Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » internet lento

2 pages: [1] 2
internet lento Opzioni
Topic Precedente · Topic Sucessivo
caradonna
Inviato: Thursday, July 09, 2009 7:31:33 PM

Rank: AiutAmico

Iscritto dal : 8/17/2008
Posts: 53
Ciao a tutti, da qualche giorno il mio windows vista è molto lento ad aprire le pagine web.
Qui sotto vi mando il testo copiato dal log, aiutatemi a risolvere il problema.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.14.05, on 09/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Users\vito\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\hp\kbd\kbd.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\vito\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 10252 bytes
Torna in alto
 
Sponsor
Inviato: Thursday, July 09, 2009 7:31:33 PM

 
Torna in alto
 
tool
Inviato: Thursday, July 09, 2009 7:47:18 PM

Rank: AiutAmico

Iscritto dal : 2/18/2007
Posts: 337
Inizia a disinstallare tutte quelle toolbar che hai!!!!! E,poi,anche quel SweetIM che è pieno di insidie per non dire virus!!!!
Torna in alto
 
panchoz
Inviato: Thursday, July 09, 2009 7:51:06 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 2,452
Possibile che qui "tutti" danno ordini! Whistle

"/>
Torna in alto
 
tool
Inviato: Thursday, July 09, 2009 7:59:41 PM

Rank: AiutAmico

Iscritto dal : 2/18/2007
Posts: 337
Non gli ho mica messo la pistola sotto la panchoz....ehm la pancia...Drool per me le toolbar rallentano la navigazione,aspettiamo gli amministratori chi vivrà vedrà....
Torna in alto
 
tool
Inviato: Thursday, July 09, 2009 8:08:04 PM

Rank: AiutAmico

Iscritto dal : 2/18/2007
Posts: 337
Ah,Caradonna questa voce HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
e quest'altra O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab

come ovviamente ask bar ecc ec che ti diranno gli esperti,devi eliminarla assolutamente.
Torna in alto
 
caradonna
Inviato: Thursday, July 09, 2009 10:36:22 PM

Rank: AiutAmico

Iscritto dal : 8/17/2008
Posts: 53
fatemi sapere qualcosa "non so come mi devo comportare" mi stò rompendo di questa situazione, non riesco a navigare velocemente,anzi più passa il tempo e più il pc si addormenta.
Torna in alto
 
r16
Inviato: Thursday, July 09, 2009 11:32:31 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Esegui queste 2 scansioni, disattivando il UAC, e eseguile come Amministratore:
Ecco come disabilitare il UAC:
http://www.faqwindows.com/public/post/disabilitare-uac-da-pannello-di-controllo-disable-uac-12.asp
Poi Disabilta Windows Defender :
Start
Tutti i programmi
seleziona Windows Defender
dal menu Strumenti scegli Opzioni
in Opzioni amministratore deseleziona(togli la spunta) la casella di controllo Usa Windows Defender
conferma l'operazione cliccando su Salva
se viene chiesto di specificare una Password di Amministratore o di confermare, digita la password o conferma

MALWAREBYTES:

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.

---------------------------------------------------------------------------------------------------------
COMBOFIX
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)
Torna in alto
 
panchoz
Inviato: Thursday, July 09, 2009 11:58:07 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 2,452
tool ha scritto:
Non gli ho mica messo la pistola sotto la panchoz....ehm la pancia...Drool per me le toolbar rallentano la navigazione,aspettiamo gli amministratori chi vivrà vedrà....




A proposito di pistole ..mi scoccia fare lo sceriffo, tanto + che lo dovrebbe fare qualcun altro, MA mi scoccia ancor + vedere chi si mette a far lo stregone indiano Drool col primo (mal)capitato!!
Torna in alto
 
caradonna
Inviato: Friday, July 10, 2009 8:51:59 PM

Rank: AiutAmico

Iscritto dal : 8/17/2008
Posts: 53
r16 prima di tutto grazie per l'interessamento, qui sotto ti posto sia il log del Malwarebytes dopo quello del Combofix:



Malwarebytes' Anti-Malware 1.38
Versione del database: 2403
Windows 6.0.6002 Service Pack 2

10/07/2009 20.04.23
mbam-log-2009-07-10 (20-04-23).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 229708
Tempo trascorso: 1 hour(s), 14 minute(s), 6 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)







ComboFix 09-07-09.08 - vito 10/07/2009 20.35.17.1.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.39.1040.18.3070.1742 [GMT 2:00]
Eseguito da: c:\users\vito\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3235247431-4008240807-4101389221-500

.
((((((((((((((((((((((((( Files Creati Da 2009-06-10 al 2009-07-10 )))))))))))))))))))))))))))))))))))
.

2009-07-09 21:55 . 2009-07-09 21:55 -------- d-----w- c:\windows\LastGood
2009-07-09 21:46 . 2009-07-09 21:48 -------- d-----w- c:\windows\system32\ca-ES
2009-07-09 21:46 . 2009-07-09 21:48 -------- d-----w- c:\windows\system32\eu-ES
2009-07-09 21:46 . 2009-07-09 21:48 -------- d-----w- c:\windows\system32\vi-VN
2009-07-09 21:27 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-07-09 21:27 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-07-09 21:27 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-07-09 21:27 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-07-09 21:27 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2009-07-09 21:27 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-07-09 21:27 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2009-07-09 21:27 . 2009-04-11 06:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2009-07-09 21:27 . 2009-04-11 02:52 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-07-09 21:24 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-09 21:24 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-09 21:24 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-09 21:23 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-09 18:59 . 2009-07-09 18:59 -------- d-----w- c:\users\vito\AppData\Local\Windows Live Writer
2009-07-09 18:59 . 2009-07-09 18:59 -------- d-----w- c:\users\vito\AppData\Roaming\Windows Live Writer
2009-07-09 17:13 . 2009-07-09 17:13 -------- d-----w- c:\program files\Trend Micro
2009-07-05 20:19 . 2009-07-05 20:33 -------- d-----w- c:\users\vito\AppData\Roaming\GlarySoft
2009-07-05 20:03 . 2009-07-08 17:44 -------- d-----w- c:\program files\Glary Utilities
2009-07-05 18:55 . 2009-07-05 19:25 680 ----a-w- c:\users\vito\AppData\Local\d3d9caps.dat
2009-07-05 11:10 . 2009-06-29 03:28 2653048 -c--a-w- c:\programdata\~0\DriverScanner_Setup.exe
2009-07-05 11:10 . 2009-07-05 19:28 -------- d-----w- c:\programdata\DriverScanner
2009-07-05 11:10 . 2009-07-06 16:26 -------- d--h--w- c:\programdata\~0
2009-07-05 11:08 . 2009-07-05 19:28 -------- d-----w- c:\users\vito\AppData\Roaming\Uniblue
2009-07-05 11:08 . 2009-06-29 05:35 2568246 -c--a-w- c:\programdata\~1\Uniblue RegistryBooster.exe
2009-07-05 11:08 . 2009-07-06 16:26 -------- d--h--w- c:\programdata\~1
2009-07-05 10:01 . 2009-07-05 10:56 -------- d-----w- c:\program files\CDBurnerXP
2009-07-04 17:46 . 2009-07-04 17:46 -------- d-----w- c:\windows\system32\EventProviders
2009-07-04 17:46 . 2009-07-05 10:53 -------- d-----w- C:\36683029309dc973dd374ddf675c45
2009-07-04 17:19 . 2009-07-04 17:19 -------- d-----w- c:\programdata\Fighters
2009-07-02 21:21 . 2005-06-02 16:28 171008 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2009-07-02 21:07 . 2009-07-02 21:07 29926 ----a-r- c:\users\vito\AppData\Roaming\Microsoft\Installer\{9870C7AE-7C6A-478D-9A75-35827382220F}\ARPPRODUCTICON.exe
2009-07-02 20:06 . 2009-07-02 20:06 -------- d-----w- c:\users\vito\AppData\Roaming\InstallShield
2009-07-02 19:58 . 2009-07-06 16:22 -------- d-----w- c:\program files\SmartSound Software
2009-07-02 19:57 . 2003-11-25 03:02 57856 ----a-w- c:\windows\system32\masd32.dll
2009-07-02 19:57 . 2003-11-25 03:02 27648 ----a-w- c:\windows\system32\ma32.dll
2009-07-02 19:57 . 2003-11-25 03:02 196096 ----a-w- c:\windows\system32\macd32.dll
2009-07-02 19:57 . 2003-11-25 03:02 138752 ----a-w- c:\windows\system32\mase32.dll
2009-07-02 19:57 . 2003-11-25 03:02 136192 ----a-w- c:\windows\system32\mamc32.dll
2009-07-02 19:57 . 2009-07-02 19:57 -------- d-----w- c:\program files\DivX
2009-07-02 19:55 . 2004-02-24 10:04 41219 ----a-w- c:\windows\RSETPATH.exe
2009-07-02 19:54 . 2004-01-23 14:44 49152 ----a-w- c:\windows\system32\PCLEGetGuid.dll
2009-07-02 19:53 . 2009-07-02 20:11 -------- d-----w- c:\programdata\Pinnacle Studio
2009-07-01 19:54 . 2009-07-01 19:54 -------- d-----w- c:\program files\Common Files\Pinnacle
2009-07-01 19:37 . 2009-07-01 19:37 -------- d-----w- c:\program files\AdorageI-SAL
2009-07-01 18:51 . 2009-07-05 19:32 -------- d-----w- c:\program files\Pinnacle
2009-07-01 16:58 . 2009-07-01 16:58 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2009-06-30 18:52 . 2009-06-30 19:07 -------- d-----w- c:\users\vito\AppData\Local\Pinnacle
2009-06-30 17:20 . 2009-06-30 17:20 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate
2009-06-29 20:25 . 2009-07-02 21:18 2256 ----a-w- c:\windows\current_settings.bin
2009-06-28 17:47 . 1999-11-10 09:05 86016 ----a-w- c:\windows\unvise32qt.exe
2009-06-28 17:47 . 2009-06-28 19:28 -------- d-----w- c:\programdata\QuickTime
2009-06-28 17:40 . 1998-06-17 15:08 57344 ------w- c:\windows\system32\Mfc42loc.dll
2009-06-28 17:39 . 2005-02-09 09:59 14165 ----a-w- c:\windows\system32\drivers\Pclepci.sys
2009-06-28 17:39 . 2006-03-08 10:58 198400 ----a-w- c:\windows\system32\drivers\wisgostrm.sys
2009-06-28 17:39 . 2006-03-08 10:58 52736 ----a-w- c:\windows\system32\drivers\wisboard.dll
2009-06-28 17:39 . 2006-01-24 13:17 30800 ----a-w- c:\windows\go7007fw.bin
2009-06-28 17:39 . 2006-01-24 13:17 208 ----a-w- c:\windows\go7007fw_pf.bin
2009-06-28 17:39 . 2006-01-24 13:17 143540 ----a-w- c:\windows\go7007sb.bin
2009-06-28 17:28 . 2003-03-26 04:58 487424 ------w- c:\windows\system32\MSVCP70.DLL
2009-06-28 17:28 . 2003-02-04 03:08 344064 ------w- c:\windows\system32\MSVCR70.DLL
2009-06-28 17:28 . 2002-01-05 10:18 84992 ------w- c:\windows\system32\ATL70.DLL
2009-06-28 17:25 . 2009-07-04 17:26 -------- d-----w- c:\programdata\Pinnacle
2009-06-28 09:41 . 2009-07-01 19:54 -------- d-----w- c:\users\vito\AppData\Local\Downloaded Installations
2009-06-27 21:53 . 2009-06-27 21:53 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-27 21:52 . 2008-08-26 08:26 18816 ------w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-27 21:51 . 2009-07-05 10:53 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-27 21:48 . 2009-06-27 21:48 33705352 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_ita.exe
2009-06-27 21:48 . 2009-06-27 21:48 95232 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe
2009-06-27 21:48 . 2009-06-27 21:48 8192 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-27 21:48 . 2009-06-27 21:48 61440 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-27 21:48 . 2009-06-27 21:48 10240 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-26 19:23 . 2009-06-26 19:23 -------- d-----w- c:\users\vito\AppData\Roaming\Malwarebytes
2009-06-26 19:23 . 2009-06-17 09:27 38160 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-26 19:23 . 2009-06-26 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 19:23 . 2009-06-26 19:23 -------- d-----w- c:\programdata\Malwarebytes
2009-06-26 19:23 . 2009-06-17 09:27 19096 ------w- c:\windows\system32\drivers\mbam.sys
2009-06-25 19:19 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-25 19:19 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-21 10:53 . 2009-07-09 19:06 -------- d-----w- c:\users\vito\AppData\Roaming\Download Manager
2009-06-20 19:42 . 2009-06-20 19:42 1915520 ----a-w- c:\users\vito\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-19 07:12 . 2009-06-19 07:11 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-19 07:12 . 2009-06-12 06:14 3298072 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-06-19 07:12 . 2009-06-12 06:14 1261344 ----a-w- c:\programdata\avg8\update\backup\avgwd.dll
2009-06-19 07:12 . 2009-06-12 06:14 829208 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-06-15 19:31 . 2009-06-18 21:22 -------- d-----w- c:\users\vito\AppData\Roaming\DVD Flick
2009-06-15 19:30 . 2003-01-26 10:41 40960 ------w- c:\windows\system32\ssubtmr6.dll
2009-06-15 19:30 . 2009-06-15 19:30 -------- d-----w- c:\program files\DVD Flick
2009-06-13 18:14 . 2009-06-13 18:14 -------- d-----w- c:\users\vito\{be8a343f-b7c5-4a04-885b-797cc3c4ba40}
2009-06-13 18:10 . 2009-06-13 18:09 34447128 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_ita.exe
2009-06-13 18:10 . 2009-06-13 18:10 8192 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-13 18:10 . 2009-06-13 18:10 61440 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-13 18:10 . 2009-06-13 18:10 10240 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-13 13:22 . 2009-06-13 13:22 -------- d-----w- c:\programdata\Nokia
2009-06-13 13:21 . 2009-06-13 13:21 24384200 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_it[1].exe
2009-06-13 13:21 . 2009-06-13 13:21 36864 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-06-13 13:21 . 2009-06-13 13:21 3351812 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-06-13 13:21 . 2009-06-13 13:21 3181612 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-06-13 12:41 . 2009-06-28 19:12 -------- d-----w- c:\users\vito\AppData\Roaming\PC Suite
2009-06-13 12:41 . 2009-06-28 19:12 -------- d-----w- c:\users\vito\AppData\Roaming\Nokia
2009-06-13 12:41 . 2009-06-13 13:53 -------- d-----w- c:\programdata\PC Suite
2009-06-13 12:40 . 2009-06-27 21:53 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-13 12:40 . 2009-06-27 21:52 -------- d-----w- c:\program files\DIFX
2009-06-13 12:38 . 2009-02-09 06:37 91136 ------w- c:\windows\system32\nmwcdcls.dll
2009-06-13 12:38 . 2009-06-27 21:53 -------- d-----w- c:\program files\Nokia
2009-06-13 12:37 . 2009-06-13 12:36 33753272 ----a-w- c:\programdata\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_ita_web[1].exe
2009-06-13 12:37 . 2009-06-13 12:37 8192 ----a-w- c:\programdata\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-13 12:37 . 2009-06-13 12:37 61440 ----a-w- c:\programdata\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-13 12:37 . 2009-06-13 12:37 10240 ----a-w- c:\programdata\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-13 12:36 . 2009-06-27 21:48 -------- d-----w- c:\programdata\Installations
2009-06-12 08:46 . 2009-06-12 08:48 -------- d-----w- c:\users\vito\AppData\Local\Microsoft Games
2009-06-12 06:14 . 2009-06-12 06:14 1452312 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-06-11 21:14 . 2006-04-13 00:04 16496 ------w- c:\windows\system32\drivers\HPZipr12.sys
2009-06-11 21:13 . 2006-04-13 00:04 49664 ------w- c:\windows\system32\drivers\HPZid412.sys
2009-06-11 21:12 . 2006-04-13 00:04 282624 ------w- c:\windows\system32\HPZc3212.dll
2009-06-11 21:12 . 2006-04-13 00:04 21568 ------w- c:\windows\system32\drivers\HPZius12.sys
2009-06-11 21:05 . 2006-01-04 09:12 77824 ------w- c:\windows\system32\HPZIDS01.dll
2009-06-11 21:05 . 2006-04-10 12:03 38400 ------w- c:\windows\system32\hpz3l054.dll
2009-06-11 01:08 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-11 01:08 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 01:08 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 18:37 . 2009-06-02 08:05 -------- d-----w- c:\users\vito\AppData\Roaming\DNA
2009-07-10 18:36 . 2009-06-02 08:05 -------- d-----w- c:\users\vito\AppData\Roaming\BitTorrent
2009-07-10 18:30 . 2009-05-27 21:31 -------- d-----w- c:\programdata\avg8
2009-07-10 16:54 . 2007-03-21 03:19 662932 ----a-w- c:\windows\system32\perfh010.dat
2009-07-10 16:54 . 2007-03-21 03:19 120460 ----a-w- c:\windows\system32\perfc010.dat
2009-07-09 21:49 . 2009-06-09 21:49 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-09 21:49 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-09 21:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-09 21:49 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-09 21:49 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-09 21:49 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-09 21:49 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-09 21:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-09 21:46 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-09 19:41 . 2009-05-27 18:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-09 19:21 . 2009-06-06 21:58 -------- d-----w- c:\program files\Yahoo!
2009-07-08 17:40 . 2009-05-27 17:55 -------- d-----w- c:\program files\SpywareBlaster
2009-07-06 16:26 . 2009-05-27 18:51 -------- d-----w- c:\users\vito\AppData\Roaming\uTorrent
2009-07-05 20:30 . 2007-03-20 18:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-05 10:53 . 2009-06-02 10:47 -------- d-----w- c:\program files\Ashampoo
2009-06-30 18:59 . 2009-05-26 21:29 134848 ----a-w- c:\users\vito\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-28 19:12 . 2009-06-28 19:12 0 ------w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-06-13 15:44 . 2009-05-30 07:48 -------- d-----w- c:\programdata\Microsoft Help
2009-06-13 13:18 . 2009-06-13 13:18 0 ------w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-06-13 13:17 . 2009-06-13 13:17 0 ------w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-11 01:05 . 2007-03-20 18:49 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 21:17 . 2009-06-10 21:17 0 ------w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-06 23:10 . 2009-06-06 23:10 0 ----a-w- c:\windows\nsreg.dat
2009-06-06 21:58 . 2009-06-06 21:58 -------- d-----w- c:\users\vito\AppData\Roaming\Yahoo!
2009-06-04 19:52 . 2009-06-04 19:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-04 19:48 . 2009-06-04 19:46 -------- d-----w- c:\programdata\NOS
2009-06-04 19:46 . 2009-06-04 19:46 -------- d-----w- c:\program files\NOS
2009-06-02 13:43 . 2009-05-27 19:42 -------- d-----w- c:\programdata\eMule
2009-06-02 13:42 . 2009-06-02 13:42 -------- d-----w- c:\program files\eMule
2009-06-02 10:48 . 2009-06-02 10:48 -------- d-----w- c:\users\vito\AppData\Roaming\Ashampoo
2009-06-02 10:47 . 2009-06-02 10:47 -------- d-----w- c:\programdata\ashampoo
2009-06-02 08:58 . 2009-05-29 19:24 -------- d-----w- c:\programdata\Nero
2009-06-02 08:05 . 2009-06-02 08:05 -------- d-----w- c:\program files\BitTorrent
2009-06-02 08:05 . 2009-06-02 08:05 -------- d-----w- c:\program files\DNA
2009-06-01 17:14 . 2009-06-01 17:14 0 ------w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-31 20:45 . 2009-05-27 20:43 -------- d-----w- c:\program files\VideoLAN
2009-05-31 20:43 . 2007-03-20 18:54 -------- d-----w- c:\programdata\Symantec
2009-05-31 20:43 . 2007-03-20 18:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-31 08:01 . 2006-11-02 10:32 101888 ------w- c:\windows\system32\ifxcardm.dll
2009-05-31 08:01 . 2006-11-02 10:32 82432 ------w- c:\windows\system32\axaltocm.dll
2009-05-30 22:31 . 2009-05-30 22:31 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-05-30 22:21 . 2009-05-28 19:34 -------- d-----w- c:\program files\Microsoft
2009-05-30 14:59 . 2009-05-30 14:59 -------- d-----w- c:\users\vito\AppData\Roaming\kantaris
2009-05-30 14:49 . 2009-05-30 14:49 -------- d-----w- c:\users\vito\AppData\Roaming\vlc
2009-05-30 13:53 . 2007-03-20 18:53 -------- d-----w- c:\program files\Google
2009-05-30 13:43 . 2007-03-20 18:47 -------- d-----w- c:\program files\Common Files\Real
2009-05-30 13:17 . 2009-05-27 21:07 -------- d-----w- c:\programdata\VistaCodecs
2009-05-30 10:05 . 2009-05-30 10:05 406360 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-30 07:53 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-05-30 07:52 . 2009-05-30 07:52 -------- d-----w- c:\program files\Microsoft.NET
2009-05-30 07:49 . 2009-05-30 07:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-05-29 19:36 . 2009-05-29 19:36 -------- d-----w- c:\programdata\LightScribe
2009-05-29 19:29 . 2009-05-29 19:29 -------- d-----w- c:\users\vito\AppData\Roaming\Nero
2009-05-29 19:11 . 2009-05-28 20:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-29 19:07 . 2009-05-27 19:55 -------- d-----w- c:\users\vito\AppData\Roaming\ZipGenius
2009-05-29 19:01 . 2007-03-20 18:40 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-05-29 18:40 . 2009-05-29 18:40 -------- d-----w- c:\users\vito\AppData\Roaming\Roxio
2009-05-29 18:40 . 2007-03-20 18:40 -------- d-----w- c:\programdata\Sonic
2009-05-28 20:15 . 2009-05-28 18:28 -------- d-----w- c:\programdata\NVIDIA
2009-05-28 20:08 . 2009-05-28 19:34 -------- d-----w- c:\program files\Windows Live
2009-05-28 20:07 . 2009-05-28 20:07 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-28 20:04 . 2009-05-28 20:04 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-28 19:38 . 2009-05-28 19:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-28 19:33 . 2009-05-28 19:33 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-28 17:15 . 2007-03-20 18:48 -------- d-----w- c:\program files\HP
2009-05-28 17:04 . 2007-03-20 18:39 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-28 17:04 . 2007-03-20 18:39 -------- d-----w- c:\program files\Realtek
2009-05-28 17:03 . 2009-05-28 17:03 -------- d-----w- c:\users\vito\AppData\Roaming\WinBatch
2009-05-27 21:31 . 2009-05-27 21:31 -------- d-----w- c:\program files\AVG
2009-05-27 21:24 . 2007-03-20 18:54 -------- d-----w- c:\program files\Symantec
2009-05-27 21:08 . 2009-05-27 21:08 -------- d-----w- c:\program files\VistaCodecPack
2009-05-27 21:08 . 2009-05-27 21:08 -------- d-----w- c:\users\vito\AppData\Roaming\VistaCodecs
2009-05-27 19:55 . 2009-05-27 19:55 -------- d-----w- c:\program files\ZipGenius 6
2009-05-27 18:33 . 2009-05-27 18:33 -------- d-----w- c:\program files\CCleaner
2009-05-27 18:09 . 2009-05-27 18:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-27 02:22 . 2009-05-27 02:22 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-05-27 02:22 . 2009-05-27 02:22 272896 ----a-w- c:\windows\system32\polstore.dll
2009-05-27 02:05 . 2009-05-27 02:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-05-27 01:45 . 2009-05-27 01:45 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-05-27 01:41 . 2009-05-27 01:41 9728 ----a-w- c:\windows\system32\lsass.exe
2009-05-27 01:37 . 2009-05-27 01:37 37888 ----a-w- c:\windows\system32\printcom.dll
2009-05-27 01:36 . 2009-05-27 01:36 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-05-27 01:22 . 2009-05-27 01:22 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-27 01:07 . 2009-05-27 01:07 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-05-27 01:03 . 2009-05-27 01:03 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-05-26 22:15 . 2009-05-26 22:15 1801 ------w- c:\windows\system32\drivers\103C_HP_CPC_RZ412AA-ABZ a6020.it_YC_0Pavi_QCZX718_E72ITv3PrA1_49_INettle_SECS_V1.0_B5.07_T070404_WUH0_L410_M1022_J250_7AMD_8Athlon 64 X2 Dual Core_92.5_#070927_N10DE03EF_Z_G10DE01DD.MRK
2009-05-26 21:21 . 2009-05-26 21:21 -------- d-----w- c:\users\vito\AppData\Roaming\Hewlett-Packard
2009-05-26 21:16 . 2009-05-26 21:16 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-26 21:16 . 2009-05-26 21:16 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-26 21:16 . 2009-05-26 21:16 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-26 21:16 . 2009-05-26 21:16 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-26 21:16 . 2009-05-26 21:16 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-26 21:16 . 2009-05-26 21:16 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-26 21:16 . 2009-05-26 21:16 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-26 21:15 . 2009-05-26 21:15 31232 ----a-w- c:\windows\system32\wuapp.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BitTorrent DNA"="c:\users\vito\Program Files\DNA\btdna.exe" [2009-06-02 321344]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-27 8473120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-27 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):db,a7,ee,97,df,00,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EDD164C9-C587-449B-9A1E-E8143B091243}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{E696A304-C776-4E76-905F-FB960B9FFEF8}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{850E51CA-5DBE-4001-AFCE-67FDB609A619}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{42C06CD3-0454-479C-B4E6-64314EA14C78}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{740D5E1F-3F48-43D4-953F-1FCF0DFD7D7B}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{73B9C3FA-85F1-4E75-8BB2-ED5EF26AEE22}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{703F38E5-7F91-4AA4-95FB-F4BC45A40081}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{92B24F08-762C-4284-B6A1-33EB8094E516}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{194E0EF4-0BAA-420F-A3E1-CCC4EA516DCA}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{0BF1D4ED-5AF3-4229-840F-E1017D05812E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{3A194258-B2F9-4384-9DAE-D3D0FB4BBB71}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{83EF4A36-984B-4B9E-BB18-4BCF2E62F414}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{56814B35-64DA-4BCA-81E4-08496213BFCE}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{D425DA68-5BCB-4DE8-AE61-F591A01EBC4E}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{9C0C8C49-C415-4C0E-BD4C-CE333AB4AF0C}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{1489523A-F78D-499D-9A2F-3641CA2B479A}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{37316BEE-3841-48FB-9035-4AA412C77A48}c:\\users\\vito\\program files\\dna\\btdna.exe"= UDP:c:\users\vito\program files\dna\btdna.exe:btdna.exe
"UDP Query User{71FC254D-4CA2-497E-9387-6175FA82B668}c:\\users\\vito\\program files\\dna\\btdna.exe"= TCP:c:\users\vito\program files\dna\btdna.exe:btdna.exe
"{4C2E7F7D-7A39-4449-AA46-5060C2172273}"= UDP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{341D9EA7-EAF3-41FD-9546-FCE3BC966554}"= TCP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{41C83376-825B-4CD6-98D2-079503E1A952}"= UDP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{A7984FB8-4B65-44BD-A715-1B301AB153D1}"= TCP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{344C1E67-58F9-4A90-B98B-1E21AE934748}"= UDP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{89269C1A-BD4F-4FEF-8E7D-292999992BA0}"= TCP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{E457092A-DAE6-4738-A4E1-C45BB0181264}"= UDP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{386EB3D9-34D9-45FB-9349-E53378818CBC}"= TCP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{3544B803-425E-4252-9792-CBFAE49487DC}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{C57D5B59-19A4-4218-864F-BBB4EAE856E4}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{9C892222-D977-4997-8EDD-CEC91516DFF1}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{A0DE473C-9FF1-4568-BCC9-D515207E3312}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{7515055B-152D-477F-9D8C-040286D80167}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{FC6A724B-2507-4D2F-BF30-15ED7F79886E}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [28/05/2009 22.09.07 55280]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18.08.58 533360]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [27/05/2009 20.05.59 1153368]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16.28.36 1533808]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [04/06/2009 21.46.15 33176]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - AvgLdx86
*Deregistered* - MBAMSwissArmy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-07-08 14:55]

2009-07-10 c:\windows\Tasks\User_Feed_Synchronization-{A74BE7B4-FDD3-456F-B679-1A441167C1BF}.job
- c:\windows\system32\msfeedssync.exe [2009-06-25 11:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
mStart Page = hxxp://home.sweetim.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 20:39
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,72,cb,f9,77,bd,
26,fd,86,e2,63,26,f1,3f,c8,ff,68,db,d1,94,a8,21,3e,f6,03,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,16,96,96,91,e4,
c7,bb,fe,6a,9c,d6,61,af,45,84,18,31,d9,45,16,68,47,8d,7e,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,d6,cf,68,dd,66,
66,2b,1c,ff,7c,85,e0,43,d4,0e,fe,1d,d5,08,fa,20,6a,94,5a,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,d8,92,87,9b,99,
85,e7,ef,86,8c,21,01,be,91,eb,e7,d1,ba,d0,85,43,d1,28,34,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,ab,2b,54,21,ee,
7e,b0,43,f5,1d,4d,73,a8,13,5c,05,fa,45,2e,63,aa,93,6a,5d,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,ba,1b,0f,bf,03,
64,4a,1d,df,20,58,62,78,6b,cf,c8,b2,29,ce,f4,dd,db,e9,71,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,34,19,7b,e0,3d,
61,f4,f8,fb,a7,78,e6,12,2f,9a,ea,e5,9e,4c,26,92,36,e6,0e,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,44,42,f7,c8,d9,
0c,8a,07,01,3a,48,fc,e8,04,4a,f1,e1,1e,ea,df,e0,5a,de,30,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,44,12,6a,80,2a,
e9,f6,a4,f6,0f,4e,58,98,5b,89,c9,f6,96,5a,19,fd,92,ad,5a,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,44,6a,02,87,cb,
c7,79,25,3d,ce,ea,26,2d,45,aa,78,d9,33,72,35,a6,9a,43,51,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,97,84,65,76,54,
bc,74,7e,2a,b7,cc,b5,b9,7f,41,e7,2f,09,d3,52,a6,d6,65,bb,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,41,f5,96,75,d6,
ec,07,21,6c,43,2d,1e,aa,22,2f,9c,99,08,88,56,fc,2a,65,ae,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-07-10 20.41.46
ComboFix-quarantined-files.txt 2009-07-10 18:41

Pre-Run: 137.576.648.704 byte disponibili
Post-Run: 137.318.674.432 byte disponibili

436 --- E O F --- 2009-07-09 21:37
Torna in alto
 
caradonna
Inviato: Friday, July 10, 2009 10:50:54 PM

Rank: AiutAmico

Iscritto dal : 8/17/2008
Posts: 53
r16 io il mio lo fatto, aspetto te per sapere come comportarmi. grazie.
Torna in alto
 
r16
Inviato: Friday, July 10, 2009 11:23:53 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Entra in Modalità Provvisoria.
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\vito\Program Files\DNA\btdna.exe"
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
Riavvia il pc.
Vai in Installazione Applicazioni, e Rimuovi tutte le toolbar (SweetIM compreso.)
Segui questo percorso ed elimina il file in rosso:
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a Cancella i file in Windows Temp solo se più vecchi di 48 ore
Postami un nuovo log di HJT, e rifersci se ci sono miglioramenti.
Torna in alto
 
caradonna
Inviato: Saturday, July 11, 2009 12:34:21 AM

Rank: AiutAmico

Iscritto dal : 8/17/2008
Posts: 53
Grazie 1000.
Detto fatto, questo e il nuovo log di hijackthis.
Comunque penso che si sia sistemato tutto, perchè adesso il pc va come una ferrari.
P.S. adesso devo disinstallare combofix, aspetto tue notizie.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.14.05, on 09/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Users\vito\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\hp\kbd\kbd.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\vito\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 10252 bytes
Torna in alto
 
r16
Inviato: Saturday, July 11, 2009 12:53:10 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Strano che vada come una Ferrari, (che poi ultimamente .....)
Alcune voci non sono state eliminate. (per non dire tutte)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\vito\Program Files\DNA\btdna.exe"
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Per favore, eliminale come Amministratore.
Torna in alto
 
caradonna
Inviato: Saturday, July 11, 2009 9:37:20 AM

Rank: AiutAmico

Iscritto dal : 8/17/2008
Posts: 53
ti posso assicurare che va come una ferrari, comunque hai ragione alcune voci non sono state eliminate.
però se vado in modalità provvisoria e come amministratore non le trovo. le trovo solo quando le mette nel blocco notes.
forse sbaglio qualche passaggio?
Torna in alto
 
caradonna
Inviato: Saturday, July 11, 2009 4:26:26 PM

Rank: AiutAmico

Iscritto dal : 8/17/2008
Posts: 53
Ciao r16, non so perchè ma ogni volta che avviavo HJT nel blocco note si apriva quello che ho postato de
all'inizio.
Dopo un po di prove me ne sono accorto, cosi ho eliminato HJT e l'ho reinstallato, questo qui sotto e il nuovo log di HJT.
Fammi sapere qualcosa




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.07.48, on 11/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7353 bytes
Torna in alto
 
r16
Inviato: Saturday, July 11, 2009 6:32:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Adesso cominciamo a ragionare...
Qualcosa è rimasto ancora.
R3 - URLSearchHook: (no name) - *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

Pulisci con CCleaner.
Dovresti essere a posto.
Torna in alto
 
caradonna
Inviato: Saturday, July 11, 2009 7:53:00 PM

Rank: AiutAmico

Iscritto dal : 8/17/2008
Posts: 53
Ciao r16, ho fatto tutto.
solo
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
non riesco ad eliminarlo, ho provatto sia in modalità provvisoria che come amministratore.
Torna in alto
 
caradonna
Inviato: Saturday, July 11, 2009 7:57:02 PM

Rank: AiutAmico

Iscritto dal : 8/17/2008
Posts: 53
questo è l'ultimo log di HJT.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.54.26, on 11/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8130 bytes
Torna in alto
 
r16
Inviato: Sunday, July 12, 2009 12:45:34 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Fai cosi:
Scarica e installa Pserv sul desktop:
http://p-nand-q.com/download/pserv_cpl/pserv-2.7.exe
Lo lanci da "Tutti programmi" cliccando : "Services & Devices"
Nella schermata che apparirà, cerca e trova il servizio incriminato.
Clicca con il tasto destro sopra il servizio, e scegli : Delete.
Chiudi Pserv.
Riavvia il pc.
Dovrebbe essere fottuto....Shhh
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » internet lento


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.