi\ThreatFire\TFWAH.dll

- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\programmi\ThreatFire\TfWah.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\programmi\ThreatFire\TFNI.dll
c:\programmi\ThreatFire\TFMon.dll
c:\programmi\ThreatFire\TFRK.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\programmi\Panda USB Vaccine\USBVaccine.exe
c:\windows\system32\CTsvcCDA.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\rnamfler\naofsvc.exe
c:\programmi\ThreatFire\TFService.exe
c:\windows\system32\MsPMSPSv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-13 13:33:59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-13 12:33

Pre-Run: 26.087.788.544 byte disponibili
Post-Run: 26.072.461.312 byte disponibili

- - End Of File - - 5C617720172B6E4DFD69A90F4AC85757



Attendo ordine di disinstallazione combofix ed altre istruzioni.
Salutoni..
Torna in alto
 
paolopa
Inviato: Saturday, March 13, 2010 1:51:41 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
bene(si fa per dire...)combofix ti ha trovato ed eliminato delle infezioni.non disinstallarlo momentaneamente perchè r16 probabilmente ti dara' istruzioni per eseguire uno script che ti eliminera'alcuni rimasugli.io,scusami,ma mi fermo qui(peccherei di presunzione se ti dessi adesso qualche consiglio)comunque cio' che abbiamo fatto non è stato tempo perso.per l infezione trovata da malwarebytes non preoccupartene per ora,sparira' con le pulizie che effettuerai dopo la bonifica,solo NON toccare il ripristino configurazione di sistema.ciao e buona giornata.
Torna in alto
 
r16
Inviato: Saturday, March 13, 2010 2:14:37 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::
Driver::
AvgLdx86
AvgTdiX
avg9wd
F-Secure Standalone Minifilter


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
testabianca
Inviato: Saturday, March 13, 2010 4:07:05 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Non capisco perchè combofix sia scaduto.

Ho eseguito lo script ma mi da errore come da immagine



Come comportarmi?
Grazie e salutoni.
Torna in alto
 
r16
Inviato: Saturday, March 13, 2010 9:32:24 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Bah....Combofix, è fatto così...Think
Disistallalo così:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Scarica questa versione:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Fai la scansione, e posta il log.
Torna in alto
 
testabianca
Inviato: Sunday, March 14, 2010 10:10:49 AM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Ho eseguito alla lettera quanto suggerito da r16 ma il risultato è ancora come da immagine proposta in precedenza.
Ho tentato anche di disinstallare combofix con il tool suggerito e fatta pulizia, registro compreso con Ccleaner ma il risultato non è mutato.
Ora non riesco nemmeno a fargli fare la scansione. Viene caricato il programma, si apre la finestra azzurra e poi da il messaggio che il programma è scaduto.
Se può essere di aiuto: dopo disinstallato combofic con OTC, facendo pulizia del registro con Ccleaner trovo questo risultato.




AIUTO!!!!!
Salutoni
Torna in alto
 
r16
Inviato: Sunday, March 14, 2010 11:59:08 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Salve.
Siccome, le voci che si riferiscono allo script, sono dei "rimasugli" di disistallazioni errate,(AVG) e non dei virus, si può lasciare perdere Combofix, e fare delle pulizie generali.
Elimina Combofix.
Fai girare questo Tool, per eliminare i "rimasugli di AVG:
http://www.grisoft.cz/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Posta un log di HijackThis.
Torna in alto
 
testabianca
Inviato: Sunday, March 14, 2010 1:20:57 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Provvedo ora e posterò appena terminato.
Salutoni
Torna in alto
 
testabianca
Inviato: Sunday, March 14, 2010 1:24:34 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Ecco il log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.22.00, on 14/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Panda USB Vaccine\USBVaccine.exe
C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\ThreatFire\TFTray.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Samsung\EmoDio\SMSTray.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Programmi\FileHippo.com\UpdateChecker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\Fastweb\PrintAndFax\FaxMonitor.exe
C:\Programmi\MRU-Blaster\scheduler.exe
C:\Programmi\Secunia\PSI\psi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\rnamfler\naofsvc.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ThreatFire\TFService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speedapps.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Programmi\File comuni\Simple Adblock\SimpleAdblock.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programmi\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FILECO~1\INSTAL~1\updateservice\isuspm.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [ThreatFire] C:\Programmi\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [RemoteCenter] C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [FileHippo.com] "C:\Programmi\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Programmi\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Programmi\MRU-Blaster\mrublaster.exe
O4 - Startup: Secunia PSI.lnk = C:\Programmi\Secunia\PSI\psi.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: PrintAndFax.lnk = C:\Programmi\Fastweb\PrintAndFax\FaxMonitor.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Programmi\rnamfler\naofsvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ThreatFire - PC Tools - C:\Programmi\ThreatFire\TFService.exe

--
End of file - 8625 bytes

In attesa ringrazio e saluto caldamente.
Torna in alto
 
r16
Inviato: Sunday, March 14, 2010 3:37:15 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FILECO~1\INSTAL~1\updateservice\isuspm.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [FileHippo.com] "C:\Programmi\FileHippo.com\UpdateChecker.exe" /background
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Programmi\MRU-Blaster\mrublaster.exe
O4 - Startup: Secunia PSI.lnk = C:\Programmi\Secunia\PSI\psi.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
Svuota il cestino
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected

Fai una deframmentazione del HD.
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Torna in alto
 
testabianca
Inviato: Sunday, March 14, 2010 4:53:47 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Eseguito e noto un leggero miglioramento.
Se non ci sono altri suggerimenti considero chiusa la richiesta di aiuto.
Grazie e salutoni.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » rallentamento solo nell'apertura di qualsivoglia programma


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.