Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Ram al 100%

3 pages: 1 [2] 3
Ram al 100% Opzioni
Topic Precedente · Topic Sucessivo
r16
Inviato: Friday, January 22, 2010 6:03:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina questa cartella in rosso:
c:\programmi\MyPlayCity.com
La CPU è migliorata?
Torna in alto
 
bunzi
Inviato: Friday, January 22, 2010 6:10:29 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
Devo dire di si, ho aperto il Task Manager e ho riscontrato con 43 processi in esecuzione che la CPU è intorno al 4-5%, il ciclo idle è sul 94-95% e 445 MB di file paging utilizzato.
Mi sembra che vada bene

Ti ringrazio dei suggerimenti
Torna in alto
 
r16
Inviato: Friday, January 22, 2010 6:13:46 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Sì, quei parametri vanno bene.
Per eliminare i vari Tooll scaricati:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Domande?
Torna in alto
 
bunzi
Inviato: Friday, January 22, 2010 6:16:55 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
r16 ha scritto:
Elimina questa cartella in rosso:
c:\programmi\MyPlayCity.com
La CPU è migliorata?


r16 l'ho creata io e contiene dei giochi che utilizzo normalmente
Torna in alto
 
r16
Inviato: Friday, January 22, 2010 6:19:04 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
r16 l'ho creata io e contiene dei giochi che utilizzo normalmente

Se l'hai creata tu, è un'altro discorso.
Io sò che quel sito è pericoloso.
Se non hai altri problemi, abbiamo finito.
Torna in alto
 
bunzi
Inviato: Friday, January 22, 2010 6:19:30 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
r16 ha scritto:
Sì, quei parametri vanno bene.
Per eliminare i vari Tooll scaricati:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Domande?



E' una curiosità, quali sono le Toolbar di cui mi parli?

Provvedo anche a scaricare OTC e lo lancio
Torna in alto
 
r16
Inviato: Friday, January 22, 2010 6:23:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Queste:
C:\Programmi\Family Toolbar\tbu09631\tbhelper.dll
Toolbar: Easy Photo Print
Torna in alto
 
bunzi
Inviato: Friday, January 22, 2010 7:09:00 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
Ho scaricato OTC sul desktop, l'ho lanciato in esecuzione come hai detto e poi il pc ha fatto il reboot.
Tutto bene, ma però mi ha cancellato i due programmi che avevo sul desktop, Combofix e OTC.
E' giusto?
Torna in alto
 
r16
Inviato: Friday, January 22, 2010 10:14:37 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
bunzi ha scritto:
Ho scaricato OTC sul desktop, l'ho lanciato in esecuzione come hai detto e poi il pc ha fatto il reboot.
Tutto bene, ma però mi ha cancellato i due programmi che avevo sul desktop, Combofix e OTC.
E' giusto?

E' programmato per quella funzione. (sia Combofix, che OTC, non ti servono più)
Disistalla i tool che sono stati installati, e che sono inutili.
Torna in alto
 
bunzi
Inviato: Saturday, January 23, 2010 1:47:14 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
Ciao r16,
entro in C/Programmi ma la cartella Family Tooòbar non si cancella, " accesso negato, il file dbghelp.dll in esecuzione".
L'altra toolbar Easy Photo Print è un programma di visione foto installato con Multifunzione Epson SX100.
Che faccio?
Torna in alto
 
r16
Inviato: Saturday, January 23, 2010 1:55:05 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non si elimina perchè sono le chiavi del registro che bisogna eliminare.
Per eliminarla, dovrei farti fare tutta una procedura con Combofix, oppure con Avenger.
Vale la pena?
Al limite prova in Modalità provvisoria.
Torna in alto
 
bunzi
Inviato: Saturday, January 23, 2010 2:03:28 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
Al limite proverò in modalità provvisoria, se va bene ok altrimenti visto che non mi sembra una cosa che mi crea problemi lascerei stare.
Grazie
Torna in alto
 
r16
Inviato: Saturday, January 23, 2010 2:07:16 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Io la leverei.
Ho visto che ha una marea di chiavi sul registro.
Infatti, avevo preparato uno script, precedente, che comprendeva la loro eliminazione.
Poi ho lasciato perdere, pensando che ti poteva servire.
Forse ho sbagliato.......Anxious
Torna in alto
 
monsee
Inviato: Saturday, January 23, 2010 2:37:40 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Non è che hai "sbagliato", r16: l'idea che t'ha guidato è quella giusta. Sta a lui, decidere se vuole eliminare quelle voci di Registro oppure no...
Tu le elimineresti, io le eliminerei, ma è lui che deve scegliere (secondo le sue preferenze), questa volta...
Torna in alto
 
bunzi
Inviato: Saturday, January 23, 2010 4:06:14 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
r16 ha scritto:
Io la leverei.
Ho visto che ha una marea di chiavi sul registro.
Infatti, avevo preparato uno script, precedente, che comprendeva la loro eliminazione.
Poi ho lasciato perdere, pensando che ti poteva servire.
Forse ho sbagliato.......Anxious


r16 accetto sempre i consigli e i suggerimenti, quindi se pensi che possano servirmi e che io sono in grado di utilizzare, ben volentieri aspetto che mi invii quello che serve.
Scusami ma dicendomi vale la pena ho pensato che non fosse proprio necessario

Combofix l'ho già utilizzato su tuo consiglio per cui penso che non avrò problemi a rifare le operazioni
ciao
Torna in alto
 
r16
Inviato: Saturday, January 23, 2010 4:10:32 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Allora fai una scansione con Combofix.
Le istruzioni e il dowload, le leggi nella prima pagina di questo topic.
Posta il log.
Torna in alto
 
bunzi
Inviato: Saturday, January 23, 2010 4:13:25 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
va bene, lo faccio subito
Torna in alto
 
bunzi
Inviato: Saturday, January 23, 2010 4:46:10 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
ComboFix 10-01-22.03 - Pierino 23/01/2010 16.22.08.3.1 - x86
Ecco il log
Grazie

Eseguito da: c:\documents and settings\Pierino\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100123-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-12-23 al 2010-01-23 )))))))))))))))))))))))))))))))))))
.

2010-01-19 16:50 . 2010-01-19 16:51 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Xcelsius
2010-01-15 22:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 22:16 . 2010-01-15 22:16 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-15 22:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-15 22:11 . 2010-01-15 22:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-15 13:01 . 2010-01-17 21:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2010-01-13 17:28 . 2010-01-13 17:28 -------- d-----w- c:\programmi\File comuni\xing shared
2010-01-13 17:27 . 2010-01-13 17:27 -------- d-----w- c:\programmi\Real
2010-01-13 17:11 . 2010-01-13 17:28 -------- d-----w- c:\programmi\File comuni\Real
2010-01-12 18:18 . 2010-01-12 18:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivoGames
2010-01-12 16:38 . 2009-04-06 10:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-01-12 16:38 . 2009-02-10 15:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-01-12 16:37 . 2009-02-18 16:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-01-12 16:36 . 2010-01-12 16:36 -------- d-----w- c:\programmi\Agnitum
2010-01-12 16:34 . 2010-01-12 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Agnitum
2010-01-12 13:34 . 2010-01-12 13:34 -------- d-----w- c:\programmi\VDOWNLOADER
2010-01-12 13:34 . 2010-01-12 13:34 -------- d-----w- c:\programmi\File comuni\eBay
2010-01-12 13:32 . 2010-01-13 13:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EPSON
2010-01-12 06:06 . 2010-01-19 15:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LogiShrd
2010-01-11 22:55 . 2010-01-11 22:55 -------- d-----w- c:\documents and settings\Pierino\Impostazioni locali\Dati applicazioni\vdownloader
2010-01-11 20:41 . 2010-01-22 21:44 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Skype
2010-01-11 20:40 . 2010-01-11 20:40 -------- d-----w- c:\programmi\File comuni\Skype
2010-01-10 19:21 . 2010-01-10 19:23 -------- d-----w- c:\windows\SHELLNEW
2010-01-10 19:21 . 2010-01-10 19:21 -------- d-----w- c:\programmi\Microsoft.NET
2010-01-10 19:18 . 2010-01-10 19:18 -------- d-----r- C:\MSOCache
2010-01-05 09:49 . 2010-01-05 09:49 -------- d-----w- c:\programmi\Stampa Copertine
2010-01-04 22:34 . 2010-01-04 22:34 -------- d-----w- c:\documents and settings\Pierino\.thumbnails
2010-01-04 21:59 . 2010-01-04 22:00 -------- d-----w- c:\programmi\GIMPshop
2010-01-04 21:15 . 2010-01-05 09:37 -------- d-----w- c:\documents and settings\Pierino\.gimp-2.2
2010-01-04 21:09 . 2010-01-04 21:09 -------- d-----w- c:\programmi\IrfanView
2010-01-04 17:44 . 2010-01-04 18:18 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Vso
2010-01-03 09:43 . 2010-01-03 09:46 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\GetRightToGo
2009-12-31 16:11 . 2009-12-31 16:12 -------- d-----w- c:\programmi\Date Cracker 2000
2009-12-31 16:11 . 2010-01-01 11:03 249856 ------w- c:\windows\Setup1.exe
2009-12-31 11:40 . 2009-12-31 11:40 -------- d-----w- c:\programmi\Lavalys
2009-12-28 21:17 . 2009-12-28 21:19 -------- d-----w- c:\programmi\You Ripper
2009-12-28 21:17 . 2009-12-28 21:17 92728 ------w- c:\windows\system32\bass.dll
2009-12-27 09:42 . 2009-12-30 14:14 -------- d-----w- c:\programmi\MemoRex
2009-12-26 12:25 . 2009-12-26 12:33 -------- d-----w- c:\programmi\Ri-li
2009-12-26 12:25 . 2009-12-26 12:25 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-12-25 16:45 . 2009-12-25 16:55 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\AmazeCopy
2009-12-25 16:08 . 2009-12-25 16:08 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Jasc
2009-12-24 17:37 . 2009-12-24 17:46 -------- d-----w- c:\programmi\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 12:42 . 2009-11-13 09:56 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\EPSON
2010-01-22 21:46 . 2008-03-15 08:38 66096 ----a-w- c:\documents and settings\Pierino\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-22 15:01 . 2008-10-10 15:58 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\skypePM
2010-01-12 10:24 . 2009-05-05 12:50 -------- d-----w- c:\programmi\FairUse Wizard 2
2010-01-11 20:40 . 2009-11-30 13:58 -------- d-----w- c:\programmi\Skype
2010-01-11 20:40 . 2009-07-23 07:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-01-11 12:42 . 2008-03-14 16:25 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-01-11 12:42 . 2009-09-13 09:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2010-01-11 12:42 . 2008-03-14 16:26 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-08 16:50 . 2008-12-15 07:41 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\dvdcss
2010-01-01 11:03 . 2008-11-22 13:54 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-27 12:42 . 2008-03-20 12:34 -------- d-----w- c:\programmi\QuickTime
2009-12-27 10:07 . 2009-03-17 10:45 -------- d-----w- c:\programmi\AIMP2
2009-12-24 14:59 . 2009-12-24 14:59 -------- d-----w- c:\programmi\Paravia
2009-12-24 13:29 . 2008-03-18 12:34 -------- d-----w- c:\programmi\MyHeritage
2009-12-24 13:29 . 2009-12-19 13:46 -------- d-----w- c:\programmi\Family Toolbar
2009-12-21 21:34 . 2009-12-08 10:13 -------- d-----w- c:\programmi\MyPlayCity.com
2009-12-21 20:57 . 2009-12-21 20:57 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Sahmon Games
2009-12-20 16:20 . 2009-12-20 16:20 -------- d-----w- c:\programmi\Time Stopper
2009-12-14 22:24 . 2009-12-14 22:24 -------- d-----w- c:\programmi\MWSnap
2009-12-12 09:03 . 2008-03-28 12:35 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\URSE Games
2009-12-09 11:34 . 2009-12-09 11:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SugarGames
2009-12-07 22:56 . 2009-12-07 22:50 -------- d-----w- c:\programmi\Thumbs5
2009-12-04 10:30 . 2009-11-13 08:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\UDL
2009-12-04 10:28 . 2009-11-13 08:26 -------- d-----w- c:\programmi\ABBYY FineReader 6.0 Sprint
2009-12-04 10:27 . 2009-11-13 08:21 -------- d-----w- c:\programmi\epson
2009-12-04 10:26 . 2009-12-04 10:26 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\InstallShield
2009-12-02 13:28 . 2009-07-23 16:41 -------- d-----w- c:\programmi\REAPER
2009-12-02 13:23 . 2009-10-24 09:15 -------- d-----w- c:\programmi\eMule
2009-12-01 13:25 . 2008-07-04 11:27 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\RaimaRadio
2009-11-30 14:00 . 2009-11-30 14:00 -------- d-----w- c:\programmi\Casino Madness 98
2009-11-30 13:58 . 2009-11-24 12:59 -------- d-----w- c:\programmi\GameSpy Arcade
2009-11-30 13:58 . 2009-11-24 13:43 -------- d-----w- c:\programmi\Skype(2)
2009-11-30 13:58 . 2009-11-24 13:44 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Skype(2)
2009-11-30 13:56 . 2009-11-30 13:07 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Skype(3)
2009-11-24 23:54 . 2008-03-17 11:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-03-17 11:33 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-03-17 11:33 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-04 16:46 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-04 16:46 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-03-17 11:33 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-03-17 11:33 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-03-17 11:33 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-03-17 11:32 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-02 09:26 . 2009-11-02 09:26 351248 ----a-w- c:\windows\system32\FTBSaver.scr
1999-08-20 07:25 . 2002-12-17 18:08 877 ----a-w- c:\programmi\config.cfg
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\programmi\Family Toolbar\tbu09631\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\programmi\Family Toolbar\tbu09631\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\programmi\Family Toolbar\tbu09631\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\programmi\Family Toolbar\tbu09631\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"CnxDslTaskBar"="c:\programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 462848]
"MemoREX"="c:\programmi\MemoRex\MemoRexStart.exe" [2003-07-29 332288]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-01-13 198160]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2008 17.46.08 114768]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/01/2010 17.38.31 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [12/01/2010 17.36.57 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 17.46.08 20560]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/01/2010 17.37.02 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/01/2010 17.38.21 257432]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [01/07/2009 10.23.30 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [01/07/2009 10.17.04 646784]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [01/07/2009 10.23.30 108675]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 16:32
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:ôwjY*]
"DisplayName"="\09"
"DeviceDesc"="\09"
"ProviderName"=""
"MFG"="?"
"ReinstallString"="2002, 6.13.10.6094"
"DeviceInstanceIds"=multi:"\00"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(4176)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\MemoRex\MemoRex.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\windows\System32\Ati2evxx.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\StkASv2K.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-23 16:38:58 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-23 15:38

Pre-Run: 19.591.405.568 byte disponibili
Post-Run: 19.702.677.504 byte disponibili

- - End Of File - - 3D382B80BC50630A17234C8564101858
Torna in alto
 
r16
Inviato: Saturday, January 23, 2010 8:24:28 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
File::
c:\programmi\Family Toolbar\tbu09631\tbhelper.dll
c:\programmi\Family Toolbar\tbu09631\tbcore3.dll

Folder::
c:\programmi\Family Toolbar

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"=-
[-HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[-HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"=-
[-HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"=-
[-HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
bunzi
Inviato: Saturday, January 23, 2010 10:30:33 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
Riecco il log aggiornato

ComboFix 10-01-22.03 - Pierino 23/01/2010 22.14.28.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.735.412 [GMT 1:00]
Eseguito da: c:\documents and settings\Pierino\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Pierino\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100123-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\programmi\Family Toolbar\tbu09631\tbcore3.dll"
"c:\programmi\Family Toolbar\tbu09631\tbhelper.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\Family Toolbar
c:\programmi\Family Toolbar\about.gif
c:\programmi\Family Toolbar\about.html
c:\programmi\Family Toolbar\active.html
c:\programmi\Family Toolbar\addPhotos.gif
c:\programmi\Family Toolbar\alerts.gif
c:\programmi\Family Toolbar\anniversary.gif
c:\programmi\Family Toolbar\AR.gif
c:\programmi\Family Toolbar\banner.html
c:\programmi\Family Toolbar\basis.xml
c:\programmi\Family Toolbar\BG.gif
c:\programmi\Family Toolbar\birthday.gif
c:\programmi\Family Toolbar\buyFamilyGifts.gif
c:\programmi\Family Toolbar\calendar.gif
c:\programmi\Family Toolbar\chat.html
c:\programmi\Family Toolbar\clearhist.exe
c:\programmi\Family Toolbar\clearSearchHistory.gif
c:\programmi\Family Toolbar\collage.gif
c:\programmi\Family Toolbar\createFamilySite.gif
c:\programmi\Family Toolbar\CS.gif
c:\programmi\Family Toolbar\DA.gif
c:\programmi\Family Toolbar\dbghelp.dll
c:\programmi\Family Toolbar\DE.gif
c:\programmi\Family Toolbar\EL.gif
c:\programmi\Family Toolbar\EN.gif
c:\programmi\Family Toolbar\ES.gif
c:\programmi\Family Toolbar\Family_Toolbar.dll
c:\programmi\Family Toolbar\family_toolbar.xpi
c:\programmi\Family Toolbar\familyTree.gif
c:\programmi\Family Toolbar\femaleOnline.gif
c:\programmi\Family Toolbar\femaleOnlineAway.gif
c:\programmi\Family Toolbar\FI.gif
c:\programmi\Family Toolbar\FR.gif
c:\programmi\Family Toolbar\HE.gif
c:\programmi\Family Toolbar\HR.gif
c:\programmi\Family Toolbar\HU.gif
c:\programmi\Family Toolbar\icons.bmp
c:\programmi\Family Toolbar\inboxOff.gif
c:\programmi\Family Toolbar\inboxOn.gif
c:\programmi\Family Toolbar\info.txt
c:\programmi\Family Toolbar\inviteFamily.gif
c:\programmi\Family Toolbar\IT.gif
c:\programmi\Family Toolbar\logoff.gif
c:\programmi\Family Toolbar\logOnToMH.gif
c:\programmi\Family Toolbar\LT.gif
c:\programmi\Family Toolbar\maleOnline.gif
c:\programmi\Family Toolbar\maleOnlineAway.gif
c:\programmi\Family Toolbar\MHlogo.gif
c:\programmi\Family Toolbar\morph.gif
c:\programmi\Family Toolbar\NL.gif
c:\programmi\Family Toolbar\NO.gif
c:\programmi\Family Toolbar\off.exe
c:\programmi\Family Toolbar\online.gif
c:\programmi\Family Toolbar\PB.gif
c:\programmi\Family Toolbar\photos.gif
c:\programmi\Family Toolbar\PL.gif
c:\programmi\Family Toolbar\privacy.gif
c:\programmi\Family Toolbar\PT.gif
c:\programmi\Family Toolbar\reload.gif
c:\programmi\Family Toolbar\RO.gif
c:\programmi\Family Toolbar\RU.gif
c:\programmi\Family Toolbar\search.gif
c:\programmi\Family Toolbar\site.gif
c:\programmi\Family Toolbar\sites.gif
c:\programmi\Family Toolbar\SK.gif
c:\programmi\Family Toolbar\SR.gif
c:\programmi\Family Toolbar\stub.xml
c:\programmi\Family Toolbar\SV.gif
c:\programmi\Family Toolbar\tagPeople.gif
c:\programmi\Family Toolbar\TB_AR.gif
c:\programmi\Family Toolbar\TB_BG.gif
c:\programmi\Family Toolbar\TB_CS.gif
c:\programmi\Family Toolbar\TB_DA.gif
c:\programmi\Family Toolbar\TB_DE.gif
c:\programmi\Family Toolbar\TB_EL.gif
c:\programmi\Family Toolbar\TB_EN.gif
c:\programmi\Family Toolbar\TB_ES.gif
c:\programmi\Family Toolbar\TB_FI.gif
c:\programmi\Family Toolbar\TB_FR.gif
c:\programmi\Family Toolbar\TB_HE.gif
c:\programmi\Family Toolbar\TB_HR.gif
c:\programmi\Family Toolbar\TB_HU.gif
c:\programmi\Family Toolbar\TB_IT.gif
c:\programmi\Family Toolbar\TB_LT.gif
c:\programmi\Family Toolbar\TB_NL.gif
c:\programmi\Family Toolbar\TB_NO.gif
c:\programmi\Family Toolbar\TB_PB.gif
c:\programmi\Family Toolbar\TB_PL.gif
c:\programmi\Family Toolbar\TB_PT.gif
c:\programmi\Family Toolbar\TB_RO.gif
c:\programmi\Family Toolbar\TB_RU.gif
c:\programmi\Family Toolbar\TB_SK.gif
c:\programmi\Family Toolbar\TB_SR.gif
c:\programmi\Family Toolbar\TB_SV.gif
c:\programmi\Family Toolbar\TB_TR.gif
c:\programmi\Family Toolbar\TB_UK.gif
c:\programmi\Family Toolbar\tbcore3.dll
c:\programmi\Family Toolbar\tbhelper.dll
c:\programmi\Family Toolbar\tbs_include_script_000391.js
c:\programmi\Family Toolbar\tbs_include_script_000733.js
c:\programmi\Family Toolbar\tbs_include_script_000784.js
c:\programmi\Family Toolbar\tbs_include_script_001134.js
c:\programmi\Family Toolbar\tbs_include_script_002287.js
c:\programmi\Family Toolbar\tbs_include_script_002346.js
c:\programmi\Family Toolbar\tbs_include_script_002789.js
c:\programmi\Family Toolbar\tbs_include_script_002833.js
c:\programmi\Family Toolbar\tbs_include_script_003080.js
c:\programmi\Family Toolbar\tbs_include_script_003083.js
c:\programmi\Family Toolbar\tbs_include_script_004456.js
c:\programmi\Family Toolbar\tbs_include_script_004711.js
c:\programmi\Family Toolbar\tbs_include_script_004823.js
c:\programmi\Family Toolbar\tbs_include_script_004824.js
c:\programmi\Family Toolbar\tbs_include_script_005792.js
c:\programmi\Family Toolbar\tbs_include_script_006838.js
c:\programmi\Family Toolbar\tbs_include_script_007158.js
c:\programmi\Family Toolbar\tbs_include_script_007564.js
c:\programmi\Family Toolbar\tbs_include_script_007690.js
c:\programmi\Family Toolbar\tbs_include_script_007803.js
c:\programmi\Family Toolbar\tbs_include_script_008357.js
c:\programmi\Family Toolbar\tbs_include_script_008502.js
c:\programmi\Family Toolbar\tbs_include_script_009578.js
c:\programmi\Family Toolbar\tbs_include_script_009807.js
c:\programmi\Family Toolbar\tbs_include_script_011492.js
c:\programmi\Family Toolbar\tbs_include_script_011550.js
c:\programmi\Family Toolbar\tbs_include_script_011614.js
c:\programmi\Family Toolbar\tbs_include_script_011637.js
c:\programmi\Family Toolbar\tbs_include_script_012671.js
c:\programmi\Family Toolbar\tbs_include_script_013916.js
c:\programmi\Family Toolbar\tbs_include_script_014484.js
c:\programmi\Family Toolbar\tbs_include_script_014583.js
c:\programmi\Family Toolbar\tbs_include_script_014799.js
c:\programmi\Family Toolbar\tbs_include_script_015508.js
c:\programmi\Family Toolbar\tbs_include_script_015800.js
c:\programmi\Family Toolbar\tbs_include_script_016179.js
c:\programmi\Family Toolbar\tbs_include_script_016289.js
c:\programmi\Family Toolbar\tbs_include_script_016678.js
c:\programmi\Family Toolbar\tbs_include_script_017022.js
c:\programmi\Family Toolbar\tbs_include_script_017427.js
c:\programmi\Family Toolbar\tbs_include_script_018243.js
c:\programmi\Family Toolbar\tbs_include_script_018279.js
c:\programmi\Family Toolbar\tbs_include_script_018505.js
c:\programmi\Family Toolbar\tbs_include_script_020098.js
c:\programmi\Family Toolbar\tbs_include_script_020109.js
c:\programmi\Family Toolbar\tbs_include_script_020129.js
c:\programmi\Family Toolbar\tbs_include_script_020859.js
c:\programmi\Family Toolbar\tbs_include_script_022495.js
c:\programmi\Family Toolbar\tbs_include_script_023942.js
c:\programmi\Family Toolbar\tbs_include_script_025757.js
c:\programmi\Family Toolbar\tbs_include_script_025787.js
c:\programmi\Family Toolbar\tbs_include_script_026799.js
c:\programmi\Family Toolbar\tbs_include_script_026954.js
c:\programmi\Family Toolbar\tbs_include_script_027482.js
c:\programmi\Family Toolbar\tbs_include_script_027696.js
c:\programmi\Family Toolbar\tbs_include_script_028246.js
c:\programmi\Family Toolbar\tbs_include_script_028279.js
c:\programmi\Family Toolbar\tbs_include_script_029390.js
c:\programmi\Family Toolbar\tbs_include_script_030206.js
c:\programmi\Family Toolbar\tbs_include_script_030277.js
c:\programmi\Family Toolbar\tbs_include_script_030359.js
c:\programmi\Family Toolbar\tbs_include_script_030760.js
c:\programmi\Family Toolbar\tbs_include_script_030814.js
c:\programmi\Family Toolbar\tbs_include_script_031331.js
c:\programmi\Family Toolbar\tbs_include_script_031332.js
c:\programmi\Family Toolbar\tbs_include_script_031711.js
c:\programmi\Family Toolbar\tbs_include_script_032188.js
c:\programmi\Family Toolbar\tbs_include_script_032423.js
c:\programmi\Family Toolbar\tbs_include_script_032495.js
c:\programmi\Family Toolbar\tbu09631\about.gif
c:\programmi\Family Toolbar\tbu09631\about.html
c:\programmi\Family Toolbar\tbu09631\active.html
c:\programmi\Family Toolbar\tbu09631\addPhotos.gif
c:\programmi\Family Toolbar\tbu09631\alerts.gif
c:\programmi\Family Toolbar\tbu09631\anniversary.gif
c:\programmi\Family Toolbar\tbu09631\AR.gif
c:\programmi\Family Toolbar\tbu09631\banner.html
c:\programmi\Family Toolbar\tbu09631\basis.xml
c:\programmi\Family Toolbar\tbu09631\BG.gif
c:\programmi\Family Toolbar\tbu09631\birthday.gif
c:\programmi\Family Toolbar\tbu09631\buyFamilyGifts.gif
c:\programmi\Family Toolbar\tbu09631\calendar.gif
c:\programmi\Family Toolbar\tbu09631\chat.html
c:\programmi\Family Toolbar\tbu09631\clearhist.exe
c:\programmi\Family Toolbar\tbu09631\clearSearchHistory.gif
c:\programmi\Family Toolbar\tbu09631\collage.gif
c:\programmi\Family Toolbar\tbu09631\createFamilySite.gif
c:\programmi\Family Toolbar\tbu09631\CS.gif
c:\programmi\Family Toolbar\tbu09631\DA.gif
c:\programmi\Family Toolbar\tbu09631\dbghelp.dll
c:\programmi\Family Toolbar\tbu09631\DE.gif
c:\programmi\Family Toolbar\tbu09631\EL.gif
c:\programmi\Family Toolbar\tbu09631\EN.gif
c:\programmi\Family Toolbar\tbu09631\ES.gif
c:\programmi\Family Toolbar\tbu09631\Family_Toolbar.dll
c:\programmi\Family Toolbar\tbu09631\familyTree.gif
c:\programmi\Family Toolbar\tbu09631\femaleOnline.gif
c:\programmi\Family Toolbar\tbu09631\femaleOnlineAway.gif
c:\programmi\Family Toolbar\tbu09631\FI.gif
c:\programmi\Family Toolbar\tbu09631\FR.gif
c:\programmi\Family Toolbar\tbu09631\HE.gif
c:\programmi\Family Toolbar\tbu09631\HR.gif
c:\programmi\Family Toolbar\tbu09631\HU.gif
c:\programmi\Family Toolbar\tbu09631\icons.bmp
c:\programmi\Family Toolbar\tbu09631\inboxOff.gif
c:\programmi\Family Toolbar\tbu09631\inboxOn.gif
c:\programmi\Family Toolbar\tbu09631\info.txt
c:\programmi\Family Toolbar\tbu09631\inviteFamily.gif
c:\programmi\Family Toolbar\tbu09631\IT.gif
c:\programmi\Family Toolbar\tbu09631\logoff.gif
c:\programmi\Family Toolbar\tbu09631\logOnToMH.gif
c:\programmi\Family Toolbar\tbu09631\LT.gif
c:\programmi\Family Toolbar\tbu09631\maleOnline.gif
c:\programmi\Family Toolbar\tbu09631\maleOnlineAway.gif
c:\programmi\Family Toolbar\tbu09631\MHlogo.gif
c:\programmi\Family Toolbar\tbu09631\morph.gif
c:\programmi\Family Toolbar\tbu09631\NL.gif
c:\programmi\Family Toolbar\tbu09631\NO.gif
c:\programmi\Family Toolbar\tbu09631\online.gif
c:\programmi\Family Toolbar\tbu09631\PB.gif
c:\programmi\Family Toolbar\tbu09631\photos.gif
c:\programmi\Family Toolbar\tbu09631\PL.gif
c:\programmi\Family Toolbar\tbu09631\privacy.gif
c:\programmi\Family Toolbar\tbu09631\PT.gif
c:\programmi\Family Toolbar\tbu09631\reload.gif
c:\programmi\Family Toolbar\tbu09631\RO.gif
c:\programmi\Family Toolbar\tbu09631\RU.gif
c:\programmi\Family Toolbar\tbu09631\search.gif
c:\programmi\Family Toolbar\tbu09631\site.gif
c:\programmi\Family Toolbar\tbu09631\sites.gif
c:\programmi\Family Toolbar\tbu09631\SK.gif
c:\programmi\Family Toolbar\tbu09631\SR.gif
c:\programmi\Family Toolbar\tbu09631\stub.xml
c:\programmi\Family Toolbar\tbu09631\SV.gif
c:\programmi\Family Toolbar\tbu09631\tagPeople.gif
c:\programmi\Family Toolbar\tbu09631\TB_AR.gif
c:\programmi\Family Toolbar\tbu09631\TB_BG.gif
c:\programmi\Family Toolbar\tbu09631\TB_CS.gif
c:\programmi\Family Toolbar\tbu09631\TB_DA.gif
c:\programmi\Family Toolbar\tbu09631\TB_DE.gif
c:\programmi\Family Toolbar\tbu09631\TB_EL.gif
c:\programmi\Family Toolbar\tbu09631\TB_EN.gif
c:\programmi\Family Toolbar\tbu09631\TB_ES.gif
c:\programmi\Family Toolbar\tbu09631\TB_FI.gif
c:\programmi\Family Toolbar\tbu09631\TB_FR.gif
c:\programmi\Family Toolbar\tbu09631\TB_HE.gif
c:\programmi\Family Toolbar\tbu09631\TB_HR.gif
c:\programmi\Family Toolbar\tbu09631\TB_HU.gif
c:\programmi\Family Toolbar\tbu09631\TB_IT.gif
c:\programmi\Family Toolbar\tbu09631\TB_LT.gif
c:\programmi\Family Toolbar\tbu09631\TB_NL.gif
c:\programmi\Family Toolbar\tbu09631\TB_NO.gif
c:\programmi\Family Toolbar\tbu09631\TB_PB.gif
c:\programmi\Family Toolbar\tbu09631\TB_PL.gif
c:\programmi\Family Toolbar\tbu09631\TB_PT.gif
c:\programmi\Family Toolbar\tbu09631\TB_RO.gif
c:\programmi\Family Toolbar\tbu09631\TB_RU.gif
c:\programmi\Family Toolbar\tbu09631\TB_SK.gif
c:\programmi\Family Toolbar\tbu09631\TB_SR.gif
c:\programmi\Family Toolbar\tbu09631\TB_SV.gif
c:\programmi\Family Toolbar\tbu09631\TB_TR.gif
c:\programmi\Family Toolbar\tbu09631\TB_UK.gif
c:\programmi\Family Toolbar\tbu09631\tbcore3.dll
c:\programmi\Family Toolbar\tbu09631\tbhelper.dll
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_000391.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_000733.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_000784.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_001134.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_002287.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_002346.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_002789.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_002833.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_003080.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_003083.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_004456.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_004711.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_004823.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_004824.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_005792.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_006838.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_007158.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_007564.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_007690.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_007803.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_008357.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_008502.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_009578.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_009807.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_011492.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_011550.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_011614.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_011637.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_012671.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_013916.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_014484.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_014583.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_014799.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_015508.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_015800.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_016179.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_016289.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_016678.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_017022.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_017427.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_018243.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_018279.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_018505.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_020098.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_020109.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_020129.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_020859.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_022495.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_023942.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_025757.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_025787.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_026799.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_026954.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_027482.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_027696.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_028246.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_028279.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_029390.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_030206.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_030277.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_030359.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_030760.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_030814.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_031331.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_031332.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_031711.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_032188.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_032423.js
c:\programmi\Family Toolbar\tbu09631\tbs_include_script_032495.js
c:\programmi\Family Toolbar\tbu09631\tellAFriend.gif
c:\programmi\Family Toolbar\tbu09631\toolbarSetting.gif
c:\programmi\Family Toolbar\tbu09631\TR.gif
c:\programmi\Family Toolbar\tbu09631\UK.gif
c:\programmi\Family Toolbar\tbu09631\uninstall.exe
c:\programmi\Family Toolbar\tbu09631\uninstall.gif
c:\programmi\Family Toolbar\tbu09631\update.exe
c:\programmi\Family Toolbar\tbu09631\updateToolbar.gif
c:\programmi\Family Toolbar\tbu09631\userSite.gif
c:\programmi\Family Toolbar\tbu09631\version.txt
c:\programmi\Family Toolbar\tbu09631\whatsNew.gif
c:\programmi\Family Toolbar\tellAFriend.gif
c:\programmi\Family Toolbar\toolbarSetting.gif
c:\programmi\Family Toolbar\TR.gif
c:\programmi\Family Toolbar\UK.gif
c:\programmi\Family Toolbar\uninstall.exe
c:\programmi\Family Toolbar\uninstall.gif
c:\programmi\Family Toolbar\update.exe
c:\programmi\Family Toolbar\updateToolbar.gif
c:\programmi\Family Toolbar\userSite.gif
c:\programmi\Family Toolbar\version.txt
c:\programmi\Family Toolbar\whatsNew.gif

.
((((((((((((((((((((((((( Files Creati Da 2009-12-23 al 2010-01-23 )))))))))))))))))))))))))))))))))))
.

2010-01-19 16:50 . 2010-01-19 16:51 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Xcelsius
2010-01-15 22:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 22:16 . 2010-01-15 22:16 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-15 22:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-15 22:11 . 2010-01-15 22:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-15 13:01 . 2010-01-17 21:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2010-01-13 17:28 . 2010-01-13 17:28 -------- d-----w- c:\programmi\File comuni\xing shared
2010-01-13 17:27 . 2010-01-13 17:27 -------- d-----w- c:\programmi\Real
2010-01-13 17:11 . 2010-01-13 17:28 -------- d-----w- c:\programmi\File comuni\Real
2010-01-12 18:18 . 2010-01-12 18:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivoGames
2010-01-12 16:38 . 2009-04-06 10:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-01-12 16:38 . 2009-02-10 15:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-01-12 16:37 . 2009-02-18 16:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-01-12 16:36 . 2010-01-12 16:36 -------- d-----w- c:\programmi\Agnitum
2010-01-12 16:34 . 2010-01-12 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Agnitum
2010-01-12 13:34 . 2010-01-12 13:34 -------- d-----w- c:\programmi\VDOWNLOADER
2010-01-12 13:34 . 2010-01-12 13:34 -------- d-----w- c:\programmi\File comuni\eBay
2010-01-12 13:32 . 2010-01-13 13:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EPSON
2010-01-12 06:06 . 2010-01-19 15:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LogiShrd
2010-01-11 22:55 . 2010-01-11 22:55 -------- d-----w- c:\documents and settings\Pierino\Impostazioni locali\Dati applicazioni\vdownloader
2010-01-11 20:41 . 2010-01-22 21:44 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Skype
2010-01-11 20:40 . 2010-01-11 20:40 -------- d-----w- c:\programmi\File comuni\Skype
2010-01-10 19:21 . 2010-01-10 19:23 -------- d-----w- c:\windows\SHELLNEW
2010-01-10 19:21 . 2010-01-10 19:21 -------- d-----w- c:\programmi\Microsoft.NET
2010-01-10 19:18 . 2010-01-10 19:18 -------- d-----r- C:\MSOCache
2010-01-05 09:49 . 2010-01-05 09:49 -------- d-----w- c:\programmi\Stampa Copertine
2010-01-04 22:34 . 2010-01-04 22:34 -------- d-----w- c:\documents and settings\Pierino\.thumbnails
2010-01-04 21:59 . 2010-01-04 22:00 -------- d-----w- c:\programmi\GIMPshop
2010-01-04 21:15 . 2010-01-05 09:37 -------- d-----w- c:\documents and settings\Pierino\.gimp-2.2
2010-01-04 21:09 . 2010-01-04 21:09 -------- d-----w- c:\programmi\IrfanView
2010-01-04 17:44 . 2010-01-04 18:18 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Vso
2010-01-03 09:43 . 2010-01-03 09:46 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\GetRightToGo
2009-12-31 16:11 . 2009-12-31 16:12 -------- d-----w- c:\programmi\Date Cracker 2000
2009-12-31 16:11 . 2010-01-01 11:03 249856 ------w- c:\windows\Setup1.exe
2009-12-31 11:40 . 2009-12-31 11:40 -------- d-----w- c:\programmi\Lavalys
2009-12-28 21:17 . 2009-12-28 21:19 -------- d-----w- c:\programmi\You Ripper
2009-12-28 21:17 . 2009-12-28 21:17 92728 ------w- c:\windows\system32\bass.dll
2009-12-27 09:42 . 2009-12-30 14:14 -------- d-----w- c:\programmi\MemoRex
2009-12-26 12:25 . 2009-12-26 12:33 -------- d-----w- c:\programmi\Ri-li
2009-12-26 12:25 . 2009-12-26 12:25 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-12-25 16:45 . 2009-12-25 16:55 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\AmazeCopy
2009-12-25 16:08 . 2009-12-25 16:08 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Jasc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 12:42 . 2009-11-13 09:56 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\EPSON
2010-01-22 21:46 . 2008-03-15 08:38 66096 ----a-w- c:\documents and settings\Pierino\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-22 15:01 . 2008-10-10 15:58 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\skypePM
2010-01-12 10:24 . 2009-05-05 12:50 -------- d-----w- c:\programmi\FairUse Wizard 2
2010-01-11 20:40 . 2009-11-30 13:58 -------- d-----w- c:\programmi\Skype
2010-01-11 20:40 . 2009-07-23 07:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-01-11 12:42 . 2008-03-14 16:25 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-01-11 12:42 . 2009-09-13 09:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2010-01-11 12:42 . 2008-03-14 16:26 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-08 16:50 . 2008-12-15 07:41 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\dvdcss
2010-01-01 11:03 . 2008-11-22 13:54 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-27 12:42 . 2008-03-20 12:34 -------- d-----w- c:\programmi\QuickTime
2009-12-27 10:07 . 2009-03-17 10:45 -------- d-----w- c:\programmi\AIMP2
2009-12-24 17:46 . 2009-12-24 17:37 -------- d-----w- c:\programmi\DivX
2009-12-24 14:59 . 2009-12-24 14:59 -------- d-----w- c:\programmi\Paravia
2009-12-24 13:29 . 2008-03-18 12:34 -------- d-----w- c:\programmi\MyHeritage
2009-12-21 21:34 . 2009-12-08 10:13 -------- d-----w- c:\programmi\MyPlayCity.com
2009-12-21 20:57 . 2009-12-21 20:57 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Sahmon Games
2009-12-20 16:20 . 2009-12-20 16:20 -------- d-----w- c:\programmi\Time Stopper
2009-12-14 22:24 . 2009-12-14 22:24 -------- d-----w- c:\programmi\MWSnap
2009-12-12 09:03 . 2008-03-28 12:35 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\URSE Games
2009-12-09 11:34 . 2009-12-09 11:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SugarGames
2009-12-07 22:56 . 2009-12-07 22:50 -------- d-----w- c:\programmi\Thumbs5
2009-12-04 10:30 . 2009-11-13 08:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\UDL
2009-12-04 10:28 . 2009-11-13 08:26 -------- d-----w- c:\programmi\ABBYY FineReader 6.0 Sprint
2009-12-04 10:27 . 2009-11-13 08:21 -------- d-----w- c:\programmi\epson
2009-12-04 10:26 . 2009-12-04 10:26 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\InstallShield
2009-12-02 13:28 . 2009-07-23 16:41 -------- d-----w- c:\programmi\REAPER
2009-12-02 13:23 . 2009-10-24 09:15 -------- d-----w- c:\programmi\eMule
2009-12-01 13:25 . 2008-07-04 11:27 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\RaimaRadio
2009-11-30 14:00 . 2009-11-30 14:00 -------- d-----w- c:\programmi\Casino Madness 98
2009-11-30 13:58 . 2009-11-24 12:59 -------- d-----w- c:\programmi\GameSpy Arcade
2009-11-30 13:58 . 2009-11-24 13:43 -------- d-----w- c:\programmi\Skype(2)
2009-11-30 13:58 . 2009-11-24 13:44 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Skype(2)
2009-11-30 13:56 . 2009-11-30 13:07 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Skype(3)
2009-11-24 23:54 . 2008-03-17 11:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-03-17 11:33 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-03-17 11:33 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-04 16:46 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-04 16:46 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-03-17 11:33 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-03-17 11:33 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-03-17 11:33 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-03-17 11:32 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-02 09:26 . 2009-11-02 09:26 351248 ----a-w- c:\windows\system32\FTBSaver.scr
1999-08-20 07:25 . 2002-12-17 18:08 877 ----a-w- c:\programmi\config.cfg
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"CnxDslTaskBar"="c:\programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 462848]
"MemoREX"="c:\programmi\MemoRex\MemoRexStart.exe" [2003-07-29 332288]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-01-13 198160]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2008 17.46.08 114768]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/01/2010 17.38.31 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [12/01/2010 17.36.57 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 17.46.08 20560]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/01/2010 17.37.02 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/01/2010 17.38.21 257432]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [01/07/2009 10.23.30 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [01/07/2009 10.17.04 646784]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [01/07/2009 10.23.30 108675]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 22:23
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:ôwjY*]
"DisplayName"="\09"
"DeviceDesc"="\09"
"ProviderName"=""
"MFG"="?"
"ReinstallString"="2002, 6.13.10.6094"
"DeviceInstanceIds"=multi:"\00"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\relog_ap.dll
.
Ora fine scansione: 2010-01-23 22:26:08
ComboFix-quarantined-files.txt 2010-01-23 21:26
ComboFix2.txt 2010-01-23 15:38

Pre-Run: 19.714.793.472 byte disponibili
Post-Run: 19.690.188.800 byte disponibili

- - End Of File - - B02184CFE80B5A98FDBA2C23D61D2727
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: 1 [2] 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Ram al 100%


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.